summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/Makefile.am2
-rw-r--r--src/Makefile.in122
-rw-r--r--src/app.c1337
-rw-r--r--src/base64.c874
-rw-r--r--src/bn.c710
-rw-r--r--src/buffer.c508
-rw-r--r--src/c14n.c976
-rw-r--r--src/dl.c1136
-rw-r--r--src/enveloped.c148
-rw-r--r--src/errors.c266
-rw-r--r--src/gcrypt/Makefile.am55
-rw-r--r--src/gcrypt/Makefile.in794
-rw-r--r--src/gcrypt/README9
-rw-r--r--src/gcrypt/app.c663
-rw-r--r--src/gcrypt/asn1.c602
-rw-r--r--src/gcrypt/asn1.h39
-rw-r--r--src/gcrypt/asymkeys.c1920
-rw-r--r--src/gcrypt/ciphers.c855
-rw-r--r--src/gcrypt/crypto.c315
-rw-r--r--src/gcrypt/digests.c614
-rw-r--r--src/gcrypt/globals.h30
-rw-r--r--src/gcrypt/hmac.c823
-rw-r--r--src/gcrypt/kw_aes.c593
-rw-r--r--src/gcrypt/kw_des.c607
-rw-r--r--src/gcrypt/signatures.c1490
-rw-r--r--src/gcrypt/symkeys.c441
-rw-r--r--src/globals.h4
-rw-r--r--src/gnutls/Makefile.am12
-rw-r--r--src/gnutls/Makefile.in244
-rw-r--r--src/gnutls/README11
-rw-r--r--src/gnutls/app.c1047
-rw-r--r--src/gnutls/asymkeys.c455
-rw-r--r--src/gnutls/ciphers.c824
-rw-r--r--src/gnutls/crypto.c304
-rw-r--r--src/gnutls/digests.c346
-rw-r--r--src/gnutls/globals.h11
-rw-r--r--src/gnutls/hmac.c584
-rw-r--r--src/gnutls/kw_aes.c72
-rw-r--r--src/gnutls/kw_des.c51
-rw-r--r--src/gnutls/signatures.c148
-rw-r--r--src/gnutls/symkeys.c379
-rw-r--r--src/gnutls/x509.c1960
-rw-r--r--src/gnutls/x509utils.c1687
-rw-r--r--src/gnutls/x509utils.h143
-rw-r--r--src/gnutls/x509vfy.c802
-rw-r--r--src/io.c368
-rw-r--r--src/keyinfo.c1634
-rw-r--r--src/keys.c1116
-rw-r--r--src/keysdata.c1184
-rw-r--r--src/keysmngr.c712
-rw-r--r--src/kw_aes_des.c493
-rw-r--r--src/kw_aes_des.h148
-rw-r--r--src/list.c416
-rw-r--r--src/membuf.c206
-rw-r--r--src/mscrypto/Makefile.am8
-rw-r--r--src/mscrypto/Makefile.in253
-rw-r--r--src/mscrypto/README43
-rw-r--r--src/mscrypto/app.c1289
-rw-r--r--src/mscrypto/certkeys.c2290
-rw-r--r--src/mscrypto/ciphers.c1507
-rw-r--r--src/mscrypto/crypto.c868
-rw-r--r--src/mscrypto/csp_calg.h91
-rw-r--r--src/mscrypto/csp_oid.h58
-rw-r--r--src/mscrypto/digests.c721
-rw-r--r--src/mscrypto/globals.h23
-rw-r--r--src/mscrypto/hmac.c963
-rw-r--r--src/mscrypto/keysstore.c812
-rw-r--r--src/mscrypto/kt_rsa.c637
-rw-r--r--src/mscrypto/kw_aes.c662
-rw-r--r--src/mscrypto/kw_des.c730
-rw-r--r--src/mscrypto/mingw-crypt32.def4
-rw-r--r--src/mscrypto/private.h130
-rw-r--r--src/mscrypto/signatures.c1039
-rw-r--r--src/mscrypto/symkeys.c889
-rw-r--r--src/mscrypto/x509.c2359
-rw-r--r--src/mscrypto/x509vfy.c790
-rw-r--r--src/mscrypto/xmlsec-mingw.h151
-rw-r--r--src/nodeset.c645
-rw-r--r--src/nss/Makefile.am2
-rw-r--r--src/nss/Makefile.in242
-rw-r--r--src/nss/README95
-rw-r--r--src/nss/app.c1632
-rw-r--r--src/nss/bignum.c132
-rw-r--r--src/nss/ciphers.c906
-rw-r--r--src/nss/crypto.c356
-rw-r--r--src/nss/digests.c579
-rw-r--r--src/nss/globals.h4
-rw-r--r--src/nss/hmac.c904
-rw-r--r--src/nss/keysstore.c560
-rw-r--r--src/nss/keytrans.c1235
-rw-r--r--src/nss/kw_aes.c1116
-rw-r--r--src/nss/kw_des.c1043
-rw-r--r--src/nss/pkikeys.c1338
-rw-r--r--src/nss/signatures.c883
-rw-r--r--src/nss/symkeys.c316
-rw-r--r--src/nss/x509.c2122
-rw-r--r--src/nss/x509vfy.c826
-rw-r--r--src/openssl/Makefile.am2
-rw-r--r--src/openssl/Makefile.in234
-rw-r--r--src/openssl/README6
-rw-r--r--src/openssl/app.c1797
-rw-r--r--src/openssl/bn.c146
-rw-r--r--src/openssl/ciphers.c904
-rw-r--r--src/openssl/crypto.c459
-rw-r--r--src/openssl/digests.c746
-rw-r--r--src/openssl/evp.c1948
-rw-r--r--src/openssl/globals.h4
-rw-r--r--src/openssl/hmac.c872
-rw-r--r--src/openssl/kt_rsa.c973
-rw-r--r--src/openssl/kw_aes.c875
-rw-r--r--src/openssl/kw_des.c841
-rw-r--r--src/openssl/signatures.c2052
-rw-r--r--src/openssl/symkeys.c316
-rw-r--r--src/openssl/x509.c2572
-rw-r--r--src/openssl/x509vfy.c1500
-rw-r--r--src/parser.c585
-rw-r--r--src/skeleton/Makefile.am2
-rw-r--r--src/skeleton/app.c428
-rw-r--r--src/skeleton/crypto.c250
-rw-r--r--src/skeleton/globals.h4
-rw-r--r--src/soap.c830
-rw-r--r--src/strings.c656
-rw-r--r--src/templates.c2226
-rw-r--r--src/transforms.c3038
-rw-r--r--src/x509.c90
-rw-r--r--src/xkms.c4318
-rw-r--r--src/xmldsig.c1872
-rw-r--r--src/xmlenc.c1396
-rw-r--r--src/xmlsec.c170
-rw-r--r--src/xmltree.c1416
-rw-r--r--src/xpath.c1223
-rw-r--r--src/xslt.c695
132 files changed, 59899 insertions, 38090 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index e28bb5ed..3883ab6f 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -14,6 +14,7 @@ INCLUDES = \
EXTRA_DIST = \
globals.h \
+ kw_aes_des.h \
skeleton \
mscrypto \
$(XMLSEC_CRYPTO_DISABLED_LIST) \
@@ -38,6 +39,7 @@ libxmlsec1_la_SOURCES = \
keys.c \
keysdata.c \
keysmngr.c \
+ kw_aes_des.c \
list.c \
membuf.c \
nodeset.c \
diff --git a/src/Makefile.in b/src/Makefile.in
index 56fb659d..c0d0157c 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -1,9 +1,9 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.3 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
-# Inc.
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -37,10 +37,13 @@ host_triplet = @host@
subdir = src
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/configure.in
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
@@ -65,6 +68,12 @@ am__nobase_list = $(am__nobase_strip_setup); \
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
am__installdirs = "$(DESTDIR)$(libdir)"
LTLIBRARIES = $(lib_LTLIBRARIES)
am__DEPENDENCIES_1 =
@@ -74,12 +83,15 @@ libxmlsec1_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
am__objects_1 =
am_libxmlsec1_la_OBJECTS = app.lo base64.lo bn.lo buffer.lo c14n.lo \
dl.lo enveloped.lo errors.lo io.lo keyinfo.lo keys.lo \
- keysdata.lo keysmngr.lo list.lo membuf.lo nodeset.lo parser.lo \
- soap.lo strings.lo templates.lo transforms.lo x509.lo xkms.lo \
- xmldsig.lo xmlenc.lo xmlsec.lo xmltree.lo xpath.lo xslt.lo \
- $(am__objects_1)
+ keysdata.lo keysmngr.lo kw_aes_des.lo list.lo membuf.lo \
+ nodeset.lo parser.lo soap.lo strings.lo templates.lo \
+ transforms.lo x509.lo xkms.lo xmldsig.lo xmlenc.lo xmlsec.lo \
+ xmltree.lo xpath.lo xslt.lo $(am__objects_1)
libxmlsec1_la_OBJECTS = $(am_libxmlsec1_la_OBJECTS)
-libxmlsec1_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+libxmlsec1_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(libxmlsec1_la_LDFLAGS) $(LDFLAGS) -o $@
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
@@ -88,13 +100,26 @@ am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
- $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
SOURCES = $(libxmlsec1_la_SOURCES)
DIST_SOURCES = $(libxmlsec1_la_SOURCES)
RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
@@ -140,6 +165,7 @@ am__relativize = \
reldir="$$dir2"
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
@@ -154,6 +180,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -162,6 +189,10 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
GNUTLS_LIBS = @GNUTLS_LIBS@
@@ -192,6 +223,7 @@ LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MAN2HTML = @MAN2HTML@
+MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
@@ -223,8 +255,10 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_ENABLED = @PKG_CONFIG_ENABLED@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
RANLIB = @RANLIB@
RM = @RM@
SED = @SED@
@@ -232,7 +266,6 @@ SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
TAR = @TAR@
-U = @U@
VERSION = @VERSION@
XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
@@ -251,6 +284,8 @@ XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
@@ -260,6 +295,7 @@ XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
XMLSEC_NO_DES = @XMLSEC_NO_DES@
XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
@@ -295,6 +331,7 @@ abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
@@ -327,7 +364,6 @@ libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
-lt_ECHO = @lt_ECHO@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
@@ -357,6 +393,7 @@ INCLUDES = \
EXTRA_DIST = \
globals.h \
+ kw_aes_des.h \
skeleton \
mscrypto \
$(XMLSEC_CRYPTO_DISABLED_LIST) \
@@ -381,6 +418,7 @@ libxmlsec1_la_SOURCES = \
keys.c \
keysdata.c \
keysmngr.c \
+ kw_aes_des.c \
list.c \
membuf.c \
nodeset.c \
@@ -475,8 +513,8 @@ clean-libLTLIBRARIES:
echo "rm -f \"$${dir}/so_locations\""; \
rm -f "$${dir}/so_locations"; \
done
-libxmlsec1.la: $(libxmlsec1_la_OBJECTS) $(libxmlsec1_la_DEPENDENCIES)
- $(libxmlsec1_la_LINK) -rpath $(libdir) $(libxmlsec1_la_OBJECTS) $(libxmlsec1_la_LIBADD) $(LIBS)
+libxmlsec1.la: $(libxmlsec1_la_OBJECTS) $(libxmlsec1_la_DEPENDENCIES) $(EXTRA_libxmlsec1_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libxmlsec1_la_LINK) -rpath $(libdir) $(libxmlsec1_la_OBJECTS) $(libxmlsec1_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -497,6 +535,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keys.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysdata.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysmngr.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_aes_des.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/list.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/membuf.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nodeset.Plo@am__quote@
@@ -515,25 +554,25 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xslt.Plo@am__quote@
.c.o:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
.c.obj:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
mostlyclean-libtool:
-rm -f *.lo
@@ -548,7 +587,7 @@ clean-libtool:
# (which will cause the Makefiles to be regenerated when you run `make');
# (2) otherwise, pass the desired values on the `make' command line.
$(RECURSIVE_TARGETS):
- @failcom='exit 1'; \
+ @fail= failcom='exit 1'; \
for f in x $$MAKEFLAGS; do \
case $$f in \
*=* | --[!k]*);; \
@@ -573,7 +612,7 @@ $(RECURSIVE_TARGETS):
fi; test -z "$$fail"
$(RECURSIVE_CLEAN_TARGETS):
- @failcom='exit 1'; \
+ @fail= failcom='exit 1'; \
for f in x $$MAKEFLAGS; do \
case $$f in \
*=* | --[!k]*);; \
@@ -752,10 +791,15 @@ install-am: all-am
installcheck: installcheck-recursive
install-strip:
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- `test -z '$(STRIP)' || \
- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
mostlyclean-generic:
clean-generic:
diff --git a/src/app.c b/src/app.c
index ca09f62c..55f54530 100644
--- a/src/app.c
+++ b/src/app.c
@@ -1,10 +1,10 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -29,7 +29,7 @@
#include <xmlsec/private.h>
#include <xmlsec/errors.h>
-
+
/******************************************************************************
*
* Crypto Init/shutdown
@@ -37,65 +37,65 @@
*****************************************************************************/
/**
* xmlSecCryptoInit:
- *
- * XMLSec library specific crypto engine initialization.
+ *
+ * XMLSec library specific crypto engine initialization.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecCryptoInit(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoInit == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "cryptoInit",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoInit",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
+
return(xmlSecCryptoDLGetFunctions()->cryptoInit());
}
/**
* xmlSecCryptoShutdown:
- *
- * XMLSec library specific crypto engine shutdown.
+ *
+ * XMLSec library specific crypto engine shutdown.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecCryptoShutdown(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoShutdown == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "cryptoShutdown",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoShutdown",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
+
return(xmlSecCryptoDLGetFunctions()->cryptoShutdown());
}
/**
* xmlSecCryptoKeysMngrInit:
- * @mngr: the pointer to keys manager.
+ * @mngr: the pointer to keys manager.
*
* Adds crypto specific key data stores in keys manager.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecCryptoKeysMngrInit(xmlSecKeysMngrPtr mngr) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoKeysMngrInit == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "cryptoKeysMngrInit",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoKeysMngrInit",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
+
return(xmlSecCryptoDLGetFunctions()->cryptoKeysMngrInit(mngr));
}
@@ -104,187 +104,210 @@ xmlSecCryptoKeysMngrInit(xmlSecKeysMngrPtr mngr) {
* Key data ids
*
*****************************************************************************/
-/**
+/**
* xmlSecKeyDataAesGetKlass:
- *
+ *
* The AES key data klass.
*
* Returns: AES key data klass or NULL if an error occurs
* (xmlsec-crypto library is not loaded or the AES key data
* klass is not implemented).
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecKeyDataAesGetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataAesGetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "keyDataAesId",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "keyDataAesId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecKeyDataIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->keyDataAesGetKlass());
}
-/**
+/**
* xmlSecKeyDataDesGetKlass:
- *
+ *
* The DES key data klass.
*
* Returns: DES key data klass or NULL if an error occurs
* (xmlsec-crypto library is not loaded or the DES key data
* klass is not implemented).
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecKeyDataDesGetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataDesGetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "keyDataDesId",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "keyDataDesId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecKeyDataIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->keyDataDesGetKlass());
}
-/**
+/**
* xmlSecKeyDataDsaGetKlass:
- *
+ *
* The DSA key data klass.
*
* Returns: DSA key data klass or NULL if an error occurs
* (xmlsec-crypto library is not loaded or the DSA key data
* klass is not implemented).
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecKeyDataDsaGetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataDsaGetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "keyDataDsaId",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "keyDataDsaId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecKeyDataIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->keyDataDsaGetKlass());
}
-/**
+/**
+ * xmlSecKeyDataEcdsaGetKlass:
+ *
+ * The ECDSA key data klass.
+ *
+ * Returns: ECDSA key data klass or NULL if an error occurs
+ * (xmlsec-crypto library is not loaded or the ECDSA key data
+ * klass is not implemented).
+ */
+xmlSecKeyDataId
+xmlSecKeyDataEcdsaGetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataEcdsaGetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "keyDataEcdsaId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecKeyDataIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->keyDataEcdsaGetKlass());
+}
+
+/**
* xmlSecKeyDataGost2001GetKlass:
- *
+ *
* The GOST2001 key data klass.
*
* Returns: GOST2001 key data klass or NULL if an error occurs
* (xmlsec-crypto library is not loaded or the GOST2001 key data
* klass is not implemented).
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecKeyDataGost2001GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataGost2001GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "keyDataGost2001Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "keyDataGost2001Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecKeyDataIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->keyDataGost2001GetKlass());
}
-/**
+/**
* xmlSecKeyDataHmacGetKlass:
- *
+ *
* The HMAC key data klass.
*
* Returns: HMAC key data klass or NULL if an error occurs
* (xmlsec-crypto library is not loaded or the HMAC key data
* klass is not implemented).
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecKeyDataHmacGetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataHmacGetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "keyDataHmacId",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "keyDataHmacId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecKeyDataIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->keyDataHmacGetKlass());
}
-/**
+/**
* xmlSecKeyDataRsaGetKlass:
- *
+ *
* The RSA key data klass.
*
* Returns: RSA key data klass or NULL if an error occurs
* (xmlsec-crypto library is not loaded or the RSA key data
* klass is not implemented).
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecKeyDataRsaGetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataRsaGetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "keyDataRsaId",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "keyDataRsaId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecKeyDataIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->keyDataRsaGetKlass());
}
-/**
+/**
* xmlSecKeyDataX509GetKlass:
- *
+ *
* The X509 key data klass.
*
* Returns: X509 key data klass or NULL if an error occurs
* (xmlsec-crypto library is not loaded or the X509 key data
* klass is not implemented).
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecKeyDataX509GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataX509GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "keyDataX509Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "keyDataX509Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecKeyDataIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->keyDataX509GetKlass());
}
-/**
+/**
* xmlSecKeyDataRawX509CertGetKlass:
- *
+ *
* The raw X509 cert key data klass.
*
* Returns: raw x509 cert key data klass or NULL if an error occurs
* (xmlsec-crypto library is not loaded or the raw X509 cert key data
* klass is not implemented).
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecKeyDataRawX509CertGetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataRawX509CertGetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "keyDataRawX509CertId",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "keyDataRawX509CertId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecKeyDataIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->keyDataRawX509CertGetKlass());
}
@@ -293,26 +316,26 @@ xmlSecKeyDataRawX509CertGetKlass(void) {
* Key data store ids
*
*****************************************************************************/
-/**
+/**
* xmlSecX509StoreGetKlass:
- *
+ *
* The X509 certificates key data store klass.
*
- * Returns: pointer to X509 certificates key data store klass or NULL if
- * an error occurs (xmlsec-crypto library is not loaded or the raw X509
+ * Returns: pointer to X509 certificates key data store klass or NULL if
+ * an error occurs (xmlsec-crypto library is not loaded or the raw X509
* cert key data klass is not implemented).
*/
-xmlSecKeyDataStoreId
+xmlSecKeyDataStoreId
xmlSecX509StoreGetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->x509StoreGetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "x509StoreId",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "x509StoreId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecKeyStoreIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->x509StoreGetKlass());
}
@@ -323,74 +346,74 @@ xmlSecX509StoreGetKlass(void) {
*****************************************************************************/
/**
* xmlSecTransformAes128CbcGetKlass:
- *
+ *
* AES 128 CBC encryption transform klass.
- *
+ *
* Returns: pointer to AES 128 CBC encryption transform or NULL if an error
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
- */
-xmlSecTransformId
+ */
+xmlSecTransformId
xmlSecTransformAes128CbcGetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformAes128CbcGetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformAes128CbcId",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformAes128CbcId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformAes128CbcGetKlass());
}
/**
* xmlSecTransformAes192CbcGetKlass:
- *
+ *
* AES 192 CBC encryption transform klass.
- *
+ *
* Returns: pointer to AES 192 CBC encryption transform or NULL if an error
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
- */
-xmlSecTransformId
+ */
+xmlSecTransformId
xmlSecTransformAes192CbcGetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformAes192CbcGetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformAes192CbcId",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformAes192CbcId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformAes192CbcGetKlass());
}
/**
* xmlSecTransformAes256CbcGetKlass:
- *
+ *
* AES 256 CBC encryption transform klass.
- *
+ *
* Returns: pointer to AES 256 CBC encryption transform or NULL if an error
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
- */
-xmlSecTransformId
+ */
+xmlSecTransformId
xmlSecTransformAes256CbcGetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformAes256CbcGetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformAes256CbcId",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformAes256CbcId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformAes256CbcGetKlass());
}
-/**
+/**
* xmlSecTransformKWAes128GetKlass:
*
* The AES-128 kew wrapper transform klass.
@@ -399,21 +422,21 @@ xmlSecTransformAes256CbcGetKlass(void) {
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
-xmlSecTransformKWAes128GetKlass(void) {
+xmlSecTransformId
+xmlSecTransformKWAes128GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformKWAes128GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformKWAes128Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformKWAes128Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformKWAes128GetKlass());
}
-/**
+/**
* xmlSecTransformKWAes192GetKlass:
*
* The AES-192 kew wrapper transform klass.
@@ -422,21 +445,21 @@ xmlSecTransformKWAes128GetKlass(void) {
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
-xmlSecTransformKWAes192GetKlass(void) {
+xmlSecTransformId
+xmlSecTransformKWAes192GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformKWAes192GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformKWAes192Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformKWAes192Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformKWAes192GetKlass());
}
-/**
+/**
* xmlSecTransformKWAes256GetKlass:
*
* The AES-256 kew wrapper transform klass.
@@ -445,113 +468,251 @@ xmlSecTransformKWAes192GetKlass(void) {
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
-xmlSecTransformKWAes256GetKlass(void) {
+xmlSecTransformId
+xmlSecTransformKWAes256GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformKWAes256GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformKWAes256Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformKWAes256Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformKWAes256GetKlass());
}
-/**
+/**
* xmlSecTransformDes3CbcGetKlass:
*
* Triple DES CBC encryption transform klass.
- *
+ *
* Returns: pointer to Triple DES encryption transform or NULL if an error
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
-xmlSecTransformDes3CbcGetKlass(void) {
+xmlSecTransformId
+xmlSecTransformDes3CbcGetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformDes3CbcGetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformDes3CbcId",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformDes3CbcId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformDes3CbcGetKlass());
}
-/**
+/**
* xmlSecTransformKWDes3GetKlass:
- *
+ *
* The Triple DES key wrapper transform klass.
*
* Returns: Triple DES key wrapper transform klass or NULL if an error
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformKWDes3GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformKWDes3GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformKWDes3Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformKWDes3Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformKWDes3GetKlass());
}
/**
* xmlSecTransformDsaSha1GetKlass:
- *
+ *
* The DSA-SHA1 signature transform klass.
*
* Returns: DSA-SHA1 signature transform klass or NULL if an error
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
-xmlSecTransformDsaSha1GetKlass(void) {
+xmlSecTransformId
+xmlSecTransformDsaSha1GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformDsaSha1GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformDsaSha1Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformDsaSha1Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformDsaSha1GetKlass());
}
-/**
+/**
+ * xmlSecTransformDsaSha256GetKlass:
+ *
+ * The DSA-SHA256 signature transform klass.
+ *
+ * Returns: DSA-SHA256 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformDsaSha256GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformDsaSha256GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformDsaSha256Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformDsaSha256GetKlass());
+}
+
+/**
+ * xmlSecTransformEcdsaSha1GetKlass:
+ *
+ * The ECDSA-SHA1 signature transform klass.
+ *
+ * Returns: ECDSA-SHA1 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformEcdsaSha1GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformEcdsaSha1GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformEcdsaSha1Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformEcdsaSha1GetKlass());
+}
+
+/**
+ * xmlSecTransformEcdsaSha224GetKlass:
+ *
+ * The ECDSA-SHA224 signature transform klass.
+ *
+ * Returns: ECDSA-SHA224 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformEcdsaSha224GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformEcdsaSha224GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformEcdsaSha224Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformEcdsaSha224GetKlass());
+}
+
+/**
+ * xmlSecTransformEcdsaSha256GetKlass:
+ *
+ * The ECDSA-SHA256 signature transform klass.
+ *
+ * Returns: ECDSA-SHA256 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformEcdsaSha256GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformEcdsaSha256GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformEcdsaSha256Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformEcdsaSha256GetKlass());
+}
+
+/**
+ * xmlSecTransformEcdsaSha384GetKlass:
+ *
+ * The ECDSA-SHA384 signature transform klass.
+ *
+ * Returns: ECDSA-SHA384 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformEcdsaSha384GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformEcdsaSha384GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformEcdsaSha384Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformEcdsaSha384GetKlass());
+}
+
+/**
+ * xmlSecTransformEcdsaSha512GetKlass:
+ *
+ * The ECDSA-SHA512 signature transform klass.
+ *
+ * Returns: ECDSA-SHA512 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformEcdsaSha512GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformEcdsaSha512GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformEcdsaSha512Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformEcdsaSha512GetKlass());
+}
+
+/**
* xmlSecTransformGost2001GostR3411_94GetKlass:
- *
+ *
* The GOST2001-GOSTR3411_94 signature transform klass.
*
* Returns: GOST2001-GOSTR3411_94 signature transform klass or NULL if an error
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
-xmlSecTransformGost2001GostR3411_94GetKlass(void) {
+xmlSecTransformId
+xmlSecTransformGost2001GostR3411_94GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformGost2001GostR3411_94GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformGost2001GostR3411_94Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformGost2001GostR3411_94Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformGost2001GostR3411_94GetKlass());
}
-/**
+/**
* xmlSecTransformHmacMd5GetKlass:
*
* The HMAC-MD5 transform klass.
@@ -560,21 +721,21 @@ xmlSecTransformGost2001GostR3411_94GetKlass(void) {
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
-xmlSecTransformHmacMd5GetKlass(void) {
+xmlSecTransformId
+xmlSecTransformHmacMd5GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformHmacMd5GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformHmacMd5Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformHmacMd5Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformHmacMd5GetKlass());
}
-/**
+/**
* xmlSecTransformHmacRipemd160GetKlass:
*
* The HMAC-RIPEMD160 transform klass.
@@ -583,21 +744,21 @@ xmlSecTransformHmacMd5GetKlass(void) {
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformHmacRipemd160GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformHmacRipemd160GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformHmacRipemd160Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformHmacRipemd160Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformHmacRipemd160GetKlass());
}
-/**
+/**
* xmlSecTransformHmacSha1GetKlass:
*
* The HMAC-SHA1 transform klass.
@@ -606,21 +767,21 @@ xmlSecTransformHmacRipemd160GetKlass(void) {
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
-xmlSecTransformHmacSha1GetKlass(void) {
+xmlSecTransformId
+xmlSecTransformHmacSha1GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformHmacSha1GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformHmacSha1Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformHmacSha1Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformHmacSha1GetKlass());
}
-/**
+/**
* xmlSecTransformHmacSha224GetKlass:
*
* The HMAC-SHA224 transform klass.
@@ -629,21 +790,21 @@ xmlSecTransformHmacSha1GetKlass(void) {
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
-xmlSecTransformHmacSha224GetKlass(void) {
+xmlSecTransformId
+xmlSecTransformHmacSha224GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformHmacSha224GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformHmacSha224Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformHmacSha224Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformHmacSha224GetKlass());
}
-/**
+/**
* xmlSecTransformHmacSha256GetKlass:
*
* The HMAC-SHA256 transform klass.
@@ -652,21 +813,21 @@ xmlSecTransformHmacSha224GetKlass(void) {
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
-xmlSecTransformHmacSha256GetKlass(void) {
+xmlSecTransformId
+xmlSecTransformHmacSha256GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformHmacSha256GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformHmacSha256Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformHmacSha256Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformHmacSha256GetKlass());
}
-/**
+/**
* xmlSecTransformHmacSha384GetKlass:
*
* The HMAC-SHA384 transform klass.
@@ -675,21 +836,21 @@ xmlSecTransformHmacSha256GetKlass(void) {
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
-xmlSecTransformHmacSha384GetKlass(void) {
+xmlSecTransformId
+xmlSecTransformHmacSha384GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformHmacSha384GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformHmacSha384Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformHmacSha384Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformHmacSha384GetKlass());
}
-/**
+/**
* xmlSecTransformHmacSha512GetKlass:
*
* The HMAC-SHA512 transform klass.
@@ -698,21 +859,21 @@ xmlSecTransformHmacSha384GetKlass(void) {
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
-xmlSecTransformHmacSha512GetKlass(void) {
+xmlSecTransformId
+xmlSecTransformHmacSha512GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformHmacSha512GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformHmacSha512Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformHmacSha512Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformHmacSha512GetKlass());
}
-/**
+/**
* xmlSecTransformMd5GetKlass:
*
* MD5 digest transform klass.
@@ -721,21 +882,21 @@ xmlSecTransformHmacSha512GetKlass(void) {
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformMd5GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformMd5GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformMd5Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformMd5Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformMd5GetKlass());
}
-/**
+/**
* xmlSecTransformRipemd160GetKlass:
*
* RIPEMD-160 digest transform klass.
@@ -744,23 +905,23 @@ xmlSecTransformMd5GetKlass(void) {
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformRipemd160GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRipemd160GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformRipemd160Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformRipemd160Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformRipemd160GetKlass());
}
/**
* xmlSecTransformRsaMd5GetKlass:
- *
+ *
* The RSA-MD5 signature transform klass.
*
* Returns: RSA-MD5 signature transform klass or NULL if an error
@@ -768,22 +929,22 @@ xmlSecTransformRipemd160GetKlass(void) {
* implemented).
*/
xmlSecTransformId
-xmlSecTransformRsaMd5GetKlass(void) {
+xmlSecTransformRsaMd5GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaMd5GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformRsaMd5Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformRsaMd5Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformRsaMd5GetKlass());
}
/**
* xmlSecTransformRsaRipemd160GetKlass:
- *
+ *
* The RSA-RIPEMD160 signature transform klass.
*
* Returns: RSA-RIPEMD160 signature transform klass or NULL if an error
@@ -791,22 +952,22 @@ xmlSecTransformRsaMd5GetKlass(void) {
* implemented).
*/
xmlSecTransformId
-xmlSecTransformRsaRipemd160GetKlass(void) {
+xmlSecTransformRsaRipemd160GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaRipemd160GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformRsaRipemd160Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformRsaRipemd160Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformRsaRipemd160GetKlass());
}
/**
* xmlSecTransformRsaSha1GetKlass:
- *
+ *
* The RSA-SHA1 signature transform klass.
*
* Returns: RSA-SHA1 signature transform klass or NULL if an error
@@ -814,22 +975,22 @@ xmlSecTransformRsaRipemd160GetKlass(void) {
* implemented).
*/
xmlSecTransformId
-xmlSecTransformRsaSha1GetKlass(void) {
+xmlSecTransformRsaSha1GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaSha1GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformRsaSha1Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformRsaSha1Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformRsaSha1GetKlass());
}
/**
* xmlSecTransformRsaSha224GetKlass:
- *
+ *
* The RSA-SHA224 signature transform klass.
*
* Returns: RSA-SHA224 signature transform klass or NULL if an error
@@ -837,22 +998,22 @@ xmlSecTransformRsaSha1GetKlass(void) {
* implemented).
*/
xmlSecTransformId
-xmlSecTransformRsaSha224GetKlass(void) {
+xmlSecTransformRsaSha224GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaSha224GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformRsaSha224Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformRsaSha224Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformRsaSha224GetKlass());
}
/**
* xmlSecTransformRsaSha256GetKlass:
- *
+ *
* The RSA-SHA256 signature transform klass.
*
* Returns: RSA-SHA256 signature transform klass or NULL if an error
@@ -860,22 +1021,22 @@ xmlSecTransformRsaSha224GetKlass(void) {
* implemented).
*/
xmlSecTransformId
-xmlSecTransformRsaSha256GetKlass(void) {
+xmlSecTransformRsaSha256GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaSha256GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformRsaSha256Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformRsaSha256Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformRsaSha256GetKlass());
}
/**
* xmlSecTransformRsaSha384GetKlass:
- *
+ *
* The RSA-SHA384 signature transform klass.
*
* Returns: RSA-SHA384 signature transform klass or NULL if an error
@@ -883,22 +1044,22 @@ xmlSecTransformRsaSha256GetKlass(void) {
* implemented).
*/
xmlSecTransformId
-xmlSecTransformRsaSha384GetKlass(void) {
+xmlSecTransformRsaSha384GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaSha384GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformRsaSha384Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformRsaSha384Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformRsaSha384GetKlass());
}
/**
* xmlSecTransformRsaSha512GetKlass:
- *
+ *
* The RSA-SHA512 signature transform klass.
*
* Returns: RSA-SHA512 signature transform klass or NULL if an error
@@ -906,20 +1067,20 @@ xmlSecTransformRsaSha384GetKlass(void) {
* implemented).
*/
xmlSecTransformId
-xmlSecTransformRsaSha512GetKlass(void) {
+xmlSecTransformRsaSha512GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaSha512GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformRsaSha512Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformRsaSha512Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformRsaSha512GetKlass());
}
-/**
+/**
* xmlSecTransformRsaPkcs1GetKlass:
*
* The RSA-PKCS1 key transport transform klass.
@@ -928,21 +1089,21 @@ xmlSecTransformRsaSha512GetKlass(void) {
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
-xmlSecTransformRsaPkcs1GetKlass(void) {
+xmlSecTransformId
+xmlSecTransformRsaPkcs1GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaPkcs1GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformRsaPkcs1Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformRsaPkcs1Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformRsaPkcs1GetKlass());
}
-/**
+/**
* xmlSecTransformRsaOaepGetKlass:
*
* The RSA-OAEP key transport transform klass.
@@ -951,21 +1112,21 @@ xmlSecTransformRsaPkcs1GetKlass(void) {
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
-xmlSecTransformRsaOaepGetKlass(void) {
+xmlSecTransformId
+xmlSecTransformRsaOaepGetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaOaepGetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformRsaOaepId",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformRsaOaepId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformRsaOaepGetKlass());
}
-/**
+/**
* xmlSecTransformGostR3411_94GetKlass:
*
* GOSTR3411_94 digest transform klass.
@@ -974,22 +1135,22 @@ xmlSecTransformRsaOaepGetKlass(void) {
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformGostR3411_94GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformGostR3411_94GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformGostR3411_94Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformGostR3411_94Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformGostR3411_94GetKlass());
}
-/**
+/**
* xmlSecTransformSha1GetKlass:
*
* SHA-1 digest transform klass.
@@ -998,21 +1159,21 @@ xmlSecTransformGostR3411_94GetKlass(void) {
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformSha1GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformSha1GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformSha1Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformSha1Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformSha1GetKlass());
}
-/**
+/**
* xmlSecTransformSha224GetKlass:
*
* SHA224 digest transform klass.
@@ -1021,21 +1182,21 @@ xmlSecTransformSha1GetKlass(void) {
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformSha224GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformSha224GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformSha224Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformSha224Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformSha224GetKlass());
}
-/**
+/**
* xmlSecTransformSha256GetKlass:
*
* SHA256 digest transform klass.
@@ -1044,21 +1205,21 @@ xmlSecTransformSha224GetKlass(void) {
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformSha256GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformSha256GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformSha256Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformSha256Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformSha256GetKlass());
}
-/**
+/**
* xmlSecTransformSha384GetKlass:
*
* SHA384 digest transform klass.
@@ -1067,21 +1228,21 @@ xmlSecTransformSha256GetKlass(void) {
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformSha384GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformSha384GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformSha384Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformSha384Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformSha384GetKlass());
}
-/**
+/**
* xmlSecTransformSha512GetKlass:
*
* SHA512 digest transform klass.
@@ -1090,17 +1251,17 @@ xmlSecTransformSha384GetKlass(void) {
* occurs (the xmlsec-crypto library is not loaded or this transform is not
* implemented).
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformSha512GetKlass(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformSha512GetKlass == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "transformSha512Id",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformSha512Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(xmlSecTransformIdUnknown);
}
-
+
return(xmlSecCryptoDLGetFunctions()->transformSha512GetKlass());
}
@@ -1108,187 +1269,187 @@ xmlSecTransformSha512GetKlass(void) {
*
* High level routines form xmlsec command line utility
*
- *****************************************************************************/
+ *****************************************************************************/
/**
* xmlSecCryptoAppInit:
- * @config: the path to crypto library configuration.
+ * @config: the path to crypto library configuration.
*
* General crypto engine initialization. This function is used
- * by XMLSec command line utility and called before
+ * by XMLSec command line utility and called before
* @xmlSecInit function.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecCryptoAppInit(const char* config) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppInit == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "cryptoAppInit",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppInit",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
+
return(xmlSecCryptoDLGetFunctions()->cryptoAppInit(config));
}
/**
* xmlSecCryptoAppShutdown:
- *
+ *
* General crypto engine shutdown. This function is used
- * by XMLSec command line utility and called after
+ * by XMLSec command line utility and called after
* @xmlSecShutdown function.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecCryptoAppShutdown(void) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppShutdown == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "cryptoAppShutdown",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppShutdown",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
+
return(xmlSecCryptoDLGetFunctions()->cryptoAppShutdown());
}
/**
* xmlSecCryptoAppDefaultKeysMngrInit:
- * @mngr: the pointer to keys manager.
+ * @mngr: the pointer to keys manager.
*
* Initializes @mngr with simple keys store #xmlSecSimpleKeysStoreId
* and a default crypto key data stores.
*
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecCryptoAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppDefaultKeysMngrInit == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "cryptoAppDefaultKeysMngrInit",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppDefaultKeysMngrInit",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
+
return(xmlSecCryptoDLGetFunctions()->cryptoAppDefaultKeysMngrInit(mngr));
}
/**
* xmlSecCryptoAppDefaultKeysMngrAdoptKey:
- * @mngr: the pointer to keys manager.
- * @key: the pointer to key.
+ * @mngr: the pointer to keys manager.
+ * @key: the pointer to key.
*
* Adds @key to the keys manager @mngr created with #xmlSecCryptoAppDefaultKeysMngrInit
* function.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecCryptoAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppDefaultKeysMngrAdoptKey == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "cryptoAppDefaultKeysMngrAdoptKey",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppDefaultKeysMngrAdoptKey",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
+
return(xmlSecCryptoDLGetFunctions()->cryptoAppDefaultKeysMngrAdoptKey(mngr, key));
}
/**
* xmlSecCryptoAppDefaultKeysMngrLoad:
- * @mngr: the pointer to keys manager.
- * @uri: the uri.
+ * @mngr: the pointer to keys manager.
+ * @uri: the uri.
*
- * Loads XML keys file from @uri to the keys manager @mngr created
+ * Loads XML keys file from @uri to the keys manager @mngr created
* with #xmlSecCryptoAppDefaultKeysMngrInit function.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecCryptoAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppDefaultKeysMngrLoad == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "cryptoAppDefaultKeysMngrLoad",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppDefaultKeysMngrLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
+
return(xmlSecCryptoDLGetFunctions()->cryptoAppDefaultKeysMngrLoad(mngr, uri));
}
/**
* xmlSecCryptoAppDefaultKeysMngrSave:
- * @mngr: the pointer to keys manager.
- * @filename: the destination filename.
- * @type: the type of keys to save (public/private/symmetric).
+ * @mngr: the pointer to keys manager.
+ * @filename: the destination filename.
+ * @type: the type of keys to save (public/private/symmetric).
*
* Saves keys from @mngr to XML keys file.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecCryptoAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename,
- xmlSecKeyDataType type) {
+ xmlSecKeyDataType type) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppDefaultKeysMngrSave == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "cryptoAppDefaultKeysMngrSave",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppDefaultKeysMngrSave",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
+
return(xmlSecCryptoDLGetFunctions()->cryptoAppDefaultKeysMngrSave(mngr, filename, type));
}
/**
* xmlSecCryptoAppKeysMngrCertLoad:
- * @mngr: the keys manager.
- * @filename: the certificate file.
- * @format: the certificate file format.
- * @type: the flag that indicates is the certificate in @filename
- * trusted or not.
- *
+ * @mngr: the keys manager.
+ * @filename: the certificate file.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate in @filename
+ * trusted or not.
+ *
* Reads cert from @filename and adds to the list of trusted or known
* untrusted certs in @store.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
-xmlSecCryptoAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
- xmlSecKeyDataFormat format, xmlSecKeyDataType type) {
+int
+xmlSecCryptoAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
+ xmlSecKeyDataFormat format, xmlSecKeyDataType type) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppKeysMngrCertLoad == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "cryptoAppKeysMngrCertLoad",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppKeysMngrCertLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
+
return(xmlSecCryptoDLGetFunctions()->cryptoAppKeysMngrCertLoad(mngr, filename, format, type));
}
/**
* xmlSecCryptoAppKeysMngrCertLoadMemory:
- * @mngr: the keys manager.
- * @data: the certificate binary data.
- * @dataSize: the certificate binary data size.
- * @format: the certificate file format.
- * @type: the flag that indicates is the certificate trusted or not.
- *
+ * @mngr: the keys manager.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate trusted or not.
+ *
* Reads cert from binary buffer @data and adds to the list of trusted or known
* untrusted certs in @store.
*
@@ -1296,81 +1457,81 @@ xmlSecCryptoAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
*/
int
xmlSecCryptoAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* data,
- xmlSecSize dataSize, xmlSecKeyDataFormat format,
- xmlSecKeyDataType type) {
+ xmlSecSize dataSize, xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppKeysMngrCertLoadMemory == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "cryptoAppKeysMngrCertLoadMemory",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppKeysMngrCertLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
+
return(xmlSecCryptoDLGetFunctions()->cryptoAppKeysMngrCertLoadMemory(mngr, data, dataSize, format, type));
}
/**
* xmlSecCryptoAppKeyLoad:
- * @filename: the key filename.
- * @format: the key file format.
- * @pwd: the key file password.
- * @pwdCallback: the key password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @filename: the key filename.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key from the a file.
*
* Returns: pointer to the key or NULL if an error occurs.
*/
-xmlSecKeyPtr
+xmlSecKeyPtr
xmlSecCryptoAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
- const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
+ const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppKeyLoad == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "cryptoAppKeyLoad",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppKeyLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
-
+
return(xmlSecCryptoDLGetFunctions()->cryptoAppKeyLoad(filename, format, pwd, pwdCallback, pwdCallbackCtx));
}
/**
* xmlSecCryptoAppKeyLoadMemory:
- * @data: the binary key data.
- * @dataSize: the size of binary key.
- * @format: the key file format.
- * @pwd: the key file password.
- * @pwdCallback: the key password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @data: the binary key data.
+ * @dataSize: the size of binary key.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key from the memory buffer.
*
* Returns: pointer to the key or NULL if an error occurs.
*/
-xmlSecKeyPtr
+xmlSecKeyPtr
xmlSecCryptoAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlSecKeyDataFormat format,
- const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
+ const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppKeyLoadMemory == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "cryptoAppKeyLoadMemory",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppKeyLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
-
+
return(xmlSecCryptoDLGetFunctions()->cryptoAppKeyLoadMemory(data, dataSize, format, pwd, pwdCallback, pwdCallbackCtx));
}
-
+
/**
* xmlSecCryptoAppPkcs12Load:
- * @filename: the PKCS12 key filename.
- * @pwd: the PKCS12 file password.
- * @pwdCallback: the password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @filename: the PKCS12 key filename.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key and all associated certificates from the PKCS12 file.
* For uniformity, call xmlSecCryptoAppKeyLoad instead of this function. Pass
@@ -1378,28 +1539,28 @@ xmlSecCryptoAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlSec
*
* Returns: pointer to the key or NULL if an error occurs.
*/
-xmlSecKeyPtr
-xmlSecCryptoAppPkcs12Load(const char* filename, const char* pwd, void* pwdCallback,
- void* pwdCallbackCtx) {
+xmlSecKeyPtr
+xmlSecCryptoAppPkcs12Load(const char* filename, const char* pwd, void* pwdCallback,
+ void* pwdCallbackCtx) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppPkcs12Load == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "cryptoAppPkcs12Load",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppPkcs12Load",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
-
+
return(xmlSecCryptoDLGetFunctions()->cryptoAppPkcs12Load(filename, pwd, pwdCallback, pwdCallbackCtx));
}
/**
* xmlSecCryptoAppPkcs12LoadMemory:
- * @data: the PKCS12 binary data.
- * @dataSize: the PKCS12 binary data size.
- * @pwd: the PKCS12 file password.
- * @pwdCallback: the password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @data: the PKCS12 binary data.
+ * @dataSize: the PKCS12 binary data size.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key and all associated certificates from the PKCS12 data in memory buffer.
* For uniformity, call xmlSecCryptoAppKeyLoadMemory instead of this function. Pass
@@ -1407,69 +1568,69 @@ xmlSecCryptoAppPkcs12Load(const char* filename, const char* pwd, void* pwdCallba
*
* Returns: pointer to the key or NULL if an error occurs.
*/
-xmlSecKeyPtr
-xmlSecCryptoAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
- const char *pwd, void* pwdCallback,
- void* pwdCallbackCtx) {
+xmlSecKeyPtr
+xmlSecCryptoAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+ const char *pwd, void* pwdCallback,
+ void* pwdCallbackCtx) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppPkcs12LoadMemory == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "cryptoAppPkcs12LoadMemory",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppPkcs12LoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
-
+
return(xmlSecCryptoDLGetFunctions()->cryptoAppPkcs12LoadMemory(data, dataSize, pwd, pwdCallback, pwdCallbackCtx));
}
/**
* xmlSecCryptoAppKeyCertLoad:
- * @key: the pointer to key.
- * @filename: the certificate filename.
- * @format: the certificate file format.
+ * @key: the pointer to key.
+ * @filename: the certificate filename.
+ * @format: the certificate file format.
*
* Reads the certificate from $@filename and adds it to key.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecCryptoAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, xmlSecKeyDataFormat format) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppKeyCertLoad == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "cryptoAppKeyCertLoad",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppKeyCertLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
+
return(xmlSecCryptoDLGetFunctions()->cryptoAppKeyCertLoad(key, filename, format));
}
/**
* xmlSecCryptoAppKeyCertLoadMemory:
- * @key: the pointer to key.
- * @data: the certificate binary data.
- * @dataSize: the certificate binary data size.
- * @format: the certificate file format.
+ * @key: the pointer to key.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
*
* Reads the certificate from memory buffer and adds it to key.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
*/
-int
-xmlSecCryptoAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSize dataSize,
- xmlSecKeyDataFormat format) {
+int
+xmlSecCryptoAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecKeyDataFormat format) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppKeyCertLoadMemory == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "cryptoAppKeyCertLoadMemory",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppKeyCertLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
+
return(xmlSecCryptoDLGetFunctions()->cryptoAppKeyCertLoadMemory(key, data, dataSize, format));
}
@@ -1480,17 +1641,17 @@ xmlSecCryptoAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSe
*
* Returns: default password callback.
*/
-void*
+void*
xmlSecCryptoAppGetDefaultPwdCallback(void) {
if(xmlSecCryptoDLGetFunctions() == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
-
+
return(xmlSecCryptoDLGetFunctions()->cryptoAppDefaultPwdCallback);
}
diff --git a/src/base64.c b/src/base64.c
index 73b9e504..53e66945 100644
--- a/src/base64.c
+++ b/src/base64.c
@@ -5,7 +5,7 @@
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -22,11 +22,11 @@
#include <xmlsec/base64.h>
#include <xmlsec/errors.h>
-/*
- * the table to map numbers to base64
+/*
+ * the table to map numbers to base64
*/
static const xmlSecByte base64[] =
-{
+{
/* 0 1 2 3 4 5 6 7 */
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', /* 0 */
'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', /* 1 */
@@ -40,21 +40,21 @@ static const xmlSecByte base64[] =
/* few macros to simplify the code */
-#define xmlSecBase64Encode1(a) (((a) >> 2) & 0x3F)
-#define xmlSecBase64Encode2(a, b) ((((a) << 4) & 0x30) + (((b) >> 4) & 0x0F))
-#define xmlSecBase64Encode3(b, c) ((((b) << 2) & 0x3c) + (((c) >> 6) & 0x03))
-#define xmlSecBase64Encode4(c) ((c) & 0x3F)
+#define xmlSecBase64Encode1(a) (((a) >> 2) & 0x3F)
+#define xmlSecBase64Encode2(a, b) ((((a) << 4) & 0x30) + (((b) >> 4) & 0x0F))
+#define xmlSecBase64Encode3(b, c) ((((b) << 2) & 0x3c) + (((c) >> 6) & 0x03))
+#define xmlSecBase64Encode4(c) ((c) & 0x3F)
+
+#define xmlSecBase64Decode1(a, b) (((a) << 2) | (((b) & 0x3F) >> 4))
+#define xmlSecBase64Decode2(b, c) (((b) << 4) | (((c) & 0x3F) >> 2))
+#define xmlSecBase64Decode3(c, d) (((c) << 6) | ((d) & 0x3F))
-#define xmlSecBase64Decode1(a, b) (((a) << 2) | (((b) & 0x3F) >> 4))
-#define xmlSecBase64Decode2(b, c) (((b) << 4) | (((c) & 0x3F) >> 2))
-#define xmlSecBase64Decode3(c, d) (((c) << 6) | ((d) & 0x3F))
-
-#define xmlSecIsBase64Char(ch) ((((ch) >= 'A') && ((ch) <= 'Z')) || \
- (((ch) >= 'a') && ((ch) <= 'z')) || \
- (((ch) >= '0') && ((ch) <= '9')) || \
- ((ch) == '+') || ((ch) == '/'))
-#define xmlSecIsBase64Space(ch) (((ch) == ' ') || ((ch) == '\t') || \
- ((ch) == '\x0d') || ((ch) == '\x0a'))
+#define xmlSecIsBase64Char(ch) ((((ch) >= 'A') && ((ch) <= 'Z')) || \
+ (((ch) >= 'a') && ((ch) <= 'z')) || \
+ (((ch) >= '0') && ((ch) <= '9')) || \
+ ((ch) == '+') || ((ch) == '/'))
+#define xmlSecIsBase64Space(ch) (((ch) == ' ') || ((ch) == '\t') || \
+ ((ch) == '\x0d') || ((ch) == '\x0a'))
@@ -72,48 +72,48 @@ typedef enum {
} xmlSecBase64Status;
struct _xmlSecBase64Ctx {
- int encode;
+ int encode;
int inByte;
int inPos;
- xmlSecSize linePos;
- xmlSecSize columns;
+ xmlSecSize linePos;
+ xmlSecSize columns;
int finished;
};
-static xmlSecBase64Status xmlSecBase64CtxEncodeByte (xmlSecBase64CtxPtr ctx,
- xmlSecByte inByte,
- xmlSecByte* outByte);
-static xmlSecBase64Status xmlSecBase64CtxEncodeByteFinal (xmlSecBase64CtxPtr ctx,
- xmlSecByte* outByte);
-static xmlSecBase64Status xmlSecBase64CtxDecodeByte (xmlSecBase64CtxPtr ctx,
- xmlSecByte inByte,
- xmlSecByte* outByte);
-static int xmlSecBase64CtxEncode (xmlSecBase64CtxPtr ctx,
- const xmlSecByte* inBuf,
- xmlSecSize inBufSize,
- xmlSecSize* inBufResSize,
- xmlSecByte* outBuf,
- xmlSecSize outBufSize,
- xmlSecSize* outBufResSize);
-static int xmlSecBase64CtxEncodeFinal (xmlSecBase64CtxPtr ctx,
- xmlSecByte* outBuf,
- xmlSecSize outBufSize,
- xmlSecSize* outBufResSize);
-static int xmlSecBase64CtxDecode (xmlSecBase64CtxPtr ctx,
- const xmlSecByte* inBuf,
- xmlSecSize inBufSize,
- xmlSecSize* inBufResSize,
- xmlSecByte* outBuf,
- xmlSecSize outBufSize,
- xmlSecSize* outBufResSize);
-static int xmlSecBase64CtxDecodeIsFinished (xmlSecBase64CtxPtr ctx);
+static xmlSecBase64Status xmlSecBase64CtxEncodeByte (xmlSecBase64CtxPtr ctx,
+ xmlSecByte inByte,
+ xmlSecByte* outByte);
+static xmlSecBase64Status xmlSecBase64CtxEncodeByteFinal (xmlSecBase64CtxPtr ctx,
+ xmlSecByte* outByte);
+static xmlSecBase64Status xmlSecBase64CtxDecodeByte (xmlSecBase64CtxPtr ctx,
+ xmlSecByte inByte,
+ xmlSecByte* outByte);
+static int xmlSecBase64CtxEncode (xmlSecBase64CtxPtr ctx,
+ const xmlSecByte* inBuf,
+ xmlSecSize inBufSize,
+ xmlSecSize* inBufResSize,
+ xmlSecByte* outBuf,
+ xmlSecSize outBufSize,
+ xmlSecSize* outBufResSize);
+static int xmlSecBase64CtxEncodeFinal (xmlSecBase64CtxPtr ctx,
+ xmlSecByte* outBuf,
+ xmlSecSize outBufSize,
+ xmlSecSize* outBufResSize);
+static int xmlSecBase64CtxDecode (xmlSecBase64CtxPtr ctx,
+ const xmlSecByte* inBuf,
+ xmlSecSize inBufSize,
+ xmlSecSize* inBufResSize,
+ xmlSecByte* outBuf,
+ xmlSecSize outBufSize,
+ xmlSecSize* outBufResSize);
+static int xmlSecBase64CtxDecodeIsFinished (xmlSecBase64CtxPtr ctx);
static int g_xmlsec_base64_default_line_size = XMLSEC_BASE64_LINESIZE;
/**
* xmlSecBase64GetDefaultLineSize:
- *
+ *
* Gets the current default line size.
*
* Returns: the current default line size.
@@ -138,72 +138,72 @@ xmlSecBase64SetDefaultLineSize(int columns)
/**
* xmlSecBase64CtxCreate:
- * @encode: the encode/decode flag (1 - encode, 0 - decode)
- * @columns: the max line length.
+ * @encode: the encode/decode flag (1 - encode, 0 - decode)
+ * @columns: the max line length.
*
* Allocates and initializes new base64 context.
*
* Returns: a pointer to newly created #xmlSecBase64Ctx structure
* or NULL if an error occurs.
*/
-xmlSecBase64CtxPtr
+xmlSecBase64CtxPtr
xmlSecBase64CtxCreate(int encode, int columns) {
xmlSecBase64CtxPtr ctx;
int ret;
-
+
/*
* Allocate a new xmlSecBase64CtxPtr and fill the fields.
*/
ctx = (xmlSecBase64CtxPtr) xmlMalloc(sizeof(xmlSecBase64Ctx));
if (ctx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "sizeof(xmlSecBase64Ctx)=%d",
- sizeof(xmlSecBase64Ctx));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecBase64Ctx)=%d",
+ sizeof(xmlSecBase64Ctx));
+ return(NULL);
}
-
+
ret = xmlSecBase64CtxInitialize(ctx, encode, columns);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64CtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBase64CtxDestroy(ctx);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBase64CtxDestroy(ctx);
+ return(NULL);
}
return(ctx);
}
/**
* xmlSecBase64CtxDestroy:
- * @ctx: the pointer to #xmlSecBase64Ctx structure.
- *
+ * @ctx: the pointer to #xmlSecBase64Ctx structure.
+ *
* Destroys base64 context.
*/
void
xmlSecBase64CtxDestroy(xmlSecBase64CtxPtr ctx) {
xmlSecAssert(ctx != NULL);
-
+
xmlSecBase64CtxFinalize(ctx);
xmlFree(ctx);
}
/**
* xmlSecBase64CtxInitialize:
- * @ctx: the pointer to #xmlSecBase64Ctx structure,
- * @encode: the encode/decode flag (1 - encode, 0 - decode)
- * @columns: the max line length.
+ * @ctx: the pointer to #xmlSecBase64Ctx structure,
+ * @encode: the encode/decode flag (1 - encode, 0 - decode)
+ * @columns: the max line length.
*
* Initializes new base64 context.
*
* Returns: 0 on success and a negative value otherwise.
*/
-int
-xmlSecBase64CtxInitialize(xmlSecBase64CtxPtr ctx, int encode, int columns) {
+int
+xmlSecBase64CtxInitialize(xmlSecBase64CtxPtr ctx, int encode, int columns) {
xmlSecAssert2(ctx != NULL, -1);
memset(ctx, 0, sizeof(xmlSecBase64Ctx));
@@ -215,63 +215,63 @@ xmlSecBase64CtxInitialize(xmlSecBase64CtxPtr ctx, int encode, int columns) {
/**
* xmlSecBase64CtxFinalize:
- * @ctx: the pointer to #xmlSecBase64Ctx structure,
+ * @ctx: the pointer to #xmlSecBase64Ctx structure,
*
* Frees all the resources allocated by @ctx.
*/
-void
-xmlSecBase64CtxFinalize(xmlSecBase64CtxPtr ctx) {
+void
+xmlSecBase64CtxFinalize(xmlSecBase64CtxPtr ctx) {
xmlSecAssert(ctx != NULL);
- memset(ctx, 0, sizeof(xmlSecBase64Ctx));
-}
+ memset(ctx, 0, sizeof(xmlSecBase64Ctx));
+}
/**
* xmlSecBase64CtxUpdate:
- * @ctx: the pointer to #xmlSecBase64Ctx structure
- * @in: the input buffer
- * @inSize: the input buffer size
- * @out: the output buffer
- * @outSize: the output buffer size
+ * @ctx: the pointer to #xmlSecBase64Ctx structure
+ * @in: the input buffer
+ * @inSize: the input buffer size
+ * @out: the output buffer
+ * @outSize: the output buffer size
*
* Encodes or decodes the next piece of data from input buffer.
- *
- * Returns: the number of bytes written to output buffer or
+ *
+ * Returns: the number of bytes written to output buffer or
* -1 if an error occurs.
*/
int
xmlSecBase64CtxUpdate(xmlSecBase64CtxPtr ctx,
- const xmlSecByte *in, xmlSecSize inSize,
- xmlSecByte *out, xmlSecSize outSize) {
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize) {
xmlSecSize inResSize = 0, outResSize = 0;
int ret;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(in != NULL, -1);
xmlSecAssert2(out != NULL, -1);
if(ctx->encode != 0) {
- ret = xmlSecBase64CtxEncode(ctx, in, inSize, &inResSize,
- out, outSize, &outResSize);
- if((ret < 0) || (inResSize != inSize)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64CtxEncode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ ret = xmlSecBase64CtxEncode(ctx, in, inSize, &inResSize,
+ out, outSize, &outResSize);
+ if((ret < 0) || (inResSize != inSize)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxEncode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
} else {
- ret = xmlSecBase64CtxDecode(ctx, in, inSize, &inResSize,
- out, outSize, &outResSize);
- if((ret < 0) || (inResSize != inSize)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64CtxDecode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ ret = xmlSecBase64CtxDecode(ctx, in, inSize, &inResSize,
+ out, outSize, &outResSize);
+ if((ret < 0) || (inResSize != inSize)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxDecode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
return(outResSize);
@@ -279,50 +279,50 @@ xmlSecBase64CtxUpdate(xmlSecBase64CtxPtr ctx,
/**
* xmlSecBase64CtxFinal:
- * @ctx: the pointer to #xmlSecBase64Ctx structure
- * @out: the output buffer
- * @outSize: the output buffer size
+ * @ctx: the pointer to #xmlSecBase64Ctx structure
+ * @out: the output buffer
+ * @outSize: the output buffer size
*
* Encodes or decodes the last piece of data stored in the context
* and finalizes the result.
*
- * Returns: the number of bytes written to output buffer or
+ * Returns: the number of bytes written to output buffer or
* -1 if an error occurs.
*/
int
-xmlSecBase64CtxFinal(xmlSecBase64CtxPtr ctx,
- xmlSecByte *out, xmlSecSize outSize) {
+xmlSecBase64CtxFinal(xmlSecBase64CtxPtr ctx,
+ xmlSecByte *out, xmlSecSize outSize) {
xmlSecSize outResSize = 0;
int ret;
-
+
xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize > 0, -1);
- if(ctx->encode != 0) {
- ret = xmlSecBase64CtxEncodeFinal(ctx, out, outSize, &outResSize);
+ if(ctx->encode != 0) {
+ ret = xmlSecBase64CtxEncodeFinal(ctx, out, outSize, &outResSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64CtxEncodeFinal",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "outSize=%d", outSize);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxEncodeFinal",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
} else {
- if(!xmlSecBase64CtxDecodeIsFinished(ctx)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64CtxIsFinished",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ if(!xmlSecBase64CtxDecodeIsFinished(ctx)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxIsFinished",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
-
+
/* add \0 */
if((outResSize + 1) < outSize) {
- out[outResSize] = '\0';
+ out[outResSize] = '\0';
}
return(outResSize);
}
@@ -338,36 +338,36 @@ xmlSecBase64CtxEncodeByte(xmlSecBase64CtxPtr ctx, xmlSecByte inByte, xmlSecByte*
return(xmlSecBase64StatusConsumeAndRepeat);
} else if(ctx->inPos == 0) {
/* we just started new block */
- (*outByte) = base64[xmlSecBase64Encode1(inByte)];
+ (*outByte) = base64[xmlSecBase64Encode1(inByte)];
ctx->inByte = inByte;
++ctx->linePos;
++ctx->inPos;
return(xmlSecBase64StatusConsumeAndNext);
} else if(ctx->inPos == 1) {
- (*outByte) = base64[xmlSecBase64Encode2(ctx->inByte, inByte)];
+ (*outByte) = base64[xmlSecBase64Encode2(ctx->inByte, inByte)];
ctx->inByte = inByte;
++ctx->linePos;
++ctx->inPos;
return(xmlSecBase64StatusConsumeAndNext);
} else if(ctx->inPos == 2) {
- (*outByte) = base64[xmlSecBase64Encode3(ctx->inByte, inByte)];
+ (*outByte) = base64[xmlSecBase64Encode3(ctx->inByte, inByte)];
ctx->inByte = inByte;
++ctx->linePos;
++ctx->inPos;
return(xmlSecBase64StatusConsumeAndRepeat);
} else if(ctx->inPos == 3) {
- (*outByte) = base64[xmlSecBase64Encode4(ctx->inByte)];
+ (*outByte) = base64[xmlSecBase64Encode4(ctx->inByte)];
++ctx->linePos;
ctx->inByte = 0;
ctx->inPos = 0;
return(xmlSecBase64StatusConsumeAndNext);
}
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "ctx->inPos=%d", ctx->inPos);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "ctx->inPos=%d", ctx->inPos);
return(xmlSecBase64StatusFailed);
}
@@ -397,68 +397,68 @@ xmlSecBase64CtxEncodeByteFinal(xmlSecBase64CtxPtr ctx, xmlSecByte* outByte) {
return(xmlSecBase64StatusConsumeAndRepeat);
}
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "ctx->inPos=%d", ctx->inPos);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "ctx->inPos=%d", ctx->inPos);
return(xmlSecBase64StatusFailed);
}
static xmlSecBase64Status
xmlSecBase64CtxDecodeByte(xmlSecBase64CtxPtr ctx, xmlSecByte inByte, xmlSecByte* outByte) {
xmlSecAssert2(ctx != NULL, xmlSecBase64StatusFailed);
- xmlSecAssert2(outByte != NULL, xmlSecBase64StatusFailed);
+ xmlSecAssert2(outByte != NULL, xmlSecBase64StatusFailed);
if((ctx->finished != 0) && (ctx->inPos == 0)) {
return(xmlSecBase64StatusDone);
} if(inByte == '=') {
ctx->finished = 1;
if(ctx->inPos < 2) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "ctx->inPos=%d", ctx->inPos);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "ctx->inPos=%d", ctx->inPos);
return(xmlSecBase64StatusFailed);
} else if(ctx->inPos == 2) {
++ctx->inPos;
- return(xmlSecBase64StatusNext);
+ return(xmlSecBase64StatusNext);
} else if(ctx->inPos == 3) {
ctx->inPos = 0;
return(xmlSecBase64StatusNext);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "ctx->inPos=%d", ctx->inPos);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "ctx->inPos=%d", ctx->inPos);
return(xmlSecBase64StatusFailed);
}
} else if(xmlSecIsBase64Space(inByte)) {
return(xmlSecBase64StatusNext);
} else if(!xmlSecIsBase64Char(inByte) || (ctx->finished != 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "inByte=0x%02x", inByte);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "inByte=0x%02x", inByte);
return(xmlSecBase64StatusFailed);
}
/* convert from character to position in base64 array */
if((inByte >= 'A') && (inByte <= 'Z')) {
- inByte = (inByte - 'A');
+ inByte = (inByte - 'A');
} else if((inByte >= 'a') && (inByte <= 'z')) {
- inByte = 26 + (inByte - 'a');
+ inByte = 26 + (inByte - 'a');
} else if((inByte >= '0') && (inByte <= '9')) {
- inByte = 52 + (inByte - '0');
+ inByte = 52 + (inByte - '0');
} else if(inByte == '+') {
- inByte = 62;
+ inByte = 62;
} else if(inByte == '/') {
- inByte = 63;
+ inByte = 63;
}
-
+
if(ctx->inPos == 0) {
ctx->inByte = inByte;
++ctx->inPos;
@@ -480,22 +480,22 @@ xmlSecBase64CtxDecodeByte(xmlSecBase64CtxPtr ctx, xmlSecByte inByte, xmlSecByte*
return(xmlSecBase64StatusConsumeAndNext);
}
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "ctx->inPos=%d", ctx->inPos);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "ctx->inPos=%d", ctx->inPos);
return(xmlSecBase64StatusFailed);
}
static int
-xmlSecBase64CtxEncode(xmlSecBase64CtxPtr ctx,
+xmlSecBase64CtxEncode(xmlSecBase64CtxPtr ctx,
const xmlSecByte* inBuf, xmlSecSize inBufSize, xmlSecSize* inBufResSize,
xmlSecByte* outBuf, xmlSecSize outBufSize, xmlSecSize* outBufResSize) {
xmlSecBase64Status status = xmlSecBase64StatusNext;
xmlSecSize inPos, outPos;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(inBuf != NULL, -1);
xmlSecAssert2(inBufResSize != NULL, -1);
@@ -516,11 +516,11 @@ xmlSecBase64CtxEncode(xmlSecBase64CtxPtr ctx,
case xmlSecBase64StatusNext:
case xmlSecBase64StatusDone:
case xmlSecBase64StatusFailed:
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64CtxEncodeByte",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "status=%d", status);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxEncodeByte",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "status=%d", status);
return(-1);
}
}
@@ -532,11 +532,11 @@ xmlSecBase64CtxEncode(xmlSecBase64CtxPtr ctx,
}
static int
-xmlSecBase64CtxEncodeFinal(xmlSecBase64CtxPtr ctx,
+xmlSecBase64CtxEncodeFinal(xmlSecBase64CtxPtr ctx,
xmlSecByte* outBuf, xmlSecSize outBufSize, xmlSecSize* outBufResSize) {
xmlSecBase64Status status = xmlSecBase64StatusNext;
xmlSecSize outPos;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(outBuf != NULL, -1);
xmlSecAssert2(outBufResSize != NULL, -1);
@@ -553,21 +553,21 @@ xmlSecBase64CtxEncodeFinal(xmlSecBase64CtxPtr ctx,
break;
case xmlSecBase64StatusNext:
case xmlSecBase64StatusFailed:
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64CtxEncodeByteFinal",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "status=%d", status);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxEncodeByteFinal",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "status=%d", status);
return(-1);
}
}
if(status != xmlSecBase64StatusDone) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "outBufSize=%d", outBufSize);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "outBufSize=%d", outBufSize);
return(-1);
}
if(outPos < outBufSize) {
@@ -580,12 +580,12 @@ xmlSecBase64CtxEncodeFinal(xmlSecBase64CtxPtr ctx,
static int
-xmlSecBase64CtxDecode(xmlSecBase64CtxPtr ctx,
+xmlSecBase64CtxDecode(xmlSecBase64CtxPtr ctx,
const xmlSecByte* inBuf, xmlSecSize inBufSize, xmlSecSize* inBufResSize,
xmlSecByte* outBuf, xmlSecSize outBufSize, xmlSecSize* outBufResSize) {
xmlSecBase64Status status = xmlSecBase64StatusNext;
xmlSecSize inPos, outPos;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(inBuf != NULL, -1);
xmlSecAssert2(inBufResSize != NULL, -1);
@@ -609,11 +609,11 @@ xmlSecBase64CtxDecode(xmlSecBase64CtxPtr ctx,
case xmlSecBase64StatusDone:
break;
case xmlSecBase64StatusFailed:
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64CtxDecodeByte",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "status=%d", status);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxDecodeByte",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "status=%d", status);
return(-1);
}
}
@@ -638,23 +638,23 @@ xmlSecBase64CtxDecodeIsFinished(xmlSecBase64CtxPtr ctx) {
/**
* xmlSecBase64Encode:
- * @buf: the input buffer.
- * @len: the input buffer size.
- * @columns: the output max line length (if 0 then no line breaks
- * would be inserted)
+ * @buf: the input buffer.
+ * @len: the input buffer size.
+ * @columns: the output max line length (if 0 then no line breaks
+ * would be inserted)
*
* Encodes the data from input buffer and allocates the string for the result.
* The caller is responsible for freeing returned buffer using
* xmlFree() function.
*
- * Returns: newly allocated string with base64 encoded data
+ * Returns: newly allocated string with base64 encoded data
* or NULL if an error occurs.
*/
xmlChar*
xmlSecBase64Encode(const xmlSecByte *buf, xmlSecSize len, int columns) {
xmlSecBase64Ctx ctx;
xmlChar *ptr;
- xmlSecSize size;
+ xmlSecSize size;
int size_update, size_final;
int ret;
@@ -662,72 +662,72 @@ xmlSecBase64Encode(const xmlSecByte *buf, xmlSecSize len, int columns) {
ret = xmlSecBase64CtxInitialize(&ctx, 1, columns);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64CtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
-
+
/* create result buffer */
size = (4 * len) / 3 + 4;
if(columns > 0) {
- size += (size / columns) + 4;
+ size += (size / columns) + 4;
}
ptr = (xmlChar*) xmlMalloc(size);
if(ptr == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", size);
- xmlSecBase64CtxFinalize(&ctx);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", size);
+ xmlSecBase64CtxFinalize(&ctx);
+ return(NULL);
}
ret = xmlSecBase64CtxUpdate(&ctx, buf, len, (xmlSecByte*)ptr, size);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64CtxUpdate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "len=%d", len);
- xmlFree(ptr);
- xmlSecBase64CtxFinalize(&ctx);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxUpdate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "len=%d", len);
+ xmlFree(ptr);
+ xmlSecBase64CtxFinalize(&ctx);
+ return(NULL);
}
size_update = ret;
ret = xmlSecBase64CtxFinal(&ctx, ((xmlSecByte*)ptr) + size_update, size - size_update);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64CtxFinal",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(ptr);
- xmlSecBase64CtxFinalize(&ctx);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxFinal",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(ptr);
+ xmlSecBase64CtxFinalize(&ctx);
+ return(NULL);
}
size_final = ret;
ptr[size_update + size_final] = '\0';
-
+
xmlSecBase64CtxFinalize(&ctx);
return(ptr);
}
/**
* xmlSecBase64Decode:
- * @str: the input buffer with base64 encoded string
- * @buf: the output buffer
- * @len: the output buffer size
+ * @str: the input buffer with base64 encoded string
+ * @buf: the output buffer
+ * @len: the output buffer size
*
* Decodes input base64 encoded string and puts result into
* the output buffer.
*
- * Returns: the number of bytes written to the output buffer or
- * a negative value if an error occurs
+ * Returns: the number of bytes written to the output buffer or
+ * a negative value if an error occurs
*/
int
xmlSecBase64Decode(const xmlChar* str, xmlSecByte *buf, xmlSecSize len) {
@@ -741,37 +741,37 @@ xmlSecBase64Decode(const xmlChar* str, xmlSecByte *buf, xmlSecSize len) {
ret = xmlSecBase64CtxInitialize(&ctx, 0, 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64CtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
ret = xmlSecBase64CtxUpdate(&ctx, (const xmlSecByte*)str, xmlStrlen(str), buf, len);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64CtxUpdate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBase64CtxFinalize(&ctx);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxUpdate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBase64CtxFinalize(&ctx);
+ return(-1);
}
size_update = ret;
ret = xmlSecBase64CtxFinal(&ctx, buf + size_update, len - size_update);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64CtxFinal",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBase64CtxFinalize(&ctx);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxFinal",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBase64CtxFinalize(&ctx);
+ return(-1);
}
- size_final = ret;
+ size_final = ret;
xmlSecBase64CtxFinalize(&ctx);
return(size_update + size_final);
@@ -782,46 +782,46 @@ xmlSecBase64Decode(const xmlChar* str, xmlSecByte *buf, xmlSecSize len) {
* Base64 Transform
*
* xmlSecBase64Ctx is located after xmlSecTransform
- *
+ *
**************************************************************/
#define xmlSecBase64Size \
- (sizeof(xmlSecTransform) + sizeof(xmlSecBase64Ctx))
+ (sizeof(xmlSecTransform) + sizeof(xmlSecBase64Ctx))
#define xmlSecBase64GetCtx(transform) \
((xmlSecTransformCheckSize((transform), xmlSecBase64Size)) ? \
- (xmlSecBase64CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)) : \
- (xmlSecBase64CtxPtr)NULL)
+ (xmlSecBase64CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)) : \
+ (xmlSecBase64CtxPtr)NULL)
-static int xmlSecBase64Initialize (xmlSecTransformPtr transform);
-static void xmlSecBase64Finalize (xmlSecTransformPtr transform);
-static int xmlSecBase64Execute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
+static int xmlSecBase64Initialize (xmlSecTransformPtr transform);
+static void xmlSecBase64Finalize (xmlSecTransformPtr transform);
+static int xmlSecBase64Execute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
static xmlSecTransformKlass xmlSecBase64Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecBase64Size, /* xmlSecSize objSize */
-
- xmlSecNameBase64, /* const xmlChar* name; */
- xmlSecHrefBase64, /* const xmlChar* href; */
- xmlSecTransformUsageDSigTransform, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecBase64Initialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecBase64Finalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecBase64Execute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecBase64Size, /* xmlSecSize objSize */
+
+ xmlSecNameBase64, /* const xmlChar* name; */
+ xmlSecHrefBase64, /* const xmlChar* href; */
+ xmlSecTransformUsageDSigTransform, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecBase64Initialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecBase64Finalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecBase64Execute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
@@ -829,42 +829,42 @@ static xmlSecTransformKlass xmlSecBase64Klass = {
*
* The Base64 transform klass (http://www.w3.org/TR/xmldsig-core/#sec-Base-64).
* The normative specification for base64 decoding transforms is RFC 2045
- * (http://www.ietf.org/rfc/rfc2045.txt). The base64 Transform element has
- * no content. The input is decoded by the algorithms. This transform is
- * useful if an application needs to sign the raw data associated with
+ * (http://www.ietf.org/rfc/rfc2045.txt). The base64 Transform element has
+ * no content. The input is decoded by the algorithms. This transform is
+ * useful if an application needs to sign the raw data associated with
* the encoded content of an element.
*
* Returns: base64 transform id.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformBase64GetKlass(void) {
return(&xmlSecBase64Klass);
}
/**
* xmlSecTransformBase64SetLineSize:
- * @transform: the pointer to BASE64 encode transform.
- * @lineSize: the new max line size.
+ * @transform: the pointer to BASE64 encode transform.
+ * @lineSize: the new max line size.
*
* Sets the max line size to @lineSize.
*/
void
xmlSecTransformBase64SetLineSize(xmlSecTransformPtr transform, xmlSecSize lineSize) {
xmlSecBase64CtxPtr ctx;
-
+
xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecTransformBase64Id));
-
+
ctx = xmlSecBase64GetCtx(transform);
xmlSecAssert(ctx != NULL);
-
- ctx->columns = lineSize;
+
+ ctx->columns = lineSize;
}
static int
xmlSecBase64Initialize(xmlSecTransformPtr transform) {
xmlSecBase64CtxPtr ctx;
int ret;
-
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformBase64Id), -1);
ctx = xmlSecBase64GetCtx(transform);
@@ -873,30 +873,30 @@ xmlSecBase64Initialize(xmlSecTransformPtr transform) {
transform->operation = xmlSecTransformOperationDecode;
ret = xmlSecBase64CtxInitialize(ctx, 0, xmlSecBase64GetDefaultLineSize());
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBase64CtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBase64CtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
return(0);
}
static void
xmlSecBase64Finalize(xmlSecTransformPtr transform) {
xmlSecBase64CtxPtr ctx;
-
+
xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecTransformBase64Id));
ctx = xmlSecBase64GetCtx(transform);
xmlSecAssert(ctx != NULL);
-
+
xmlSecBase64CtxFinalize(ctx);
}
-static int
+static int
xmlSecBase64Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecBase64CtxPtr ctx;
xmlSecBufferPtr in, out;
@@ -906,127 +906,127 @@ xmlSecBase64Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPt
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformBase64Id), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncode) || (transform->operation == xmlSecTransformOperationDecode), -1);
xmlSecAssert2(transformCtx != NULL, -1);
-
+
ctx = xmlSecBase64GetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
-
+
in = &(transform->inBuf);
out = &(transform->outBuf);
if(transform->status == xmlSecTransformStatusNone) {
- ctx->encode = (transform->operation == xmlSecTransformOperationEncode) ? 1 : 0;
- transform->status = xmlSecTransformStatusWorking;
+ ctx->encode = (transform->operation == xmlSecTransformOperationEncode) ? 1 : 0;
+ transform->status = xmlSecTransformStatusWorking;
}
switch(transform->status) {
- case xmlSecTransformStatusWorking:
- inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
- if(inSize > 0) {
- if(ctx->encode != 0) {
- outLen = 4 * inSize / 3 + 8;
- if(ctx->columns > 0) {
- outLen += inSize / ctx->columns + 4;
- }
- } else {
- outLen = 3 * inSize / 4 + 8;
- }
- ret = xmlSecBufferSetMaxSize(out, outSize + outLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + outLen);
- return(-1);
- }
-
- /* encode/decode the next chunk */
- ret = xmlSecBase64CtxUpdate(ctx, xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(out) + outSize,
- outLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBase64CtxUpdate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- outLen = ret;
-
- /* set correct size */
- ret = xmlSecBufferSetSize(out, outSize + outLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + outLen);
- return(-1);
- }
-
- /* remove chunk from input */
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
- }
-
- if(last) {
- outSize = xmlSecBufferGetSize(out);
-
- ret = xmlSecBufferSetMaxSize(out, outSize + 16);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + 16);
- return(-1);
- }
-
- /* add from ctx buffer */
- ret = xmlSecBase64CtxFinal(ctx, xmlSecBufferGetData(out) + outSize, 16);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBase64CtxFinal",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- outLen = ret;
-
- /* set correct size */
- ret = xmlSecBufferSetSize(out, outSize + outLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + outLen);
- return(-1);
- }
- transform->status = xmlSecTransformStatusFinished;
- }
- break;
- case xmlSecTransformStatusFinished:
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
- break;
- default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ case xmlSecTransformStatusWorking:
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ if(inSize > 0) {
+ if(ctx->encode != 0) {
+ outLen = 4 * inSize / 3 + 8;
+ if(ctx->columns > 0) {
+ outLen += inSize / ctx->columns + 4;
+ }
+ } else {
+ outLen = 3 * inSize / 4 + 8;
+ }
+ ret = xmlSecBufferSetMaxSize(out, outSize + outLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
+ }
+
+ /* encode/decode the next chunk */
+ ret = xmlSecBase64CtxUpdate(ctx, xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out) + outSize,
+ outLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBase64CtxUpdate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outLen = ret;
+
+ /* set correct size */
+ ret = xmlSecBufferSetSize(out, outSize + outLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
+ }
+
+ /* remove chunk from input */
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+
+ if(last) {
+ outSize = xmlSecBufferGetSize(out);
+
+ ret = xmlSecBufferSetMaxSize(out, outSize + 16);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + 16);
+ return(-1);
+ }
+
+ /* add from ctx buffer */
+ ret = xmlSecBase64CtxFinal(ctx, xmlSecBufferGetData(out) + outSize, 16);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBase64CtxFinal",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outLen = ret;
+
+ /* set correct size */
+ ret = xmlSecBufferSetSize(out, outSize + outLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ break;
+ case xmlSecTransformStatusFinished:
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
return(0);
}
diff --git a/src/bn.c b/src/bn.c
index 5a26de28..06a31d5b 100644
--- a/src/bn.c
+++ b/src/bn.c
@@ -1,20 +1,20 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* Big Numbers.
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
- * Copyrigth (C) 2003 Cordys R&D BV, All rights reserved.
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
*/
#include "globals.h"
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
-
+
#include <libxml/tree.h>
#include <xmlsec/xmlsec.h>
@@ -44,10 +44,10 @@ static const int xmlSecBnLookupTable[] =
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1
};
-static const char xmlSecBnRevLookupTable[] =
-{
- '0', '1', '2', '3', '4', '5', '6', '7',
- '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'
+static const char xmlSecBnRevLookupTable[] =
+{
+ '0', '1', '2', '3', '4', '5', '6', '7',
+ '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'
};
/*****************************************************************************
@@ -57,118 +57,118 @@ static const char xmlSecBnRevLookupTable[] =
****************************************************************************/
/**
* xmlSecBnCreate:
- * @size: the initial allocated BN size.
+ * @size: the initial allocated BN size.
*
* Creates a new BN object. Caller is responsible for destroying it
* by calling @xmlSecBnDestroy function.
*
* Returns: the newly BN or a NULL if an error occurs.
*/
-xmlSecBnPtr
+xmlSecBnPtr
xmlSecBnCreate(xmlSecSize size) {
return(xmlSecBufferCreate(size));
}
/**
* xmlSecBnDestroy:
- * @bn: the pointer to BN.
+ * @bn: the pointer to BN.
*
* Destroys @bn object created with @xmlSecBnCreate function.
*/
-void
+void
xmlSecBnDestroy(xmlSecBnPtr bn) {
xmlSecBufferDestroy(bn);
}
/**
* xmlSecBnInitialize:
- * @bn: the pointer to BN.
- * @size: the initial allocated BN size.
+ * @bn: the pointer to BN.
+ * @size: the initial allocated BN size.
*
* Initializes a BN object. Caller is responsible for destroying it
* by calling @xmlSecBnFinalize function.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecBnInitialize(xmlSecBnPtr bn, xmlSecSize size) {
return(xmlSecBufferInitialize(bn, size));
}
/**
* xmlSecBnFinalize:
- * @bn: the pointer to BN.
+ * @bn: the pointer to BN.
*
* Destroys @bn object created with @xmlSecBnInitialize function.
*/
-void
+void
xmlSecBnFinalize(xmlSecBnPtr bn) {
xmlSecBufferFinalize(bn);
}
/**
* xmlSecBnGetData:
- * @bn: the pointer to BN.
+ * @bn: the pointer to BN.
*
* Gets pointer to the binary @bn representation.
- *
+ *
* Returns: pointer to binary BN data or NULL if an error occurs.
*/
-xmlSecByte*
+xmlSecByte*
xmlSecBnGetData(xmlSecBnPtr bn) {
return(xmlSecBufferGetData(bn));
}
/**
* xmlSecBnSetData:
- * @bn: the pointer to BN.
- * @data: the pointer to new BN binary data.
- * @size: the size of new BN data.
+ * @bn: the pointer to BN.
+ * @data: the pointer to new BN binary data.
+ * @size: the size of new BN data.
*
* Sets the value of @bn to @data.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecBnSetData(xmlSecBnPtr bn, const xmlSecByte* data, xmlSecSize size) {
return(xmlSecBufferSetData(bn, data, size));
}
/**
* xmlSecBnGetSize:
- * @bn: the pointer to BN.
+ * @bn: the pointer to BN.
*
* Gets the size of binary data in @bn.
*
* Returns: the size of binary data.
*/
-xmlSecSize
+xmlSecSize
xmlSecBnGetSize(xmlSecBnPtr bn) {
return(xmlSecBufferGetSize(bn));
}
/**
* xmlSecBnZero:
- * @bn: the pointer to BN.
+ * @bn: the pointer to BN.
*
* Sets the value of @bn to zero.
*/
-void
+void
xmlSecBnZero(xmlSecBnPtr bn) {
xmlSecBufferEmpty(bn);
}
/**
* xmlSecBnFromString:
- * @bn: the pointer to BN.
- * @str: the string with BN.
- * @base: the base for @str.
+ * @bn: the pointer to BN.
+ * @str: the string with BN.
+ * @base: the base for @str.
*
* Reads @bn from string @str assuming it has base @base.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) {
xmlSecSize i, len, size;
xmlSecByte ch;
@@ -187,21 +187,21 @@ xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) {
if(len == 0) {
return(0);
}
-
+
/* The result size could not exceed the input string length
* because each char fits inside a byte in all cases :)
* In truth, it would be likely less than 1/2 input string length
- * because each byte is represented by 2 chars. If needed,
+ * because each byte is represented by 2 chars. If needed,
* buffer size would be increased by Mul/Add functions.
* Finally, we can add one byte for 00 or 10 prefix.
*/
ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1 + 1);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBnRevLookupTable",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", len / 2 + 1);
+ NULL,
+ "xmlSecBnRevLookupTable",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", len / 2 + 1);
return (-1);
}
@@ -213,9 +213,9 @@ xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) {
/* skip spaces */
if(isspace(ch)) {
- continue;
- }
-
+ continue;
+ }
+
/* check if it is + or - */
if(ch == '+') {
positive = 1;
@@ -235,13 +235,13 @@ xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) {
--i; /* make sure that we will look at this character in next loop */
break;
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "char=%c;base=%d",
- ch, base);
- return (-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "char=%c;base=%d",
+ ch, base);
+ return (-1);
}
}
@@ -249,40 +249,40 @@ xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) {
while(i < len) {
ch = str[i++];
if(isspace(ch)) {
- continue;
+ continue;
}
xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1);
nn = xmlSecBnLookupTable[ch];
if((nn < 0) || ((xmlSecSize)nn > base)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "char=%c;base=%d",
- ch, base);
- return (-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "char=%c;base=%d",
+ ch, base);
+ return (-1);
}
ret = xmlSecBnMul(bn, base);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBnMul",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "base=%d", base);
- return (-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnMul",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "base=%d", base);
+ return (-1);
}
ret = xmlSecBnAdd(bn, nn);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBnAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "base=%d", base);
- return (-1);
-}
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "base=%d", base);
+ return (-1);
+}
}
/* check if we need to add 00 prefix, do this for empty bn too */
@@ -308,7 +308,7 @@ xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) {
for(i = 0; i < size; ++i) {
data[i] ^= 0xFF;
}
-
+
ret = xmlSecBnAdd(bn, 1);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -325,15 +325,15 @@ xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) {
/**
* xmlSecBnToString:
- * @bn: the pointer to BN.
- * @base: the base for returned string.
+ * @bn: the pointer to BN.
+ * @base: the base for returned string.
*
- * Writes @bn to string with base @base. Caller is responsible for
+ * Writes @bn to string with base @base. Caller is responsible for
* freeing returned string with @xmlFree.
*
* Returns: the string represenataion if BN or a NULL if an error occurs.
*/
-xmlChar*
+xmlChar*
xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) {
xmlSecBn bn2;
int positive = 1;
@@ -361,7 +361,7 @@ xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) {
"size=%d", size);
return (NULL);
}
-
+
ret = xmlSecBnSetData(&bn2, data, size);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -398,18 +398,18 @@ xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) {
}
/* Result string len is
- * len = log base (256) * <bn size>
- * Since the smallest base == 2 then we can get away with
- * len = 8 * <bn size>
+ * len = log base (256) * <bn size>
+ * Since the smallest base == 2 then we can get away with
+ * len = 8 * <bn size>
*/
len = 8 * size + 1 + 1;
res = (xmlChar*)xmlMalloc(len + 1);
if(res == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "len=%d", len);
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "len=%d", len);
xmlSecBnFinalize(&bn2);
return (NULL);
}
@@ -454,70 +454,70 @@ xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) {
/**
* xmlSecBnFromHexString:
- * @bn: the pointer to BN.
- * @str: the string with BN.
+ * @bn: the pointer to BN.
+ * @str: the string with BN.
*
* Reads @bn from hex string @str.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecBnFromHexString(xmlSecBnPtr bn, const xmlChar* str) {
return(xmlSecBnFromString(bn, str, 16));
}
/**
* xmlSecBnToHexString:
- * @bn: the pointer to BN.
+ * @bn: the pointer to BN.
*
- * Writes @bn to hex string. Caller is responsible for
+ * Writes @bn to hex string. Caller is responsible for
* freeing returned string with @xmlFree.
*
* Returns: the string represenataion if BN or a NULL if an error occurs.
*/
-xmlChar*
+xmlChar*
xmlSecBnToHexString(xmlSecBnPtr bn) {
return(xmlSecBnToString(bn, 16));
}
/**
* xmlSecBnFromDecString:
- * @bn: the pointer to BN.
- * @str: the string with BN.
+ * @bn: the pointer to BN.
+ * @str: the string with BN.
*
* Reads @bn from decimal string @str.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecBnFromDecString(xmlSecBnPtr bn, const xmlChar* str) {
return(xmlSecBnFromString(bn, str, 10));
}
/**
* xmlSecBnToDecString:
- * @bn: the pointer to BN.
+ * @bn: the pointer to BN.
*
- * Writes @bn to decimal string. Caller is responsible for
+ * Writes @bn to decimal string. Caller is responsible for
* freeing returned string with @xmlFree.
*
* Returns: the string represenataion if BN or a NULL if an error occurs.
*/
-xmlChar*
+xmlChar*
xmlSecBnToDecString(xmlSecBnPtr bn) {
return(xmlSecBnToString(bn, 10));
}
/**
* xmlSecBnMul:
- * @bn: the pointer to BN.
- * @multiplier: the multiplier.
+ * @bn: the pointer to BN.
+ * @multiplier: the multiplier.
*
* Multiplies @bn with @multiplier.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecBnMul(xmlSecBnPtr bn, int multiplier) {
xmlSecByte* data;
int over;
@@ -529,49 +529,49 @@ xmlSecBnMul(xmlSecBnPtr bn, int multiplier) {
xmlSecAssert2(multiplier > 0, -1);
if(multiplier == 1) {
- return(0);
+ return(0);
}
data = xmlSecBufferGetData(bn);
i = xmlSecBufferGetSize(bn);
- over = 0;
+ over = 0;
while(i > 0) {
- xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
- over = over + multiplier * data[--i];
- data[i] = over % 256;
- over = over / 256;
+ over = over + multiplier * data[--i];
+ data[i] = over % 256;
+ over = over / 256;
}
-
+
while(over > 0) {
- ch = over % 256;
- over = over / 256;
-
- ret = xmlSecBufferPrepend(bn, &ch, 1);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferPrepend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=1");
- return (-1);
- }
+ ch = over % 256;
+ over = over / 256;
+
+ ret = xmlSecBufferPrepend(bn, &ch, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferPrepend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=1");
+ return (-1);
+ }
}
-
+
return(0);
}
/**
* xmlSecBnDiv:
- * @bn: the pointer to BN.
- * @divider: the divider
- * @mod: the pointer for modulus result.
+ * @bn: the pointer to BN.
+ * @divider: the divider
+ * @mod: the pointer for modulus result.
*
* Divides @bn by @divider and places modulus into @mod.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecBnDiv(xmlSecBnPtr bn, int divider, int* mod) {
int over;
xmlSecSize i, size;
@@ -583,52 +583,52 @@ xmlSecBnDiv(xmlSecBnPtr bn, int divider, int* mod) {
xmlSecAssert2(mod != NULL, -1);
if(divider == 1) {
- return(0);
+ return(0);
}
data = xmlSecBufferGetData(bn);
size = xmlSecBufferGetSize(bn);
for(over = 0, i = 0; i < size; i++) {
- xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
- over = over * 256 + data[i];
- data[i] = over / divider;
- over = over % divider;
+ over = over * 256 + data[i];
+ data[i] = over / divider;
+ over = over % divider;
}
(*mod) = over;
-
+
/* remove leading zeros */
for(i = 0; i < size; i++) {
- xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
- if(data[i] != 0) {
- break;
- }
+ if(data[i] != 0) {
+ break;
+ }
}
if(i > 0) {
- ret = xmlSecBufferRemoveHead(bn, i);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", i);
- return (-1);
- }
+ ret = xmlSecBufferRemoveHead(bn, i);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", i);
+ return (-1);
+ }
}
return(0);
}
/**
* xmlSecBnAdd:
- * @bn: the pointer to BN.
- * @delta: the delta.
+ * @bn: the pointer to BN.
+ * @delta: the delta.
*
* Adds @delta to @bn.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecBnAdd(xmlSecBnPtr bn, int delta) {
int over, tmp;
xmlSecByte* data;
@@ -639,41 +639,41 @@ xmlSecBnAdd(xmlSecBnPtr bn, int delta) {
xmlSecAssert2(bn != NULL, -1);
if(delta == 0) {
- return(0);
+ return(0);
}
data = xmlSecBufferGetData(bn);
if(delta > 0) {
for(over = delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0) ;) {
- xmlSecAssert2(data != NULL, -1);
-
+ xmlSecAssert2(data != NULL, -1);
+
tmp = data[--i];
- over += tmp;
- data[i] = over % 256;
- over = over / 256;
+ over += tmp;
+ data[i] = over % 256;
+ over = over / 256;
}
-
+
while(over > 0) {
- ch = over % 256;
- over = over / 256;
-
- ret = xmlSecBufferPrepend(bn, &ch, 1);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferPrepend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=1");
- return (-1);
- }
+ ch = over % 256;
+ over = over / 256;
+
+ ret = xmlSecBufferPrepend(bn, &ch, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferPrepend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=1");
+ return (-1);
+ }
}
} else {
for(over = -delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0);) {
- xmlSecAssert2(data != NULL, -1);
-
+ xmlSecAssert2(data != NULL, -1);
+
tmp = data[--i];
if(tmp < over) {
- data[i] = 0;
+ data[i] = 0;
over = (over - tmp) / 256;
} else {
data[i] = tmp - over;
@@ -686,13 +686,13 @@ xmlSecBnAdd(xmlSecBnPtr bn, int delta) {
/**
* xmlSecBnReverse:
- * @bn: the pointer to BN.
+ * @bn: the pointer to BN.
*
* Reverses bytes order in @bn.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecBnReverse(xmlSecBnPtr bn) {
xmlSecByte* data;
xmlSecSize i, j, size;
@@ -703,28 +703,28 @@ xmlSecBnReverse(xmlSecBnPtr bn) {
data = xmlSecBufferGetData(bn);
size = xmlSecBufferGetSize(bn);
for(i = 0, j = size - 1; i < size / 2; ++i, --j) {
- xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
- ch = data[i];
- data[i] = data[j];
- data[j] = ch;
- }
+ ch = data[i];
+ data[i] = data[j];
+ data[j] = ch;
+ }
return(0);
}
/**
* xmlSecBnCompare:
- * @bn: the pointer to BN.
- * @data: the data to compare BN to.
- * @dataSize: the @data size.
+ * @bn: the pointer to BN.
+ * @data: the data to compare BN to.
+ * @dataSize: the @data size.
*
* Compares the @bn with @data.
*
* Returns: 0 if data is equal, negative value if @bn is less or positive value if @bn
* is greater than @data.
*/
-int
+int
xmlSecBnCompare(xmlSecBnPtr bn, const xmlSecByte* data, xmlSecSize dataSize) {
xmlSecByte* bnData;
xmlSecSize bnSize;
@@ -736,25 +736,25 @@ xmlSecBnCompare(xmlSecBnPtr bn, const xmlSecByte* data, xmlSecSize dataSize) {
/* skip zeros in the beggining */
while((dataSize > 0) && (data != 0) && (data[0] == 0)) {
- ++data;
- --dataSize;
+ ++data;
+ --dataSize;
}
while((bnSize > 0) && (bnData != 0) && (bnData[0] == 0)) {
- ++bnData;
- --bnSize;
+ ++bnData;
+ --bnSize;
}
if(((bnData == NULL) || (bnSize == 0)) && ((data == NULL) || (dataSize == 0))) {
- return(0);
+ return(0);
} else if((bnData == NULL) || (bnSize == 0)) {
- return(-1);
+ return(-1);
} else if((data == NULL) || (dataSize == 0)) {
- return(1);
+ return(1);
} else if(bnSize < dataSize) {
- return(-1);
+ return(-1);
} else if(bnSize > dataSize) {
- return(-1);
- }
+ return(-1);
+ }
xmlSecAssert2(bnData != NULL, -1);
xmlSecAssert2(data != NULL, -1);
@@ -765,16 +765,16 @@ xmlSecBnCompare(xmlSecBnPtr bn, const xmlSecByte* data, xmlSecSize dataSize) {
/**
* xmlSecBnCompareReverse:
- * @bn: the pointer to BN.
- * @data: the data to compare BN to.
- * @dataSize: the @data size.
+ * @bn: the pointer to BN.
+ * @data: the data to compare BN to.
+ * @dataSize: the @data size.
*
* Compares the @bn with reverse @data.
*
* Returns: 0 if data is equal, negative value if @bn is less or positive value if @bn
* is greater than @data.
*/
-int
+int
xmlSecBnCompareReverse(xmlSecBnPtr bn, const xmlSecByte* data, xmlSecSize dataSize) {
xmlSecByte* bnData;
xmlSecSize bnSize;
@@ -787,34 +787,34 @@ xmlSecBnCompareReverse(xmlSecBnPtr bn, const xmlSecByte* data, xmlSecSize dataSi
/* skip zeros in the beggining */
while((dataSize > 0) && (data != 0) && (data[dataSize - 1] == 0)) {
- --dataSize;
+ --dataSize;
}
while((bnSize > 0) && (bnData != 0) && (bnData[0] == 0)) {
- ++bnData;
- --bnSize;
+ ++bnData;
+ --bnSize;
}
if(((bnData == NULL) || (bnSize == 0)) && ((data == NULL) || (dataSize == 0))) {
- return(0);
+ return(0);
} else if((bnData == NULL) || (bnSize == 0)) {
- return(-1);
+ return(-1);
} else if((data == NULL) || (dataSize == 0)) {
- return(1);
+ return(1);
} else if(bnSize < dataSize) {
- return(-1);
+ return(-1);
} else if(bnSize > dataSize) {
- return(-1);
- }
+ return(-1);
+ }
xmlSecAssert2(bnData != NULL, -1);
xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(bnSize == dataSize, -1);
for(i = 0, j = dataSize - 1; i < dataSize; ++i, --j) {
- if(bnData[i] < data[j]) {
- return(-1);
- } else if(data[j] < bnData[i]) {
- return(1);
- }
+ if(bnData[i] < data[j]) {
+ return(-1);
+ } else if(data[j] < bnData[i]) {
+ return(1);
+ }
}
return(0);
@@ -822,16 +822,16 @@ xmlSecBnCompareReverse(xmlSecBnPtr bn, const xmlSecByte* data, xmlSecSize dataSi
/**
* xmlSecBnGetNodeValue:
- * @bn: the pointer to BN.
- * @cur: the poitner to an XML node.
- * @format: the BN format.
- * @reverse: if set then reverse read buffer after reading.
+ * @bn: the pointer to BN.
+ * @cur: the poitner to an XML node.
+ * @format: the BN format.
+ * @reverse: if set then reverse read buffer after reading.
*
* Converts the node content from @format to @bn.
*
* Returns: 0 on success and a negative values if an error occurs.
*/
-int
+int
xmlSecBnGetNodeValue(xmlSecBnPtr bn, xmlNodePtr cur, xmlSecBnFormat format, int reverse) {
xmlChar* content;
int ret;
@@ -841,89 +841,89 @@ xmlSecBnGetNodeValue(xmlSecBnPtr bn, xmlNodePtr cur, xmlSecBnFormat format, int
switch(format) {
case xmlSecBnBase64:
- ret = xmlSecBufferBase64NodeContentRead(bn, cur);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferBase64NodeContentRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- break;
+ ret = xmlSecBufferBase64NodeContentRead(bn, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferBase64NodeContentRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ break;
case xmlSecBnHex:
- content = xmlNodeGetContent(cur);
- if(content == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNodeGetContent",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- ret = xmlSecBnFromHexString(bn, content);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBnFromHexString",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(content);
- return(-1);
- }
- xmlFree(content);
- break;
+ content = xmlNodeGetContent(cur);
+ if(content == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNodeGetContent",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ ret = xmlSecBnFromHexString(bn, content);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnFromHexString",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+ xmlFree(content);
+ break;
case xmlSecBnDec:
- content = xmlNodeGetContent(cur);
- if(content == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNodeGetContent",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- ret = xmlSecBnFromDecString(bn, content);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBnFromDecString",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(content);
- return(-1);
- }
- xmlFree(content);
- break;
+ content = xmlNodeGetContent(cur);
+ if(content == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNodeGetContent",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ ret = xmlSecBnFromDecString(bn, content);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnFromDecString",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+ xmlFree(content);
+ break;
}
if(reverse != 0) {
- ret = xmlSecBnReverse(bn);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBnReverse",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ ret = xmlSecBnReverse(bn);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnReverse",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
return(0);
}
/**
* xmlSecBnSetNodeValue:
- * @bn: the pointer to BN.
- * @cur: the poitner to an XML node.
- * @format: the BN format.
- * @reverse: the flag that indicates whether to reverse the buffer before writing.
- * @addLineBreaks: the flag; it is equal to 1 then linebreaks will be added before and after new buffer content.
+ * @bn: the pointer to BN.
+ * @cur: the poitner to an XML node.
+ * @format: the BN format.
+ * @reverse: the flag that indicates whether to reverse the buffer before writing.
+ * @addLineBreaks: the flag; it is equal to 1 then linebreaks will be added before and after new buffer content.
*
* Converts the @bn and sets it to node content.
*
* Returns: 0 on success and a negative values if an error occurs.
*/
-int
+int
xmlSecBnSetNodeValue(xmlSecBnPtr bn, xmlNodePtr cur, xmlSecBnFormat format, int reverse, int addLineBreaks) {
xmlChar* content;
int ret;
@@ -932,65 +932,65 @@ xmlSecBnSetNodeValue(xmlSecBnPtr bn, xmlNodePtr cur, xmlSecBnFormat format, int
xmlSecAssert2(cur != NULL, -1);
if(reverse != 0) {
- ret = xmlSecBnReverse(bn);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBnReverse",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ ret = xmlSecBnReverse(bn);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnReverse",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
if(addLineBreaks) {
- xmlNodeAddContent(cur, xmlSecStringCR);
+ xmlNodeAddContent(cur, xmlSecStringCR);
}
switch(format) {
case xmlSecBnBase64:
- ret = xmlSecBufferBase64NodeContentWrite(bn, cur, xmlSecBase64GetDefaultLineSize());
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferBase64NodeContentWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- break;
+ ret = xmlSecBufferBase64NodeContentWrite(bn, cur, xmlSecBase64GetDefaultLineSize());
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferBase64NodeContentWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ break;
case xmlSecBnHex:
- content = xmlSecBnToHexString(bn);
- if(content == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBnToHexString",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(content);
- return(-1);
- }
- xmlNodeSetContent(cur, content);
- xmlFree(content);
- break;
+ content = xmlSecBnToHexString(bn);
+ if(content == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnToHexString",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+ xmlNodeSetContent(cur, content);
+ xmlFree(content);
+ break;
case xmlSecBnDec:
- content = xmlSecBnToDecString(bn);
- if(content == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBnToDecString",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(content);
- return(-1);
- }
- xmlNodeSetContent(cur, content);
- xmlFree(content);
- break;
+ content = xmlSecBnToDecString(bn);
+ if(content == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnToDecString",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+ xmlNodeSetContent(cur, content);
+ xmlFree(content);
+ break;
}
if(addLineBreaks) {
- xmlNodeAddContent(cur, xmlSecStringCR);
+ xmlNodeAddContent(cur, xmlSecStringCR);
}
return(0);
@@ -998,23 +998,23 @@ xmlSecBnSetNodeValue(xmlSecBnPtr bn, xmlNodePtr cur, xmlSecBnFormat format, int
/**
* xmlSecBnBlobSetNodeValue:
- * @data: the pointer to BN blob.
- * @dataSize: the size of BN blob.
- * @cur: the poitner to an XML node.
- * @format: the BN format.
- * @reverse: the flag that indicates whether to reverse the buffer before writing.
- * @addLineBreaks: if the flag is equal to 1 then
- * linebreaks will be added before and after
- * new buffer content.
+ * @data: the pointer to BN blob.
+ * @dataSize: the size of BN blob.
+ * @cur: the poitner to an XML node.
+ * @format: the BN format.
+ * @reverse: the flag that indicates whether to reverse the buffer before writing.
+ * @addLineBreaks: if the flag is equal to 1 then
+ * linebreaks will be added before and after
+ * new buffer content.
*
* Converts the @blob and sets it to node content.
*
* Returns: 0 on success and a negative values if an error occurs.
*/
-int
-xmlSecBnBlobSetNodeValue(const xmlSecByte* data, xmlSecSize dataSize,
- xmlNodePtr cur, xmlSecBnFormat format, int reverse,
- int addLineBreaks) {
+int
+xmlSecBnBlobSetNodeValue(const xmlSecByte* data, xmlSecSize dataSize,
+ xmlNodePtr cur, xmlSecBnFormat format, int reverse,
+ int addLineBreaks) {
xmlSecBn bn;
int ret;
@@ -1023,34 +1023,34 @@ xmlSecBnBlobSetNodeValue(const xmlSecByte* data, xmlSecSize dataSize,
ret = xmlSecBnInitialize(&bn, dataSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBnInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ret = xmlSecBnSetData(&bn, data, dataSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBnSetData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBnFinalize(&bn);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBnFinalize(&bn);
+ return(-1);
}
ret = xmlSecBnSetNodeValue(&bn, cur, format, reverse, addLineBreaks);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBnSetNodeValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBnFinalize(&bn);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnSetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBnFinalize(&bn);
+ return(-1);
}
xmlSecBnFinalize(&bn);
diff --git a/src/buffer.c b/src/buffer.c
index c13fe44f..0efbfed2 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -1,11 +1,11 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* Memory buffer.
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -33,22 +33,22 @@ static xmlSecSize gInitialSize = 1024;
/**
* xmlSecBufferSetDefaultAllocMode:
- * @defAllocMode: the new default buffer allocation mode.
- * @defInitialSize: the new default buffer minimal intial size.
- *
+ * @defAllocMode: the new default buffer allocation mode.
+ * @defInitialSize: the new default buffer minimal intial size.
+ *
* Sets new global default allocation mode and minimal intial size.
*/
-void
+void
xmlSecBufferSetDefaultAllocMode(xmlSecAllocMode defAllocMode, xmlSecSize defInitialSize) {
xmlSecAssert(defInitialSize > 0);
-
+
gAllocMode = defAllocMode;
gInitialSize = defInitialSize;
}
/**
* xmlSecBufferCreate:
- * @size: the intial size.
+ * @size: the intial size.
*
* Allocates and initalizes new memory buffer with given size.
* Caller is responsible for calling #xmlSecBufferDestroy function
@@ -56,83 +56,83 @@ xmlSecBufferSetDefaultAllocMode(xmlSecAllocMode defAllocMode, xmlSecSize defInit
*
* Returns: pointer to newly allocated buffer or NULL if an error occurs.
*/
-xmlSecBufferPtr
+xmlSecBufferPtr
xmlSecBufferCreate(xmlSecSize size) {
xmlSecBufferPtr buf;
int ret;
-
+
buf = (xmlSecBufferPtr)xmlMalloc(sizeof(xmlSecBuffer));
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "sizeof(xmlSecBuffer)=%d", sizeof(xmlSecBuffer));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecBuffer)=%d", sizeof(xmlSecBuffer));
+ return(NULL);
}
-
+
ret = xmlSecBufferInitialize(buf, size);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", size);
- xmlSecBufferDestroy(buf);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ xmlSecBufferDestroy(buf);
+ return(NULL);
}
return(buf);
}
/**
* xmlSecBufferDestroy:
- * @buf: the pointer to buffer object.
+ * @buf: the pointer to buffer object.
*
* Desrtoys buffer object created with #xmlSecBufferCreate function.
*/
-void
+void
xmlSecBufferDestroy(xmlSecBufferPtr buf) {
xmlSecAssert(buf != NULL);
-
+
xmlSecBufferFinalize(buf);
xmlFree(buf);
}
/**
* xmlSecBufferInitialize:
- * @buf: the pointer to buffer object.
- * @size: the initial buffer size.
+ * @buf: the pointer to buffer object.
+ * @size: the initial buffer size.
*
* Initializes buffer object @buf. Caller is responsible for calling
* #xmlSecBufferFinalize function to free allocated resources.
- *
+ *
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecBufferInitialize(xmlSecBufferPtr buf, xmlSecSize size) {
xmlSecAssert2(buf != NULL, -1);
buf->data = NULL;
buf->size = buf->maxSize = 0;
buf->allocMode = gAllocMode;
-
+
return(xmlSecBufferSetMaxSize(buf, size));
}
/**
* xmlSecBufferFinalize:
- * @buf: the pointer to buffer object.
+ * @buf: the pointer to buffer object.
*
* Frees allocated resource for a buffer intialized with #xmlSecBufferInitialize
* function.
*/
-void
+void
xmlSecBufferFinalize(xmlSecBufferPtr buf) {
xmlSecAssert(buf != NULL);
- xmlSecBufferEmpty(buf);
+ xmlSecBufferEmpty(buf);
if(buf->data != 0) {
- xmlFree(buf->data);
+ xmlFree(buf->data);
}
buf->data = NULL;
buf->size = buf->maxSize = 0;
@@ -140,83 +140,83 @@ xmlSecBufferFinalize(xmlSecBufferPtr buf) {
/**
* xmlSecBufferEmpty:
- * @buf: the pointer to buffer object.
+ * @buf: the pointer to buffer object.
*
* Empties the buffer.
*/
void
xmlSecBufferEmpty(xmlSecBufferPtr buf) {
xmlSecAssert(buf != NULL);
-
+
if(buf->data != 0) {
- xmlSecAssert(buf->maxSize > 0);
+ xmlSecAssert(buf->maxSize > 0);
- memset(buf->data, 0, buf->maxSize);
+ memset(buf->data, 0, buf->maxSize);
}
buf->size = 0;
}
/**
* xmlSecBufferGetData:
- * @buf: the pointer to buffer object.
+ * @buf: the pointer to buffer object.
*
* Gets pointer to buffer's data.
*
* Returns: pointer to buffer's data.
*/
-xmlSecByte*
+xmlSecByte*
xmlSecBufferGetData(xmlSecBufferPtr buf) {
xmlSecAssert2(buf != NULL, NULL);
-
+
return(buf->data);
}
/**
* xmlSecBufferSetData:
- * @buf: the pointer to buffer object.
- * @data: the data.
- * @size: the data size.
+ * @buf: the pointer to buffer object.
+ * @data: the data.
+ * @size: the data size.
*
* Sets the value of the buffer to @data.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecBufferSetData(xmlSecBufferPtr buf, const xmlSecByte* data, xmlSecSize size) {
int ret;
-
+
xmlSecAssert2(buf != NULL, -1);
xmlSecBufferEmpty(buf);
if(size > 0) {
- xmlSecAssert2(data != NULL, -1);
-
- ret = xmlSecBufferSetMaxSize(buf, size);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", size);
- return(-1);
+ xmlSecAssert2(data != NULL, -1);
+
+ ret = xmlSecBufferSetMaxSize(buf, size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return(-1);
}
-
- memcpy(buf->data, data, size);
+
+ memcpy(buf->data, data, size);
}
-
- buf->size = size;
+
+ buf->size = size;
return(0);
}
/**
* xmlSecBufferGetSize:
- * @buf: the pointer to buffer object.
+ * @buf: the pointer to buffer object.
*
* Gets the current buffer data size.
*
* Returns: the current data size.
*/
-xmlSecSize
+xmlSecSize
xmlSecBufferGetSize(xmlSecBufferPtr buf) {
xmlSecAssert2(buf != NULL, 0);
@@ -225,44 +225,44 @@ xmlSecBufferGetSize(xmlSecBufferPtr buf) {
/**
* xmlSecBufferSetSize:
- * @buf: the pointer to buffer object.
- * @size: the new data size.
+ * @buf: the pointer to buffer object.
+ * @size: the new data size.
*
- * Sets new buffer data size. If necessary, buffer grows to
- * have at least @size bytes.
+ * Sets new buffer data size. If necessary, buffer grows to
+ * have at least @size bytes.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecBufferSetSize(xmlSecBufferPtr buf, xmlSecSize size) {
int ret;
-
+
xmlSecAssert2(buf != NULL, -1);
ret = xmlSecBufferSetMaxSize(buf, size);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", size);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return(-1);
}
-
-
+
+
buf->size = size;
return(0);
}
/**
* xmlSecBufferGetMaxSize:
- * @buf: the pointer to buffer object.
+ * @buf: the pointer to buffer object.
*
* Gets the maximum (allocated) buffer size.
*
* Returns: the maximum (allocated) buffer size.
*/
-xmlSecSize
+xmlSecSize
xmlSecBufferGetMaxSize(xmlSecBufferPtr buf) {
xmlSecAssert2(buf != NULL, 0);
@@ -271,104 +271,104 @@ xmlSecBufferGetMaxSize(xmlSecBufferPtr buf) {
/**
* xmlSecBufferSetMaxSize:
- * @buf: the pointer to buffer object.
- * @size: the new maximum size.
+ * @buf: the pointer to buffer object.
+ * @size: the new maximum size.
*
- * Sets new buffer maximum size. If necessary, buffer grows to
- * have at least @size bytes.
+ * Sets new buffer maximum size. If necessary, buffer grows to
+ * have at least @size bytes.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecBufferSetMaxSize(xmlSecBufferPtr buf, xmlSecSize size) {
xmlSecByte* newData;
xmlSecSize newSize = 0;
-
+
xmlSecAssert2(buf != NULL, -1);
if(size <= buf->maxSize) {
- return(0);
+ return(0);
}
-
+
switch(buf->allocMode) {
- case xmlSecAllocModeExact:
- newSize = size + 8;
- break;
- case xmlSecAllocModeDouble:
- newSize = 2 * size + 32;
- break;
+ case xmlSecAllocModeExact:
+ newSize = size + 8;
+ break;
+ case xmlSecAllocModeDouble:
+ newSize = 2 * size + 32;
+ break;
}
if(newSize < gInitialSize) {
- newSize = gInitialSize;
+ newSize = gInitialSize;
}
-
+
if(buf->data != NULL) {
- newData = (xmlSecByte*)xmlRealloc(buf->data, newSize);
+ newData = (xmlSecByte*)xmlRealloc(buf->data, newSize);
} else {
- newData = (xmlSecByte*)xmlMalloc(newSize);
+ newData = (xmlSecByte*)xmlMalloc(newSize);
}
if(newData == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", newSize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", newSize);
+ return(-1);
}
-
+
buf->data = newData;
buf->maxSize = newSize;
if(buf->size < buf->maxSize) {
- xmlSecAssert2(buf->data != NULL, -1);
- memset(buf->data + buf->size, 0, buf->maxSize - buf->size);
+ xmlSecAssert2(buf->data != NULL, -1);
+ memset(buf->data + buf->size, 0, buf->maxSize - buf->size);
}
-
+
return(0);
}
/**
* xmlSecBufferAppend:
- * @buf: the pointer to buffer object.
- * @data: the data.
- * @size: the data size.
+ * @buf: the pointer to buffer object.
+ * @data: the data.
+ * @size: the data size.
*
* Appends the @data after the current data stored in the buffer.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecBufferAppend(xmlSecBufferPtr buf, const xmlSecByte* data, xmlSecSize size) {
int ret;
-
+
xmlSecAssert2(buf != NULL, -1);
if(size > 0) {
- xmlSecAssert2(data != NULL, -1);
-
+ xmlSecAssert2(data != NULL, -1);
+
ret = xmlSecBufferSetMaxSize(buf, buf->size + size);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", buf->size + size);
- return(-1);
- }
-
- memcpy(buf->data + buf->size, data, size);
- buf->size += size;
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", buf->size + size);
+ return(-1);
+ }
+
+ memcpy(buf->data + buf->size, data, size);
+ buf->size += size;
}
-
+
return(0);
}
/**
* xmlSecBufferPrepend:
- * @buf: the pointer to buffer object.
- * @data: the data.
- * @size: the data size.
+ * @buf: the pointer to buffer object.
+ * @data: the data.
+ * @size: the data size.
*
* Prepends the @data before the current data stored in the buffer.
*
@@ -377,93 +377,93 @@ xmlSecBufferAppend(xmlSecBufferPtr buf, const xmlSecByte* data, xmlSecSize size)
int
xmlSecBufferPrepend(xmlSecBufferPtr buf, const xmlSecByte* data, xmlSecSize size) {
int ret;
-
+
xmlSecAssert2(buf != NULL, -1);
if(size > 0) {
- xmlSecAssert2(data != NULL, -1);
-
- ret = xmlSecBufferSetMaxSize(buf, buf->size + size);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", buf->size + size);
- return(-1);
- }
-
- memmove(buf->data + size, buf->data, buf->size);
- memcpy(buf->data, data, size);
- buf->size += size;
+ xmlSecAssert2(data != NULL, -1);
+
+ ret = xmlSecBufferSetMaxSize(buf, buf->size + size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", buf->size + size);
+ return(-1);
+ }
+
+ memmove(buf->data + size, buf->data, buf->size);
+ memcpy(buf->data, data, size);
+ buf->size += size;
}
-
+
return(0);
}
/**
* xmlSecBufferRemoveHead:
- * @buf: the pointer to buffer object.
- * @size: the number of bytes to be removed.
+ * @buf: the pointer to buffer object.
+ * @size: the number of bytes to be removed.
*
* Removes @size bytes from the beginning of the current buffer.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecBufferRemoveHead(xmlSecBufferPtr buf, xmlSecSize size) {
xmlSecAssert2(buf != NULL, -1);
-
+
if(size < buf->size) {
- xmlSecAssert2(buf->data != NULL, -1);
-
- buf->size -= size;
- memmove(buf->data, buf->data + size, buf->size);
+ xmlSecAssert2(buf->data != NULL, -1);
+
+ buf->size -= size;
+ memmove(buf->data, buf->data + size, buf->size);
} else {
- buf->size = 0;
+ buf->size = 0;
}
if(buf->size < buf->maxSize) {
- xmlSecAssert2(buf->data != NULL, -1);
- memset(buf->data + buf->size, 0, buf->maxSize - buf->size);
+ xmlSecAssert2(buf->data != NULL, -1);
+ memset(buf->data + buf->size, 0, buf->maxSize - buf->size);
}
return(0);
}
/**
* xmlSecBufferRemoveTail:
- * @buf: the pointer to buffer object.
- * @size: the number of bytes to be removed.
+ * @buf: the pointer to buffer object.
+ * @size: the number of bytes to be removed.
*
* Removes @size bytes from the end of current buffer.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecBufferRemoveTail(xmlSecBufferPtr buf, xmlSecSize size) {
xmlSecAssert2(buf != NULL, -1);
if(size < buf->size) {
- buf->size -= size;
+ buf->size -= size;
} else {
- buf->size = 0;
+ buf->size = 0;
}
if(buf->size < buf->maxSize) {
- xmlSecAssert2(buf->data != NULL, -1);
- memset(buf->data + buf->size, 0, buf->maxSize - buf->size);
+ xmlSecAssert2(buf->data != NULL, -1);
+ memset(buf->data + buf->size, 0, buf->maxSize - buf->size);
}
return(0);
}
/**
* xmlSecBufferReadFile:
- * @buf: the pointer to buffer object.
- * @filename: the filename.
+ * @buf: the pointer to buffer object.
+ * @filename: the filename.
*
* Reads the content of the file @filename in the buffer.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecBufferReadFile(xmlSecBufferPtr buf, const char* filename) {
xmlSecByte buffer[1024];
FILE* f;
@@ -474,43 +474,43 @@ xmlSecBufferReadFile(xmlSecBufferPtr buf, const char* filename) {
f = fopen(filename, "rb");
if(f == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "fopen",
- XMLSEC_ERRORS_R_IO_FAILED,
- "filename=%s;errno=%d",
- xmlSecErrorsSafeString(filename),
- errno);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "fopen",
+ XMLSEC_ERRORS_R_IO_FAILED,
+ "filename=%s;errno=%d",
+ xmlSecErrorsSafeString(filename),
+ errno);
+ return(-1);
}
while(1) {
len = fread(buffer, 1, sizeof(buffer), f);
- if(len == 0) {
+ if(len == 0) {
break;
}else if(len < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"fread",
XMLSEC_ERRORS_R_IO_FAILED,
- "filename=%s;errno=%d",
+ "filename=%s;errno=%d",
xmlSecErrorsSafeString(filename),
- errno);
+ errno);
fclose(f);
return(-1);
}
- ret = xmlSecBufferAppend(buf, buffer, len);
- if(ret < 0) {
+ ret = xmlSecBufferAppend(buf, buffer, len);
+ if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecBufferAppend",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d",
+ "size=%d",
len);
fclose(f);
return(-1);
- }
+ }
}
fclose(f);
@@ -519,101 +519,101 @@ xmlSecBufferReadFile(xmlSecBufferPtr buf, const char* filename) {
/**
* xmlSecBufferBase64NodeContentRead:
- * @buf: the pointer to buffer object.
- * @node: the pointer to node.
+ * @buf: the pointer to buffer object.
+ * @node: the pointer to node.
*
* Reads the content of the @node, base64 decodes it and stores the
* result in the buffer.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecBufferBase64NodeContentRead(xmlSecBufferPtr buf, xmlNodePtr node) {
xmlChar* content;
xmlSecSize size;
int ret;
-
+
xmlSecAssert2(buf != NULL, -1);
xmlSecAssert2(node != NULL, -1);
content = xmlNodeGetContent(node);
if(content == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
/* base64 decode size is less than input size */
ret = xmlSecBufferSetMaxSize(buf, xmlStrlen(content));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(content);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
}
-
+
ret = xmlSecBase64Decode(content, xmlSecBufferGetData(buf), xmlSecBufferGetMaxSize(buf));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Decode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(content);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
}
size = ret;
ret = xmlSecBufferSetSize(buf, size);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", size);
- xmlFree(content);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ xmlFree(content);
+ return(-1);
}
xmlFree(content);
-
+
return(0);
}
/**
* xmlSecBufferBase64NodeContentWrite:
- * @buf: the pointer to buffer object.
- * @node: the pointer to a node.
- * @columns: the max line size fro base64 encoded data.
+ * @buf: the pointer to buffer object.
+ * @node: the pointer to a node.
+ * @columns: the max line size fro base64 encoded data.
*
* Sets the content of the @node to the base64 encoded buffer data.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecBufferBase64NodeContentWrite(xmlSecBufferPtr buf, xmlNodePtr node, int columns) {
xmlChar* content;
-
+
xmlSecAssert2(buf != NULL, -1);
xmlSecAssert2(node != NULL, -1);
content = xmlSecBase64Encode(xmlSecBufferGetData(buf), xmlSecBufferGetSize(buf), columns);
if(content == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
xmlNodeAddContent(node, content);
xmlFree(content);
-
+
return(0);
}
@@ -621,54 +621,54 @@ xmlSecBufferBase64NodeContentWrite(xmlSecBufferPtr buf, xmlNodePtr node, int col
*
* IO buffer
*
- ************************************************************************/
-static int xmlSecBufferIOWrite (xmlSecBufferPtr buf,
- const xmlSecByte *data,
- xmlSecSize size);
-static int xmlSecBufferIOClose (xmlSecBufferPtr buf);
+ ************************************************************************/
+static int xmlSecBufferIOWrite (xmlSecBufferPtr buf,
+ const xmlSecByte *data,
+ xmlSecSize size);
+static int xmlSecBufferIOClose (xmlSecBufferPtr buf);
/**
* xmlSecBufferCreateOutputBuffer:
- * @buf: the pointer to buffer.
+ * @buf: the pointer to buffer.
*
- * Creates new LibXML output buffer to store data in the @buf. Caller is
- * responsible for destroying @buf when processing is done.
+ * Creates new LibXML output buffer to store data in the @buf. Caller is
+ * responsible for destroying @buf when processing is done.
*
* Returns: pointer to newly allocated output buffer or NULL if an error
* occurs.
*/
-xmlOutputBufferPtr
+xmlOutputBufferPtr
xmlSecBufferCreateOutputBuffer(xmlSecBufferPtr buf) {
return(xmlOutputBufferCreateIO((xmlOutputWriteCallback)xmlSecBufferIOWrite,
- (xmlOutputCloseCallback)xmlSecBufferIOClose,
- buf,
- NULL));
+ (xmlOutputCloseCallback)xmlSecBufferIOClose,
+ buf,
+ NULL));
}
-static int
+static int
xmlSecBufferIOWrite(xmlSecBufferPtr buf, const xmlSecByte *data, xmlSecSize size) {
int ret;
-
+
xmlSecAssert2(buf != NULL, -1);
xmlSecAssert2(data != NULL, -1);
-
+
ret = xmlSecBufferAppend(buf, data, size);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", size);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return(-1);
}
-
- return(size);
+
+ return(size);
}
-static int
+static int
xmlSecBufferIOClose(xmlSecBufferPtr buf) {
xmlSecAssert2(buf != NULL, -1);
-
+
/* just do nothing */
return(0);
}
diff --git a/src/c14n.c b/src/c14n.c
index 384e2d86..5967a35e 100644
--- a/src/c14n.c
+++ b/src/c14n.c
@@ -1,11 +1,11 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* Canonicalization transforms.
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -28,16 +28,16 @@
*
* C14N transforms
*
- * Inclusive namespaces list for ExclC14N (xmlSecStringList) is located
+ * Inclusive namespaces list for ExclC14N (xmlSecStringList) is located
* after xmlSecTransform structure
- *
+ *
*****************************************************************************/
-#define xmlSecTransformC14NSize \
+#define xmlSecTransformC14NSize \
(sizeof(xmlSecTransform) + sizeof(xmlSecPtrList))
#define xmlSecTransformC14NGetNsList(transform) \
((xmlSecTransformCheckSize((transform), xmlSecTransformC14NSize)) ? \
- (xmlSecPtrListPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)) : \
- (xmlSecPtrListPtr)NULL)
+ (xmlSecPtrListPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)) : \
+ (xmlSecPtrListPtr)NULL)
#define xmlSecTransformC14NCheckId(transform) \
(xmlSecTransformInclC14NCheckId((transform)) || \
@@ -55,41 +55,41 @@
xmlSecTransformCheckId((transform), xmlSecTransformExclC14NWithCommentsId) )
-static int xmlSecTransformC14NInitialize (xmlSecTransformPtr transform);
-static void xmlSecTransformC14NFinalize (xmlSecTransformPtr transform);
-static int xmlSecTransformC14NNodeRead (xmlSecTransformPtr transform,
- xmlNodePtr node,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecTransformC14NPushXml (xmlSecTransformPtr transform,
- xmlSecNodeSetPtr nodes,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecTransformC14NPopBin (xmlSecTransformPtr transform,
- xmlSecByte* data,
- xmlSecSize maxDataSize,
- xmlSecSize* dataSize,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecTransformC14NExecute (xmlSecTransformId id,
- xmlSecNodeSetPtr nodes,
- xmlChar** nsList,
- xmlOutputBufferPtr buf);
+static int xmlSecTransformC14NInitialize (xmlSecTransformPtr transform);
+static void xmlSecTransformC14NFinalize (xmlSecTransformPtr transform);
+static int xmlSecTransformC14NNodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecTransformC14NPushXml (xmlSecTransformPtr transform,
+ xmlSecNodeSetPtr nodes,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecTransformC14NPopBin (xmlSecTransformPtr transform,
+ xmlSecByte* data,
+ xmlSecSize maxDataSize,
+ xmlSecSize* dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecTransformC14NExecute (xmlSecTransformId id,
+ xmlSecNodeSetPtr nodes,
+ xmlChar** nsList,
+ xmlOutputBufferPtr buf);
static int
xmlSecTransformC14NInitialize(xmlSecTransformPtr transform) {
xmlSecPtrListPtr nsList;
int ret;
-
+
xmlSecAssert2(xmlSecTransformC14NCheckId(transform), -1);
nsList = xmlSecTransformC14NGetNsList(transform);
xmlSecAssert2(nsList != NULL, -1);
-
+
ret = xmlSecPtrListInitialize(nsList, xmlSecStringListId);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecPtrListInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
@@ -102,7 +102,7 @@ xmlSecTransformC14NFinalize(xmlSecTransformPtr transform) {
nsList = xmlSecTransformC14NGetNsList(transform);
xmlSecAssert(xmlSecPtrListCheckId(nsList, xmlSecStringListId));
-
+
xmlSecPtrListFinalize(nsList);
}
@@ -113,105 +113,105 @@ xmlSecTransformC14NNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSe
xmlChar *list;
xmlChar *p, *n, *tmp;
int ret;
-
+
/* we have something to read only for exclusive c14n transforms */
xmlSecAssert2(xmlSecTransformExclC14NCheckId(transform), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
-
+
nsList = xmlSecTransformC14NGetNsList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(nsList) == 0, -1);
-
+
/* there is only one optional node */
- cur = xmlSecGetNextElementNode(node->children);
+ cur = xmlSecGetNextElementNode(node->children);
if(cur != NULL) {
- if(!xmlSecCheckNodeName(cur, xmlSecNodeInclusiveNamespaces, xmlSecNsExcC14N)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ if(!xmlSecCheckNodeName(cur, xmlSecNodeInclusiveNamespaces, xmlSecNsExcC14N)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
list = xmlGetProp(cur, xmlSecAttrPrefixList);
- if(list == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecAttrPrefixList),
- XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
-
+ if(list == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecAttrPrefixList),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+
/* the list of namespaces is space separated */
- for(p = n = list; ((p != NULL) && ((*p) != '\0')); p = n) {
- n = (xmlChar*)xmlStrchr(p, ' ');
- if(n != NULL) {
- *(n++) = '\0';
- }
-
- tmp = xmlStrdup(p);
- if(tmp == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_STRDUP_FAILED,
- "len=%d", xmlStrlen(p));
- xmlFree(list);
- return(-1);
- }
-
- ret = xmlSecPtrListAdd(nsList, tmp);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(tmp);
- xmlFree(list);
- return(-1);
- }
- }
+ for(p = n = list; ((p != NULL) && ((*p) != '\0')); p = n) {
+ n = (xmlChar*)xmlStrchr(p, ' ');
+ if(n != NULL) {
+ *(n++) = '\0';
+ }
+
+ tmp = xmlStrdup(p);
+ if(tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_STRDUP_FAILED,
+ "len=%d", xmlStrlen(p));
+ xmlFree(list);
+ return(-1);
+ }
+
+ ret = xmlSecPtrListAdd(nsList, tmp);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(tmp);
+ xmlFree(list);
+ return(-1);
+ }
+ }
xmlFree(list);
- /* add NULL at the end */
+ /* add NULL at the end */
ret = xmlSecPtrListAdd(nsList, NULL);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- cur = xmlSecGetNextElementNode(cur->next);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(cur->next);
}
-
+
/* check that we have nothing else */
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
- return(0);
+ return(0);
}
-static int
+static int
xmlSecTransformC14NPushXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr nodes,
- xmlSecTransformCtxPtr transformCtx) {
+ xmlSecTransformCtxPtr transformCtx) {
xmlOutputBufferPtr buf;
xmlSecPtrListPtr nsList;
int ret;
-
+
xmlSecAssert2(xmlSecTransformC14NCheckId(transform), -1);
xmlSecAssert2(nodes != NULL, -1);
xmlSecAssert2(nodes->doc != NULL, -1);
@@ -220,42 +220,42 @@ xmlSecTransformC14NPushXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr nodes,
/* check/update current transform status */
switch(transform->status) {
case xmlSecTransformStatusNone:
- transform->status = xmlSecTransformStatusWorking;
- break;
+ transform->status = xmlSecTransformStatusWorking;
+ break;
case xmlSecTransformStatusWorking:
case xmlSecTransformStatusFinished:
- return(0);
+ return(0);
default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
xmlSecAssert2(transform->status == xmlSecTransformStatusWorking, -1);
/* prepare output buffer: next transform or ourselves */
if(transform->next != NULL) {
- buf = xmlSecTransformCreateOutputBuffer(transform->next, transformCtx);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecTransformCreateOutputBuffer",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ buf = xmlSecTransformCreateOutputBuffer(transform->next, transformCtx);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformCreateOutputBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
} else {
- buf = xmlSecBufferCreateOutputBuffer(&(transform->outBuf));
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferCreateOutputBuffer",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ buf = xmlSecBufferCreateOutputBuffer(&(transform->outBuf));
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferCreateOutputBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
/* we are using a semi-hack here: we know that xmlSecPtrList keeps
@@ -265,203 +265,203 @@ xmlSecTransformC14NPushXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr nodes,
ret = xmlSecTransformC14NExecute(transform->id, nodes, (xmlChar**)(nsList->data), buf);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecTransformC14NExecute",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlOutputBufferClose(buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformC14NExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlOutputBufferClose(buf);
+ return(-1);
}
-
+
ret = xmlOutputBufferClose(buf);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlOutputBufferClose",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlOutputBufferClose",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
transform->status = xmlSecTransformStatusFinished;
return(0);
}
-static int
+static int
xmlSecTransformC14NPopBin(xmlSecTransformPtr transform, xmlSecByte* data,
- xmlSecSize maxDataSize, xmlSecSize* dataSize,
- xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize maxDataSize, xmlSecSize* dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr nsList;
xmlSecBufferPtr out;
int ret;
-
+
xmlSecAssert2(xmlSecTransformC14NCheckId(transform), -1);
xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(dataSize != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
-
+
out = &(transform->outBuf);
if(transform->status == xmlSecTransformStatusNone) {
- xmlOutputBufferPtr buf;
-
- xmlSecAssert2(transform->inNodes == NULL, -1);
-
- /* todo: isn't it an error? */
- if(transform->prev == NULL) {
- (*dataSize) = 0;
- transform->status = xmlSecTransformStatusFinished;
- return(0);
- }
-
- /* get xml data from previous transform */
- ret = xmlSecTransformPopXml(transform->prev, &(transform->inNodes), transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecTransformPopXml",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* dump everything to internal buffer */
- buf = xmlSecBufferCreateOutputBuffer(out);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferCreateOutputBuffer",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* we are using a semi-hack here: we know that xmlSecPtrList keeps
- * all pointers in the big array */
- nsList = xmlSecTransformC14NGetNsList(transform);
- xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1);
-
- ret = xmlSecTransformC14NExecute(transform->id, transform->inNodes, (xmlChar**)(nsList->data), buf);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecTransformC14NExecute",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlOutputBufferClose(buf);
- return(-1);
- }
- ret = xmlOutputBufferClose(buf);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlOutputBufferClose",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- transform->status = xmlSecTransformStatusWorking;
+ xmlOutputBufferPtr buf;
+
+ xmlSecAssert2(transform->inNodes == NULL, -1);
+
+ /* todo: isn't it an error? */
+ if(transform->prev == NULL) {
+ (*dataSize) = 0;
+ transform->status = xmlSecTransformStatusFinished;
+ return(0);
+ }
+
+ /* get xml data from previous transform */
+ ret = xmlSecTransformPopXml(transform->prev, &(transform->inNodes), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformPopXml",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* dump everything to internal buffer */
+ buf = xmlSecBufferCreateOutputBuffer(out);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferCreateOutputBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* we are using a semi-hack here: we know that xmlSecPtrList keeps
+ * all pointers in the big array */
+ nsList = xmlSecTransformC14NGetNsList(transform);
+ xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1);
+
+ ret = xmlSecTransformC14NExecute(transform->id, transform->inNodes, (xmlChar**)(nsList->data), buf);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformC14NExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlOutputBufferClose(buf);
+ return(-1);
+ }
+ ret = xmlOutputBufferClose(buf);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlOutputBufferClose",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusWorking;
}
-
+
if(transform->status == xmlSecTransformStatusWorking) {
- xmlSecSize outSize;
-
- /* return chunk after chunk */
- outSize = xmlSecBufferGetSize(out);
- if(outSize > maxDataSize) {
- outSize = maxDataSize;
- }
- if(outSize > XMLSEC_TRANSFORM_BINARY_CHUNK) {
- outSize = XMLSEC_TRANSFORM_BINARY_CHUNK;
- }
- if(outSize > 0) {
- xmlSecAssert2(xmlSecBufferGetData(&(transform->outBuf)), -1);
-
- memcpy(data, xmlSecBufferGetData(&(transform->outBuf)), outSize);
- ret = xmlSecBufferRemoveHead(&(transform->outBuf), outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- return(-1);
- }
- } else if(xmlSecBufferGetSize(out) == 0) {
- transform->status = xmlSecTransformStatusFinished;
- }
- (*dataSize) = outSize;
+ xmlSecSize outSize;
+
+ /* return chunk after chunk */
+ outSize = xmlSecBufferGetSize(out);
+ if(outSize > maxDataSize) {
+ outSize = maxDataSize;
+ }
+ if(outSize > XMLSEC_TRANSFORM_BINARY_CHUNK) {
+ outSize = XMLSEC_TRANSFORM_BINARY_CHUNK;
+ }
+ if(outSize > 0) {
+ xmlSecAssert2(xmlSecBufferGetData(&(transform->outBuf)), -1);
+
+ memcpy(data, xmlSecBufferGetData(&(transform->outBuf)), outSize);
+ ret = xmlSecBufferRemoveHead(&(transform->outBuf), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+ } else if(xmlSecBufferGetSize(out) == 0) {
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ (*dataSize) = outSize;
} else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no output */
- xmlSecAssert2(xmlSecBufferGetSize(out) == 0, -1);
- (*dataSize) = 0;
+ /* the only way we can get here is if there is no output */
+ xmlSecAssert2(xmlSecBufferGetSize(out) == 0, -1);
+ (*dataSize) = 0;
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
-
+
return(0);
}
-static int
-xmlSecTransformC14NExecute(xmlSecTransformId id, xmlSecNodeSetPtr nodes, xmlChar** nsList,
- xmlOutputBufferPtr buf) {
- int ret;
-
+static int
+xmlSecTransformC14NExecute(xmlSecTransformId id, xmlSecNodeSetPtr nodes, xmlChar** nsList,
+ xmlOutputBufferPtr buf) {
+ int ret;
+
xmlSecAssert2(id != xmlSecTransformIdUnknown, -1);
xmlSecAssert2(nodes != NULL, -1);
xmlSecAssert2(nodes->doc != NULL, -1);
xmlSecAssert2(buf != NULL, -1);
/* execute c14n transform */
- if(id == xmlSecTransformInclC14NId) {
- ret = xmlC14NExecute(nodes->doc,
- (xmlC14NIsVisibleCallback)xmlSecNodeSetContains,
- nodes, XML_C14N_1_0, NULL, 0, buf);
+ if(id == xmlSecTransformInclC14NId) {
+ ret = xmlC14NExecute(nodes->doc,
+ (xmlC14NIsVisibleCallback)xmlSecNodeSetContains,
+ nodes, XML_C14N_1_0, NULL, 0, buf);
} else if(id == xmlSecTransformInclC14NWithCommentsId) {
- ret = xmlC14NExecute(nodes->doc,
- (xmlC14NIsVisibleCallback)xmlSecNodeSetContains,
- nodes, XML_C14N_1_0, NULL, 1, buf);
- } else if(id == xmlSecTransformInclC14N11Id) {
- ret = xmlC14NExecute(nodes->doc,
- (xmlC14NIsVisibleCallback)xmlSecNodeSetContains,
- nodes, XML_C14N_1_1, NULL, 0, buf);
+ ret = xmlC14NExecute(nodes->doc,
+ (xmlC14NIsVisibleCallback)xmlSecNodeSetContains,
+ nodes, XML_C14N_1_0, NULL, 1, buf);
+ } else if(id == xmlSecTransformInclC14N11Id) {
+ ret = xmlC14NExecute(nodes->doc,
+ (xmlC14NIsVisibleCallback)xmlSecNodeSetContains,
+ nodes, XML_C14N_1_1, NULL, 0, buf);
} else if(id == xmlSecTransformInclC14N11WithCommentsId) {
- ret = xmlC14NExecute(nodes->doc,
- (xmlC14NIsVisibleCallback)xmlSecNodeSetContains,
- nodes, XML_C14N_1_1, NULL, 1, buf);
+ ret = xmlC14NExecute(nodes->doc,
+ (xmlC14NIsVisibleCallback)xmlSecNodeSetContains,
+ nodes, XML_C14N_1_1, NULL, 1, buf);
} else if(id == xmlSecTransformExclC14NId) {
- ret = xmlC14NExecute(nodes->doc,
- (xmlC14NIsVisibleCallback)xmlSecNodeSetContains,
- nodes, XML_C14N_EXCLUSIVE_1_0, nsList, 0, buf);
+ ret = xmlC14NExecute(nodes->doc,
+ (xmlC14NIsVisibleCallback)xmlSecNodeSetContains,
+ nodes, XML_C14N_EXCLUSIVE_1_0, nsList, 0, buf);
} else if(id == xmlSecTransformExclC14NWithCommentsId) {
- ret = xmlC14NExecute(nodes->doc,
- (xmlC14NIsVisibleCallback)xmlSecNodeSetContains,
- nodes, XML_C14N_EXCLUSIVE_1_0, nsList, 1, buf);
- } else if(id == xmlSecTransformRemoveXmlTagsC14NId) {
- ret = xmlSecNodeSetDumpTextNodes(nodes, buf);
+ ret = xmlC14NExecute(nodes->doc,
+ (xmlC14NIsVisibleCallback)xmlSecNodeSetContains,
+ nodes, XML_C14N_EXCLUSIVE_1_0, nsList, 1, buf);
+ } else if(id == xmlSecTransformRemoveXmlTagsC14NId) {
+ ret = xmlSecNodeSetDumpTextNodes(nodes, buf);
} else {
- /* shoudn't be possible to come here, actually */
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ /* shoudn't be possible to come here, actually */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)),
- "xmlC14NExecute",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)),
+ "xmlC14NExecute",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
return(0);
}
@@ -472,46 +472,46 @@ xmlSecTransformC14NExecute(xmlSecTransformId id, xmlSecNodeSetPtr nodes, xmlChar
***************************************************************************/
static xmlSecTransformKlass xmlSecTransformInclC14NKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecTransformC14NSize, /* xmlSecSize objSize */
-
- xmlSecNameC14N, /* const xmlChar* name; */
- xmlSecHrefC14N, /* const xmlChar* href; */
- xmlSecTransformUsageC14NMethod | xmlSecTransformUsageDSigTransform,
- /* xmlSecAlgorithmUsage usage; */
-
- xmlSecTransformC14NInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecTransformC14NFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- NULL, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformC14NPopBin, /* xmlSecTransformPopBinMethod popBin; */
- xmlSecTransformC14NPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- NULL, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecTransformC14NSize, /* xmlSecSize objSize */
+
+ xmlSecNameC14N, /* const xmlChar* name; */
+ xmlSecHrefC14N, /* const xmlChar* href; */
+ xmlSecTransformUsageC14NMethod | xmlSecTransformUsageDSigTransform,
+ /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecTransformC14NInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformC14NFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformC14NPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformC14NPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ NULL, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecTransformInclC14NGetKlass:
*
* Inclusive (regular) canonicalization that omits comments transform klass
- * (http://www.w3.org/TR/xmldsig-core/#sec-c14nAlg and
+ * (http://www.w3.org/TR/xmldsig-core/#sec-c14nAlg and
* http://www.w3.org/TR/2001/REC-xml-c14n-20010315).
*
* Returns: c14n transform id.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformInclC14NGetKlass(void) {
return(&xmlSecTransformInclC14NKlass);
}
-
+
/***************************************************************************
*
* C14N With Comments
@@ -519,43 +519,43 @@ xmlSecTransformInclC14NGetKlass(void) {
***************************************************************************/
static xmlSecTransformKlass xmlSecTransformInclC14NWithCommentsKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecTransformC14NSize, /* xmlSecSize objSize */
-
- /* same as xmlSecTransformId */
- xmlSecNameC14NWithComments, /* const xmlChar* name; */
- xmlSecHrefC14NWithComments, /* const xmlChar* href; */
- xmlSecTransformUsageC14NMethod | xmlSecTransformUsageDSigTransform,
- /* xmlSecAlgorithmUsage usage; */
-
- xmlSecTransformC14NInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecTransformC14NFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod read; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- NULL, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformC14NPopBin, /* xmlSecTransformPopBinMethod popBin; */
- xmlSecTransformC14NPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- NULL, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecTransformC14NSize, /* xmlSecSize objSize */
+
+ /* same as xmlSecTransformId */
+ xmlSecNameC14NWithComments, /* const xmlChar* name; */
+ xmlSecHrefC14NWithComments, /* const xmlChar* href; */
+ xmlSecTransformUsageC14NMethod | xmlSecTransformUsageDSigTransform,
+ /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecTransformC14NInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformC14NFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod read; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformC14NPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformC14NPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ NULL, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecTransformInclC14NWithCommentsGetKlass:
*
* Inclusive (regular) canonicalization that includes comments transform klass
- * (http://www.w3.org/TR/xmldsig-core/#sec-c14nAlg and
+ * (http://www.w3.org/TR/xmldsig-core/#sec-c14nAlg and
* http://www.w3.org/TR/2001/REC-xml-c14n-20010315).
*
* Returns: c14n with comments transform id.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformInclC14NWithCommentsGetKlass(void) {
return(&xmlSecTransformInclC14NWithCommentsKlass);
}
@@ -567,30 +567,30 @@ xmlSecTransformInclC14NWithCommentsGetKlass(void) {
***************************************************************************/
static xmlSecTransformKlass xmlSecTransformInclC14N11Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecTransformC14NSize, /* xmlSecSize objSize */
-
- xmlSecNameC14N11, /* const xmlChar* name; */
- xmlSecHrefC14N11, /* const xmlChar* href; */
- xmlSecTransformUsageC14NMethod | xmlSecTransformUsageDSigTransform,
- /* xmlSecAlgorithmUsage usage; */
-
- xmlSecTransformC14NInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecTransformC14NFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- NULL, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformC14NPopBin, /* xmlSecTransformPopBinMethod popBin; */
- xmlSecTransformC14NPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- NULL, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecTransformC14NSize, /* xmlSecSize objSize */
+
+ xmlSecNameC14N11, /* const xmlChar* name; */
+ xmlSecHrefC14N11, /* const xmlChar* href; */
+ xmlSecTransformUsageC14NMethod | xmlSecTransformUsageDSigTransform,
+ /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecTransformC14NInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformC14NFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformC14NPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformC14NPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ NULL, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
@@ -600,11 +600,11 @@ static xmlSecTransformKlass xmlSecTransformInclC14N11Klass = {
*
* Returns: c14n v1.1 transform id.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformInclC14N11GetKlass(void) {
return(&xmlSecTransformInclC14N11Klass);
}
-
+
/***************************************************************************
*
* C14N v1.1 With Comments
@@ -612,31 +612,31 @@ xmlSecTransformInclC14N11GetKlass(void) {
***************************************************************************/
static xmlSecTransformKlass xmlSecTransformInclC14N11WithCommentsKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecTransformC14NSize, /* xmlSecSize objSize */
-
- /* same as xmlSecTransformId */
- xmlSecNameC14N11WithComments, /* const xmlChar* name; */
- xmlSecHrefC14N11WithComments, /* const xmlChar* href; */
- xmlSecTransformUsageC14NMethod | xmlSecTransformUsageDSigTransform,
- /* xmlSecAlgorithmUsage usage; */
-
- xmlSecTransformC14NInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecTransformC14NFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod read; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- NULL, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformC14NPopBin, /* xmlSecTransformPopBinMethod popBin; */
- xmlSecTransformC14NPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- NULL, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecTransformC14NSize, /* xmlSecSize objSize */
+
+ /* same as xmlSecTransformId */
+ xmlSecNameC14N11WithComments, /* const xmlChar* name; */
+ xmlSecHrefC14N11WithComments, /* const xmlChar* href; */
+ xmlSecTransformUsageC14NMethod | xmlSecTransformUsageDSigTransform,
+ /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecTransformC14NInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformC14NFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod read; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformC14NPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformC14NPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ NULL, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
@@ -646,7 +646,7 @@ static xmlSecTransformKlass xmlSecTransformInclC14N11WithCommentsKlass = {
*
* Returns: c14n v1.1 with comments transform id.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformInclC14N11WithCommentsGetKlass(void) {
return(&xmlSecTransformInclC14N11WithCommentsKlass);
}
@@ -659,87 +659,87 @@ xmlSecTransformInclC14N11WithCommentsGetKlass(void) {
***************************************************************************/
static xmlSecTransformKlass xmlSecTransformExclC14NKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecTransformC14NSize, /* xmlSecSize objSize */
-
- xmlSecNameExcC14N, /* const xmlChar* name; */
- xmlSecHrefExcC14N, /* const xmlChar* href; */
- xmlSecTransformUsageC14NMethod | xmlSecTransformUsageDSigTransform,
- /* xmlSecAlgorithmUsage usage; */
-
- xmlSecTransformC14NInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecTransformC14NFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecTransformC14NNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- NULL, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformC14NPopBin, /* xmlSecTransformPopBinMethod popBin; */
- xmlSecTransformC14NPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- NULL, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecTransformC14NSize, /* xmlSecSize objSize */
+
+ xmlSecNameExcC14N, /* const xmlChar* name; */
+ xmlSecHrefExcC14N, /* const xmlChar* href; */
+ xmlSecTransformUsageC14NMethod | xmlSecTransformUsageDSigTransform,
+ /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecTransformC14NInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformC14NFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecTransformC14NNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformC14NPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformC14NPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ NULL, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecTransformExclC14NGetKlass:
- *
+ *
* Exclusive canoncicalization that ommits comments transform klass
* (http://www.w3.org/TR/xml-exc-c14n/).
- *
+ *
* Returns: exclusive c14n transform id.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformExclC14NGetKlass(void) {
return(&xmlSecTransformExclC14NKlass);
}
/***************************************************************************
- *
+ *
* Excl C14N With Comments
*
***************************************************************************/
static xmlSecTransformKlass xmlSecTransformExclC14NWithCommentsKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecTransformC14NSize, /* xmlSecSize objSize */
-
- xmlSecNameExcC14NWithComments, /* const xmlChar* name; */
- xmlSecHrefExcC14NWithComments, /* const xmlChar* href; */
- xmlSecTransformUsageC14NMethod | xmlSecTransformUsageDSigTransform,
- /* xmlSecAlgorithmUsage usage; */
-
- xmlSecTransformC14NInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecTransformC14NFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecTransformC14NNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- NULL, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformC14NPopBin, /* xmlSecTransformPopBinMethod popBin; */
- xmlSecTransformC14NPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- NULL, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecTransformC14NSize, /* xmlSecSize objSize */
+
+ xmlSecNameExcC14NWithComments, /* const xmlChar* name; */
+ xmlSecHrefExcC14NWithComments, /* const xmlChar* href; */
+ xmlSecTransformUsageC14NMethod | xmlSecTransformUsageDSigTransform,
+ /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecTransformC14NInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformC14NFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecTransformC14NNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformC14NPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformC14NPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ NULL, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecTransformExclC14NWithCommentsGetKlass:
- *
+ *
* Exclusive canoncicalization that includes comments transform klass
* (http://www.w3.org/TR/xml-exc-c14n/).
- *
+ *
* Returns: exclusive c14n with comments transform id.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformExclC14NWithCommentsGetKlass(void) {
return(&xmlSecTransformExclC14NWithCommentsKlass);
}
@@ -751,50 +751,50 @@ xmlSecTransformExclC14NWithCommentsGetKlass(void) {
***************************************************************************/
static xmlSecTransformKlass xmlSecTransformRemoveXmlTagsC14NKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecTransformC14NSize, /* xmlSecSize objSize */
-
- BAD_CAST "remove-xml-tags-transform", /* const xmlChar* name; */
- NULL, /* const xmlChar* href; */
- xmlSecTransformUsageC14NMethod | xmlSecTransformUsageDSigTransform,
- /* xmlSecAlgorithmUsage usage; */
-
- xmlSecTransformC14NInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecTransformC14NFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- NULL, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformC14NPopBin, /* xmlSecTransformPopBinMethod popBin; */
- xmlSecTransformC14NPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- NULL, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecTransformC14NSize, /* xmlSecSize objSize */
+
+ BAD_CAST "remove-xml-tags-transform", /* const xmlChar* name; */
+ NULL, /* const xmlChar* href; */
+ xmlSecTransformUsageC14NMethod | xmlSecTransformUsageDSigTransform,
+ /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecTransformC14NInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformC14NFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformC14NPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformC14NPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ NULL, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecTransformRemoveXmlTagsC14NGetKlass:
*
* The "remove xml tags" transform klass (http://www.w3.org/TR/xmldsig-core/#sec-Base-64):
- * Base64 transform requires an octet stream for input. If an XPath node-set
- * (or sufficiently functional alternative) is given as input, then it is
- * converted to an octet stream by performing operations logically equivalent
- * to 1) applying an XPath transform with expression self::text(), then 2)
- * taking the string-value of the node-set. Thus, if an XML element is
- * identified by a barename XPointer in the Reference URI, and its content
- * consists solely of base64 encoded character data, then this transform
- * automatically strips away the start and end tags of the identified element
- * and any of its descendant elements as well as any descendant comments and
+ * Base64 transform requires an octet stream for input. If an XPath node-set
+ * (or sufficiently functional alternative) is given as input, then it is
+ * converted to an octet stream by performing operations logically equivalent
+ * to 1) applying an XPath transform with expression self::text(), then 2)
+ * taking the string-value of the node-set. Thus, if an XML element is
+ * identified by a barename XPointer in the Reference URI, and its content
+ * consists solely of base64 encoded character data, then this transform
+ * automatically strips away the start and end tags of the identified element
+ * and any of its descendant elements as well as any descendant comments and
* processing instructions. The output of this transform is an octet stream.
*
* Returns: "remove xml tags" transform id.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformRemoveXmlTagsC14NGetKlass(void) {
return(&xmlSecTransformRemoveXmlTagsC14NKlass);
}
diff --git a/src/dl.c b/src/dl.c
index 6c0aa180..5ffc2ff7 100644
--- a/src/dl.c
+++ b/src/dl.c
@@ -1,10 +1,10 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -45,12 +45,12 @@
* loaded libraries list
*
**********************************************************************/
-typedef struct _xmlSecCryptoDLLibrary xmlSecCryptoDLLibrary,
- *xmlSecCryptoDLLibraryPtr;
+typedef struct _xmlSecCryptoDLLibrary xmlSecCryptoDLLibrary,
+ *xmlSecCryptoDLLibraryPtr;
struct _xmlSecCryptoDLLibrary {
- xmlChar* name;
- xmlChar* filename;
- xmlChar* getFunctionsName;
+ xmlChar* name;
+ xmlChar* filename;
+ xmlChar* getFunctionsName;
xmlSecCryptoDLFunctionsPtr functions;
#ifdef XMLSEC_DL_LIBLTDL
@@ -62,209 +62,220 @@ struct _xmlSecCryptoDLLibrary {
#endif /* XMLSEC_DL_WIN32 */
};
-static xmlSecCryptoDLLibraryPtr xmlSecCryptoDLLibraryCreate (const xmlChar* name);
-static void xmlSecCryptoDLLibraryDestroy (xmlSecCryptoDLLibraryPtr lib);
-static xmlSecCryptoDLLibraryPtr xmlSecCryptoDLLibraryDuplicate (xmlSecCryptoDLLibraryPtr lib);
-static xmlChar* xmlSecCryptoDLLibraryConstructFilename (const xmlChar* name);
-static xmlChar* xmlSecCryptoDLLibraryConstructGetFunctionsName(const xmlChar* name);
-
+static xmlSecCryptoDLLibraryPtr xmlSecCryptoDLLibraryCreate (const xmlChar* name);
+static void xmlSecCryptoDLLibraryDestroy (xmlSecCryptoDLLibraryPtr lib);
+static xmlSecCryptoDLLibraryPtr xmlSecCryptoDLLibraryDuplicate (xmlSecCryptoDLLibraryPtr lib);
+static xmlChar* xmlSecCryptoDLLibraryConstructFilename (const xmlChar* name);
+static xmlChar* xmlSecCryptoDLLibraryConstructGetFunctionsName(const xmlChar* name);
+
static xmlSecPtrListKlass xmlSecCryptoDLLibrariesListKlass = {
BAD_CAST "dl-libraries-list",
(xmlSecPtrDuplicateItemMethod)xmlSecCryptoDLLibraryDuplicate,/* xmlSecPtrDuplicateItemMethod duplicateItem; */
- (xmlSecPtrDestroyItemMethod)xmlSecCryptoDLLibraryDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
- NULL, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
- NULL, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+ (xmlSecPtrDestroyItemMethod)xmlSecCryptoDLLibraryDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
};
-static xmlSecPtrListId xmlSecCryptoDLLibrariesListGetKlass (void);
-static int xmlSecCryptoDLLibrariesListFindByName (xmlSecPtrListPtr list,
- const xmlChar* name);
+static xmlSecPtrListId xmlSecCryptoDLLibrariesListGetKlass (void);
+static int xmlSecCryptoDLLibrariesListFindByName (xmlSecPtrListPtr list,
+ const xmlChar* name);
+
+typedef xmlSecCryptoDLFunctionsPtr xmlSecCryptoGetFunctionsCallback(void);
-typedef xmlSecCryptoDLFunctionsPtr (*xmlSecCryptoGetFunctionsCallback)(void);
+/* conversion from ptr to func "the right way" */
+XMLSEC_PTR_TO_FUNC_IMPL(xmlSecCryptoGetFunctionsCallback)
-static xmlSecCryptoDLLibraryPtr
+
+static xmlSecCryptoDLLibraryPtr
xmlSecCryptoDLLibraryCreate(const xmlChar* name) {
xmlSecCryptoDLLibraryPtr lib;
- xmlSecCryptoGetFunctionsCallback getFunctions;
-
+ xmlSecCryptoGetFunctionsCallback * getFunctions;
+
xmlSecAssert2(name != NULL, NULL);
/* fprintf (stderr, "loading \"library %s\"...\n", name); */
-
+
/* Allocate a new xmlSecCryptoDLLibrary and fill the fields. */
lib = (xmlSecCryptoDLLibraryPtr)xmlMalloc(sizeof(xmlSecCryptoDLLibrary));
if(lib == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", sizeof(lib));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", sizeof(lib));
+ return(NULL);
}
memset(lib, 0, sizeof(xmlSecCryptoDLLibrary));
-
+
lib->name = xmlStrdup(name);
if(lib->name == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- "xmlStrdup",
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecCryptoDLLibraryDestroy(lib);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlStrdup",
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecCryptoDLLibraryDestroy(lib);
+ return(NULL);
}
lib->filename = xmlSecCryptoDLLibraryConstructFilename(name);
if(lib->filename == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- "xmlSecCryptoDLLibraryConstructFilename",
- NULL,
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecCryptoDLLibraryDestroy(lib);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlSecCryptoDLLibraryConstructFilename",
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecCryptoDLLibraryDestroy(lib);
+ return(NULL);
}
lib->getFunctionsName = xmlSecCryptoDLLibraryConstructGetFunctionsName(name);
if(lib->getFunctionsName == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- "xmlSecCryptoDLLibraryConstructGetFunctionsName",
- NULL,
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecCryptoDLLibraryDestroy(lib);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlSecCryptoDLLibraryConstructGetFunctionsName",
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecCryptoDLLibraryDestroy(lib);
+ return(NULL);
}
#ifdef XMLSEC_DL_LIBLTDL
lib->handle = lt_dlopenext((char*)lib->filename);
if(lib->handle == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- "lt_dlopenext",
- NULL,
- XMLSEC_ERRORS_R_IO_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(lib->filename));
- xmlSecCryptoDLLibraryDestroy(lib);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "lt_dlopenext",
+ NULL,
+ XMLSEC_ERRORS_R_IO_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(lib->filename));
+ xmlSecCryptoDLLibraryDestroy(lib);
+ return(NULL);
}
- getFunctions = (xmlSecCryptoGetFunctionsCallback)lt_dlsym(lib->handle, (char*)lib->getFunctionsName);
+ getFunctions = XMLSEC_PTR_TO_FUNC(xmlSecCryptoGetFunctionsCallback,
+ lt_dlsym(lib->handle, (char*)lib->getFunctionsName)
+ );
if(getFunctions == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- "lt_dlsym",
- NULL,
- XMLSEC_ERRORS_R_IO_FAILED,
- "function=%s",
- xmlSecErrorsSafeString(lib->getFunctionsName));
- xmlSecCryptoDLLibraryDestroy(lib);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "lt_dlsym",
+ NULL,
+ XMLSEC_ERRORS_R_IO_FAILED,
+ "function=%s",
+ xmlSecErrorsSafeString(lib->getFunctionsName));
+ xmlSecCryptoDLLibraryDestroy(lib);
+ return(NULL);
}
#endif /* XMLSEC_DL_LIBLTDL */
#ifdef XMLSEC_DL_WIN32
lib->handle = LoadLibraryA((char*)lib->filename);
if(lib->handle == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- "LoadLibraryA",
- NULL,
- XMLSEC_ERRORS_R_IO_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(lib->filename));
- xmlSecCryptoDLLibraryDestroy(lib);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "LoadLibraryA",
+ NULL,
+ XMLSEC_ERRORS_R_IO_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(lib->filename));
+ xmlSecCryptoDLLibraryDestroy(lib);
+ return(NULL);
}
- getFunctions = (xmlSecCryptoGetFunctionsCallback)GetProcAddress(lib->handle, (char*)lib->getFunctionsName);
+ getFunctions = XMLSEC_PTR_TO_FUNC(xmlSecCryptoGetFunctionsCallback,
+ GetProcAddress(
+ lib->handle,
+ (const char*)lib->getFunctionsName
+ )
+ );
if(getFunctions == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- "GetProcAddressA",
- NULL,
- XMLSEC_ERRORS_R_IO_FAILED,
- "function=%s",
- xmlSecErrorsSafeString(lib->getFunctionsName));
- xmlSecCryptoDLLibraryDestroy(lib);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "GetProcAddressA",
+ NULL,
+ XMLSEC_ERRORS_R_IO_FAILED,
+ "function=%s",
+ xmlSecErrorsSafeString(lib->getFunctionsName));
+ xmlSecCryptoDLLibraryDestroy(lib);
+ return(NULL);
}
#endif /* XMLSEC_DL_WIN32 */
if(getFunctions == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "invalid configuration: no way to load library");
- xmlSecCryptoDLLibraryDestroy(lib);
- return(NULL);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "invalid configuration: no way to load library");
+ xmlSecCryptoDLLibraryDestroy(lib);
+ return(NULL);
+ }
lib->functions = getFunctions();
if(lib->functions == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- "getFunctions",
- NULL,
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecCryptoDLLibraryDestroy(lib);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "getFunctions",
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecCryptoDLLibraryDestroy(lib);
+ return(NULL);
}
/* fprintf (stderr, "library %s loaded\n", name); */
return(lib);
}
-static void
+static void
xmlSecCryptoDLLibraryDestroy(xmlSecCryptoDLLibraryPtr lib) {
xmlSecAssert(lib != NULL);
/* fprintf (stderr, "unloading \"library %s\"...\n", lib->name); */
if(lib->name != NULL) {
- xmlFree(lib->name);
+ xmlFree(lib->name);
}
if(lib->filename != NULL) {
- xmlFree(lib->filename);
+ xmlFree(lib->filename);
}
-
+
if(lib->getFunctionsName != NULL) {
- xmlFree(lib->getFunctionsName);
+ xmlFree(lib->getFunctionsName);
}
#ifdef XMLSEC_DL_LIBLTDL
- if(lib->handle != NULL) {
- int ret;
-
- ret = lt_dlclose(lib->handle);
- if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- "lt_dlclose",
- NULL,
- XMLSEC_ERRORS_R_IO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- }
+ if(lib->handle != NULL) {
+ int ret;
+
+ ret = lt_dlclose(lib->handle);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "lt_dlclose",
+ NULL,
+ XMLSEC_ERRORS_R_IO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ }
}
#endif /* XMLSEC_DL_LIBLTDL */
#ifdef XMLSEC_DL_WIN32
- if(lib->handle != NULL) {
- BOOL res;
-
- res = FreeLibrary(lib->handle);
- if(!res) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- "FreeLibrary",
- NULL,
- XMLSEC_ERRORS_R_IO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- }
- }
+ if(lib->handle != NULL) {
+ BOOL res;
+
+ res = FreeLibrary(lib->handle);
+ if(!res) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "FreeLibrary",
+ NULL,
+ XMLSEC_ERRORS_R_IO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ }
+ }
#endif /* XMLSEC_DL_WIN32*/
memset(lib, 0, sizeof(xmlSecCryptoDLLibrary));
xmlFree(lib);
}
-static xmlSecCryptoDLLibraryPtr
+static xmlSecCryptoDLLibraryPtr
xmlSecCryptoDLLibraryDuplicate(xmlSecCryptoDLLibraryPtr lib) {
xmlSecAssert2(lib != NULL, NULL);
xmlSecAssert2(lib->name != NULL, NULL);
@@ -272,7 +283,7 @@ xmlSecCryptoDLLibraryDuplicate(xmlSecCryptoDLLibraryPtr lib) {
return(xmlSecCryptoDLLibraryCreate(lib->name));
}
-static xmlChar*
+static xmlChar*
xmlSecCryptoDLLibraryConstructFilename(const xmlChar* name) {
static xmlChar tmpl[] = "lib%s-%s";
xmlChar* res;
@@ -284,42 +295,42 @@ xmlSecCryptoDLLibraryConstructFilename(const xmlChar* name) {
len = xmlStrlen(BAD_CAST PACKAGE) + xmlStrlen(name) + xmlStrlen(tmpl) + 1;
res = (xmlChar*)xmlMalloc(len + 1);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", len + 1);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", len + 1);
+ return(NULL);
}
xmlSecStrPrintf(res, len, tmpl, PACKAGE, name);
-
+
return(res);
}
-static xmlChar*
+static xmlChar*
xmlSecCryptoDLLibraryConstructGetFunctionsName(const xmlChar* name) {
static xmlChar tmpl[] = "xmlSecCryptoGetFunctions_%s";
xmlChar* res;
int len;
-
+
xmlSecAssert2(name != NULL, NULL);
-
+
len = xmlStrlen(name) + xmlStrlen(tmpl) + 1;
res = (xmlChar*)xmlMalloc(len + 1);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", len + 1);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", len + 1);
+ return(NULL);
}
xmlSecStrPrintf(res, len, tmpl, name);
-
+
return(res);
}
-static xmlSecPtrListId
+static xmlSecPtrListId
xmlSecCryptoDLLibrariesListGetKlass(void) {
return(&xmlSecCryptoDLLibrariesListKlass);
}
@@ -328,16 +339,16 @@ static int
xmlSecCryptoDLLibrariesListFindByName(xmlSecPtrListPtr list, const xmlChar* name) {
xmlSecSize i, size;
xmlSecCryptoDLLibraryPtr lib;
-
+
xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecCryptoDLLibrariesListGetKlass()), -1);
xmlSecAssert2(name != NULL, -1);
-
+
size = xmlSecPtrListGetSize(list);
for(i = 0; i < size; ++i) {
- lib = (xmlSecCryptoDLLibraryPtr)xmlSecPtrListGetItem(list, i);
- if((lib != NULL) && (lib->name != NULL) && (xmlStrcmp(lib->name, name) == 0)) {
- return(i);
- }
+ lib = (xmlSecCryptoDLLibraryPtr)xmlSecPtrListGetItem(list, i);
+ if((lib != NULL) && (lib->name != NULL) && (xmlStrcmp(lib->name, name) == 0)) {
+ return(i);
+ }
}
return(-1);
}
@@ -352,34 +363,34 @@ static xmlSecPtrList gXmlSecCryptoDLLibraries;
/**
* xmlSecCryptoDLInit:
- *
+ *
* Initializes dynamic loading engine. This is an internal function
* and should not be called by application directly.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecCryptoDLInit(void) {
int ret;
-
+
ret = xmlSecPtrListInitialize(&gXmlSecCryptoDLLibraries, xmlSecCryptoDLLibrariesListGetKlass());
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListPtrInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecCryptoDLLibrariesListGetKlass");
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListPtrInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecCryptoDLLibrariesListGetKlass");
return(-1);
}
#ifdef XMLSEC_DL_LIBLTDL
ret = lt_dlinit ();
if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "lt_dlinit",
- XMLSEC_ERRORS_R_IO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "lt_dlinit",
+ XMLSEC_ERRORS_R_IO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
#endif /* XMLSEC_DL_LIBLTDL */
@@ -390,13 +401,13 @@ xmlSecCryptoDLInit(void) {
/**
* xmlSecCryptoDLShutdown:
- *
+ *
* Shutdowns dynamic loading engine. This is an internal function
* and should not be called by application directly.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecCryptoDLShutdown(void) {
int ret;
@@ -405,155 +416,155 @@ xmlSecCryptoDLShutdown(void) {
#ifdef XMLSEC_DL_LIBLTDL
ret = lt_dlexit ();
if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "lt_dlexit",
- XMLSEC_ERRORS_R_IO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "lt_dlexit",
+ XMLSEC_ERRORS_R_IO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
}
#endif /* XMLSEC_DL_LIBLTDL */
return(0);
}
-/**
+/**
* xmlSecCryptoDLLoadLibrary:
- * @crypto: the desired crypto library name ("openssl", "nss", ...).
+ * @crypto: the desired crypto library name ("openssl", "nss", ...).
*
- * Loads the xmlsec-<crypto> library. This function is NOT thread safe,
+ * Loads the xmlsec-<crypto> library. This function is NOT thread safe,
* application MUST NOT call #xmlSecCryptoDLLoadLibrary, #xmlSecCryptoDLGetLibraryFunctions,
* and #xmlSecCryptoDLUnloadLibrary functions from multiple threads.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecCryptoDLLoadLibrary(const xmlChar* crypto) {
xmlSecCryptoDLFunctionsPtr functions;
int ret;
-
+
xmlSecAssert2(crypto != NULL, -1);
functions = xmlSecCryptoDLGetLibraryFunctions(crypto);
if(functions == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecCryptoDLGetLibraryFunctions",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ NULL,
+ "xmlSecCryptoDLGetLibraryFunctions",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
ret = xmlSecCryptoDLSetFunctions(functions);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecCryptoDLSetFunctions",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ NULL,
+ "xmlSecCryptoDLSetFunctions",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
-/**
+/**
* xmlSecCryptoDLGetLibraryFunctions:
- * @crypto: the desired crypto library name ("openssl", "nss", ...).
+ * @crypto: the desired crypto library name ("openssl", "nss", ...).
*
- * Loads the xmlsec-<crypto> library and gets global crypto functions/transforms/keys data/keys store
- * table. This function is NOT thread safe, application MUST NOT call #xmlSecCryptoDLLoadLibrary,
+ * Loads the xmlsec-<crypto> library and gets global crypto functions/transforms/keys data/keys store
+ * table. This function is NOT thread safe, application MUST NOT call #xmlSecCryptoDLLoadLibrary,
* #xmlSecCryptoDLGetLibraryFunctions, and #xmlSecCryptoDLUnloadLibrary functions from multiple threads.
*
* Returns: the table or NULL if an error occurs.
*/
-xmlSecCryptoDLFunctionsPtr
+xmlSecCryptoDLFunctionsPtr
xmlSecCryptoDLGetLibraryFunctions(const xmlChar* crypto) {
xmlSecCryptoDLLibraryPtr lib;
int pos;
int ret;
-
+
xmlSecAssert2(crypto != NULL, NULL);
pos = xmlSecCryptoDLLibrariesListFindByName(&gXmlSecCryptoDLLibraries, crypto);
if(pos >= 0) {
lib = (xmlSecCryptoDLLibraryPtr)xmlSecPtrListGetItem(&gXmlSecCryptoDLLibraries, pos);
- xmlSecAssert2(lib != NULL, NULL);
- xmlSecAssert2(lib->functions != NULL, NULL);
-
- return(lib->functions);
+ xmlSecAssert2(lib != NULL, NULL);
+ xmlSecAssert2(lib->functions != NULL, NULL);
+
+ return(lib->functions);
}
lib = xmlSecCryptoDLLibraryCreate(crypto);
if(lib == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecCryptoDLLibraryCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "crypto=%s",
- xmlSecErrorsSafeString(crypto));
- return(NULL);
+ NULL,
+ "xmlSecCryptoDLLibraryCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "crypto=%s",
+ xmlSecErrorsSafeString(crypto));
+ return(NULL);
}
- ret = xmlSecPtrListAdd(&gXmlSecCryptoDLLibraries, lib);
+ ret = xmlSecPtrListAdd(&gXmlSecCryptoDLLibraries, lib);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "crypto=%s",
- xmlSecErrorsSafeString(crypto));
- xmlSecCryptoDLLibraryDestroy(lib);
- return(NULL);
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "crypto=%s",
+ xmlSecErrorsSafeString(crypto));
+ xmlSecCryptoDLLibraryDestroy(lib);
+ return(NULL);
}
return(lib->functions);
}
-/**
+/**
* xmlSecCryptoDLUnloadLibrary:
- * @crypto: the desired crypto library name ("openssl", "nss", ...).
+ * @crypto: the desired crypto library name ("openssl", "nss", ...).
*
* Unloads the xmlsec-<crypto> library. All pointers to this library
- * functions tables became invalid. This function is NOT thread safe,
+ * functions tables became invalid. This function is NOT thread safe,
* application MUST NOT call #xmlSecCryptoDLLoadLibrary, #xmlSecCryptoDLGetLibraryFunctions,
* and #xmlSecCryptoDLUnloadLibrary functions from multiple threads.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecCryptoDLUnloadLibrary(const xmlChar* crypto) {
xmlSecCryptoDLLibraryPtr lib;
int pos;
int ret;
-
+
xmlSecAssert2(crypto != NULL, -1);
pos = xmlSecCryptoDLLibrariesListFindByName(&gXmlSecCryptoDLLibraries, crypto);
if(pos < 0) {
- /* todo: is it an error? */
- return(0);
+ /* todo: is it an error? */
+ return(0);
}
-
+
lib = (xmlSecCryptoDLLibraryPtr)xmlSecPtrListGetItem(&gXmlSecCryptoDLLibraries, pos);
if((lib != NULL) && (lib->functions == gXmlSecCryptoDLFunctions)) {
- gXmlSecCryptoDLFunctions = NULL;
+ gXmlSecCryptoDLFunctions = NULL;
}
-
+
ret = xmlSecPtrListRemove(&gXmlSecCryptoDLLibraries, pos);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListRemove",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ NULL,
+ "xmlSecPtrListRemove",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
-/**
+/**
* xmlSecCryptoDLSetFunctions:
- * @functions: the new table
+ * @functions: the new table
*
* Sets global crypto functions/transforms/keys data/keys store table.
*
@@ -564,18 +575,18 @@ xmlSecCryptoDLSetFunctions(xmlSecCryptoDLFunctionsPtr functions) {
xmlSecAssert2(functions != NULL, -1);
gXmlSecCryptoDLFunctions = functions;
-
+
return(0);
}
-/**
+/**
* xmlSecCryptoDLGetFunctions:
*
* Gets global crypto functions/transforms/keys data/keys store table.
*
* Returns: the table.
*/
-xmlSecCryptoDLFunctionsPtr
+xmlSecCryptoDLFunctionsPtr
xmlSecCryptoDLGetFunctions(void) {
return(gXmlSecCryptoDLFunctions);
}
@@ -584,395 +595,462 @@ xmlSecCryptoDLGetFunctions(void) {
/**
* xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms:
- * @functions: the functions table.
- *
- * Registers the key data and transforms klasses from @functions table in xmlsec.
+ * @functions: the functions table.
+ *
+ * Registers the key data and transforms klasses from @functions table in xmlsec.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(struct _xmlSecCryptoDLFunctions* functions) {
xmlSecAssert2(functions != NULL, -1);
- /**
+ /****************************************************************************
+ *
* Register keys
- */
+ *
+ ****************************************************************************/
if((functions->keyDataAesGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataAesGetKlass()) < 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataAesGetKlass())),
- "xmlSecKeyDataIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataAesGetKlass())),
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
if((functions->keyDataDesGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataDesGetKlass()) < 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataDesGetKlass())),
- "xmlSecKeyDataIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataDesGetKlass())),
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
if((functions->keyDataDsaGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataDsaGetKlass()) < 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataDsaGetKlass())),
- "xmlSecKeyDataIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataDsaGetKlass())),
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ if((functions->keyDataEcdsaGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataEcdsaGetKlass()) < 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataEcdsaGetKlass())),
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
if((functions->keyDataGost2001GetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataGost2001GetKlass()) < 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataGost2001GetKlass())),
- "xmlSecKeyDataIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataGost2001GetKlass())),
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
if((functions->keyDataHmacGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataHmacGetKlass()) < 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataHmacGetKlass())),
- "xmlSecKeyDataIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataHmacGetKlass())),
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
if((functions->keyDataRsaGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataRsaGetKlass()) < 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataRsaGetKlass())),
- "xmlSecKeyDataIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataRsaGetKlass())),
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
if((functions->keyDataX509GetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataX509GetKlass()) < 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataX509GetKlass())),
- "xmlSecKeyDataIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataX509GetKlass())),
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
if((functions->keyDataRawX509CertGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataRawX509CertGetKlass()) < 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataRawX509CertGetKlass())),
- "xmlSecKeyDataIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataRawX509CertGetKlass())),
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
- /**
+ /****************************************************************************
+ *
* Register transforms
- */
+ *
+ ****************************************************************************/
if((functions->transformAes128CbcGetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformAes128CbcGetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformAes128CbcGetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformAes128CbcGetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformAes192CbcGetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformAes192CbcGetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformAes192CbcGetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformAes192CbcGetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformAes256CbcGetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformAes256CbcGetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformAes256CbcGetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformAes256CbcGetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformKWAes128GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformKWAes128GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformKWAes128GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformKWAes128GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformKWAes192GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformKWAes192GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformKWAes192GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformKWAes192GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformKWAes256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformKWAes256GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformKWAes256GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformKWAes256GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformDes3CbcGetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformDes3CbcGetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformDes3CbcGetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformDes3CbcGetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformKWDes3GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformKWDes3GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformKWDes3GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformKWDes3GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformGost2001GostR3411_94GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformGost2001GostR3411_94GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformGost2001GostR3411_94GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformGost2001GostR3411_94GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformDsaSha1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformDsaSha1GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformDsaSha1GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformDsaSha1GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformDsaSha256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformDsaSha256GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformDsaSha256GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformEcdsaSha1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformEcdsaSha1GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformEcdsaSha1GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformEcdsaSha224GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformEcdsaSha224GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformEcdsaSha224GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformEcdsaSha256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformEcdsaSha256GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformEcdsaSha256GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformEcdsaSha384GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformEcdsaSha384GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformEcdsaSha384GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformEcdsaSha512GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformEcdsaSha512GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformEcdsaSha512GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformHmacMd5GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacMd5GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacMd5GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacMd5GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformHmacRipemd160GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacRipemd160GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacRipemd160GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacRipemd160GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformHmacSha1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacSha1GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacSha1GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacSha1GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformHmacSha224GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacSha224GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacSha224GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacSha224GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformHmacSha256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacSha256GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacSha256GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacSha256GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformHmacSha384GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacSha384GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacSha384GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacSha384GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformHmacSha512GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacSha512GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacSha512GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacSha512GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
if((functions->transformMd5GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformMd5GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformMd5GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformMd5GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformRipemd160GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRipemd160GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRipemd160GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRipemd160GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformRsaMd5GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaMd5GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaMd5GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaMd5GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformRsaRipemd160GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaRipemd160GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaRipemd160GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaRipemd160GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformRsaSha1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaSha1GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaSha1GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaSha1GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformRsaSha224GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaSha224GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaSha224GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaSha224GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformRsaSha256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaSha256GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaSha256GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaSha256GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformRsaSha384GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaSha384GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaSha384GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaSha384GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformRsaSha512GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaSha512GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaSha512GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaSha512GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
if((functions->transformRsaPkcs1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaPkcs1GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaPkcs1GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaPkcs1GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformRsaOaepGetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaOaepGetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaOaepGetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaOaepGetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformGostR3411_94GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformGostR3411_94GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformGostR3411_94GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformGostR3411_94GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformSha1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformSha1GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformSha1GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformSha1GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformSha224GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformSha224GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformSha224GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformSha224GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformSha256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformSha256GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformSha256GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformSha256GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformSha384GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformSha384GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformSha384GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformSha384GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if((functions->transformSha512GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformSha512GetKlass()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformSha512GetKlass())),
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformSha512GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* done */
+ return(0);
}
diff --git a/src/enveloped.c b/src/enveloped.c
index bea30a15..8047d318 100644
--- a/src/enveloped.c
+++ b/src/enveloped.c
@@ -1,11 +1,11 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* Enveloped transform.
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -25,39 +25,39 @@
/**************************************************************************
*
- * Enveloped transform
+ * Enveloped transform
*
*************************************************************************/
-static int xmlSecTransformEnvelopedExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
+static int xmlSecTransformEnvelopedExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
static xmlSecTransformKlass xmlSecTransformEnvelopedKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- sizeof(xmlSecTransform), /* xmlSecSize objSize */
-
- xmlSecNameEnveloped, /* const xmlChar* name; */
- xmlSecHrefEnveloped, /* const xmlChar* href; */
- xmlSecTransformUsageDSigTransform, /* xmlSecTransformUsage usage; */
-
- NULL, /* xmlSecTransformInitializeMethod initialize; */
- NULL, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- NULL, /* xmlSecTransformPushBinMethod pushBin; */
- NULL, /* xmlSecTransformPopBinMethod popBin; */
- xmlSecTransformDefaultPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
- xmlSecTransformDefaultPopXml, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecTransformEnvelopedExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ sizeof(xmlSecTransform), /* xmlSecSize objSize */
+
+ xmlSecNameEnveloped, /* const xmlChar* name; */
+ xmlSecHrefEnveloped, /* const xmlChar* href; */
+ xmlSecTransformUsageDSigTransform, /* xmlSecTransformUsage usage; */
+
+ NULL, /* xmlSecTransformInitializeMethod initialize; */
+ NULL, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ NULL, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformDefaultPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ xmlSecTransformDefaultPopXml, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecTransformEnvelopedExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
@@ -65,36 +65,36 @@ static xmlSecTransformKlass xmlSecTransformEnvelopedKlass = {
*
* The enveloped transform klass (http://www.w3.org/TR/xmldsig-core/#sec-EnvelopedSignature):
*
- * An enveloped signature transform T removes the whole Signature element
- * containing T from the digest calculation of the Reference element
- * containing T. The entire string of characters used by an XML processor
- * to match the Signature with the XML production element is removed.
- * The output of the transform is equivalent to the output that would
- * result from replacing T with an XPath transform containing the following
+ * An enveloped signature transform T removes the whole Signature element
+ * containing T from the digest calculation of the Reference element
+ * containing T. The entire string of characters used by an XML processor
+ * to match the Signature with the XML production element is removed.
+ * The output of the transform is equivalent to the output that would
+ * result from replacing T with an XPath transform containing the following
* XPath parameter element:
*
* <XPath xmlns:dsig="&dsig;">
* count(ancestor-or-self::dsig:Signature |
* here()/ancestor::dsig:Signature[1]) >
* count(ancestor-or-self::dsig:Signature)</XPath>
- *
- * The input and output requirements of this transform are identical to
- * those of the XPath transform, but may only be applied to a node-set from
- * its parent XML document. Note that it is not necessary to use an XPath
- * expression evaluator to create this transform. However, this transform
- * MUST produce output in exactly the same manner as the XPath transform
+ *
+ * The input and output requirements of this transform are identical to
+ * those of the XPath transform, but may only be applied to a node-set from
+ * its parent XML document. Note that it is not necessary to use an XPath
+ * expression evaluator to create this transform. However, this transform
+ * MUST produce output in exactly the same manner as the XPath transform
* parameterized by the XPath expression above.
*
* Returns: enveloped transform id.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformEnvelopedGetKlass(void) {
return(&xmlSecTransformEnvelopedKlass);
}
static int
-xmlSecTransformEnvelopedExecute(xmlSecTransformPtr transform, int last,
- xmlSecTransformCtxPtr transformCtx) {
+xmlSecTransformEnvelopedExecute(xmlSecTransformPtr transform, int last,
+ xmlSecTransformCtxPtr transformCtx) {
xmlNodePtr node;
xmlSecNodeSetPtr children;
@@ -103,50 +103,50 @@ xmlSecTransformEnvelopedExecute(xmlSecTransformPtr transform, int last,
xmlSecAssert2(transform->outNodes == NULL, -1);
xmlSecAssert2(last != 0, -1);
xmlSecAssert2(transformCtx != NULL, -1);
-
+
if((transform->inNodes != NULL) && (transform->inNodes->doc != transform->hereNode->doc)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_TRANSFORM_SAME_DOCUMENT_REQUIRED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_TRANSFORM_SAME_DOCUMENT_REQUIRED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
/* find signature node and get all its children in the nodes set */
node = xmlSecFindParent(transform->hereNode, xmlSecNodeSignature, xmlSecDSigNs);
if(node == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecNodeSignature),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeSignature),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
children = xmlSecNodeSetGetChildren(node->doc, node, 1, 1);
if(children == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecNodeSetGetChildren",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNodeSetGetChildren",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ return(-1);
}
/* intersect <dsig:Signature/> node children with input nodes (if exist) */
transform->outNodes = xmlSecNodeSetAdd(transform->inNodes, children, xmlSecNodeSetIntersection);
if(transform->outNodes == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecNodeSetAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecNodeSetDestroy(children);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNodeSetAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecNodeSetDestroy(children);
+ return(-1);
}
-
+
return(0);
}
diff --git a/src/errors.c b/src/errors.c
index 54e34e6c..c9886d36 100644
--- a/src/errors.c
+++ b/src/errors.c
@@ -1,11 +1,11 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* Error codes and error reporting functions.
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -22,221 +22,221 @@
#include <xmlsec/private.h>
#include <xmlsec/errors.h>
-#define XMLSEC_ERRORS_BUFFER_SIZE 1024
+#define XMLSEC_ERRORS_BUFFER_SIZE 1024
-typedef struct _xmlSecErrorDescription xmlSecErrorDescription, *xmlSecErrorDescriptionPtr;
+typedef struct _xmlSecErrorDescription xmlSecErrorDescription, *xmlSecErrorDescriptionPtr;
struct _xmlSecErrorDescription {
- int errorCode;
- const char* errorMsg;
+ int errorCode;
+ const char* errorMsg;
};
static xmlSecErrorDescription xmlSecErrorsTable[XMLSEC_ERRORS_MAX_NUMBER + 1] = {
- { XMLSEC_ERRORS_R_XMLSEC_FAILED, "xmlsec library function failed" },
- { XMLSEC_ERRORS_R_MALLOC_FAILED, "malloc function failed" },
- { XMLSEC_ERRORS_R_STRDUP_FAILED, "strdup function failed" },
- { XMLSEC_ERRORS_R_CRYPTO_FAILED, "crypto library function failed" },
- { XMLSEC_ERRORS_R_XML_FAILED, "libxml2 library function failed" },
- { XMLSEC_ERRORS_R_XSLT_FAILED, "libxslt library function failed" },
- { XMLSEC_ERRORS_R_IO_FAILED, "io function failed" },
- { XMLSEC_ERRORS_R_DISABLED, "feature is disabled" },
- { XMLSEC_ERRORS_R_NOT_IMPLEMENTED, "feature is not implemented" },
- { XMLSEC_ERRORS_R_INVALID_SIZE, "invalid size" },
- { XMLSEC_ERRORS_R_INVALID_DATA, "invalid data" },
- { XMLSEC_ERRORS_R_INVALID_RESULT, "invalid result" },
- { XMLSEC_ERRORS_R_INVALID_TYPE, "invalid type" },
- { XMLSEC_ERRORS_R_INVALID_OPERATION, "invalid operation" },
- { XMLSEC_ERRORS_R_INVALID_STATUS, "invalid status" },
- { XMLSEC_ERRORS_R_INVALID_FORMAT, "invalid format" },
- { XMLSEC_ERRORS_R_DATA_NOT_MATCH, "data do not match" },
- { XMLSEC_ERRORS_R_INVALID_NODE, "invalid node" },
- { XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, "invalid node content" },
- { XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, "invalid node attribute" },
- { XMLSEC_ERRORS_R_MISSING_NODE_ATTRIBUTE, "missing node attribute" },
- { XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, "node already present" },
- { XMLSEC_ERRORS_R_UNEXPECTED_NODE, "unexpected node" },
- { XMLSEC_ERRORS_R_NODE_NOT_FOUND, "node node found" },
- { XMLSEC_ERRORS_R_INVALID_TRANSFORM, "invalid transform" },
- { XMLSEC_ERRORS_R_INVALID_TRANSFORM_KEY, "invalid transform key" },
- { XMLSEC_ERRORS_R_INVALID_URI_TYPE, "invalid URI type" },
- { XMLSEC_ERRORS_R_TRANSFORM_SAME_DOCUMENT_REQUIRED, "same document is required for transform" },
- { XMLSEC_ERRORS_R_TRANSFORM_DISABLED, "transform is disabled" },
- { XMLSEC_ERRORS_R_INVALID_KEY_DATA, "invalid key data" },
- { XMLSEC_ERRORS_R_KEY_DATA_NOT_FOUND, "key data is not found" },
- { XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, "key data already exist" },
- { XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, "invalid key data size" },
- { XMLSEC_ERRORS_R_KEY_NOT_FOUND, "key is not found" },
- { XMLSEC_ERRORS_R_KEYDATA_DISABLED, "key data is disabled" },
- { XMLSEC_ERRORS_R_MAX_RETRIEVALS_LEVEL, "maximum key retrieval level" },
- { XMLSEC_ERRORS_R_MAX_RETRIEVAL_TYPE_MISMATCH,"key retrieval type mismatch" },
- { XMLSEC_ERRORS_R_MAX_ENCKEY_LEVEL, "maximum encrypted key level" },
- { XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, "certificate verification failed" },
- { XMLSEC_ERRORS_R_CERT_NOT_FOUND, "certificate is not found" },
- { XMLSEC_ERRORS_R_CERT_REVOKED, "certificate is revoked" },
- { XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, "certificate issuer check failed" },
- { XMLSEC_ERRORS_R_CERT_NOT_YET_VALID, "certificate is not yet valid" },
- { XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, "certificate has expirred" },
- { XMLSEC_ERRORS_R_DSIG_NO_REFERENCES, "Reference nodes are not found" },
- { XMLSEC_ERRORS_R_DSIG_INVALID_REFERENCE, "Reference verification failed" },
- { XMLSEC_ERRORS_R_ASSERTION, "assertion" },
- { 0, NULL}
+ { XMLSEC_ERRORS_R_XMLSEC_FAILED, "xmlsec library function failed" },
+ { XMLSEC_ERRORS_R_MALLOC_FAILED, "malloc function failed" },
+ { XMLSEC_ERRORS_R_STRDUP_FAILED, "strdup function failed" },
+ { XMLSEC_ERRORS_R_CRYPTO_FAILED, "crypto library function failed" },
+ { XMLSEC_ERRORS_R_XML_FAILED, "libxml2 library function failed" },
+ { XMLSEC_ERRORS_R_XSLT_FAILED, "libxslt library function failed" },
+ { XMLSEC_ERRORS_R_IO_FAILED, "io function failed" },
+ { XMLSEC_ERRORS_R_DISABLED, "feature is disabled" },
+ { XMLSEC_ERRORS_R_NOT_IMPLEMENTED, "feature is not implemented" },
+ { XMLSEC_ERRORS_R_INVALID_SIZE, "invalid size" },
+ { XMLSEC_ERRORS_R_INVALID_DATA, "invalid data" },
+ { XMLSEC_ERRORS_R_INVALID_RESULT, "invalid result" },
+ { XMLSEC_ERRORS_R_INVALID_TYPE, "invalid type" },
+ { XMLSEC_ERRORS_R_INVALID_OPERATION, "invalid operation" },
+ { XMLSEC_ERRORS_R_INVALID_STATUS, "invalid status" },
+ { XMLSEC_ERRORS_R_INVALID_FORMAT, "invalid format" },
+ { XMLSEC_ERRORS_R_DATA_NOT_MATCH, "data do not match" },
+ { XMLSEC_ERRORS_R_INVALID_NODE, "invalid node" },
+ { XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, "invalid node content" },
+ { XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, "invalid node attribute" },
+ { XMLSEC_ERRORS_R_MISSING_NODE_ATTRIBUTE, "missing node attribute" },
+ { XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, "node already present" },
+ { XMLSEC_ERRORS_R_UNEXPECTED_NODE, "unexpected node" },
+ { XMLSEC_ERRORS_R_NODE_NOT_FOUND, "node node found" },
+ { XMLSEC_ERRORS_R_INVALID_TRANSFORM, "invalid transform" },
+ { XMLSEC_ERRORS_R_INVALID_TRANSFORM_KEY, "invalid transform key" },
+ { XMLSEC_ERRORS_R_INVALID_URI_TYPE, "invalid URI type" },
+ { XMLSEC_ERRORS_R_TRANSFORM_SAME_DOCUMENT_REQUIRED, "same document is required for transform" },
+ { XMLSEC_ERRORS_R_TRANSFORM_DISABLED, "transform is disabled" },
+ { XMLSEC_ERRORS_R_INVALID_KEY_DATA, "invalid key data" },
+ { XMLSEC_ERRORS_R_KEY_DATA_NOT_FOUND, "key data is not found" },
+ { XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, "key data already exist" },
+ { XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, "invalid key data size" },
+ { XMLSEC_ERRORS_R_KEY_NOT_FOUND, "key is not found" },
+ { XMLSEC_ERRORS_R_KEYDATA_DISABLED, "key data is disabled" },
+ { XMLSEC_ERRORS_R_MAX_RETRIEVALS_LEVEL, "maximum key retrieval level" },
+ { XMLSEC_ERRORS_R_MAX_RETRIEVAL_TYPE_MISMATCH,"key retrieval type mismatch" },
+ { XMLSEC_ERRORS_R_MAX_ENCKEY_LEVEL, "maximum encrypted key level" },
+ { XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, "certificate verification failed" },
+ { XMLSEC_ERRORS_R_CERT_NOT_FOUND, "certificate is not found" },
+ { XMLSEC_ERRORS_R_CERT_REVOKED, "certificate is revoked" },
+ { XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, "certificate issuer check failed" },
+ { XMLSEC_ERRORS_R_CERT_NOT_YET_VALID, "certificate is not yet valid" },
+ { XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, "certificate has expirred" },
+ { XMLSEC_ERRORS_R_DSIG_NO_REFERENCES, "Reference nodes are not found" },
+ { XMLSEC_ERRORS_R_DSIG_INVALID_REFERENCE, "Reference verification failed" },
+ { XMLSEC_ERRORS_R_ASSERTION, "assertion" },
+ { 0, NULL}
};
static xmlSecErrorsCallback xmlSecErrorsClbk = xmlSecErrorsDefaultCallback;
-static int xmlSecPrintErrorMessages = 1; /* whether the error messages will be printed immidiatelly */
+static int xmlSecPrintErrorMessages = 1; /* whether the error messages will be printed immidiatelly */
-/**
+/**
* xmlSecErrorsInit:
*
* Initializes the errors reporting. It is called from #xmlSecInit function.
* and applications must not call this function directly.
*/
-void
+void
xmlSecErrorsInit(void) {
}
-/**
+/**
* xmlSecErrorsShutdown:
*
* Cleanups the errors reporting. It is called from #xmlSecShutdown function.
* and applications must not call this function directly.
*/
-void
+void
xmlSecErrorsShutdown(void) {
}
/**
* xmlSecErrorsSetCallback:
- * @callback: the new errors callback function.
+ * @callback: the new errors callback function.
*
- * Sets the errors callback function to @callback that will be called
+ * Sets the errors callback function to @callback that will be called
* every time an error occurs.
*/
-void
+void
xmlSecErrorsSetCallback(xmlSecErrorsCallback callback) {
xmlSecErrorsClbk = callback;
}
/**
* xmlSecErrorsDefaultCallback:
- * @file: the error location file name (__FILE__ macro).
- * @line: the error location line number (__LINE__ macro).
- * @func: the error location function name (__FUNCTION__ macro).
- * @errorObject: the error specific error object
- * @errorSubject: the error specific error subject.
- * @reason: the error code.
- * @msg: the additional error message.
+ * @file: the error location file name (__FILE__ macro).
+ * @line: the error location line number (__LINE__ macro).
+ * @func: the error location function name (__FUNCTION__ macro).
+ * @errorObject: the error specific error object
+ * @errorSubject: the error specific error subject.
+ * @reason: the error code.
+ * @msg: the additional error message.
*
* The default error reporting callback that utilizes LibXML
* error reporting #xmlGenericError function.
*/
-void
+void
xmlSecErrorsDefaultCallback(const char* file, int line, const char* func,
- const char* errorObject, const char* errorSubject,
- int reason, const char* msg) {
- if(xmlSecPrintErrorMessages) {
- const char* error_msg = NULL;
- xmlSecSize i;
-
- for(i = 0; (i < XMLSEC_ERRORS_MAX_NUMBER) && (xmlSecErrorsGetMsg(i) != NULL); ++i) {
- if(xmlSecErrorsGetCode(i) == reason) {
- error_msg = xmlSecErrorsGetMsg(i);
- break;
- }
- }
- xmlGenericError(xmlGenericErrorContext,
- "func=%s:file=%s:line=%d:obj=%s:subj=%s:error=%d:%s:%s\n",
- (func != NULL) ? func : "unknown",
- (file != NULL) ? file : "unknown",
- line,
- (errorObject != NULL) ? errorObject : "unknown",
- (errorSubject != NULL) ? errorSubject : "unknown",
- reason,
- (error_msg != NULL) ? error_msg : "",
- (msg != NULL) ? msg : "");
+ const char* errorObject, const char* errorSubject,
+ int reason, const char* msg) {
+ if(xmlSecPrintErrorMessages) {
+ const char* error_msg = NULL;
+ xmlSecSize i;
+
+ for(i = 0; (i < XMLSEC_ERRORS_MAX_NUMBER) && (xmlSecErrorsGetMsg(i) != NULL); ++i) {
+ if(xmlSecErrorsGetCode(i) == reason) {
+ error_msg = xmlSecErrorsGetMsg(i);
+ break;
+ }
+ }
+ xmlGenericError(xmlGenericErrorContext,
+ "func=%s:file=%s:line=%d:obj=%s:subj=%s:error=%d:%s:%s\n",
+ (func != NULL) ? func : "unknown",
+ (file != NULL) ? file : "unknown",
+ line,
+ (errorObject != NULL) ? errorObject : "unknown",
+ (errorSubject != NULL) ? errorSubject : "unknown",
+ reason,
+ (error_msg != NULL) ? error_msg : "",
+ (msg != NULL) ? msg : "");
}
}
/**
* xmlSecErrorsDefaultCallbackEnableOutput:
- * @enabled: the flag.
- *
+ * @enabled: the flag.
+ *
* Enables or disables calling LibXML2 callback from the default
* errors callback.
*/
-void
+void
xmlSecErrorsDefaultCallbackEnableOutput(int enabled) {
xmlSecPrintErrorMessages = enabled;
}
/**
* xmlSecErrorsGetCode:
- * @pos: the error position.
- *
+ * @pos: the error position.
+ *
* Gets the known error code at position @pos.
*
- * Returns: the known error code or 0 if @pos is greater than
+ * Returns: the known error code or 0 if @pos is greater than
* total number of known error codes.
*/
-int
+int
xmlSecErrorsGetCode(xmlSecSize pos) {
/* could not use asserts here! */
if(pos < sizeof(xmlSecErrorsTable) / sizeof(xmlSecErrorsTable[0])) {
- return(xmlSecErrorsTable[pos].errorCode);
+ return(xmlSecErrorsTable[pos].errorCode);
}
return(0);
}
/**
* xmlSecErrorsGetMsg:
- * @pos: the error position.
+ * @pos: the error position.
*
* Gets the known error message at position @pos.
*
- * Returns: the known error message or NULL if @pos is greater than
+ * Returns: the known error message or NULL if @pos is greater than
* total number of known error codes.
*/
-const char*
+const char*
xmlSecErrorsGetMsg(xmlSecSize pos) {
/* could not use asserts here! */
if(pos < sizeof(xmlSecErrorsTable) / sizeof(xmlSecErrorsTable[0])) {
- return(xmlSecErrorsTable[pos].errorMsg);
+ return(xmlSecErrorsTable[pos].errorMsg);
}
return(NULL);
}
/**
* xmlSecError:
- * @file: the error location filename (__FILE__).
- * @line: the error location line number (__LINE__).
- * @func: the error location function (__FUNCTIION__).
- * @errorObject: the error specific error object
- * @errorSubject: the error specific error subject.
- * @reason: the error code.
- * @msg: the error message in printf format.
- * @...: the parameters for the @msg.
+ * @file: the error location filename (__FILE__).
+ * @line: the error location line number (__LINE__).
+ * @func: the error location function (__FUNCTIION__).
+ * @errorObject: the error specific error object
+ * @errorSubject: the error specific error subject.
+ * @reason: the error code.
+ * @msg: the error message in printf format.
+ * @...: the parameters for the @msg.
*
- * Reports an error to the default (#xmlSecErrorsDefaultCallback) or
- * application specific callback installed using #xmlSecErrorsSetCallback
+ * Reports an error to the default (#xmlSecErrorsDefaultCallback) or
+ * application specific callback installed using #xmlSecErrorsSetCallback
* function.
*/
-void
-xmlSecError(const char* file, int line, const char* func,
- const char* errorObject, const char* errorSubject,
- int reason, const char* msg, ...) {
-
+void
+xmlSecError(const char* file, int line, const char* func,
+ const char* errorObject, const char* errorSubject,
+ int reason, const char* msg, ...) {
+
if(xmlSecErrorsClbk != NULL) {
- xmlChar error_msg[XMLSEC_ERRORS_BUFFER_SIZE];
-
- if(msg != NULL) {
- va_list va;
-
- va_start(va, msg);
- xmlSecStrVPrintf(error_msg, sizeof(error_msg), BAD_CAST msg, va);
- error_msg[sizeof(error_msg) - 1] = '\0';
- va_end(va);
- } else {
- error_msg[0] = '\0';
- }
- xmlSecErrorsClbk(file, line, func, errorObject, errorSubject, reason, (char*)error_msg);
- }
+ xmlChar error_msg[XMLSEC_ERRORS_BUFFER_SIZE];
+
+ if(msg != NULL) {
+ va_list va;
+
+ va_start(va, msg);
+ xmlSecStrVPrintf(error_msg, sizeof(error_msg), BAD_CAST msg, va);
+ error_msg[sizeof(error_msg) - 1] = '\0';
+ va_end(va);
+ } else {
+ error_msg[0] = '\0';
+ }
+ xmlSecErrorsClbk(file, line, func, errorObject, errorSubject, reason, (char*)error_msg);
+ }
}
diff --git a/src/gcrypt/Makefile.am b/src/gcrypt/Makefile.am
new file mode 100644
index 00000000..734c429f
--- /dev/null
+++ b/src/gcrypt/Makefile.am
@@ -0,0 +1,55 @@
+NULL =
+
+EXTRA_DIST = \
+ README \
+ $(NULL)
+
+lib_LTLIBRARIES = \
+ libxmlsec1-gcrypt.la \
+ $(NULL)
+
+libxmlsec1_gcrypt_la_CPPFLAGS = \
+ -DPACKAGE=\"@PACKAGE@\" \
+ -DGCRYPT_MIN_VERSION=\"$(GCRYPT_MIN_VERSION)\" \
+ -I../../include \
+ -I$(top_srcdir)/include \
+ $(XMLSEC_DEFINES) \
+ $(GCRYPT_CFLAGS) \
+ $(LIBXSLT_CFLAGS) \
+ $(LIBXML_CFLAGS) \
+ $(NULL)
+
+libxmlsec1_gcrypt_la_SOURCES =\
+ app.c \
+ asn1.h \
+ asn1.c \
+ ciphers.c \
+ crypto.c \
+ digests.c \
+ hmac.c \
+ kw_aes.c \
+ kw_des.c \
+ symkeys.c \
+ asymkeys.c \
+ signatures.c \
+ globals.h \
+ $(NULL)
+
+if SHAREDLIB_HACK
+libxmlsec1_gcrypt_la_SOURCES += ../strings.c
+endif
+
+libxmlsec1_gcrypt_la_LIBADD = \
+ $(GCRYPT_LIBS) \
+ $(LIBXSLT_LIBS) \
+ $(LIBXML_LIBS) \
+ ../libxmlsec1.la \
+ $(NULL)
+
+libxmlsec1_gcrypt_la_DEPENDENCIES = \
+ $(NULL)
+
+libxmlsec1_gcrypt_la_LDFLAGS = \
+ @XMLSEC_CRYPTO_EXTRA_LDFLAGS@ \
+ -version-info @XMLSEC_VERSION_INFO@ \
+ $(NULL)
diff --git a/src/gcrypt/Makefile.in b/src/gcrypt/Makefile.in
new file mode 100644
index 00000000..325e5cf8
--- /dev/null
+++ b/src/gcrypt/Makefile.in
@@ -0,0 +1,794 @@
+# Makefile.in generated by automake 1.11.3 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@SHAREDLIB_HACK_TRUE@am__append_1 = ../strings.c
+subdir = src/gcrypt
+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__installdirs = "$(DESTDIR)$(libdir)"
+LTLIBRARIES = $(lib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+am__libxmlsec1_gcrypt_la_SOURCES_DIST = app.c asn1.h asn1.c ciphers.c \
+ crypto.c digests.c hmac.c kw_aes.c kw_des.c symkeys.c \
+ asymkeys.c signatures.c globals.h ../strings.c
+am__objects_1 =
+@SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_gcrypt_la-strings.lo
+am_libxmlsec1_gcrypt_la_OBJECTS = libxmlsec1_gcrypt_la-app.lo \
+ libxmlsec1_gcrypt_la-asn1.lo libxmlsec1_gcrypt_la-ciphers.lo \
+ libxmlsec1_gcrypt_la-crypto.lo libxmlsec1_gcrypt_la-digests.lo \
+ libxmlsec1_gcrypt_la-hmac.lo libxmlsec1_gcrypt_la-kw_aes.lo \
+ libxmlsec1_gcrypt_la-kw_des.lo libxmlsec1_gcrypt_la-symkeys.lo \
+ libxmlsec1_gcrypt_la-asymkeys.lo \
+ libxmlsec1_gcrypt_la-signatures.lo $(am__objects_1) \
+ $(am__objects_2)
+libxmlsec1_gcrypt_la_OBJECTS = $(am_libxmlsec1_gcrypt_la_OBJECTS)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+libxmlsec1_gcrypt_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(libxmlsec1_gcrypt_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+SOURCES = $(libxmlsec1_gcrypt_la_SOURCES)
+DIST_SOURCES = $(am__libxmlsec1_gcrypt_la_SOURCES_DIST)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CP = @CP@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
+GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
+GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
+GNUTLS_LIBS = @GNUTLS_LIBS@
+GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@
+GREP = @GREP@
+HELP2MAN = @HELP2MAN@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_CONFIG = @LIBXML_CONFIG@
+LIBXML_LIBS = @LIBXML_LIBS@
+LIBXML_MIN_VERSION = @LIBXML_MIN_VERSION@
+LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@
+LIBXSLT_CONFIG = @LIBXSLT_CONFIG@
+LIBXSLT_LIBS = @LIBXSLT_LIBS@
+LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
+MSCRYPTO_CRYPTO_LIB = @MSCRYPTO_CRYPTO_LIB@
+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
+MV = @MV@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSPR_MIN_VERSION = @NSPR_MIN_VERSION@
+NSPR_PACKAGE = @NSPR_PACKAGE@
+NSS_CFLAGS = @NSS_CFLAGS@
+NSS_CRYPTO_LIB = @NSS_CRYPTO_LIB@
+NSS_LIBS = @NSS_LIBS@
+NSS_MIN_VERSION = @NSS_MIN_VERSION@
+NSS_PACKAGE = @NSS_PACKAGE@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
+OPENSSL_CRYPTO_LIB = @OPENSSL_CRYPTO_LIB@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+OPENSSL_MIN_VERSION = @OPENSSL_MIN_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+RM = @RM@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TAR = @TAR@
+VERSION = @VERSION@
+XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
+XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
+XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@
+XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@
+XMLSEC_CRYPTO = @XMLSEC_CRYPTO@
+XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@
+XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@
+XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@
+XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@
+XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@
+XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@
+XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@
+XMLSEC_DEFINES = @XMLSEC_DEFINES@
+XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
+XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
+XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
+XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
+XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
+XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
+XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
+XMLSEC_LIBS = @XMLSEC_LIBS@
+XMLSEC_NO_AES = @XMLSEC_NO_AES@
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_DES = @XMLSEC_NO_DES@
+XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
+XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
+XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
+XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
+XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@
+XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@
+XMLSEC_NO_MSCRYPTO = @XMLSEC_NO_MSCRYPTO@
+XMLSEC_NO_NSS = @XMLSEC_NO_NSS@
+XMLSEC_NO_OPENSSL = @XMLSEC_NO_OPENSSL@
+XMLSEC_NO_RIPEMD160 = @XMLSEC_NO_RIPEMD160@
+XMLSEC_NO_RSA = @XMLSEC_NO_RSA@
+XMLSEC_NO_SHA1 = @XMLSEC_NO_SHA1@
+XMLSEC_NO_SHA224 = @XMLSEC_NO_SHA224@
+XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@
+XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@
+XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@
+XMLSEC_NO_X509 = @XMLSEC_NO_X509@
+XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@
+XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@
+XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@
+XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@
+XMLSEC_NSS_LIBS = @XMLSEC_NSS_LIBS@
+XMLSEC_OPENSSL_CFLAGS = @XMLSEC_OPENSSL_CFLAGS@
+XMLSEC_OPENSSL_LIBS = @XMLSEC_OPENSSL_LIBS@
+XMLSEC_PACKAGE = @XMLSEC_PACKAGE@
+XMLSEC_STATIC_BINARIES = @XMLSEC_STATIC_BINARIES@
+XMLSEC_VERSION = @XMLSEC_VERSION@
+XMLSEC_VERSION_INFO = @XMLSEC_VERSION_INFO@
+XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@
+XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@
+XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@
+XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+NULL =
+EXTRA_DIST = \
+ README \
+ $(NULL)
+
+lib_LTLIBRARIES = \
+ libxmlsec1-gcrypt.la \
+ $(NULL)
+
+libxmlsec1_gcrypt_la_CPPFLAGS = \
+ -DPACKAGE=\"@PACKAGE@\" \
+ -DGCRYPT_MIN_VERSION=\"$(GCRYPT_MIN_VERSION)\" \
+ -I../../include \
+ -I$(top_srcdir)/include \
+ $(XMLSEC_DEFINES) \
+ $(GCRYPT_CFLAGS) \
+ $(LIBXSLT_CFLAGS) \
+ $(LIBXML_CFLAGS) \
+ $(NULL)
+
+libxmlsec1_gcrypt_la_SOURCES = app.c asn1.h asn1.c ciphers.c crypto.c \
+ digests.c hmac.c kw_aes.c kw_des.c symkeys.c asymkeys.c \
+ signatures.c globals.h $(NULL) $(am__append_1)
+libxmlsec1_gcrypt_la_LIBADD = \
+ $(GCRYPT_LIBS) \
+ $(LIBXSLT_LIBS) \
+ $(LIBXML_LIBS) \
+ ../libxmlsec1.la \
+ $(NULL)
+
+libxmlsec1_gcrypt_la_DEPENDENCIES = \
+ $(NULL)
+
+libxmlsec1_gcrypt_la_LDFLAGS = \
+ @XMLSEC_CRYPTO_EXTRA_LDFLAGS@ \
+ -version-info @XMLSEC_VERSION_INFO@ \
+ $(NULL)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/gcrypt/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/gcrypt/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
+ }
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libxmlsec1-gcrypt.la: $(libxmlsec1_gcrypt_la_OBJECTS) $(libxmlsec1_gcrypt_la_DEPENDENCIES) $(EXTRA_libxmlsec1_gcrypt_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libxmlsec1_gcrypt_la_LINK) -rpath $(libdir) $(libxmlsec1_gcrypt_la_OBJECTS) $(libxmlsec1_gcrypt_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-app.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-asn1.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-asymkeys.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-ciphers.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-crypto.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-digests.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-hmac.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-kw_aes.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-kw_des.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-signatures.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-strings.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-symkeys.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+libxmlsec1_gcrypt_la-app.lo: app.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-app.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-app.Tpo -c -o libxmlsec1_gcrypt_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-app.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-app.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='app.c' object='libxmlsec1_gcrypt_la-app.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+
+libxmlsec1_gcrypt_la-asn1.lo: asn1.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-asn1.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-asn1.Tpo -c -o libxmlsec1_gcrypt_la-asn1.lo `test -f 'asn1.c' || echo '$(srcdir)/'`asn1.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-asn1.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-asn1.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1.c' object='libxmlsec1_gcrypt_la-asn1.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-asn1.lo `test -f 'asn1.c' || echo '$(srcdir)/'`asn1.c
+
+libxmlsec1_gcrypt_la-ciphers.lo: ciphers.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-ciphers.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-ciphers.Tpo -c -o libxmlsec1_gcrypt_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-ciphers.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-ciphers.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ciphers.c' object='libxmlsec1_gcrypt_la-ciphers.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
+
+libxmlsec1_gcrypt_la-crypto.lo: crypto.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-crypto.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-crypto.Tpo -c -o libxmlsec1_gcrypt_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-crypto.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-crypto.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='crypto.c' object='libxmlsec1_gcrypt_la-crypto.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+
+libxmlsec1_gcrypt_la-digests.lo: digests.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-digests.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-digests.Tpo -c -o libxmlsec1_gcrypt_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-digests.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-digests.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='digests.c' object='libxmlsec1_gcrypt_la-digests.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
+
+libxmlsec1_gcrypt_la-hmac.lo: hmac.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-hmac.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-hmac.Tpo -c -o libxmlsec1_gcrypt_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-hmac.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-hmac.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hmac.c' object='libxmlsec1_gcrypt_la-hmac.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+
+libxmlsec1_gcrypt_la-kw_aes.lo: kw_aes.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-kw_aes.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-kw_aes.Tpo -c -o libxmlsec1_gcrypt_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-kw_aes.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-kw_aes.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kw_aes.c' object='libxmlsec1_gcrypt_la-kw_aes.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
+
+libxmlsec1_gcrypt_la-kw_des.lo: kw_des.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-kw_des.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-kw_des.Tpo -c -o libxmlsec1_gcrypt_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-kw_des.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-kw_des.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kw_des.c' object='libxmlsec1_gcrypt_la-kw_des.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
+
+libxmlsec1_gcrypt_la-symkeys.lo: symkeys.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-symkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-symkeys.Tpo -c -o libxmlsec1_gcrypt_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-symkeys.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-symkeys.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='symkeys.c' object='libxmlsec1_gcrypt_la-symkeys.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
+
+libxmlsec1_gcrypt_la-asymkeys.lo: asymkeys.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-asymkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-asymkeys.Tpo -c -o libxmlsec1_gcrypt_la-asymkeys.lo `test -f 'asymkeys.c' || echo '$(srcdir)/'`asymkeys.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-asymkeys.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-asymkeys.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asymkeys.c' object='libxmlsec1_gcrypt_la-asymkeys.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-asymkeys.lo `test -f 'asymkeys.c' || echo '$(srcdir)/'`asymkeys.c
+
+libxmlsec1_gcrypt_la-signatures.lo: signatures.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-signatures.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-signatures.Tpo -c -o libxmlsec1_gcrypt_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-signatures.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-signatures.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='signatures.c' object='libxmlsec1_gcrypt_la-signatures.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
+
+libxmlsec1_gcrypt_la-strings.lo: ../strings.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-strings.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-strings.Tpo -c -o libxmlsec1_gcrypt_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-strings.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-strings.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='../strings.c' object='libxmlsec1_gcrypt_la-strings.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-libLTLIBRARIES
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-libLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libLTLIBRARIES clean-libtool ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am \
+ install-libLTLIBRARIES install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-libLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/gcrypt/README b/src/gcrypt/README
new file mode 100644
index 00000000..dcaa5a0d
--- /dev/null
+++ b/src/gcrypt/README
@@ -0,0 +1,9 @@
+The xmlsec-gcrypt implementation is really limited and is not ready
+for production use. The only supported crypto transforms are:
+
+ - HMAC
+ - Tripple DES
+ - AES [128|192|256]
+ - SHA1
+
+
diff --git a/src/gcrypt/app.c b/src/gcrypt/app.c
new file mode 100644
index 00000000..ab95f6dd
--- /dev/null
+++ b/src/gcrypt/app.c
@@ -0,0 +1,663 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gcrypt/app.h>
+#include <xmlsec/gcrypt/crypto.h>
+
+#include "asn1.h"
+
+/**
+ * xmlSecGCryptAppInit:
+ * @config: the path to GCrypt configuration (unused).
+ *
+ * General crypto engine initialization. This function is used
+ * by XMLSec command line utility and called before
+ * @xmlSecInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptAppInit(const char* config ATTRIBUTE_UNUSED) {
+ /* Secure memory initialisation based on documentation from:
+ http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html
+ NOTE sample code don't check gcry_control(...) return code
+
+ All flags from:
+ http://www.gnupg.org/documentation/manuals/gcrypt/Controlling-the-library.html
+
+ Also libgcrypt NEWS entries:
++++++
+.....
+Noteworthy changes in version 1.4.3 (2008-09-18)
+------------------------------------------------
+
+ * Try to auto-initialize Libgcrypt to minimize the effect of
+ applications not doing that correctly. This is not a perfect
+ solution but given that many applicationion would totally fail
+ without such a hack, we try to help at least with the most common
+ cases. Folks, please read the manual to learn how to properly
+ initialize Libgcrypt!
+
+ * Auto-initialize the secure memory to 32k instead of aborting the
+ process.
+.....
++++++
+ */
+
+ /* Version check should be the very first call because it
+ makes sure that important subsystems are intialized. */
+
+ /* NOTE configure.in defines GCRYPT_MIN_VERSION */
+ if (!gcry_check_version (GCRYPT_MIN_VERSION)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_check_version",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* We don't want to see any warnings, e.g. because we have not yet
+ parsed program options which might be used to suppress such
+ warnings. */
+ gcry_control(GCRYCTL_SUSPEND_SECMEM_WARN);
+
+ /* ... If required, other initialization goes here. Note that the
+ process might still be running with increased privileges and that
+ the secure memory has not been intialized. */
+
+ /* Allocate a pool of 32k secure memory. This make the secure memory
+ available and also drops privileges where needed. */
+ gcry_control(GCRYCTL_INIT_SECMEM, 32768, 0);
+
+ /* It is now okay to let Libgcrypt complain when there was/is
+ a problem with the secure memory. */
+ gcry_control(GCRYCTL_RESUME_SECMEM_WARN);
+
+ /* ... If required, other initialization goes here. */
+
+ /* Tell Libgcrypt that initialization has completed. */
+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+
+ return(0);
+}
+
+/**
+ * xmlSecGCryptAppShutdown:
+ *
+ * General crypto engine shutdown. This function is used
+ * by XMLSec command line utility and called after
+ * @xmlSecShutdown function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptAppShutdown(void) {
+ gcry_error_t err;
+
+ err = gcry_control(GCRYCTL_TERM_SECMEM);
+ if (gcry_err_code(err)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_control(GCRYCTL_TERM_SECMEM)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecGCryptAppKeyLoad:
+ * @filename: the key filename.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from the a file.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecGCryptAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx) {
+ xmlSecKeyPtr key;
+ xmlSecBuffer buffer;
+ int ret;
+
+ xmlSecAssert2(filename != NULL, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+ ret = xmlSecBufferInitialize(&buffer, 4*1024);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ret = xmlSecBufferReadFile(&buffer, filename);
+ if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL) || (xmlSecBufferGetSize(&buffer) <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferReadFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
+ }
+
+ key = xmlSecGCryptAppKeyLoadMemory(xmlSecBufferGetData(&buffer),
+ xmlSecBufferGetSize(&buffer),
+ format, pwd, pwdCallback, pwdCallbackCtx);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppKeyLoadMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
+ }
+
+ /* cleanup */
+ xmlSecBufferFinalize(&buffer);
+ return(key);
+}
+
+/**
+ * xmlSecGCryptAppKeyLoadMemory:
+ * @data: the binary key data.
+ * @dataSize: the size of binary key.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from the memory buffer.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecGCryptAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ const char *pwd ATTRIBUTE_UNUSED,
+ void* pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED)
+{
+ xmlSecKeyPtr key = NULL;
+ xmlSecKeyDataPtr key_data = NULL;
+ int ret;
+
+ xmlSecAssert2(data != NULL, NULL);
+ xmlSecAssert2(dataSize > 0, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+ switch(format) {
+ case xmlSecKeyDataFormatDer:
+ key_data = xmlSecGCryptParseDer(data, dataSize, xmlSecGCryptDerKeyTypeAuto);
+ if(key_data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptParseDer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ break;
+ case xmlSecKeyDataFormatPem:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppKeyLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+#ifndef XMLSEC_NO_X509
+ case xmlSecKeyDataFormatPkcs12:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppKeyLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+#endif /* XMLSEC_NO_X509 */
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(NULL);
+ }
+
+ /* we should have key data by now */
+ xmlSecAssert2(key_data != NULL, NULL);
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(key_data);
+ return(NULL);
+ }
+
+ ret = xmlSecKeySetValue(key, key_data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(key_data)));
+ xmlSecKeyDestroy(key);
+ xmlSecKeyDataDestroy(key_data);
+ return(NULL);
+ }
+ key_data = NULL; /* key_data is owned by key */
+
+ /* done */
+ return(key);
+}
+
+#ifndef XMLSEC_NO_X509
+/**
+ * xmlSecGCryptAppKeyCertLoad:
+ * @key: the pointer to key.
+ * @filename: the certificate filename.
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from $@filename and adds it to key
+ * (not implemented yet).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptAppKeyCertLoad(xmlSecKeyPtr key, const char* filename,
+ xmlSecKeyDataFormat format) {
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppKeyCertLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+}
+
+/**
+ * xmlSecGCryptAppKeyCertLoadMemory:
+ * @key: the pointer to key.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from memory buffer and adds it to key (not implemented yet).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptAppKeyCertLoadMemory(xmlSecKeyPtr key,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format) {
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize > 0, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppKeyCertLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+}
+
+/**
+ * xmlSecGCryptAppPkcs12Load:
+ * @filename: the PKCS12 key filename.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 file
+ * (not implemented yet).
+ * For uniformity, call xmlSecGCryptAppKeyLoad instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecGCryptAppPkcs12Load(const char *filename,
+ const char *pwd ATTRIBUTE_UNUSED,
+ void* pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+ xmlSecAssert2(filename != NULL, NULL);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppPkcs12Load",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+}
+
+/**
+ * xmlSecGCryptAppPkcs12LoadMemory:
+ * @data: the PKCS12 binary data.
+ * @dataSize: the PKCS12 binary data size.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 data in memory buffer.
+ * For uniformity, call xmlSecGCryptAppKeyLoadMemory instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12 (not implemented yet).
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecGCryptAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+ const char *pwd ATTRIBUTE_UNUSED,
+ void* pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+ xmlSecAssert2(data != NULL, NULL);
+ xmlSecAssert2(dataSize > 0, NULL);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppPkcs12LoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+}
+
+/**
+ * xmlSecGCryptAppKeysMngrCertLoad:
+ * @mngr: the keys manager.
+ * @filename: the certificate file.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate in @filename
+ * trusted or not.
+ *
+ * Reads cert from @filename and adds to the list of trusted or known
+ * untrusted certs in @store (not implemented yet).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr,
+ const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppKeysMngrCertLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+}
+
+/**
+ * xmlSecGCryptAppKeysMngrCertLoadMemory:
+ * @mngr: the keys manager.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate trusted or not.
+ *
+ * Reads cert from binary buffer @data and adds to the list of trusted or known
+ * untrusted certs in @store (not implemented yet).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize > 0, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppKeysMngrCertLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+}
+
+#endif /* XMLSEC_NO_X509 */
+
+/**
+ * xmlSecGCryptAppDefaultKeysMngrInit:
+ * @mngr: the pointer to keys manager.
+ *
+ * Initializes @mngr with simple keys store #xmlSecSimpleKeysStoreId
+ * and a default GCrypt crypto key data stores.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+
+ /* create simple keys store if needed */
+ if(xmlSecKeysMngrGetKeysStore(mngr) == NULL) {
+ xmlSecKeyStorePtr keysStore;
+
+ keysStore = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
+ if(keysStore == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecSimpleKeysStoreId");
+ return(-1);
+ }
+
+ ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrAdoptKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyStoreDestroy(keysStore);
+ return(-1);
+ }
+ }
+
+ ret = xmlSecGCryptKeysMngrInit(mngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKeysMngrInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* TODO */
+ mngr->getKey = xmlSecKeysMngrGetKey;
+ return(0);
+}
+
+/**
+ * xmlSecGCryptAppDefaultKeysMngrAdoptKey:
+ * @mngr: the pointer to keys manager.
+ * @key: the pointer to key.
+ *
+ * Adds @key to the keys manager @mngr created with #xmlSecGCryptAppDefaultKeysMngrInit
+ * function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecSimpleKeysStoreAdoptKey(store, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGCryptAppDefaultKeysMngrLoad:
+ * @mngr: the pointer to keys manager.
+ * @uri: the uri.
+ *
+ * Loads XML keys file from @uri to the keys manager @mngr created
+ * with #xmlSecGCryptAppDefaultKeysMngrInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(uri != NULL, -1);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecSimpleKeysStoreLoad(store, uri, mngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreLoad",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s", xmlSecErrorsSafeString(uri));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGCryptAppDefaultKeysMngrSave:
+ * @mngr: the pointer to keys manager.
+ * @filename: the destination filename.
+ * @type: the type of keys to save (public/private/symmetric).
+ *
+ * Saves keys from @mngr to XML keys file.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename, xmlSecKeyDataType type) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecSimpleKeysStoreSave(store, filename, type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreSave",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGCryptAppGetDefaultPwdCallback:
+ *
+ * Gets default password callback.
+ *
+ * Returns: default password callback.
+ */
+void*
+xmlSecGCryptAppGetDefaultPwdCallback(void) {
+ return(NULL);
+}
+
diff --git a/src/gcrypt/asn1.c b/src/gcrypt/asn1.c
new file mode 100644
index 00000000..b1388420
--- /dev/null
+++ b/src/gcrypt/asn1.c
@@ -0,0 +1,602 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gcrypt/crypto.h>
+
+#include "asn1.h"
+
+/**************************************************************************
+ *
+ * ASN.1 parser is taken from GCrypt tests
+ *
+ *************************************************************************/
+
+/* ASN.1 classes. */
+enum
+{
+ UNIVERSAL = 0,
+ APPLICATION = 1,
+ ASNCONTEXT = 2,
+ PRIVATE = 3
+};
+
+
+/* ASN.1 tags. */
+enum
+{
+ TAG_NONE = 0,
+ TAG_BOOLEAN = 1,
+ TAG_INTEGER = 2,
+ TAG_BIT_STRING = 3,
+ TAG_OCTET_STRING = 4,
+ TAG_NULL = 5,
+ TAG_OBJECT_ID = 6,
+ TAG_OBJECT_DESCRIPTOR = 7,
+ TAG_EXTERNAL = 8,
+ TAG_REAL = 9,
+ TAG_ENUMERATED = 10,
+ TAG_EMBEDDED_PDV = 11,
+ TAG_UTF8_STRING = 12,
+ TAG_REALTIVE_OID = 13,
+ TAG_SEQUENCE = 16,
+ TAG_SET = 17,
+ TAG_NUMERIC_STRING = 18,
+ TAG_PRINTABLE_STRING = 19,
+ TAG_TELETEX_STRING = 20,
+ TAG_VIDEOTEX_STRING = 21,
+ TAG_IA5_STRING = 22,
+ TAG_UTC_TIME = 23,
+ TAG_GENERALIZED_TIME = 24,
+ TAG_GRAPHIC_STRING = 25,
+ TAG_VISIBLE_STRING = 26,
+ TAG_GENERAL_STRING = 27,
+ TAG_UNIVERSAL_STRING = 28,
+ TAG_CHARACTER_STRING = 29,
+ TAG_BMP_STRING = 30
+};
+
+/* ASN.1 Parser object. */
+struct tag_info
+{
+ int class; /* Object class. */
+ unsigned long tag; /* The tag of the object. */
+ unsigned long length; /* Length of the values. */
+ int nhdr; /* Length of the header (TL). */
+ unsigned int ndef:1; /* The object has an indefinite length. */
+ unsigned int cons:1; /* This is a constructed object. */
+};
+
+/* Parse the buffer at the address BUFFER which consists of the number
+ of octets as stored at BUFLEN. Return the tag and the length part
+ from the TLV triplet. Update BUFFER and BUFLEN on success. Checks
+ that the encoded length does not exhaust the length of the provided
+ buffer. */
+static int
+xmlSecGCryptAsn1ParseTag (xmlSecByte const **buffer, xmlSecSize *buflen, struct tag_info *ti)
+{
+ int c;
+ unsigned long tag;
+ const xmlSecByte *buf;
+ xmlSecSize length;
+
+ xmlSecAssert2(buffer != NULL, -1);
+ xmlSecAssert2((*buffer) != NULL, -1);
+ xmlSecAssert2(buflen != NULL, -1);
+ xmlSecAssert2(ti != NULL, -1);
+
+ /* initialize */
+ buf = *buffer;
+ length = *buflen;
+
+ ti->length = 0;
+ ti->ndef = 0;
+ ti->nhdr = 0;
+
+ /* Get the tag */
+ if (length <= 0) {
+ return(-1); /* Premature EOF. */
+ }
+ c = *buf++;
+ length--;
+ ti->nhdr++;
+
+ ti->class = (c & 0xc0) >> 6;
+ ti->cons = !!(c & 0x20);
+ tag = (c & 0x1f);
+
+ if (tag == 0x1f) {
+ tag = 0;
+ do {
+ tag <<= 7;
+ if (length <= 0) {
+ return(-1); /* Premature EOF. */
+ }
+ c = *buf++;
+ length--;
+ ti->nhdr++;
+ tag |= (c & 0x7f);
+ } while ( (c & 0x80) );
+ }
+ ti->tag = tag;
+
+ /* Get the length */
+ if(length <= 0) {
+ return -1; /* Premature EOF. */
+ }
+ c = *buf++;
+ length--;
+ ti->nhdr++;
+
+ if ( !(c & 0x80) ) {
+ ti->length = c;
+ } else if (c == 0x80) {
+ ti->ndef = 1;
+ } else if (c == 0xff) {
+ return -1; /* Forbidden length value. */
+ } else {
+ xmlSecSize len = 0;
+ int count = c & 0x7f;
+
+ for (; count; count--) {
+ len <<= 8;
+ if (length <= 0) {
+ return -1; /* Premature EOF. */
+ }
+ c = *buf++; length--;
+ ti->nhdr++;
+ len |= (c & 0xff);
+ }
+ ti->length = len;
+ }
+
+ if (ti->class == UNIVERSAL && !ti->tag) {
+ ti->length = 0;
+ }
+
+ if (ti->length > length) {
+ return(-1); /* Data larger than buffer. */
+ }
+
+ /* done */
+ *buffer = buf;
+ *buflen = length;
+ return(0);
+}
+
+static int
+xmlSecGCryptAsn1ParseIntegerSequence(xmlSecByte const **buffer, xmlSecSize *buflen,
+ gcry_mpi_t * params, int params_size) {
+ const xmlSecByte *buf;
+ xmlSecSize length;
+ struct tag_info ti;
+ gcry_error_t err;
+ int idx = 0;
+ int ret;
+
+ xmlSecAssert2(buffer != NULL, -1);
+ xmlSecAssert2((*buffer) != NULL, -1);
+ xmlSecAssert2(buflen != NULL, -1);
+ xmlSecAssert2(params != NULL, -1);
+ xmlSecAssert2(params_size > 0, -1);
+
+ /* initialize */
+ buf = *buffer;
+ length = *buflen;
+
+ /* read SEQUENCE */
+ memset(&ti, 0, sizeof(ti));
+ ret = xmlSecGCryptAsn1ParseTag (&buf, &length, &ti);
+ if((ret != 0) || (ti.tag != TAG_SEQUENCE) || ti.class || !ti.cons || ti.ndef) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAsn1ParseTag",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "TAG_SEQUENCE is expected: tag=%d",
+ (int)ti.tag);
+ return(-1);
+ }
+
+ /* read INTEGERs */
+ for (idx = 0; ((idx < params_size) && (length > 0)); idx++) {
+ memset(&ti, 0, sizeof(ti));
+ ret = xmlSecGCryptAsn1ParseTag (&buf, &length, &ti);
+ if((ret != 0) || (ti.tag != TAG_INTEGER) || ti.class || ti.cons || ti.ndef)
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAsn1ParseTag",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "TAG_INTEGER is expected - index=%d, tag=%d",
+ (int)idx, (int)ti.tag);
+ return(-1);
+ }
+
+ err = gcry_mpi_scan(&(params[idx]), GCRYMPI_FMT_USG, buf, ti.length, NULL);
+ if((err != GPG_ERR_NO_ERROR) || (params[idx] == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_scan",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+ buf += ti.length;
+ length -= ti.length;
+ }
+
+ /* did we parse everything? */
+ if(length > 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAsn1ParseTag",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "too many params - cur=%d, expected=%d",
+ (int)(idx - 1), (int)params_size);
+ return(-1);
+ }
+
+ /* done */
+ *buffer = buf;
+ *buflen = length;
+ return(idx);
+}
+
+xmlSecKeyDataPtr
+xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen,
+ enum xmlSecGCryptDerKeyType type) {
+ xmlSecKeyDataPtr key_data = NULL;
+ gcry_sexp_t s_pub_key = NULL;
+ gcry_sexp_t s_priv_key = NULL;
+ gcry_error_t err;
+ gcry_mpi_t keyparms[20];
+ int keyparms_num;
+ unsigned int idx;
+ int ret;
+
+ xmlSecAssert2(der != NULL, NULL);
+ xmlSecAssert2(derlen > 0, NULL);
+
+ /* Parse the ASN.1 structure. */
+ memset(&keyparms, 0, sizeof(keyparms));
+ ret = xmlSecGCryptAsn1ParseIntegerSequence(
+ &der, &derlen,
+ keyparms, sizeof(keyparms) / sizeof(keyparms[0])
+ );
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAsn1ParseIntegerSequence",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ keyparms_num = ret;
+
+ /* The value of the first integer should be 0. */
+ if ((keyparms_num < 1) || (gcry_mpi_cmp_ui(keyparms[0], 0) != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAsn1ParseTag",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "num=%d",
+ (int)keyparms_num);
+ goto done;
+ }
+
+ /* do we need to guess the key type? not robust but the best we can do */
+ if(type == xmlSecGCryptDerKeyTypeAuto) {
+ switch(keyparms_num) {
+ case 3:
+ /* Public RSA */
+ type = xmlSecGCryptDerKeyTypePublicRsa;
+ case 5:
+ /* Public DSA */
+ type = xmlSecGCryptDerKeyTypePublicDsa;
+ case 6:
+ /* Private DSA */
+ type = xmlSecGCryptDerKeyTypePrivateDsa;
+ break;
+ case 9:
+ /* Private RSA */
+ type = xmlSecGCryptDerKeyTypePrivateRsa;
+ break;
+ default:
+ /* unknown */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "Unexpected number of parameters, unknown key type",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "keyparms_num=%d", (int)keyparms_num);
+ goto done;
+ }
+ }
+
+
+ switch(type) {
+#ifndef XMLSEC_NO_DSA
+ case xmlSecGCryptDerKeyTypePrivateDsa:
+ /* check we have enough params */
+ if(keyparms_num != 6) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "Private DSA key: 6 parameters exepcted",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "parms_num=%d", (int)keyparms_num);
+ goto done;
+ }
+
+ /* Convert from OpenSSL parameter ordering to the OpenPGP order. */
+ /* First check that x < y; if not swap x and y */
+ if (gcry_mpi_cmp (keyparms[4], keyparms[5]) > 0) {
+ gcry_mpi_swap (keyparms[4], keyparms[5]);
+ }
+
+ /* Build the S-expressions */
+ err = gcry_sexp_build (&s_priv_key, NULL,
+ "(private-key(dsa(p%m)(q%m)(g%m)(x%m)(y%m)))",
+ keyparms[1], keyparms[2], keyparms[3], keyparms[4], keyparms[5]
+ );
+ if((err != GPG_ERR_NO_ERROR) || (s_priv_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(private-key/dsa)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ err = gcry_sexp_build (&s_pub_key, NULL,
+ "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
+ keyparms[1], keyparms[2], keyparms[3], keyparms[5]
+ );
+ if((err != GPG_ERR_NO_ERROR) || (s_pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(public-key/dsa)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* construct key and key data */
+ key_data = xmlSecKeyDataCreate(xmlSecGCryptKeyDataDsaId);
+ if(key_data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGCryptKeyDataDsaId");
+ goto done;
+ }
+
+ ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(key_data, s_pub_key, s_priv_key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKeyDataDsaAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGCryptKeyDataDsaId");
+ xmlSecKeyDataDestroy(key_data);
+ key_data = NULL;
+ goto done;
+ }
+ s_pub_key = NULL; /* owned by key_data now */
+ s_priv_key = NULL; /* owned by key_data now */
+ break;
+
+ case xmlSecGCryptDerKeyTypePublicDsa:
+ /* check we have enough params */
+ if(keyparms_num != 5) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "Public DSA key: 5 parameters exepcted",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "parms_num=%d", (int)keyparms_num);
+ goto done;
+ }
+
+ /* Build the S-expression. */
+ err = gcry_sexp_build (&s_pub_key, NULL,
+ "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
+ keyparms[2], keyparms[3], keyparms[4], keyparms[1]
+ );
+ if((err != GPG_ERR_NO_ERROR) || (s_pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(public-key/dsa)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* construct key and key data */
+ key_data = xmlSecKeyDataCreate(xmlSecGCryptKeyDataDsaId);
+ if(key_data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGCryptKeyDataDsaId");
+ goto done;
+ }
+
+ ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(key_data, s_pub_key, NULL);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKeyDataDsaAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGCryptKeyDataDsaId");
+ xmlSecKeyDataDestroy(key_data);
+ key_data = NULL;
+ goto done;
+ }
+ s_pub_key = NULL; /* owned by key_data now */
+ break;
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+ case xmlSecGCryptDerKeyTypePrivateRsa:
+ /* check we have enough params */
+ if(keyparms_num != 9) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "Private RSA key: 9 parameters exepcted",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "parms_num=%d", (int)keyparms_num);
+ goto done;
+ }
+
+ /* Convert from OpenSSL parameter ordering to the OpenPGP order. */
+ /* First check that p < q; if not swap p and q and recompute u. */
+ if (gcry_mpi_cmp (keyparms[4], keyparms[5]) > 0) {
+ gcry_mpi_swap (keyparms[4], keyparms[5]);
+ gcry_mpi_invm (keyparms[8], keyparms[4], keyparms[5]);
+ }
+
+ /* Build the S-expression. */
+ err = gcry_sexp_build (&s_priv_key, NULL,
+ "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
+ keyparms[1], keyparms[2],
+ keyparms[3], keyparms[4],
+ keyparms[5], keyparms[8]
+ );
+ if((err != GPG_ERR_NO_ERROR) || (s_priv_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(private-key/rsa)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ err = gcry_sexp_build (&s_pub_key, NULL,
+ "(public-key(rsa(n%m)(e%m)))",
+ keyparms[1], keyparms[2]
+ );
+ if((err != GPG_ERR_NO_ERROR) || (s_pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(public-key/rsa)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* construct key and key data */
+ key_data = xmlSecKeyDataCreate(xmlSecGCryptKeyDataRsaId);
+ if(key_data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGCryptKeyDataRsaId");
+ goto done;
+ }
+
+ ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(key_data, s_pub_key, s_priv_key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKeyDataRsaAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGCryptKeyDataRsaId");
+ xmlSecKeyDataDestroy(key_data);
+ key_data = NULL;
+ goto done;
+ }
+ s_pub_key = NULL; /* owned by key_data now */
+ s_priv_key = NULL; /* owned by key_data now */
+ break;
+
+ case xmlSecGCryptDerKeyTypePublicRsa:
+ /* check we have enough params */
+ if(keyparms_num != 3) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "Public RSA key: 3 parameters exepcted",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "parms_num=%d", (int)keyparms_num);
+ goto done;
+ }
+
+ /* Build the S-expression. */
+ err = gcry_sexp_build (&s_pub_key, NULL,
+ "(public-key(rsa(n%m)(e%m)))",
+ keyparms[1], keyparms[2]
+ );
+ if((err != GPG_ERR_NO_ERROR) || (s_pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(public-key/rsa)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* construct key and key data */
+ key_data = xmlSecKeyDataCreate(xmlSecGCryptKeyDataRsaId);
+ if(key_data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGCryptKeyDataRsaId");
+ goto done;
+ }
+
+ ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(key_data, s_pub_key, NULL);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKeyDataRsaAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGCryptKeyDataRsaId");
+ xmlSecKeyDataDestroy(key_data);
+ key_data = NULL;
+ goto done;
+ }
+ s_pub_key = NULL; /* owned by key_data now */
+ break;
+#endif /* XMLSEC_NO_RSA */
+
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "Unsupported key type",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "type=%d", (int)type);
+ goto done;
+ break;
+ }
+
+done:
+ if(s_priv_key != NULL) {
+ gcry_sexp_release(s_priv_key);
+ }
+ if(s_pub_key != NULL) {
+ gcry_sexp_release(s_pub_key);
+ }
+ for (idx = 0; idx < sizeof(keyparms) / sizeof(keyparms[0]); idx++) {
+ if(keyparms[idx] != NULL) {
+ gcry_mpi_release (keyparms[idx]);
+ }
+ }
+
+ return(key_data);
+}
diff --git a/src/gcrypt/asn1.h b/src/gcrypt/asn1.h
new file mode 100644
index 00000000..d05b5305
--- /dev/null
+++ b/src/gcrypt/asn1.h
@@ -0,0 +1,39 @@
+/*
+ * XML Security Library
+ *
+ * gcrypt/asn1.h: internal header only used during the compilation
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_GCRYPT_ASN1_H__
+#define __XMLSEC_GCRYPT_ASN1_H__
+
+#ifndef XMLSEC_PRIVATE
+#error "gcrypt/asn1.h file contains private xmlsec-gcrypt definitions and should not be used outside xmlsec or xmlsec-<crypto> libraries"
+#endif /* XMLSEC_PRIVATE */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+enum xmlSecGCryptDerKeyType {
+ xmlSecGCryptDerKeyTypeAuto = 0,
+ xmlSecGCryptDerKeyTypePublicDsa,
+ xmlSecGCryptDerKeyTypePublicRsa,
+ xmlSecGCryptDerKeyTypePrivateDsa,
+ xmlSecGCryptDerKeyTypePrivateRsa
+};
+
+xmlSecKeyDataPtr xmlSecGCryptParseDer (const xmlSecByte * der,
+ xmlSecSize derlen,
+ enum xmlSecGCryptDerKeyType type);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+
+#endif /*__XMLSEC_GCRYPT_ASN1_H__ */
diff --git a/src/gcrypt/asymkeys.c b/src/gcrypt/asymkeys.c
new file mode 100644
index 00000000..8f0cec88
--- /dev/null
+++ b/src/gcrypt/asymkeys.c
@@ -0,0 +1,1920 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gcrypt/crypto.h>
+
+/**************************************************************************
+ *
+ * Helpers
+ *
+ *************************************************************************/
+static gcry_sexp_t xmlSecGCryptAsymSExpDup (gcry_sexp_t sexp);
+
+
+/**************************************************************************
+ *
+ * Internal GCrypt asym key CTX
+ *
+ *************************************************************************/
+typedef struct _xmlSecGCryptAsymKeyDataCtx xmlSecGCryptAsymKeyDataCtx,
+ *xmlSecGCryptAsymKeyDataCtxPtr;
+struct _xmlSecGCryptAsymKeyDataCtx {
+ gcry_sexp_t pub_key;
+ gcry_sexp_t priv_key;
+};
+
+/******************************************************************************
+ *
+ * Asym key (dsa/rsa)
+ *
+ * xmlSecGCryptAsymKeyDataCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecGCryptAsymKeyDataSize \
+ (sizeof(xmlSecKeyData) + sizeof(xmlSecGCryptAsymKeyDataCtx))
+#define xmlSecGCryptAsymKeyDataGetCtx(data) \
+ ((xmlSecGCryptAsymKeyDataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData)))
+
+static int xmlSecGCryptAsymKeyDataInitialize (xmlSecKeyDataPtr data);
+static int xmlSecGCryptAsymKeyDataDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecGCryptAsymKeyDataFinalize (xmlSecKeyDataPtr data);
+
+static int xmlSecGCryptAsymKeyDataAdoptKey (xmlSecKeyDataPtr data,
+ gcry_sexp_t key_pair);
+static int xmlSecGCryptAsymKeyDataAdoptKeyPair (xmlSecKeyDataPtr data,
+ gcry_sexp_t pub_key,
+ gcry_sexp_t priv_key);
+static gcry_sexp_t xmlSecGCryptAsymKeyDataGetPublicKey (xmlSecKeyDataPtr data);
+static gcry_sexp_t xmlSecGCryptAsymKeyDataGetPrivateKey (xmlSecKeyDataPtr data);
+static int xmlSecGCryptAsymKeyDataGenerate (xmlSecKeyDataPtr data,
+ const char * alg,
+ xmlSecSize key_size);
+static xmlSecKeyDataType xmlSecGCryptAsymKeyDataGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecGCryptAsymKeyDataGetSize (xmlSecKeyDataPtr data);
+
+
+static int
+xmlSecGCryptAsymKeyDataInitialize(xmlSecKeyDataPtr data) {
+ xmlSecGCryptAsymKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), -1);
+
+ ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecGCryptAsymKeyDataCtx));
+
+ return(0);
+}
+
+static int
+xmlSecGCryptAsymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecGCryptAsymKeyDataCtxPtr ctxDst;
+ xmlSecGCryptAsymKeyDataCtxPtr ctxSrc;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(dst), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecGCryptAsymKeyDataSize), -1);
+ xmlSecAssert2(xmlSecKeyDataIsValid(src), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecGCryptAsymKeyDataSize), -1);
+
+ ctxDst = xmlSecGCryptAsymKeyDataGetCtx(dst);
+ xmlSecAssert2(ctxDst != NULL, -1);
+ xmlSecAssert2(ctxDst->pub_key == NULL, -1);
+ xmlSecAssert2(ctxDst->priv_key == NULL, -1);
+
+ ctxSrc = xmlSecGCryptAsymKeyDataGetCtx(src);
+ xmlSecAssert2(ctxSrc != NULL, -1);
+
+ if(ctxSrc->pub_key != NULL) {
+ ctxDst->pub_key = xmlSecGCryptAsymSExpDup(ctxSrc->pub_key);
+ if(ctxDst->pub_key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecGCryptAsymSExpDup(pub_key)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ if(ctxSrc->priv_key != NULL) {
+ ctxDst->priv_key = xmlSecGCryptAsymSExpDup(ctxSrc->priv_key);
+ if(ctxDst->priv_key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecGCryptAsymSExpDup(priv_key)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+static void
+xmlSecGCryptAsymKeyDataFinalize(xmlSecKeyDataPtr data) {
+ xmlSecGCryptAsymKeyDataCtxPtr ctx;
+
+ xmlSecAssert(xmlSecKeyDataIsValid(data));
+ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize));
+
+ ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->pub_key != NULL) {
+ gcry_sexp_release(ctx->pub_key);
+ }
+ if(ctx->priv_key != NULL) {
+ gcry_sexp_release(ctx->priv_key);
+ }
+ memset(ctx, 0, sizeof(xmlSecGCryptAsymKeyDataCtx));
+}
+
+static int
+xmlSecGCryptAsymKeyDataAdoptKey(xmlSecKeyDataPtr data, gcry_sexp_t key_pair) {
+ xmlSecGCryptAsymKeyDataCtxPtr ctx;
+ gcry_sexp_t pub_key = NULL;
+ gcry_sexp_t priv_key = NULL;
+ int res = -1;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), -1);
+ xmlSecAssert2(key_pair != NULL, -1);
+
+ ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* split the key pair, public part should be always present, private might
+ not be present */
+ pub_key = gcry_sexp_find_token(key_pair, "public-key", 0);
+ if(pub_key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_find_token(public-key)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ priv_key = gcry_sexp_find_token(key_pair, "private-key", 0);
+
+ /* assign */
+ if(xmlSecGCryptAsymKeyDataAdoptKeyPair(data, pub_key, priv_key) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAsymKeyDataAdoptKeyPair",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ pub_key = NULL; /* data owns it now */
+ priv_key = NULL; /* data owns it now */
+
+ /* success */
+ res = 0;
+
+done:
+ if(pub_key != NULL) {
+ gcry_sexp_release(pub_key);
+ }
+
+ if(priv_key != NULL) {
+ gcry_sexp_release(priv_key);
+ }
+
+ /* done */
+ return(res);
+}
+
+static int
+xmlSecGCryptAsymKeyDataAdoptKeyPair(xmlSecKeyDataPtr data, gcry_sexp_t pub_key, gcry_sexp_t priv_key) {
+ xmlSecGCryptAsymKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), -1);
+ xmlSecAssert2(pub_key != NULL, -1); /* public key should present always */
+/*
+ aleksey - we don't set optional parameters for RSA keys (p, k, u) and
+ because of that we can't actually test the key
+
+ xmlSecAssert2(((priv_key == NULL) || (gcry_pk_testkey(priv_key) == GPG_ERR_NO_ERROR)), -1);
+*/
+
+ ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* release prev values and assign new ones */
+ if(ctx->pub_key != NULL) {
+ gcry_sexp_release(ctx->pub_key);
+ }
+ if(ctx->priv_key != NULL) {
+ gcry_sexp_release(ctx->priv_key);
+ }
+
+ ctx->pub_key = pub_key;
+ ctx->priv_key = priv_key;
+
+ /* done */
+ return(0);
+}
+
+static gcry_sexp_t
+xmlSecGCryptAsymKeyDataGetPublicKey(xmlSecKeyDataPtr data) {
+ xmlSecGCryptAsymKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), NULL);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), NULL);
+
+ ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ return(ctx->pub_key);
+}
+
+static gcry_sexp_t
+xmlSecGCryptAsymKeyDataGetPrivateKey(xmlSecKeyDataPtr data) {
+ xmlSecGCryptAsymKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), NULL);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), NULL);
+
+ ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ return(ctx->priv_key);
+}
+
+static int
+xmlSecGCryptAsymKeyDataGenerate(xmlSecKeyDataPtr data, const char * alg, xmlSecSize key_size) {
+ xmlSecGCryptAsymKeyDataCtxPtr ctx;
+ gcry_sexp_t key_spec = NULL;
+ gcry_sexp_t key_pair = NULL;
+ gcry_error_t err;
+ int ret;
+ int res = -1;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), -1);
+ xmlSecAssert2(alg != NULL, -1);
+ xmlSecAssert2(key_size > 0, -1);
+
+ ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ err = gcry_sexp_build(&key_spec, NULL,
+ "(genkey (%s (nbits %d)(transient-key)))",
+ alg, (int)key_size);
+ if((err != GPG_ERR_NO_ERROR) || (key_spec == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(genkey)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ err = gcry_pk_genkey(&key_pair, key_spec);
+ if((err != GPG_ERR_NO_ERROR) || (key_pair == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_pk_genkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ ret = xmlSecGCryptAsymKeyDataAdoptKey(data, key_pair);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAsymKeyDataAdopt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ret=%d", (int)ret);
+ goto done;
+ }
+ key_pair = NULL; /* now owned by data */
+
+ /* success */
+ res = 0;
+
+done:
+ if(key_spec != NULL) {
+ gcry_sexp_release(key_spec);
+ }
+ if(key_pair != NULL) {
+ gcry_sexp_release(key_pair);
+ }
+
+ return(res);
+}
+
+static xmlSecKeyDataType
+xmlSecGCryptAsymKeyDataGetType(xmlSecKeyDataPtr data) {
+ xmlSecGCryptAsymKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), xmlSecKeyDataTypeUnknown);
+
+ ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, xmlSecKeyDataTypeUnknown);
+
+ if((ctx->priv_key != NULL) && (ctx->pub_key != NULL)) {
+ return (xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+ } else if(ctx->pub_key != NULL) {
+ return (xmlSecKeyDataTypePublic);
+ }
+
+ return (xmlSecKeyDataTypeUnknown);
+}
+
+static xmlSecSize
+xmlSecGCryptAsymKeyDataGetSize(xmlSecKeyDataPtr data) {
+ xmlSecGCryptAsymKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), xmlSecKeyDataTypeUnknown);
+
+ ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ /* use pub key since it is more often you have it than not */
+ return (ctx->pub_key != NULL) ? gcry_pk_get_nbits(ctx->pub_key) : 0;
+}
+
+/******************************************************************************
+ *
+ * helper functions
+ *
+ *****************************************************************************/
+static gcry_sexp_t
+xmlSecGCryptAsymSExpDup(gcry_sexp_t pKey) {
+ gcry_sexp_t res = NULL;
+ xmlSecByte *buf = NULL;
+ gcry_error_t err;
+ size_t size;
+
+ xmlSecAssert2(pKey != NULL, NULL);
+
+ size = gcry_sexp_sprint(pKey, GCRYSEXP_FMT_ADVANCED, NULL, 0);
+ if(size == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_sprint",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ buf = (xmlSecByte *)xmlMalloc(size);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)size);
+ goto done;
+ }
+
+ size = gcry_sexp_sprint(pKey, GCRYSEXP_FMT_ADVANCED, buf, size);
+ if(size == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_sprint",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", (int)size);
+ goto done;
+ }
+
+ err = gcry_sexp_new(&res, buf, size, 1);
+ if((err != GPG_ERR_NO_ERROR) || (res == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+done:
+ if(buf != NULL) {
+ xmlFree(buf);
+ }
+ return (res);
+}
+
+/**
+ * xmlSecGCryptNodeGetMpiValue:
+ * @cur: the poitner to an XML node.
+ *
+ * Converts the node content from CryptoBinary format
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * to a BIGNUM. If no BIGNUM buffer provided then a new
+ * BIGNUM is created (caller is responsible for freeing it).
+ *
+ * Returns: a pointer to MPI produced from CryptoBinary string
+ * or NULL if an error occurs.
+ */
+static gcry_mpi_t
+xmlSecGCryptNodeGetMpiValue(const xmlNodePtr cur) {
+ xmlSecBuffer buf;
+ gcry_mpi_t res = NULL;
+ gcry_error_t err;
+ int ret;
+
+ xmlSecAssert2(cur != NULL, NULL);
+
+ ret = xmlSecBufferInitialize(&buf, 128);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ret = xmlSecBufferBase64NodeContentRead(&buf, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferBase64NodeContentRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(NULL);
+ }
+
+ err = gcry_mpi_scan(&res, GCRYMPI_FMT_USG,
+ xmlSecBufferGetData(&buf),
+ xmlSecBufferGetSize(&buf),
+ NULL);
+ if((err != GPG_ERR_NO_ERROR) || (res == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_scan",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ xmlSecBufferFinalize(&buf);
+ return(NULL);
+ }
+
+ /* done */
+ xmlSecBufferFinalize(&buf);
+ return(res);
+}
+
+/**
+ * xmlSecGCryptNodeSetMpiValue:
+ * @cur: the pointer to an XML node.
+ * @a: the mpi value
+ * @addLineBreaks: if the flag is equal to 1 then
+ * linebreaks will be added before and after
+ * new buffer content.
+ *
+ * Converts MPI to CryptoBinary string
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * and sets it as the content of the given node. If the
+ * addLineBreaks is set then line breaks are added
+ * before and after the CryptoBinary string.
+ *
+ * Returns: 0 on success or -1 otherwise.
+ */
+static int
+xmlSecGCryptNodeSetMpiValue(xmlNodePtr cur, const gcry_mpi_t a, int addLineBreaks) {
+ xmlSecBuffer buf;
+ gcry_error_t err;
+ size_t written = 0;
+ int ret;
+
+ xmlSecAssert2(a != NULL, -1);
+ xmlSecAssert2(cur != NULL, -1);
+
+ written = 0;
+ err = gcry_mpi_print(GCRYMPI_FMT_USG, NULL, 0, &written, a);
+ if((err != GPG_ERR_NO_ERROR) || (written == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_print",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ ret = xmlSecBufferInitialize(&buf, written + 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", (int)written + 1);
+ return(-1);
+ }
+
+ written = 0;
+ err = gcry_mpi_print(GCRYMPI_FMT_USG,
+ xmlSecBufferGetData(&buf),
+ xmlSecBufferGetMaxSize(&buf),
+ &written, a);
+ if((err != GPG_ERR_NO_ERROR) || (written == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_print",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetSize(&buf, written);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "written=%d", (int)written);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ if(addLineBreaks) {
+ xmlNodeSetContent(cur, xmlSecStringCR);
+ } else {
+ xmlNodeSetContent(cur, xmlSecStringEmpty);
+ }
+
+ ret = xmlSecBufferBase64NodeContentWrite(&buf, cur, xmlSecBase64GetDefaultLineSize());
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferBase64NodeContentWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ if(addLineBreaks) {
+ xmlNodeAddContent(cur, xmlSecStringCR);
+ }
+
+ xmlSecBufferFinalize(&buf);
+ return(0);
+}
+
+/**
+ * xmlSecGCryptNodeSetSExpTokValue:
+ * @cur: the pointer to an XML node.
+ * @sexp: the sexp
+ * @tok: the token
+ * @addLineBreaks: if the flag is equal to 1 then
+ * linebreaks will be added before and after
+ * new buffer content.
+ *
+ * Converts MPI to CryptoBinary string
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * and sets it as the content of the given node. If the
+ * addLineBreaks is set then line breaks are added
+ * before and after the CryptoBinary string.
+ *
+ * Returns: 0 on success or -1 otherwise.
+ */
+static int
+xmlSecGCryptNodeSetSExpTokValue(xmlNodePtr cur, const gcry_sexp_t sexp,
+ const char * tok, int addLineBreaks)
+{
+ gcry_sexp_t val = NULL;
+ gcry_mpi_t mpi = NULL;
+ int res = -1;
+
+ xmlSecAssert2(cur != NULL, -1);
+ xmlSecAssert2(sexp != NULL, -1);
+ xmlSecAssert2(tok != NULL, -1);
+
+ val = gcry_sexp_find_token(sexp, tok, 0);
+ if(val == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_find_token",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "tok=%s",
+ xmlSecErrorsSafeString(tok));
+ goto done;
+ }
+
+ mpi = gcry_sexp_nth_mpi(val, 1, GCRYMPI_FMT_USG);
+ if(mpi == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_nth_mpi",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "tok=%s",
+ xmlSecErrorsSafeString(tok));
+ goto done;
+ }
+
+ /* almost done */
+ res = xmlSecGCryptNodeSetMpiValue(cur, mpi, addLineBreaks);
+
+done:
+ if(mpi != NULL) {
+ gcry_mpi_release(mpi);
+ }
+ if(val != NULL) {
+ gcry_sexp_release(val);
+ }
+
+ return(res);
+}
+
+#ifndef XMLSEC_NO_DSA
+/**************************************************************************
+ *
+ * <dsig:DSAKeyValue> processing
+ *
+ *
+ * The DSAKeyValue Element (http://www.w3.org/TR/xmldsig-core/#sec-DSAKeyValue)
+ *
+ * DSA keys and the DSA signature algorithm are specified in [DSS].
+ * DSA public key values can have the following fields:
+ *
+ * * P - a prime modulus meeting the [DSS] requirements
+ * * Q - an integer in the range 2**159 < Q < 2**160 which is a prime
+ * divisor of P-1
+ * * G - an integer with certain properties with respect to P and Q
+ * * Y - G**X mod P (where X is part of the private key and not made
+ * public)
+ * * J - (P - 1) / Q
+ * * seed - a DSA prime generation seed
+ * * pgenCounter - a DSA prime generation counter
+ *
+ * Parameter J is available for inclusion solely for efficiency as it is
+ * calculatable from P and Q. Parameters seed and pgenCounter are used in the
+ * DSA prime number generation algorithm specified in [DSS]. As such, they are
+ * optional but must either both be present or both be absent. This prime
+ * generation algorithm is designed to provide assurance that a weak prime is
+ * not being used and it yields a P and Q value. Parameters P, Q, and G can be
+ * public and common to a group of users. They might be known from application
+ * context. As such, they are optional but P and Q must either both appear or
+ * both be absent. If all of P, Q, seed, and pgenCounter are present,
+ * implementations are not required to check if they are consistent and are
+ * free to use either P and Q or seed and pgenCounter. All parameters are
+ * encoded as base64 [MIME] values.
+ *
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ * represented in XML as octet strings as defined by the ds:CryptoBinary type.
+ *
+ * Schema Definition:
+ *
+ * <element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+ * <complexType name="DSAKeyValueType">
+ * <sequence>
+ * <sequence minOccurs="0">
+ * <element name="P" type="ds:CryptoBinary"/>
+ * <element name="Q" type="ds:CryptoBinary"/>
+ * </sequence>
+ * <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ * <element name="Y" type="ds:CryptoBinary"/>
+ * <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+ * <sequence minOccurs="0">
+ * <element name="Seed" type="ds:CryptoBinary"/>
+ * <element name="PgenCounter" type="ds:CryptoBinary"/>
+ * </sequence>
+ * </sequence>
+ * </complexType>
+ *
+ * DTD Definition:
+ *
+ * <!ELEMENT DSAKeyValue ((P, Q)?, G?, Y, J?, (Seed, PgenCounter)?) >
+ * <!ELEMENT P (#PCDATA) >
+ * <!ELEMENT Q (#PCDATA) >
+ * <!ELEMENT G (#PCDATA) >
+ * <!ELEMENT Y (#PCDATA) >
+ * <!ELEMENT J (#PCDATA) >
+ * <!ELEMENT Seed (#PCDATA) >
+ * <!ELEMENT PgenCounter (#PCDATA) >
+ *
+ * ============================================================================
+ *
+ * To support reading/writing private keys an X element added (before Y).
+ * todo: The current implementation does not support Seed and PgenCounter!
+ * by this the P, Q and G are *required*!
+ *
+ *************************************************************************/
+static int xmlSecGCryptKeyDataDsaInitialize (xmlSecKeyDataPtr data);
+static int xmlSecGCryptKeyDataDsaDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecGCryptKeyDataDsaFinalize (xmlSecKeyDataPtr data);
+static int xmlSecGCryptKeyDataDsaXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGCryptKeyDataDsaXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGCryptKeyDataDsaGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecGCryptKeyDataDsaGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecGCryptKeyDataDsaGetSize (xmlSecKeyDataPtr data);
+static void xmlSecGCryptKeyDataDsaDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecGCryptKeyDataDsaDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+
+static xmlSecKeyDataKlass xmlSecGCryptKeyDataDsaKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecGCryptAsymKeyDataSize,
+
+ /* data */
+ xmlSecNameDSAKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefDSAKeyValue, /* const xmlChar* href; */
+ xmlSecNodeDSAKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecGCryptKeyDataDsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecGCryptKeyDataDsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecGCryptKeyDataDsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecGCryptKeyDataDsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecGCryptKeyDataDsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecGCryptKeyDataDsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecGCryptKeyDataDsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecGCryptKeyDataDsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecGCryptKeyDataDsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecGCryptKeyDataDsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptKeyDataDsaGetKlass:
+ *
+ * The DSA key data klass.
+ *
+ * Returns: pointer to DSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGCryptKeyDataDsaGetKlass(void) {
+ return(&xmlSecGCryptKeyDataDsaKlass);
+}
+
+/**
+ * xmlSecGCryptKeyDataDsaAdoptKey:
+ * @data: the pointer to DSA key data.
+ * @dsa_key: the pointer to GCrypt DSA key.
+ *
+ * Sets the value of DSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptKeyDataDsaAdoptKey(xmlSecKeyDataPtr data, gcry_sexp_t dsa_key) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), -1);
+ xmlSecAssert2(dsa_key != NULL, -1);
+
+ return xmlSecGCryptAsymKeyDataAdoptKey(data, dsa_key);
+}
+
+
+/**
+ * xmlSecGCryptKeyDataDsaAdoptKeyPair:
+ * @data: the pointer to DSA key data.
+ * @pub_key: the pointer to GCrypt DSA pub key.
+ * @priv_key: the pointer to GCrypt DSA priv key.
+ *
+ * Sets the value of DSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptKeyDataDsaAdoptKeyPair(xmlSecKeyDataPtr data, gcry_sexp_t pub_key, gcry_sexp_t priv_key) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), -1);
+ xmlSecAssert2(pub_key != NULL, -1);
+
+ return xmlSecGCryptAsymKeyDataAdoptKeyPair(data, pub_key, priv_key);
+}
+
+/**
+ * xmlSecGCryptKeyDataDsaGetPublicKey:
+ * @data: the pointer to DSA key data.
+ *
+ * Gets the GCrypt DSA public key from DSA key data.
+ *
+ * Returns: pointer to GCrypt public DSA key or NULL if an error occurs.
+ */
+gcry_sexp_t
+xmlSecGCryptKeyDataDsaGetPublicKey(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), NULL);
+ return xmlSecGCryptAsymKeyDataGetPublicKey(data);
+}
+
+/**
+ * xmlSecGCryptKeyDataDsaGetPrivateKey:
+ * @data: the pointer to DSA key data.
+ *
+ * Gets the GCrypt DSA private key from DSA key data.
+ *
+ * Returns: pointer to GCrypt private DSA key or NULL if an error occurs.
+ */
+gcry_sexp_t
+xmlSecGCryptKeyDataDsaGetPrivateKey(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), NULL);
+ return xmlSecGCryptAsymKeyDataGetPrivateKey(data);
+}
+
+static int
+xmlSecGCryptKeyDataDsaInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), -1);
+
+ return(xmlSecGCryptAsymKeyDataInitialize(data));
+}
+
+static int
+xmlSecGCryptKeyDataDsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecGCryptKeyDataDsaId), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecGCryptKeyDataDsaId), -1);
+
+ return(xmlSecGCryptAsymKeyDataDuplicate(dst, src));
+}
+
+static void
+xmlSecGCryptKeyDataDsaFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId));
+
+ xmlSecGCryptAsymKeyDataFinalize(data);
+}
+
+static int
+xmlSecGCryptKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+ return xmlSecGCryptAsymKeyDataGenerate(data, "dsa", sizeBits);
+}
+
+static xmlSecKeyDataType
+xmlSecGCryptKeyDataDsaGetType(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), xmlSecKeyDataTypeUnknown);
+
+ return xmlSecGCryptAsymKeyDataGetType(data);
+}
+
+static xmlSecSize
+xmlSecGCryptKeyDataDsaGetSize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), 0);
+
+ return xmlSecGCryptAsymKeyDataGetSize(data);
+}
+
+static void
+xmlSecGCryptKeyDataDsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== dsa key: size = %d\n",
+ xmlSecGCryptKeyDataDsaGetSize(data));
+}
+
+static void
+xmlSecGCryptKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<DSAKeyValue size=\"%d\" />\n",
+ xmlSecGCryptKeyDataDsaGetSize(data));
+}
+
+static int
+xmlSecGCryptKeyDataDsaXmlRead(xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx)
+{
+ xmlNodePtr cur;
+ xmlSecKeyDataPtr data = NULL;
+ gcry_mpi_t p = NULL;
+ gcry_mpi_t q = NULL;
+ gcry_mpi_t g = NULL;
+ gcry_mpi_t x = NULL;
+ gcry_mpi_t y = NULL;
+ gcry_sexp_t pub_key = NULL;
+ gcry_sexp_t priv_key = NULL;
+ gcry_error_t err;
+ int res = -1;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecGCryptKeyDataDsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ if(xmlSecKeyGetValue(key) != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ cur = xmlSecGetNextElementNode(node->children);
+
+ /* first is P node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAP, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ goto done;
+ }
+ p = xmlSecGCryptNodeGetMpiValue(cur);
+ if(p == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is Q node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAQ, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ goto done;
+ }
+ q = xmlSecGCryptNodeGetMpiValue(cur);
+ if(q == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is G node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAG, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ goto done;
+ }
+ g = xmlSecGCryptNodeGetMpiValue(cur);
+ if(g == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAX, xmlSecNs))) {
+ /* next is X node. It is REQUIRED for private key but
+ * we are not sure exactly what do we read */
+ x = xmlSecGCryptNodeGetMpiValue(cur);
+ if(x == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAX));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* next is Y node. */
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAY, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ goto done;
+ }
+ y = xmlSecGCryptNodeGetMpiValue(cur);
+ if(y == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* todo: add support for J */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAJ, xmlSecDSigNs))) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* todo: add support for seed */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSASeed, xmlSecDSigNs))) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* todo: add support for pgencounter */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAPgenCounter, xmlSecDSigNs))) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+
+ /* construct pub/priv key pairs */
+ err = gcry_sexp_build(&pub_key, NULL,
+ "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
+ p, q, g, y);
+ if((err != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "gcry_sexp_build(public)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+ if(x != NULL) {
+ err = gcry_sexp_build(&priv_key, NULL,
+ "(private-key(dsa(p%m)(q%m)(g%m)(x%m)(y%m)))",
+ p, q, g, x, y);
+ if((err != GPG_ERR_NO_ERROR) || (priv_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "gcry_sexp_build(private)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+ }
+
+ /* create key data */
+ data = xmlSecKeyDataCreate(id);
+ if(data == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(data, pub_key, priv_key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGCryptKeyDataDsaAdoptKeyPair",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ pub_key = NULL; /* pub_key is owned by data now */
+ priv_key = NULL; /* priv_key is owned by data now */
+
+ /* set key */
+ ret = xmlSecKeySetValue(key, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ data = NULL; /* data is owned by key now */
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(p != NULL) {
+ gcry_mpi_release(p);
+ }
+
+ if(q != NULL) {
+ gcry_mpi_release(q);
+ }
+
+ if(g != NULL) {
+ gcry_mpi_release(g);
+ }
+
+ if(x != NULL) {
+ gcry_mpi_release(x);
+ }
+
+ if(y != NULL) {
+ gcry_mpi_release(y);
+ }
+
+ if(pub_key != NULL) {
+ gcry_sexp_release(pub_key);
+ }
+
+ if(priv_key != NULL) {
+ gcry_sexp_release(priv_key);
+ }
+
+ if(data != NULL) {
+ xmlSecKeyDataDestroy(data);
+ }
+ return(res);
+}
+
+static int
+xmlSecGCryptKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr cur;
+ gcry_sexp_t pub_priv_key;
+ gcry_sexp_t dsa = NULL;
+ int private = 0;
+ int res = -1;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecGCryptKeyDataDsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGCryptKeyDataDsaId), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+ /* we can have only private key or public key */
+ return(0);
+ }
+
+ /* find the private or public key */
+ pub_priv_key = xmlSecGCryptKeyDataDsaGetPrivateKey(xmlSecKeyGetValue(key));
+ if(pub_priv_key == NULL) {
+ pub_priv_key = xmlSecGCryptKeyDataDsaGetPublicKey(xmlSecKeyGetValue(key));
+ if(pub_priv_key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptKeyDataDsaGetPublicKey()",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ } else {
+ private = 1;
+ }
+
+ dsa = gcry_sexp_find_token(pub_priv_key, "dsa", 0);
+ if(dsa == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "gcry_sexp_find_token(dsa)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* first is P node */
+ cur = xmlSecAddChild(node, xmlSecNodeDSAP, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ goto done;
+ }
+ ret = xmlSecGCryptNodeSetSExpTokValue(cur, dsa, "p", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ goto done;
+ }
+
+ /* next is Q node. */
+ cur = xmlSecAddChild(node, xmlSecNodeDSAQ, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ goto done;
+ }
+ ret = xmlSecGCryptNodeSetSExpTokValue(cur, dsa, "q", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ goto done;
+ }
+
+ /* next is G node. */
+ cur = xmlSecAddChild(node, xmlSecNodeDSAG, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ goto done;
+ }
+ ret = xmlSecGCryptNodeSetSExpTokValue(cur, dsa, "g", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ goto done;
+ }
+
+ /* next is X node: write it ONLY for private keys and ONLY if it is requested */
+ if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (private != 0)) {
+ cur = xmlSecAddChild(node, xmlSecNodeDSAX, xmlSecNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAX));
+ goto done;
+ }
+ ret = xmlSecGCryptNodeSetSExpTokValue(cur, dsa, "x", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAX));
+ goto done;
+ }
+ }
+
+ /* next is Y node. */
+ cur = xmlSecAddChild(node, xmlSecNodeDSAY, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ goto done;
+ }
+ ret = xmlSecGCryptNodeSetSExpTokValue(cur, dsa, "y", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ goto done;
+ }
+
+ /* success */
+ res = 0;
+
+done:
+ if(dsa != NULL) {
+ gcry_sexp_release(dsa);
+ }
+
+ return(res);
+}
+
+#endif /* XMLSEC_NO_DSA */
+
+
+#ifndef XMLSEC_NO_RSA
+/**************************************************************************
+ *
+ * <dsig:RSAKeyValue> processing
+ *
+ * http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue
+ * The RSAKeyValue Element
+ *
+ * RSA key values have two fields: Modulus and Exponent.
+ *
+ * <RSAKeyValue>
+ * <Modulus>xA7SEU+e0yQH5rm9kbCDN9o3aPIo7HbP7tX6WOocLZAtNfyxSZDU16ksL6W
+ * jubafOqNEpcwR3RdFsT7bCqnXPBe5ELh5u4VEy19MzxkXRgrMvavzyBpVRgBUwUlV
+ * 5foK5hhmbktQhyNdy/6LpQRhDUDsTvK+g9Ucj47es9AQJ3U=
+ * </Modulus>
+ * <Exponent>AQAB</Exponent>
+ * </RSAKeyValue>
+ *
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ * represented in XML as octet strings as defined by the ds:CryptoBinary type.
+ *
+ * Schema Definition:
+ *
+ * <element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+ * <complexType name="RSAKeyValueType">
+ * <sequence>
+ * <element name="Modulus" type="ds:CryptoBinary"/>
+ * <element name="Exponent" type="ds:CryptoBinary"/>
+ * </sequence>
+ * </complexType>
+ *
+ * DTD Definition:
+ *
+ * <!ELEMENT RSAKeyValue (Modulus, Exponent) >
+ * <!ELEMENT Modulus (#PCDATA) >
+ * <!ELEMENT Exponent (#PCDATA) >
+ *
+ * ============================================================================
+ *
+ * To support reading/writing private keys an PrivateExponent element is added
+ * to the end
+ *
+ *************************************************************************/
+
+static int xmlSecGCryptKeyDataRsaInitialize (xmlSecKeyDataPtr data);
+static int xmlSecGCryptKeyDataRsaDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecGCryptKeyDataRsaFinalize (xmlSecKeyDataPtr data);
+static int xmlSecGCryptKeyDataRsaXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGCryptKeyDataRsaXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGCryptKeyDataRsaGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecGCryptKeyDataRsaGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecGCryptKeyDataRsaGetSize (xmlSecKeyDataPtr data);
+static void xmlSecGCryptKeyDataRsaDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecGCryptKeyDataRsaDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static xmlSecKeyDataKlass xmlSecGCryptKeyDataRsaKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecGCryptAsymKeyDataSize,
+
+ /* data */
+ xmlSecNameRSAKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefRSAKeyValue, /* const xmlChar* href; */
+ xmlSecNodeRSAKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecGCryptKeyDataRsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecGCryptKeyDataRsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecGCryptKeyDataRsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecGCryptKeyDataRsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecGCryptKeyDataRsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecGCryptKeyDataRsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecGCryptKeyDataRsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecGCryptKeyDataRsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecGCryptKeyDataRsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecGCryptKeyDataRsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptKeyDataRsaGetKlass:
+ *
+ * The GCrypt RSA key data klass.
+ *
+ * Returns: pointer to GCrypt RSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGCryptKeyDataRsaGetKlass(void) {
+ return(&xmlSecGCryptKeyDataRsaKlass);
+}
+
+/**
+ * xmlSecGCryptKeyDataRsaAdoptKey:
+ * @data: the pointer to RSA key data.
+ * @rsa_key: the pointer to GCrypt RSA key.
+ *
+ * Sets the value of RSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptKeyDataRsaAdoptKey(xmlSecKeyDataPtr data, gcry_sexp_t rsa_key) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), -1);
+ xmlSecAssert2(rsa_key != NULL, -1);
+
+ return xmlSecGCryptAsymKeyDataAdoptKey(data, rsa_key);
+}
+
+
+/**
+ * xmlSecGCryptKeyDataRsaAdoptKeyPair:
+ * @data: the pointer to RSA key data.
+ * @pub_key: the pointer to GCrypt RSA pub key.
+ * @priv_key: the pointer to GCrypt RSA priv key.
+ *
+ * Sets the value of RSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptKeyDataRsaAdoptKeyPair(xmlSecKeyDataPtr data, gcry_sexp_t pub_key, gcry_sexp_t priv_key) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), -1);
+ xmlSecAssert2(pub_key != NULL, -1);
+
+ return xmlSecGCryptAsymKeyDataAdoptKeyPair(data, pub_key, priv_key);
+}
+
+/**
+ * xmlSecGCryptKeyDataRsaGetPublicKey:
+ * @data: the pointer to RSA key data.
+ *
+ * Gets the GCrypt RSA public key from RSA key data.
+ *
+ * Returns: pointer to GCrypt public RSA key or NULL if an error occurs.
+ */
+gcry_sexp_t
+xmlSecGCryptKeyDataRsaGetPublicKey(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), NULL);
+ return xmlSecGCryptAsymKeyDataGetPublicKey(data);
+}
+
+/**
+ * xmlSecGCryptKeyDataRsaGetPrivateKey:
+ * @data: the pointer to RSA key data.
+ *
+ * Gets the GCrypt RSA private key from RSA key data.
+ *
+ * Returns: pointer to GCrypt private RSA key or NULL if an error occurs.
+ */
+gcry_sexp_t
+xmlSecGCryptKeyDataRsaGetPrivateKey(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), NULL);
+ return xmlSecGCryptAsymKeyDataGetPrivateKey(data);
+}
+
+static int
+xmlSecGCryptKeyDataRsaInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), -1);
+
+ return(xmlSecGCryptAsymKeyDataInitialize(data));
+}
+
+static int
+xmlSecGCryptKeyDataRsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecGCryptKeyDataRsaId), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecGCryptKeyDataRsaId), -1);
+
+ return(xmlSecGCryptAsymKeyDataDuplicate(dst, src));
+}
+
+static void
+xmlSecGCryptKeyDataRsaFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId));
+
+ xmlSecGCryptAsymKeyDataFinalize(data);
+}
+
+static int
+xmlSecGCryptKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+ return xmlSecGCryptAsymKeyDataGenerate(data, "rsa", sizeBits);
+}
+
+static xmlSecKeyDataType
+xmlSecGCryptKeyDataRsaGetType(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), xmlSecKeyDataTypeUnknown);
+
+ return xmlSecGCryptAsymKeyDataGetType(data);
+}
+
+static xmlSecSize
+xmlSecGCryptKeyDataRsaGetSize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), 0);
+
+ return xmlSecGCryptAsymKeyDataGetSize(data);
+}
+
+static void
+xmlSecGCryptKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== rsa key: size = %d\n",
+ xmlSecGCryptKeyDataRsaGetSize(data));
+}
+
+static void
+xmlSecGCryptKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<RSAKeyValue size=\"%d\" />\n",
+ xmlSecGCryptKeyDataRsaGetSize(data));
+}
+
+static int
+xmlSecGCryptKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr cur;
+ xmlSecKeyDataPtr data = NULL;
+ gcry_mpi_t n = NULL;
+ gcry_mpi_t e = NULL;
+ gcry_mpi_t d = NULL;
+ gcry_sexp_t pub_key = NULL;
+ gcry_sexp_t priv_key = NULL;
+ gcry_error_t err;
+ int res = -1;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecGCryptKeyDataRsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ if(xmlSecKeyGetValue(key) != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+ "key already has a value");
+ goto done;
+ }
+
+ cur = xmlSecGetNextElementNode(node->children);
+
+ /* first is Modulus node. It is REQUIRED */
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAModulus, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ goto done;
+ }
+ n = xmlSecGCryptNodeGetMpiValue(cur);
+ if(n == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is Exponent node. It is REQUIRED */
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAExponent, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ goto done;
+ }
+ e = xmlSecGCryptNodeGetMpiValue(cur);
+ if(e == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeRSAPrivateExponent, xmlSecNs))) {
+ /* next is PrivateExponent node. It is REQUIRED for private key */
+ d = xmlSecGCryptNodeGetMpiValue(cur);
+ if(d == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "no nodes expected");
+ goto done;
+ }
+
+ /* construct pub/priv key pairs */
+ err = gcry_sexp_build(&pub_key, NULL,
+ "(public-key(rsa(n%m)(e%m)))",
+ n, e);
+ if((err != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "gcry_sexp_build(public)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+ if(d != NULL) {
+ err = gcry_sexp_build(&priv_key, NULL,
+ "(private-key(rsa(n%m)(e%m)(d%m)))",
+ n, e, d);
+ if((err != GPG_ERR_NO_ERROR) || (priv_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "gcry_sexp_build(private)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+ }
+
+
+ /* create key data */
+ data = xmlSecKeyDataCreate(id);
+ if(data == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(data, pub_key, priv_key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGCryptKeyDataRsaAdoptKeyPair",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ pub_key = NULL; /* pub_key is owned by data now */
+ priv_key = NULL; /* priv_key is owned by data now */
+
+ /* set key */
+ ret = xmlSecKeySetValue(key, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ data = NULL; /* data is owned by key now */
+
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(n != NULL) {
+ gcry_mpi_release(n);
+ }
+
+ if(e != NULL) {
+ gcry_mpi_release(e);
+ }
+
+ if(d != NULL) {
+ gcry_mpi_release(d);
+ }
+
+ if(pub_key != NULL) {
+ gcry_sexp_release(pub_key);
+ }
+
+ if(priv_key != NULL) {
+ gcry_sexp_release(priv_key);
+ }
+
+ if(data != NULL) {
+ xmlSecKeyDataDestroy(data);
+ }
+ return(res);
+
+}
+
+static int
+xmlSecGCryptKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr cur;
+ gcry_sexp_t pub_priv_key;
+ gcry_sexp_t rsa = NULL;
+ int private = 0;
+ int res = -1;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecGCryptKeyDataRsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGCryptKeyDataRsaId), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+ /* we can have only private key or public key */
+ return(0);
+ }
+
+ /* find the private or public key */
+ pub_priv_key = xmlSecGCryptKeyDataRsaGetPrivateKey(xmlSecKeyGetValue(key));
+ if(pub_priv_key == NULL) {
+ pub_priv_key = xmlSecGCryptKeyDataRsaGetPublicKey(xmlSecKeyGetValue(key));
+ if(pub_priv_key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptKeyDataRsaGetPublicKey()",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ } else {
+ private = 1;
+ }
+
+ rsa = gcry_sexp_find_token(pub_priv_key, "rsa", 0);
+ if(rsa == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "gcry_sexp_find_token(rsa)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* first is Modulus node */
+ cur = xmlSecAddChild(node, xmlSecNodeRSAModulus, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ goto done;
+ }
+ ret = xmlSecGCryptNodeSetSExpTokValue(cur, rsa, "n", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ goto done;
+ }
+
+ /* next is Exponent node. */
+ cur = xmlSecAddChild(node, xmlSecNodeRSAExponent, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ goto done;
+ }
+ ret = xmlSecGCryptNodeSetSExpTokValue(cur, rsa, "e", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ goto done;
+ }
+
+ /* next is PrivateExponent node: write it ONLY for private keys and ONLY if it is requested */
+ if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (private != 0)) {
+ cur = xmlSecAddChild(node, xmlSecNodeRSAPrivateExponent, xmlSecNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
+ goto done;
+ }
+ ret = xmlSecGCryptNodeSetSExpTokValue(cur, rsa, "d", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
+ goto done;
+ }
+ }
+
+ /* success */
+ res = 0;
+
+done:
+ if(rsa != NULL) {
+ gcry_sexp_release(rsa);
+ }
+
+ return(res);
+}
+
+#endif /* XMLSEC_NO_RSA */
diff --git a/src/gcrypt/ciphers.c b/src/gcrypt/ciphers.c
new file mode 100644
index 00000000..6192b8b2
--- /dev/null
+++ b/src/gcrypt/ciphers.c
@@ -0,0 +1,855 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gcrypt/crypto.h>
+
+/**************************************************************************
+ *
+ * Internal GCrypt Block cipher CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecGCryptBlockCipherCtx xmlSecGCryptBlockCipherCtx,
+ *xmlSecGCryptBlockCipherCtxPtr;
+struct _xmlSecGCryptBlockCipherCtx {
+ int cipher;
+ int mode;
+ gcry_cipher_hd_t cipherCtx;
+ xmlSecKeyDataId keyId;
+ int keyInitialized;
+ int ctxInitialized;
+};
+
+static int xmlSecGCryptBlockCipherCtxInit (xmlSecGCryptBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGCryptBlockCipherCtxUpdate (xmlSecGCryptBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGCryptBlockCipherCtxFinal (xmlSecGCryptBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int
+xmlSecGCryptBlockCipherCtxInit(xmlSecGCryptBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in, xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ gcry_err_code_t err;
+ int blockLen;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+ xmlSecAssert2(ctx->keyInitialized != 0, -1);
+ xmlSecAssert2(ctx->ctxInitialized == 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ /* iv len == block len */
+ blockLen = gcry_cipher_get_algo_blklen(ctx->cipher);
+ xmlSecAssert2(blockLen > 0, -1);
+
+ if(encrypt) {
+ xmlSecByte* iv;
+ xmlSecSize outSize;
+
+ /* allocate space for IV */
+ outSize = xmlSecBufferGetSize(out);
+ ret = xmlSecBufferSetSize(out, outSize + blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + blockLen);
+ return(-1);
+ }
+ iv = xmlSecBufferGetData(out) + outSize;
+
+ /* generate and use random iv */
+ gcry_randomize(iv, blockLen, GCRY_STRONG_RANDOM);
+ err = gcry_cipher_setiv(ctx->cipherCtx, iv, blockLen);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_setiv",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+ } else {
+ /* if we don't have enough data, exit and hope that
+ * we'll have iv next time */
+ if(xmlSecBufferGetSize(in) < (xmlSecSize)blockLen) {
+ return(0);
+ }
+ xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
+
+ /* set iv */
+ err = gcry_cipher_setiv(ctx->cipherCtx, xmlSecBufferGetData(in), blockLen);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_setiv",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ /* and remove from input */
+ ret = xmlSecBufferRemoveHead(in, blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", blockLen);
+ return(-1);
+ }
+ }
+
+ ctx->ctxInitialized = 1;
+ return(0);
+}
+
+static int
+xmlSecGCryptBlockCipherCtxUpdate(xmlSecGCryptBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in, xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize inSize, inBlocks, outSize;
+ int blockLen;
+ xmlSecByte* outBuf;
+ gcry_err_code_t err;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+ xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ blockLen = gcry_cipher_get_algo_blklen(ctx->cipher);
+ xmlSecAssert2(blockLen > 0, -1);
+
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+
+ if(inSize < (xmlSecSize)blockLen) {
+ return(0);
+ }
+
+ if(encrypt) {
+ inBlocks = inSize / ((xmlSecSize)blockLen);
+ } else {
+ /* we want to have the last block in the input buffer
+ * for padding check */
+ inBlocks = (inSize - 1) / ((xmlSecSize)blockLen);
+ }
+ inSize = inBlocks * ((xmlSecSize)blockLen);
+
+ /* we write out the input size plus may be one block */
+ ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + inSize + blockLen);
+ return(-1);
+ }
+ outBuf = xmlSecBufferGetData(out) + outSize;
+
+ if(encrypt) {
+ err = gcry_cipher_encrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
+ xmlSecBufferGetData(in), inSize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_encrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+ } else {
+ err = gcry_cipher_decrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
+ xmlSecBufferGetData(in), inSize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_decrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+ }
+
+ /* set correct output buffer size */
+ ret = xmlSecBufferSetSize(out, outSize + inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + inSize);
+ return(-1);
+ }
+
+ /* remove the processed block from input */
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecGCryptBlockCipherCtxFinal(xmlSecGCryptBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize inSize, outSize;
+ int blockLen, outLen = 0;
+ xmlSecByte* inBuf;
+ xmlSecByte* outBuf;
+ gcry_err_code_t err;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+ xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ blockLen = gcry_cipher_get_algo_blklen(ctx->cipher);
+ xmlSecAssert2(blockLen > 0, -1);
+
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+
+ if(encrypt != 0) {
+ xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1);
+
+ /* create padding */
+ ret = xmlSecBufferSetMaxSize(in, blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", blockLen);
+ return(-1);
+ }
+ inBuf = xmlSecBufferGetData(in);
+
+ /* create random padding */
+ if((xmlSecSize)blockLen > (inSize + 1)) {
+ gcry_randomize(inBuf + inSize, blockLen - inSize - 1,
+ GCRY_STRONG_RANDOM); /* as usual, we are paranoid */
+ }
+ inBuf[blockLen - 1] = blockLen - inSize;
+ inSize = blockLen;
+ } else {
+ if(inSize != (xmlSecSize)blockLen) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data=%d;block=%d", inSize, blockLen);
+ return(-1);
+ }
+ }
+
+ /* process last block */
+ ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + 2 * blockLen);
+ return(-1);
+ }
+ outBuf = xmlSecBufferGetData(out) + outSize;
+
+ if(encrypt) {
+ err = gcry_cipher_encrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
+ xmlSecBufferGetData(in), inSize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_encrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+ } else {
+ err = gcry_cipher_decrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
+ xmlSecBufferGetData(in), inSize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_decrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+ }
+
+ if(encrypt == 0) {
+ /* check padding */
+ if(inSize < outBuf[blockLen - 1]) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "padding=%d;buffer=%d",
+ outBuf[blockLen - 1], inSize);
+ return(-1);
+ }
+ outLen = inSize - outBuf[blockLen - 1];
+ } else {
+ outLen = inSize;
+ }
+
+ /* set correct output buffer size */
+ ret = xmlSecBufferSetSize(out, outSize + outLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
+ }
+
+ /* remove the processed block from input */
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+
+ /* set correct output buffer size */
+ ret = xmlSecBufferSetSize(out, outSize + outLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
+ }
+
+ /* remove the processed block from input */
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+/******************************************************************************
+ *
+ * Block Cipher transforms
+ *
+ * xmlSecGCryptBlockCipherCtx block is located after xmlSecTransform structure
+ *
+ *****************************************************************************/
+#define xmlSecGCryptBlockCipherSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecGCryptBlockCipherCtx))
+#define xmlSecGCryptBlockCipherGetCtx(transform) \
+ ((xmlSecGCryptBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecGCryptBlockCipherInitialize (xmlSecTransformPtr transform);
+static void xmlSecGCryptBlockCipherFinalize (xmlSecTransformPtr transform);
+static int xmlSecGCryptBlockCipherSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecGCryptBlockCipherSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecGCryptBlockCipherExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGCryptBlockCipherCheckId (xmlSecTransformPtr transform);
+
+
+
+static int
+xmlSecGCryptBlockCipherCheckId(xmlSecTransformPtr transform) {
+#ifndef XMLSEC_NO_DES
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformDes3CbcId)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformAes128CbcId) ||
+ xmlSecTransformCheckId(transform, xmlSecGCryptTransformAes192CbcId) ||
+ xmlSecTransformCheckId(transform, xmlSecGCryptTransformAes256CbcId)) {
+
+ return(1);
+ }
+#endif /* XMLSEC_NO_AES */
+
+ return(0);
+}
+
+static int
+xmlSecGCryptBlockCipherInitialize(xmlSecTransformPtr transform) {
+ xmlSecGCryptBlockCipherCtxPtr ctx;
+ gcry_error_t err;
+
+ xmlSecAssert2(xmlSecGCryptBlockCipherCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptBlockCipherSize), -1);
+
+ ctx = xmlSecGCryptBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecGCryptBlockCipherCtx));
+
+#ifndef XMLSEC_NO_DES
+ if(transform->id == xmlSecGCryptTransformDes3CbcId) {
+ ctx->cipher = GCRY_CIPHER_3DES;
+ ctx->mode = GCRY_CIPHER_MODE_CBC;
+ ctx->keyId = xmlSecGCryptKeyDataDesId;
+ } else
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(transform->id == xmlSecGCryptTransformAes128CbcId) {
+ ctx->cipher = GCRY_CIPHER_AES128;
+ ctx->mode = GCRY_CIPHER_MODE_CBC;
+ ctx->keyId = xmlSecGCryptKeyDataAesId;
+ } else if(transform->id == xmlSecGCryptTransformAes192CbcId) {
+ ctx->cipher = GCRY_CIPHER_AES192;
+ ctx->mode = GCRY_CIPHER_MODE_CBC;
+ ctx->keyId = xmlSecGCryptKeyDataAesId;
+ } else if(transform->id == xmlSecGCryptTransformAes256CbcId) {
+ ctx->cipher = GCRY_CIPHER_AES256;
+ ctx->mode = GCRY_CIPHER_MODE_CBC;
+ ctx->keyId = xmlSecGCryptKeyDataAesId;
+ } else
+#endif /* XMLSEC_NO_AES */
+
+ if(1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ err = gcry_cipher_open(&ctx->cipherCtx, ctx->cipher, ctx->mode, GCRY_CIPHER_SECURE); /* we are paranoid */
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_cipher_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+ return(0);
+}
+
+static void
+xmlSecGCryptBlockCipherFinalize(xmlSecTransformPtr transform) {
+ xmlSecGCryptBlockCipherCtxPtr ctx;
+
+ xmlSecAssert(xmlSecGCryptBlockCipherCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGCryptBlockCipherSize));
+
+ ctx = xmlSecGCryptBlockCipherGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->cipherCtx != NULL) {
+ gcry_cipher_close(ctx->cipherCtx);
+ }
+
+ memset(ctx, 0, sizeof(xmlSecGCryptBlockCipherCtx));
+}
+
+static int
+xmlSecGCryptBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecGCryptBlockCipherCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecGCryptBlockCipherCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptBlockCipherSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecGCryptBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+
+ keyReq->keyId = ctx->keyId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
+
+ keyReq->keyBitsSize = 8 * gcry_cipher_get_algo_keylen(ctx->cipher);
+ return(0);
+}
+
+static int
+xmlSecGCryptBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecGCryptBlockCipherCtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ xmlSecSize keySize;
+ gcry_err_code_t err;
+
+ xmlSecAssert2(xmlSecGCryptBlockCipherCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptBlockCipherSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ ctx = xmlSecGCryptBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->keyInitialized == 0, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+ xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
+
+ keySize = gcry_cipher_get_algo_keylen(ctx->cipher);
+ xmlSecAssert2(keySize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ if(xmlSecBufferGetSize(buffer) < keySize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "keySize=%d;expected=%d",
+ xmlSecBufferGetSize(buffer), keySize);
+ return(-1);
+ }
+
+ xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
+ err = gcry_cipher_setkey(ctx->cipherCtx, xmlSecBufferGetData(buffer), keySize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_cipher_setkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ ctx->keyInitialized = 1;
+ return(0);
+}
+
+static int
+xmlSecGCryptBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGCryptBlockCipherCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ int ret;
+
+ xmlSecAssert2(xmlSecGCryptBlockCipherCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptBlockCipherSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ ctx = xmlSecGCryptBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ if(ctx->ctxInitialized == 0) {
+ ret = xmlSecGCryptBlockCipherCtxInit(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecGCryptBlockCipherCtxInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ if((ctx->ctxInitialized == 0) && (last != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "not enough data to initialize transform");
+ return(-1);
+ }
+ if(ctx->ctxInitialized != 0) {
+ ret = xmlSecGCryptBlockCipherCtxUpdate(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecGCryptBlockCipherCtxUpdate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ if(last) {
+ ret = xmlSecGCryptBlockCipherCtxFinal(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecGCryptBlockCipherCtxFinal",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ } else if(transform->status == xmlSecTransformStatusNone) {
+ /* the only way we can get here is if there is no enough data in the input */
+ xmlSecAssert2(last == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+#ifndef XMLSEC_NO_AES
+/*********************************************************************
+ *
+ * AES CBC cipher transforms
+ *
+ ********************************************************************/
+static xmlSecTransformKlass xmlSecGCryptAes128CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes128Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes128Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGCryptBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGCryptBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformAes128CbcGetKlass:
+ *
+ * AES 128 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 128 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformAes128CbcGetKlass(void) {
+ return(&xmlSecGCryptAes128CbcKlass);
+}
+
+static xmlSecTransformKlass xmlSecGCryptAes192CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes192Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes192Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGCryptBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGCryptBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformAes192CbcGetKlass:
+ *
+ * AES 192 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 192 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformAes192CbcGetKlass(void) {
+ return(&xmlSecGCryptAes192CbcKlass);
+}
+
+static xmlSecTransformKlass xmlSecGCryptAes256CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes256Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes256Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGCryptBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGCryptBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformAes256CbcGetKlass:
+ *
+ * AES 256 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 256 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformAes256CbcGetKlass(void) {
+ return(&xmlSecGCryptAes256CbcKlass);
+}
+
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+static xmlSecTransformKlass xmlSecGCryptDes3CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameDes3Cbc, /* const xmlChar* name; */
+ xmlSecHrefDes3Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGCryptBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGCryptBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformDes3CbcGetKlass:
+ *
+ * Triple DES CBC encryption transform klass.
+ *
+ * Returns: pointer to Triple DES encryption transform.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformDes3CbcGetKlass(void) {
+ return(&xmlSecGCryptDes3CbcKlass);
+}
+#endif /* XMLSEC_NO_DES */
+
diff --git a/src/gcrypt/crypto.c b/src/gcrypt/crypto.c
new file mode 100644
index 00000000..11def388
--- /dev/null
+++ b/src/gcrypt/crypto.c
@@ -0,0 +1,315 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/dl.h>
+#include <xmlsec/private.h>
+
+#include <xmlsec/gcrypt/app.h>
+#include <xmlsec/gcrypt/crypto.h>
+
+static xmlSecCryptoDLFunctionsPtr gXmlSecGCryptFunctions = NULL;
+
+/**
+ * xmlSecCryptoGetFunctions_gcrypt:
+ *
+ * Gets the pointer to xmlsec-gcrypt functions table.
+ *
+ * Returns: the xmlsec-gcrypt functions table or NULL if an error occurs.
+ */
+xmlSecCryptoDLFunctionsPtr
+xmlSecCryptoGetFunctions_gcrypt(void) {
+ static xmlSecCryptoDLFunctions functions;
+
+ if(gXmlSecGCryptFunctions != NULL) {
+ return(gXmlSecGCryptFunctions);
+ }
+
+ memset(&functions, 0, sizeof(functions));
+ gXmlSecGCryptFunctions = &functions;
+
+ /********************************************************************
+ *
+ * Crypto Init/shutdown
+ *
+ ********************************************************************/
+ gXmlSecGCryptFunctions->cryptoInit = xmlSecGCryptInit;
+ gXmlSecGCryptFunctions->cryptoShutdown = xmlSecGCryptShutdown;
+ gXmlSecGCryptFunctions->cryptoKeysMngrInit = xmlSecGCryptKeysMngrInit;
+
+ /********************************************************************
+ *
+ * Key data ids
+ *
+ ********************************************************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecGCryptFunctions->keyDataAesGetKlass = xmlSecGCryptKeyDataAesGetKlass;
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+ gXmlSecGCryptFunctions->keyDataDesGetKlass = xmlSecGCryptKeyDataDesGetKlass;
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_DSA
+ gXmlSecGCryptFunctions->keyDataDsaGetKlass = xmlSecGCryptKeyDataDsaGetKlass;
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_HMAC
+ gXmlSecGCryptFunctions->keyDataHmacGetKlass = xmlSecGCryptKeyDataHmacGetKlass;
+#endif /* XMLSEC_NO_HMAC */
+
+#ifndef XMLSEC_NO_RSA
+ gXmlSecGCryptFunctions->keyDataRsaGetKlass = xmlSecGCryptKeyDataRsaGetKlass;
+#endif /* XMLSEC_NO_RSA */
+
+
+ /********************************************************************
+ *
+ * Key data store ids
+ *
+ ********************************************************************/
+
+ /********************************************************************
+ *
+ * Crypto transforms ids
+ *
+ ********************************************************************/
+
+ /******************************* AES ********************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecGCryptFunctions->transformAes128CbcGetKlass = xmlSecGCryptTransformAes128CbcGetKlass;
+ gXmlSecGCryptFunctions->transformAes192CbcGetKlass = xmlSecGCryptTransformAes192CbcGetKlass;
+ gXmlSecGCryptFunctions->transformAes256CbcGetKlass = xmlSecGCryptTransformAes256CbcGetKlass;
+ gXmlSecGCryptFunctions->transformKWAes128GetKlass = xmlSecGCryptTransformKWAes128GetKlass;
+ gXmlSecGCryptFunctions->transformKWAes192GetKlass = xmlSecGCryptTransformKWAes192GetKlass;
+ gXmlSecGCryptFunctions->transformKWAes256GetKlass = xmlSecGCryptTransformKWAes256GetKlass;
+#endif /* XMLSEC_NO_AES */
+
+ /******************************* DES ********************************/
+#ifndef XMLSEC_NO_DES
+ gXmlSecGCryptFunctions->transformDes3CbcGetKlass = xmlSecGCryptTransformDes3CbcGetKlass;
+ gXmlSecGCryptFunctions->transformKWDes3GetKlass = xmlSecGCryptTransformKWDes3GetKlass;
+#endif /* XMLSEC_NO_DES */
+
+ /******************************* DSA ********************************/
+#ifndef XMLSEC_NO_DSA
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecGCryptFunctions->transformDsaSha1GetKlass = xmlSecGCryptTransformDsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+ /******************************* HMAC ********************************/
+#ifndef XMLSEC_NO_HMAC
+
+#ifndef XMLSEC_NO_MD5
+ gXmlSecGCryptFunctions->transformHmacMd5GetKlass = xmlSecGCryptTransformHmacMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecGCryptFunctions->transformHmacRipemd160GetKlass = xmlSecGCryptTransformHmacRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecGCryptFunctions->transformHmacSha1GetKlass = xmlSecGCryptTransformHmacSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecGCryptFunctions->transformHmacSha256GetKlass = xmlSecGCryptTransformHmacSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecGCryptFunctions->transformHmacSha384GetKlass = xmlSecGCryptTransformHmacSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecGCryptFunctions->transformHmacSha512GetKlass = xmlSecGCryptTransformHmacSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_HMAC */
+
+ /******************************* MD5 ********************************/
+#ifndef XMLSEC_NO_MD5
+ gXmlSecGCryptFunctions->transformMd5GetKlass = xmlSecGCryptTransformMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+ /******************************* RIPEMD160 ********************************/
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecGCryptFunctions->transformRipemd160GetKlass = xmlSecGCryptTransformRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+ /******************************* RSA ********************************/
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ gXmlSecGCryptFunctions->transformRsaMd5GetKlass = xmlSecGCryptTransformRsaMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecGCryptFunctions->transformRsaRipemd160GetKlass = xmlSecGCryptTransformRsaRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecGCryptFunctions->transformRsaSha1GetKlass = xmlSecGCryptTransformRsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecGCryptFunctions->transformRsaSha256GetKlass = xmlSecGCryptTransformRsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecGCryptFunctions->transformRsaSha384GetKlass = xmlSecGCryptTransformRsaSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecGCryptFunctions->transformRsaSha512GetKlass = xmlSecGCryptTransformRsaSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+ /******************************* SHA ********************************/
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecGCryptFunctions->transformSha1GetKlass = xmlSecGCryptTransformSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecGCryptFunctions->transformSha256GetKlass = xmlSecGCryptTransformSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecGCryptFunctions->transformSha384GetKlass = xmlSecGCryptTransformSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecGCryptFunctions->transformSha512GetKlass = xmlSecGCryptTransformSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+
+ /********************************************************************
+ *
+ * High level routines form xmlsec command line utility
+ *
+ ********************************************************************/
+ gXmlSecGCryptFunctions->cryptoAppInit = xmlSecGCryptAppInit;
+ gXmlSecGCryptFunctions->cryptoAppShutdown = xmlSecGCryptAppShutdown;
+ gXmlSecGCryptFunctions->cryptoAppDefaultKeysMngrInit = xmlSecGCryptAppDefaultKeysMngrInit;
+ gXmlSecGCryptFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecGCryptAppDefaultKeysMngrAdoptKey;
+ gXmlSecGCryptFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecGCryptAppDefaultKeysMngrLoad;
+ gXmlSecGCryptFunctions->cryptoAppDefaultKeysMngrSave = xmlSecGCryptAppDefaultKeysMngrSave;
+#ifndef XMLSEC_NO_X509
+ gXmlSecGCryptFunctions->cryptoAppKeysMngrCertLoad = xmlSecGCryptAppKeysMngrCertLoad;
+ gXmlSecGCryptFunctions->cryptoAppPkcs12Load = xmlSecGCryptAppPkcs12Load;
+ gXmlSecGCryptFunctions->cryptoAppKeyCertLoad = xmlSecGCryptAppKeyCertLoad;
+#endif /* XMLSEC_NO_X509 */
+ gXmlSecGCryptFunctions->cryptoAppKeyLoad = xmlSecGCryptAppKeyLoad;
+ gXmlSecGCryptFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecGCryptAppGetDefaultPwdCallback();
+
+ return(gXmlSecGCryptFunctions);
+}
+
+
+/**
+ * xmlSecGCryptInit:
+ *
+ * XMLSec library specific crypto engine initialization.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptInit (void) {
+ /* Check loaded xmlsec library version */
+ if(xmlSecCheckVersionExact() != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCheckVersionExact",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* register our klasses */
+ if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_gcrypt()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGCryptShutdown:
+ *
+ * XMLSec library specific crypto engine shutdown.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptShutdown(void) {
+ return(0);
+}
+
+/**
+ * xmlSecGCryptKeysMngrInit:
+ * @mngr: the pointer to keys manager.
+ *
+ * Adds GCrypt specific key data stores in keys manager.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+ xmlSecAssert2(mngr != NULL, -1);
+
+ /* TODO: add key data stores */
+ return(0);
+}
+
+/**
+ * xmlSecGCryptGenerateRandom:
+ * @buffer: the destination buffer.
+ * @size: the numer of bytes to generate.
+ *
+ * Generates @size random bytes and puts result in @buffer.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) {
+ int ret;
+
+ xmlSecAssert2(buffer != NULL, -1);
+ xmlSecAssert2(size > 0, -1);
+
+ ret = xmlSecBufferSetSize(buffer, size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return(-1);
+ }
+
+ /* get random data */
+ gcry_randomize(xmlSecBufferGetData(buffer), size, GCRY_STRONG_RANDOM);
+ return(0);
+}
diff --git a/src/gcrypt/digests.c b/src/gcrypt/digests.c
new file mode 100644
index 00000000..dcbe4c7f
--- /dev/null
+++ b/src/gcrypt/digests.c
@@ -0,0 +1,614 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gcrypt/app.h>
+#include <xmlsec/gcrypt/crypto.h>
+
+/**************************************************************************
+ *
+ * Internal GCRYPT Digest CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecGCryptDigestCtx xmlSecGCryptDigestCtx, *xmlSecGCryptDigestCtxPtr;
+struct _xmlSecGCryptDigestCtx {
+ int digest;
+ gcry_md_hd_t digestCtx;
+ xmlSecByte dgst[XMLSEC_GCRYPT_MAX_DIGEST_SIZE];
+ xmlSecSize dgstSize; /* dgst size in bytes */
+};
+
+/******************************************************************************
+ *
+ * Digest transforms
+ *
+ * xmlSecGCryptDigestCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecGCryptDigestSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecGCryptDigestCtx))
+#define xmlSecGCryptDigestGetCtx(transform) \
+ ((xmlSecGCryptDigestCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecGCryptDigestInitialize (xmlSecTransformPtr transform);
+static void xmlSecGCryptDigestFinalize (xmlSecTransformPtr transform);
+static int xmlSecGCryptDigestVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGCryptDigestExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGCryptDigestCheckId (xmlSecTransformPtr transform);
+
+static int
+xmlSecGCryptDigestCheckId(xmlSecTransformPtr transform) {
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha1Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha256Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha384Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha512Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformMd5Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRipemd160Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+ /* not found */
+ {
+ return(0);
+ }
+
+ /* just in case */
+ return(0);
+}
+
+static int
+xmlSecGCryptDigestInitialize(xmlSecTransformPtr transform) {
+ xmlSecGCryptDigestCtxPtr ctx;
+ gcry_error_t err;
+
+ xmlSecAssert2(xmlSecGCryptDigestCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptDigestSize), -1);
+
+ ctx = xmlSecGCryptDigestGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* initialize context */
+ memset(ctx, 0, sizeof(xmlSecGCryptDigestCtx));
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha1Id)) {
+ ctx->digest = GCRY_MD_SHA1;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha256Id)) {
+ ctx->digest = GCRY_MD_SHA256;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha384Id)) {
+ ctx->digest = GCRY_MD_SHA384;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha512Id)) {
+ ctx->digest = GCRY_MD_SHA512;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformMd5Id)) {
+ ctx->digest = GCRY_MD_MD5;
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRipemd160Id)) {
+ ctx->digest = GCRY_MD_RMD160;
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+ if(1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* create digest ctx */
+ err = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_SECURE); /* we are paranoid */
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+ return(0);
+}
+
+static void
+xmlSecGCryptDigestFinalize(xmlSecTransformPtr transform) {
+ xmlSecGCryptDigestCtxPtr ctx;
+
+ xmlSecAssert(xmlSecGCryptDigestCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGCryptDigestSize));
+
+ ctx = xmlSecGCryptDigestGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->digestCtx != NULL) {
+ gcry_md_close(ctx->digestCtx);
+ }
+ memset(ctx, 0, sizeof(xmlSecGCryptDigestCtx));
+}
+
+static int
+xmlSecGCryptDigestVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGCryptDigestCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecGCryptDigestCheckId(transform), -1);
+ xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptDigestSize), -1);
+ xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGCryptDigestGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+
+ if(dataSize != ctx->dgstSize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data and digest sizes are different (data=%d, dgst=%d)",
+ dataSize, ctx->dgstSize);
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ if(memcmp(ctx->dgst, data, dataSize) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data and digest do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ transform->status = xmlSecTransformStatusOk;
+ return(0);
+}
+
+static int
+xmlSecGCryptDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGCryptDigestCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ int ret;
+
+ xmlSecAssert2(xmlSecGCryptDigestCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptDigestSize), -1);
+
+ ctx = xmlSecGCryptDigestGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digest != GCRY_MD_NONE, -1);
+ xmlSecAssert2(ctx->digestCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ xmlSecSize inSize;
+
+ inSize = xmlSecBufferGetSize(in);
+ if(inSize > 0) {
+ gcry_md_write(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+ if(last != 0) {
+ xmlSecByte* buf;
+
+ /* get the final digest */
+ gcry_md_final(ctx->digestCtx);
+ buf = gcry_md_read(ctx->digestCtx, ctx->digest);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_read",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* copy it to our internal buffer */
+ ctx->dgstSize = gcry_md_get_algo_dlen(ctx->digest);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+ xmlSecAssert2(ctx->dgstSize <= sizeof(ctx->dgst), -1);
+ memcpy(ctx->dgst, buf, ctx->dgstSize);
+
+ /* and to the output if needed */
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", ctx->dgstSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_SHA1
+/******************************************************************************
+ *
+ * SHA1 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameSha1, /* const xmlChar* name; */
+ xmlSecHrefSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecGCryptDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformSha1GetKlass:
+ *
+ * SHA-1 digest transform klass.
+ *
+ * Returns: pointer to SHA-1 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformSha1GetKlass(void) {
+ return(&xmlSecGCryptSha1Klass);
+}
+#endif /* XMLSEC_NO_SHA1 */
+
+
+#ifndef XMLSEC_NO_SHA256
+/******************************************************************************
+ *
+ * SHA256 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameSha256, /* const xmlChar* name; */
+ xmlSecHrefSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecGCryptDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformSha256GetKlass:
+ *
+ * SHA256 digest transform klass.
+ *
+ * Returns: pointer to SHA256 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformSha256GetKlass(void) {
+ return(&xmlSecGCryptSha256Klass);
+}
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/******************************************************************************
+ *
+ * SHA384 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameSha384, /* const xmlChar* name; */
+ xmlSecHrefSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecGCryptDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformSha384GetKlass:
+ *
+ * SHA384 digest transform klass.
+ *
+ * Returns: pointer to SHA384 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformSha384GetKlass(void) {
+ return(&xmlSecGCryptSha384Klass);
+}
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/******************************************************************************
+ *
+ * SHA512 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameSha512, /* const xmlChar* name; */
+ xmlSecHrefSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecGCryptDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformSha512GetKlass:
+ *
+ * SHA512 digest transform klass.
+ *
+ * Returns: pointer to SHA512 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformSha512GetKlass(void) {
+ return(&xmlSecGCryptSha512Klass);
+}
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_MD5
+/******************************************************************************
+ *
+ * MD5 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameMd5, /* const xmlChar* name; */
+ xmlSecHrefMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecGCryptDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformMd5GetKlass:
+ *
+ * MD5 digest transform klass.
+ *
+ * Returns: pointer to MD5 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformMd5GetKlass(void) {
+ return(&xmlSecGCryptMd5Klass);
+}
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+/******************************************************************************
+ *
+ * RIPEMD160 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptRipemd160Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameRipemd160, /* const xmlChar* name; */
+ xmlSecHrefRipemd160, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecGCryptDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformRipemd160GetKlass:
+ *
+ * RIPEMD160 digest transform klass.
+ *
+ * Returns: pointer to RIPEMD160 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformRipemd160GetKlass(void) {
+ return(&xmlSecGCryptRipemd160Klass);
+}
+#endif /* XMLSEC_NO_RIPEMD160 */
diff --git a/src/gcrypt/globals.h b/src/gcrypt/globals.h
new file mode 100644
index 00000000..7bc03c1c
--- /dev/null
+++ b/src/gcrypt/globals.h
@@ -0,0 +1,30 @@
+/*
+ * XML Security Library
+ *
+ * globals.h: internal header only used during the compilation
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_GLOBALS_H__
+#define __XMLSEC_GLOBALS_H__
+
+/**
+ * Use autoconf defines if present.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif /* HAVE_CONFIG_H */
+
+#define IN_XMLSEC_CRYPTO
+#define XMLSEC_PRIVATE
+
+
+#define XMLSEC_GCRYPT_MAX_DIGEST_SIZE 256
+#define XMLSEC_GCRYPT_REPORT_ERROR(err) \
+ "error code=%d; error message='%s'", \
+ (int)err, xmlSecErrorsSafeString(gcry_strerror((err)))
+
+#endif /* ! __XMLSEC_GLOBALS_H__ */
diff --git a/src/gcrypt/hmac.c b/src/gcrypt/hmac.c
new file mode 100644
index 00000000..192cb17b
--- /dev/null
+++ b/src/gcrypt/hmac.c
@@ -0,0 +1,823 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef XMLSEC_NO_HMAC
+#include "globals.h"
+
+#include <string.h>
+
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gcrypt/app.h>
+#include <xmlsec/gcrypt/crypto.h>
+
+/* sizes in bits */
+#define XMLSEC_GCRYPT_MIN_HMAC_SIZE 80
+#define XMLSEC_GCRYPT_MAX_HMAC_SIZE (128 * 8)
+
+/**************************************************************************
+ *
+ * Configuration
+ *
+ *****************************************************************************/
+static int g_xmlsec_gcrypt_hmac_min_length = XMLSEC_GCRYPT_MIN_HMAC_SIZE;
+
+/**
+ * xmlSecGCryptHmacGetMinOutputLength:
+ *
+ * Gets the value of min HMAC length.
+ *
+ * Returns: the min HMAC output length
+ */
+int xmlSecGCryptHmacGetMinOutputLength(void)
+{
+ return g_xmlsec_gcrypt_hmac_min_length;
+}
+
+/**
+ * xmlSecGCryptHmacSetMinOutputLength:
+ * @min_length: the new min length
+ *
+ * Sets the min HMAC output length
+ */
+void xmlSecGCryptHmacSetMinOutputLength(int min_length)
+{
+ g_xmlsec_gcrypt_hmac_min_length = min_length;
+}
+
+/**************************************************************************
+ *
+ * Internal GCRYPT HMAC CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecGCryptHmacCtx xmlSecGCryptHmacCtx, *xmlSecGCryptHmacCtxPtr;
+struct _xmlSecGCryptHmacCtx {
+ int digest;
+ gcry_md_hd_t digestCtx;
+ xmlSecByte dgst[XMLSEC_GCRYPT_MAX_HMAC_SIZE / 8];
+ xmlSecSize dgstSize; /* dgst size in bits */
+};
+
+/******************************************************************************
+ *
+ * HMAC transforms
+ *
+ * xmlSecGCryptHmacCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecGCryptHmacGetCtx(transform) \
+ ((xmlSecGCryptHmacCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+#define xmlSecGCryptHmacSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecGCryptHmacCtx))
+
+static int xmlSecGCryptHmacCheckId (xmlSecTransformPtr transform);
+static int xmlSecGCryptHmacInitialize (xmlSecTransformPtr transform);
+static void xmlSecGCryptHmacFinalize (xmlSecTransformPtr transform);
+static int xmlSecGCryptHmacNodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGCryptHmacSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecGCryptHmacSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecGCryptHmacVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGCryptHmacExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+static int
+xmlSecGCryptHmacCheckId(xmlSecTransformPtr transform) {
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacSha1Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacSha256Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacSha384Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacSha512Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacRipemd160Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacMd5Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+ /* not found */
+ {
+ return(0);
+ }
+
+ /* just in case */
+ return(0);
+}
+
+
+static int
+xmlSecGCryptHmacInitialize(xmlSecTransformPtr transform) {
+ xmlSecGCryptHmacCtxPtr ctx;
+ gcry_error_t err;
+
+ xmlSecAssert2(xmlSecGCryptHmacCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize), -1);
+
+ ctx = xmlSecGCryptHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecGCryptHmacCtx));
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacSha1Id)) {
+ ctx->digest = GCRY_MD_SHA1;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacSha256Id)) {
+ ctx->digest = GCRY_MD_SHA256;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacSha384Id)) {
+ ctx->digest = GCRY_MD_SHA384;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacSha512Id)) {
+ ctx->digest = GCRY_MD_SHA512;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacRipemd160Id)) {
+ ctx->digest = GCRY_MD_RMD160;
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacMd5Id)) {
+ ctx->digest = GCRY_MD_MD5;
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+ /* not found */
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* open context */
+ err = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_HMAC | GCRY_MD_FLAG_SECURE); /* we are paranoid */
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecGCryptHmacFinalize(xmlSecTransformPtr transform) {
+ xmlSecGCryptHmacCtxPtr ctx;
+
+ xmlSecAssert(xmlSecGCryptHmacCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize));
+
+ ctx = xmlSecGCryptHmacGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->digestCtx != NULL) {
+ gcry_md_close(ctx->digestCtx);
+ }
+ memset(ctx, 0, sizeof(xmlSecGCryptHmacCtx));
+}
+
+/**
+ * xmlSecGCryptHmacNodeRead:
+ *
+ * HMAC (http://www.w3.org/TR/xmldsig-core/#sec-HMAC):
+ *
+ * The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits
+ * as a parameter; if the parameter is not specified then all the bits of the
+ * hash are output. An example of an HMAC SignatureMethod element:
+ * <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
+ * <HMACOutputLength>128</HMACOutputLength>
+ * </SignatureMethod>
+ *
+ * Schema Definition:
+ *
+ * <simpleType name="HMACOutputLengthType">
+ * <restriction base="integer"/>
+ * </simpleType>
+ *
+ * DTD:
+ *
+ * <!ELEMENT HMACOutputLength (#PCDATA)>
+ */
+static int
+xmlSecGCryptHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGCryptHmacCtxPtr ctx;
+ xmlNodePtr cur;
+
+ xmlSecAssert2(xmlSecGCryptHmacCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGCryptHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ cur = xmlSecGetNextElementNode(node->children);
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
+ xmlChar *content;
+
+ content = xmlNodeGetContent(cur);
+ if(content != NULL) {
+ ctx->dgstSize = atoi((char*)content);
+ xmlFree(content);
+ }
+
+ /* Ensure that HMAC length is greater than min specified.
+ Otherwise, an attacker can set this length to 0 or very
+ small value
+ */
+ if((int)ctx->dgstSize < xmlSecGCryptHmacGetMinOutputLength()) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "HMAC output length is too small");
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "no nodes expected");
+ return(-1);
+ }
+ return(0);
+}
+
+
+static int
+xmlSecGCryptHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecGCryptHmacCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecGCryptHmacCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize), -1);
+
+ ctx = xmlSecGCryptHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecGCryptKeyDataHmacId;
+ keyReq->keyType= xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationSign) {
+ keyReq->keyUsage = xmlSecKeyUsageSign;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageVerify;
+ }
+
+ return(0);
+}
+
+static int
+xmlSecGCryptHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecGCryptHmacCtxPtr ctx;
+ xmlSecKeyDataPtr value;
+ xmlSecBufferPtr buffer;
+ gcry_error_t err;
+
+ xmlSecAssert2(xmlSecGCryptHmacCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ ctx = xmlSecGCryptHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digestCtx != NULL, -1);
+
+ value = xmlSecKeyGetValue(key);
+ xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecGCryptKeyDataHmacId), -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ if(xmlSecBufferGetSize(buffer) == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key is empty");
+ return(-1);
+ }
+
+ err = gcry_md_setkey(ctx->digestCtx, xmlSecBufferGetData(buffer),
+ xmlSecBufferGetSize(buffer));
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_setkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecGCryptHmacVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ static xmlSecByte last_byte_masks[] =
+ { 0xFF, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
+
+ xmlSecGCryptHmacCtxPtr ctx;
+ xmlSecByte mask;
+
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize), -1);
+ xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+ xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGCryptHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digestCtx != NULL, -1);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+
+ /* compare the digest size in bytes */
+ if(dataSize != ((ctx->dgstSize + 7) / 8)){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "data=%d;dgst=%d",
+ dataSize, ((ctx->dgstSize + 7) / 8));
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ /* we check the last byte separatelly */
+ xmlSecAssert2(dataSize > 0, -1);
+ mask = last_byte_masks[ctx->dgstSize % 8];
+ if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "data and digest do not match (last byte)");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ /* now check the rest of the digest */
+ if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "data and digest do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ transform->status = xmlSecTransformStatusOk;
+ return(0);
+}
+
+static int
+xmlSecGCryptHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGCryptHmacCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecByte* dgst;
+ xmlSecSize dgstSize;
+ int ret;
+
+ xmlSecAssert2(xmlSecGCryptHmacCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGCryptHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digestCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ xmlSecSize inSize;
+
+ inSize = xmlSecBufferGetSize(in);
+ if(inSize > 0) {
+ gcry_md_write(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+ if(last) {
+ /* get the final digest */
+ gcry_md_final(ctx->digestCtx);
+ dgst = gcry_md_read(ctx->digestCtx, ctx->digest);
+ if(dgst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_read",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* copy it to our internal buffer */
+ dgstSize = gcry_md_get_algo_dlen(ctx->digest);
+ xmlSecAssert2(dgstSize > 0, -1);
+ xmlSecAssert2(dgstSize <= sizeof(ctx->dgst), -1);
+ memcpy(ctx->dgst, dgst, dgstSize);
+
+ /* check/set the result digest size */
+ if(ctx->dgstSize == 0) {
+ ctx->dgstSize = dgstSize * 8; /* no dgst size specified, use all we have */
+ } else if(ctx->dgstSize <= 8 * dgstSize) {
+ dgstSize = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "result-bits=%d;required-bits=%d",
+ 8 * dgstSize, ctx->dgstSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = xmlSecBufferAppend(out, ctx->dgst, dgstSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", dgstSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "size=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_SHA1
+/******************************************************************************
+ *
+ * HMAC SHA1
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptHmacSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha1, /* const xmlChar* name; */
+ xmlSecHrefHmacSha1, /* const xmlChar *href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecGCryptHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformHmacSha1GetKlass:
+ *
+ * The HMAC-SHA1 transform klass.
+ *
+ * Returns: the HMAC-SHA1 transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformHmacSha1GetKlass(void) {
+ return(&xmlSecGCryptHmacSha1Klass);
+}
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/******************************************************************************
+ *
+ * HMAC SHA256
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptHmacSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha256, /* const xmlChar* name; */
+ xmlSecHrefHmacSha256, /* const xmlChar *href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecGCryptHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformHmacSha256GetKlass:
+ *
+ * The HMAC-SHA256 transform klass.
+ *
+ * Returns: the HMAC-SHA256 transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformHmacSha256GetKlass(void) {
+ return(&xmlSecGCryptHmacSha256Klass);
+}
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/******************************************************************************
+ *
+ * HMAC SHA384
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptHmacSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha384, /* const xmlChar* name; */
+ xmlSecHrefHmacSha384, /* const xmlChar *href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecGCryptHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformHmacSha384GetKlass:
+ *
+ * The HMAC-SHA384 transform klass.
+ *
+ * Returns: the HMAC-SHA384 transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformHmacSha384GetKlass(void) {
+ return(&xmlSecGCryptHmacSha384Klass);
+}
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/******************************************************************************
+ *
+ * HMAC SHA512
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptHmacSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha512, /* const xmlChar* name; */
+ xmlSecHrefHmacSha512, /* const xmlChar *href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecGCryptHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformHmacSha512GetKlass:
+ *
+ * The HMAC-SHA512 transform klass.
+ *
+ * Returns: the HMAC-SHA512 transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformHmacSha512GetKlass(void) {
+ return(&xmlSecGCryptHmacSha512Klass);
+}
+#endif /* XMLSEC_NO_SHA512 */
+
+
+#ifndef XMLSEC_NO_RIPEMD160
+/******************************************************************************
+ *
+ * HMAC Ripemd160
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptHmacRipemd160Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacRipemd160, /* const xmlChar* name; */
+ xmlSecHrefHmacRipemd160, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecGCryptHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformHmacRipemd160GetKlass:
+ *
+ * The HMAC-RIPEMD160 transform klass.
+ *
+ * Returns: the HMAC-RIPEMD160 transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformHmacRipemd160GetKlass(void) {
+ return(&xmlSecGCryptHmacRipemd160Klass);
+}
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_MD5
+/******************************************************************************
+ *
+ * HMAC MD5
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptHmacMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacMd5, /* const xmlChar* name; */
+ xmlSecHrefHmacMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecGCryptHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformHmacMd5GetKlass:
+ *
+ * The HMAC-MD5 transform klass.
+ *
+ * Returns: the HMAC-MD5 transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformHmacMd5GetKlass(void) {
+ return(&xmlSecGCryptHmacMd5Klass);
+}
+#endif /* XMLSEC_NO_MD5 */
+
+
+#endif /* XMLSEC_NO_HMAC */
diff --git a/src/gcrypt/kw_aes.c b/src/gcrypt/kw_aes.c
new file mode 100644
index 00000000..38ac8956
--- /dev/null
+++ b/src/gcrypt/kw_aes.c
@@ -0,0 +1,593 @@
+/**
+ *
+ * XMLSec library
+ *
+ * AES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef XMLSEC_NO_AES
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gcrypt/crypto.h>
+
+#include "../kw_aes_des.h"
+
+
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ *********************************************************************/
+static int xmlSecGCryptKWAesBlockEncrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+static int xmlSecGCryptKWAesBlockDecrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+static xmlSecKWAesKlass xmlSecGCryptKWAesKlass = {
+ /* callbacks */
+ xmlSecGCryptKWAesBlockEncrypt, /* xmlSecKWAesBlockEncryptMethod encrypt; */
+ xmlSecGCryptKWAesBlockDecrypt, /* xmlSecKWAesBlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL /* void* reserved1; */
+};
+
+
+/*********************************************************************
+ *
+ * AES KW transforms
+ *
+ ********************************************************************/
+typedef struct _xmlSecGCryptKWAesCtx xmlSecGCryptKWAesCtx,
+ *xmlSecGCryptKWAesCtxPtr;
+struct _xmlSecGCryptKWAesCtx {
+ int cipher;
+ int mode;
+ int flags;
+ xmlSecSize blockSize;
+ xmlSecSize keyExpectedSize;
+
+ xmlSecBuffer keyBuffer;
+};
+#define xmlSecGCryptKWAesSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecGCryptKWAesCtx))
+#define xmlSecGCryptKWAesGetCtx(transform) \
+ ((xmlSecGCryptKWAesCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+#define xmlSecGCryptKWAesCheckId(transform) \
+ (xmlSecTransformCheckId((transform), xmlSecGCryptTransformKWAes128Id) || \
+ xmlSecTransformCheckId((transform), xmlSecGCryptTransformKWAes192Id) || \
+ xmlSecTransformCheckId((transform), xmlSecGCryptTransformKWAes256Id))
+
+static int xmlSecGCryptKWAesInitialize (xmlSecTransformPtr transform);
+static void xmlSecGCryptKWAesFinalize (xmlSecTransformPtr transform);
+static int xmlSecGCryptKWAesSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecGCryptKWAesSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecGCryptKWAesExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+static int
+xmlSecGCryptKWAesInitialize(xmlSecTransformPtr transform) {
+ xmlSecGCryptKWAesCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecGCryptKWAesCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWAesSize), -1);
+
+ ctx = xmlSecGCryptKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWAes128Id)) {
+ ctx->cipher = GCRY_CIPHER_AES128;
+ ctx->keyExpectedSize = XMLSEC_KW_AES128_KEY_SIZE;
+ } else if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWAes192Id)) {
+ ctx->cipher = GCRY_CIPHER_AES192;
+ ctx->keyExpectedSize = XMLSEC_KW_AES192_KEY_SIZE;
+ } else if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWAes256Id)) {
+ ctx->cipher = GCRY_CIPHER_AES256;
+ ctx->keyExpectedSize = XMLSEC_KW_AES256_KEY_SIZE;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ ctx->mode = GCRY_CIPHER_MODE_CBC;
+ ctx->flags = GCRY_CIPHER_SECURE; /* we are paranoid */
+ ctx->blockSize = gcry_cipher_get_algo_blklen(ctx->cipher);
+ xmlSecAssert2(ctx->blockSize > 0, -1);
+
+ ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecGCryptKWAesGetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecGCryptKWAesFinalize(xmlSecTransformPtr transform) {
+ xmlSecGCryptKWAesCtxPtr ctx;
+
+ xmlSecAssert(xmlSecGCryptKWAesCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGCryptKWAesSize));
+
+ ctx = xmlSecGCryptKWAesGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecBufferFinalize(&(ctx->keyBuffer));
+}
+
+static int
+xmlSecGCryptKWAesSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecGCryptKWAesCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecGCryptKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWAesSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecGCryptKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecGCryptKeyDataAesId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
+ keyReq->keyBitsSize = 8 * ctx->keyExpectedSize;
+
+ return(0);
+}
+
+static int
+xmlSecGCryptKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecGCryptKWAesCtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ xmlSecSize keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecGCryptKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWAesSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGCryptKeyDataAesId), -1);
+
+ ctx = xmlSecGCryptKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(buffer);
+ if(keySize < ctx->keyExpectedSize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key=%d;expected=%d",
+ keySize, ctx->keyExpectedSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer),
+ xmlSecBufferGetData(buffer),
+ ctx->keyExpectedSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "expected-size=%d",
+ ctx->keyExpectedSize);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecGCryptKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGCryptKWAesCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize, keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecGCryptKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWAesSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGCryptKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+ xmlSecAssert2(keySize == ctx->keyExpectedSize, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+ /* just do nothing */
+ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ if((inSize % 8) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size=%d(not 8 bytes aligned)", inSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* the encoded key might be 8 bytes longer plus 8 bytes just in case */
+ outSize = inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE +
+ XMLSEC_KW_AES_BLOCK_SIZE;
+ } else {
+ outSize = inSize + XMLSEC_KW_AES_BLOCK_SIZE;
+ }
+
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ ret = xmlSecKWAesEncode(&xmlSecGCryptKWAesKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWAesEncode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+ } else {
+ ret = xmlSecKWAesDecode(&xmlSecGCryptKWAesKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWAesEncode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "inSize%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ return(0);
+}
+
+
+static xmlSecTransformKlass xmlSecGCryptKWAes128Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes128, /* const xmlChar* name; */
+ xmlSecHrefKWAes128, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGCryptKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGCryptKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformKWAes128GetKlass:
+ *
+ * The AES-128 kew wrapper transform klass.
+ *
+ * Returns: AES-128 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformKWAes128GetKlass(void) {
+ return(&xmlSecGCryptKWAes128Klass);
+}
+
+static xmlSecTransformKlass xmlSecGCryptKWAes192Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes192, /* const xmlChar* name; */
+ xmlSecHrefKWAes192, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGCryptKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGCryptKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+
+/**
+ * xmlSecGCryptTransformKWAes192GetKlass:
+ *
+ * The AES-192 kew wrapper transform klass.
+ *
+ * Returns: AES-192 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformKWAes192GetKlass(void) {
+ return(&xmlSecGCryptKWAes192Klass);
+}
+
+static xmlSecTransformKlass xmlSecGCryptKWAes256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes256, /* const xmlChar* name; */
+ xmlSecHrefKWAes256, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGCryptKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGCryptKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformKWAes256GetKlass:
+ *
+ * The AES-256 kew wrapper transform klass.
+ *
+ * Returns: AES-256 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformKWAes256GetKlass(void) {
+ return(&xmlSecGCryptKWAes256Klass);
+}
+
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ *********************************************************************/
+static unsigned char g_zero_iv[XMLSEC_KW_AES_BLOCK_SIZE] =
+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+static int
+xmlSecGCryptKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ xmlSecGCryptKWAesCtxPtr ctx = (xmlSecGCryptKWAesCtxPtr)context;
+ gcry_cipher_hd_t cipherCtx;
+ gcry_error_t err;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= ctx->blockSize, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= ctx->blockSize, -1);
+
+ err = gcry_cipher_open(&cipherCtx, ctx->cipher, ctx->mode, ctx->flags);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ err = gcry_cipher_setkey(cipherCtx,
+ xmlSecBufferGetData(&ctx->keyBuffer),
+ xmlSecBufferGetSize(&ctx->keyBuffer));
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ /* use zero IV and CBC mode to ensure we get result as-is */
+ err = gcry_cipher_setiv(cipherCtx, g_zero_iv, sizeof(g_zero_iv));
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setiv",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ err = gcry_cipher_encrypt(cipherCtx, out, outSize, in, inSize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_encrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ gcry_cipher_close(cipherCtx);
+ return(-1);
+ }
+ gcry_cipher_close(cipherCtx);
+
+ return(ctx->blockSize);
+}
+
+static int
+xmlSecGCryptKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ xmlSecGCryptKWAesCtxPtr ctx = (xmlSecGCryptKWAesCtxPtr)context;
+ gcry_cipher_hd_t cipherCtx;
+ gcry_error_t err;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= ctx->blockSize, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= ctx->blockSize, -1);
+
+ err = gcry_cipher_open(&cipherCtx, ctx->cipher, ctx->mode, ctx->flags);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ err = gcry_cipher_setkey(cipherCtx,
+ xmlSecBufferGetData(&ctx->keyBuffer),
+ xmlSecBufferGetSize(&ctx->keyBuffer));
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ /* use zero IV and CBC mode to ensure we get result as-is */
+ err = gcry_cipher_setiv(cipherCtx, g_zero_iv, sizeof(g_zero_iv));
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setiv",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ err = gcry_cipher_decrypt(cipherCtx, out, outSize, in, inSize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_decrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ gcry_cipher_close(cipherCtx);
+ return(-1);
+ }
+ gcry_cipher_close(cipherCtx);
+
+ return(ctx->blockSize);
+}
+
+#endif /* XMLSEC_NO_AES */
diff --git a/src/gcrypt/kw_des.c b/src/gcrypt/kw_des.c
new file mode 100644
index 00000000..b93eb9f5
--- /dev/null
+++ b/src/gcrypt/kw_des.c
@@ -0,0 +1,607 @@
+/**
+ *
+ * XMLSec library
+ *
+ * DES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef XMLSEC_NO_DES
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <gcrypt.h>
+
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gcrypt/crypto.h>
+
+#include "../kw_aes_des.h"
+
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int xmlSecGCryptKWDes3GenerateRandom (void * context,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecGCryptKWDes3Sha1 (void * context,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecGCryptKWDes3BlockEncrypt (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecGCryptKWDes3BlockDecrypt (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+
+static xmlSecKWDes3Klass xmlSecGCryptKWDes3ImplKlass = {
+ /* callbacks */
+ xmlSecGCryptKWDes3GenerateRandom, /* xmlSecKWDes3GenerateRandomMethod generateRandom; */
+ xmlSecGCryptKWDes3Sha1, /* xmlSecKWDes3Sha1Method sha1; */
+ xmlSecGCryptKWDes3BlockEncrypt, /* xmlSecKWDes3BlockEncryptMethod encrypt; */
+ xmlSecGCryptKWDes3BlockDecrypt, /* xmlSecKWDes3BlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+static int xmlSecGCryptKWDes3Encrypt (const xmlSecByte *key,
+ xmlSecSize keySize,
+ const xmlSecByte *iv,
+ xmlSecSize ivSize,
+ const xmlSecByte *in,
+ xmlSecSize inSize,
+ xmlSecByte *out,
+ xmlSecSize outSize,
+ int enc);
+
+
+/*********************************************************************
+ *
+ * Triple DES Key Wrap transform
+ *
+ * key (xmlSecBuffer) is located after xmlSecTransform structure
+ *
+ ********************************************************************/
+typedef struct _xmlSecGCryptKWDes3Ctx xmlSecGCryptKWDes3Ctx,
+ *xmlSecGCryptKWDes3CtxPtr;
+struct _xmlSecGCryptKWDes3Ctx {
+ xmlSecBuffer keyBuffer;
+};
+#define xmlSecGCryptKWDes3Size \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecGCryptKWDes3Ctx))
+#define xmlSecGCryptKWDes3GetCtx(transform) \
+ ((xmlSecGCryptKWDes3CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecGCryptKWDes3Initialize (xmlSecTransformPtr transform);
+static void xmlSecGCryptKWDes3Finalize (xmlSecTransformPtr transform);
+static int xmlSecGCryptKWDes3SetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecGCryptKWDes3SetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecGCryptKWDes3Execute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static xmlSecTransformKlass xmlSecGCryptKWDes3Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptKWDes3Size, /* xmlSecSize objSize */
+
+ xmlSecNameKWDes3, /* const xmlChar* name; */
+ xmlSecHrefKWDes3, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGCryptKWDes3Initialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptKWDes3Finalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptKWDes3SetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGCryptKWDes3SetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptKWDes3Execute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformKWDes3GetKlass:
+ *
+ * The Triple DES key wrapper transform klass.
+ *
+ * Returns: Triple DES key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformKWDes3GetKlass(void) {
+ return(&xmlSecGCryptKWDes3Klass);
+}
+
+static int
+xmlSecGCryptKWDes3Initialize(xmlSecTransformPtr transform) {
+ xmlSecGCryptKWDes3CtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWDes3Id), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWDes3Size), -1);
+
+ ctx = xmlSecGCryptKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecGCryptKWDes3Finalize(xmlSecTransformPtr transform) {
+ xmlSecGCryptKWDes3CtxPtr ctx;
+
+ xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWDes3Id));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGCryptKWDes3Size));
+
+ ctx = xmlSecGCryptKWDes3GetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecBufferFinalize(&(ctx->keyBuffer));
+}
+
+static int
+xmlSecGCryptKWDes3SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecGCryptKWDes3CtxPtr ctx;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWDes3Size), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecGCryptKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecGCryptKeyDataDesId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage= xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage= xmlSecKeyUsageDecrypt;
+ }
+ keyReq->keyBitsSize = 8 * XMLSEC_KW_DES3_KEY_LENGTH;
+ return(0);
+}
+
+static int
+xmlSecGCryptKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecGCryptKWDes3CtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ xmlSecSize keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWDes3Size), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGCryptKeyDataDesId), -1);
+
+ ctx = xmlSecGCryptKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(buffer);
+ if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key length %d is not enough (%d expected)",
+ keySize, XMLSEC_KW_DES3_KEY_LENGTH);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", XMLSEC_KW_DES3_KEY_LENGTH);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecGCryptKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGCryptKWDes3CtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize, keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWDes3Size), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGCryptKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+ xmlSecAssert2(keySize == XMLSEC_KW_DES3_KEY_LENGTH, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+ /* just do nothing */
+ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "%d bytes - not %d bytes aligned",
+ inSize, XMLSEC_KW_DES3_BLOCK_LENGTH);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* the encoded key might be 16 bytes longer plus one block just in case */
+ outSize = inSize + XMLSEC_KW_DES3_IV_LENGTH +
+ XMLSEC_KW_DES3_BLOCK_LENGTH +
+ XMLSEC_KW_DES3_BLOCK_LENGTH;
+ } else {
+ /* just in case, add a block */
+ outSize = inSize + XMLSEC_KW_DES3_BLOCK_LENGTH;
+ }
+
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ ret = xmlSecKWDes3Encode(&xmlSecGCryptKWDes3ImplKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWDes3Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "key=%d,in=%d,out=%d",
+ keySize, inSize, outSize);
+ return(-1);
+ }
+ outSize = ret;
+ } else {
+ ret = xmlSecKWDes3Decode(&xmlSecGCryptKWDes3ImplKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWDes3Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "key=%d,in=%d,out=%d",
+ keySize, inSize, outSize);
+ return(-1);
+ }
+ outSize = ret;
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ return(0);
+}
+
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int
+xmlSecGCryptKWDes3Sha1(void * context,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecGCryptKWDes3CtxPtr ctx = (xmlSecGCryptKWDes3CtxPtr)context;
+ gcry_md_hd_t digestCtx;
+ unsigned char * res;
+ unsigned int len;
+ gcry_error_t err;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize > 0, -1);
+
+ len = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
+ xmlSecAssert2(outSize >= len, -1);
+
+ err = gcry_md_open(&digestCtx, GCRY_MD_SHA1, GCRY_MD_FLAG_SECURE); /* we are paranoid */
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_md_open(GCRY_MD_SHA1)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ gcry_md_write(digestCtx, in, inSize);
+
+ err = gcry_md_final(digestCtx);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_md_final",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ gcry_md_close(digestCtx);
+ return(-1);
+ }
+
+ res = gcry_md_read(digestCtx, GCRY_MD_SHA1);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_md_read(GCRY_MD_SHA1)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gcry_md_close(digestCtx);
+ return(-1);
+ }
+
+ /* done */
+ xmlSecAssert2(outSize >= len, -1);
+ memcpy(out, res, len);
+ gcry_md_close(digestCtx);
+ return(len);
+}
+
+static int
+xmlSecGCryptKWDes3GenerateRandom(void * context,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecGCryptKWDes3CtxPtr ctx = (xmlSecGCryptKWDes3CtxPtr)context;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize > 0, -1);
+
+ gcry_randomize(out, outSize, GCRY_STRONG_RANDOM);
+ return((int)outSize);
+}
+
+static int
+xmlSecGCryptKWDes3BlockEncrypt(void * context,
+ const xmlSecByte * iv, xmlSecSize ivSize,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecGCryptKWDes3CtxPtr ctx = (xmlSecGCryptKWDes3CtxPtr)context;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ ret = xmlSecGCryptKWDes3Encrypt(xmlSecBufferGetData(&(ctx->keyBuffer)),
+ XMLSEC_KW_DES3_KEY_LENGTH,
+ iv, XMLSEC_KW_DES3_IV_LENGTH,
+ in, inSize,
+ out, outSize,
+ 1); /* encrypt */
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(ret);
+}
+
+static int
+xmlSecGCryptKWDes3BlockDecrypt(void * context,
+ const xmlSecByte * iv, xmlSecSize ivSize,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecGCryptKWDes3CtxPtr ctx = (xmlSecGCryptKWDes3CtxPtr)context;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ ret = xmlSecGCryptKWDes3Encrypt(xmlSecBufferGetData(&(ctx->keyBuffer)),
+ XMLSEC_KW_DES3_KEY_LENGTH,
+ iv, XMLSEC_KW_DES3_IV_LENGTH,
+ in, inSize,
+ out, outSize,
+ 0); /* decrypt */
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(ret);
+}
+
+static int
+xmlSecGCryptKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize,
+ const xmlSecByte *iv, xmlSecSize ivSize,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize,
+ int enc) {
+ size_t key_len = gcry_cipher_get_algo_keylen(GCRY_CIPHER_3DES);
+ size_t block_len = gcry_cipher_get_algo_blklen(GCRY_CIPHER_3DES);
+ gcry_cipher_hd_t cipherCtx;
+ gcry_error_t err;
+
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(keySize >= key_len, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= block_len, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ err = gcry_cipher_open(&cipherCtx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_SECURE); /* we are paranoid */
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_open(GCRY_CIPHER_3DES)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ err = gcry_cipher_setkey(cipherCtx, key, keySize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ err = gcry_cipher_setiv(cipherCtx, iv, ivSize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setiv",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ if(enc) {
+ err = gcry_cipher_encrypt(cipherCtx, out, outSize, in, inSize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_encrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ gcry_cipher_close(cipherCtx);
+ return(-1);
+ }
+ } else {
+ err = gcry_cipher_decrypt(cipherCtx, out, outSize, in, inSize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_decrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ gcry_cipher_close(cipherCtx);
+ return(-1);
+ }
+ }
+
+ /* done */
+ gcry_cipher_close(cipherCtx);
+ return((int)inSize); /* out size == in size */
+}
+
+
+#endif /* XMLSEC_NO_DES */
+
diff --git a/src/gcrypt/signatures.c b/src/gcrypt/signatures.c
new file mode 100644
index 00000000..c49638e4
--- /dev/null
+++ b/src/gcrypt/signatures.c
@@ -0,0 +1,1490 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gcrypt/crypto.h>
+
+
+/**************************************************************************
+ *
+ * Forward declarations for actual sign/verify implementations
+ *
+ *****************************************************************************/
+typedef int (*xmlSecGCryptPkSignMethod) (int digest,
+ xmlSecKeyDataPtr key_data,
+ const xmlSecByte* dgst,
+ xmlSecSize dgstSize,
+ xmlSecBufferPtr out);
+typedef int (*xmlSecGCryptPkVerifyMethod) (int digest,
+ xmlSecKeyDataPtr key_data,
+ const xmlSecByte* dgst,
+ xmlSecSize dgstSize,
+ const xmlSecByte* data,
+ xmlSecSize dataSize);
+
+#ifndef XMLSEC_NO_DSA
+static int xmlSecGCryptDsaPkSign (int digest,
+ xmlSecKeyDataPtr key_data,
+ const xmlSecByte* dgst,
+ xmlSecSize dgstSize,
+ xmlSecBufferPtr out);
+static int xmlSecGCryptDsaPkVerify (int digest,
+ xmlSecKeyDataPtr key_data,
+ const xmlSecByte* dgst,
+ xmlSecSize dgstSize,
+ const xmlSecByte* data,
+ xmlSecSize dataSize);
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+static int xmlSecGCryptRsaPkcs1PkSign (int digest,
+ xmlSecKeyDataPtr key_data,
+ const xmlSecByte* dgst,
+ xmlSecSize dgstSize,
+ xmlSecBufferPtr out);
+static int xmlSecGCryptRsaPkcs1PkVerify (int digest,
+ xmlSecKeyDataPtr key_data,
+ const xmlSecByte* dgst,
+ xmlSecSize dgstSize,
+ const xmlSecByte* data,
+ xmlSecSize dataSize);
+#endif /* XMLSEC_NO_RSA */
+
+
+/**************************************************************************
+ *
+ * Internal GCrypt signatures ctx
+ *
+ *****************************************************************************/
+typedef struct _xmlSecGCryptPkSignatureCtx xmlSecGCryptPkSignatureCtx,
+ *xmlSecGCryptPkSignatureCtxPtr;
+
+
+struct _xmlSecGCryptPkSignatureCtx {
+ int digest;
+ xmlSecKeyDataId keyId;
+ xmlSecGCryptPkSignMethod sign;
+ xmlSecGCryptPkVerifyMethod verify;
+
+ gcry_md_hd_t digestCtx;
+ xmlSecKeyDataPtr key_data;
+
+ xmlSecByte dgst[XMLSEC_GCRYPT_MAX_DIGEST_SIZE];
+ xmlSecSize dgstSize; /* dgst size in bytes */
+};
+
+
+/******************************************************************************
+ *
+ * Pk Signature transforms
+ *
+ * xmlSecGCryptPkSignatureCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecGCryptPkSignatureSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecGCryptPkSignatureCtx))
+#define xmlSecGCryptPkSignatureGetCtx(transform) \
+ ((xmlSecGCryptPkSignatureCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecGCryptPkSignatureCheckId (xmlSecTransformPtr transform);
+static int xmlSecGCryptPkSignatureInitialize (xmlSecTransformPtr transform);
+static void xmlSecGCryptPkSignatureFinalize (xmlSecTransformPtr transform);
+static int xmlSecGCryptPkSignatureSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecGCryptPkSignatureSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecGCryptPkSignatureVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGCryptPkSignatureExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+static int
+xmlSecGCryptPkSignatureCheckId(xmlSecTransformPtr transform) {
+#ifndef XMLSEC_NO_DSA
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformDsaSha1Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaMd5Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaRipemd160Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha1Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha256Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha384Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha512Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+ {
+ return(0);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecGCryptPkSignatureInitialize(xmlSecTransformPtr transform) {
+ xmlSecGCryptPkSignatureCtxPtr ctx;
+ gcry_error_t err;
+
+ xmlSecAssert2(xmlSecGCryptPkSignatureCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptPkSignatureSize), -1);
+
+ ctx = xmlSecGCryptPkSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecGCryptPkSignatureCtx));
+
+#ifndef XMLSEC_NO_DSA
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformDsaSha1Id)) {
+ ctx->digest = GCRY_MD_SHA1;
+ ctx->keyId = xmlSecGCryptKeyDataDsaId;
+ ctx->sign = xmlSecGCryptDsaPkSign;
+ ctx->verify = xmlSecGCryptDsaPkVerify;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaMd5Id)) {
+ ctx->digest = GCRY_MD_MD5;
+ ctx->keyId = xmlSecGCryptKeyDataRsaId;
+ ctx->sign = xmlSecGCryptRsaPkcs1PkSign;
+ ctx->verify = xmlSecGCryptRsaPkcs1PkVerify;
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaRipemd160Id)) {
+ ctx->digest = GCRY_MD_RMD160;
+ ctx->keyId = xmlSecGCryptKeyDataRsaId;
+ ctx->sign = xmlSecGCryptRsaPkcs1PkSign;
+ ctx->verify = xmlSecGCryptRsaPkcs1PkVerify;
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha1Id)) {
+ ctx->digest = GCRY_MD_SHA1;
+ ctx->keyId = xmlSecGCryptKeyDataRsaId;
+ ctx->sign = xmlSecGCryptRsaPkcs1PkSign;
+ ctx->verify = xmlSecGCryptRsaPkcs1PkVerify;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha256Id)) {
+ ctx->digest = GCRY_MD_SHA256;
+ ctx->keyId = xmlSecGCryptKeyDataRsaId;
+ ctx->sign = xmlSecGCryptRsaPkcs1PkSign;
+ ctx->verify = xmlSecGCryptRsaPkcs1PkVerify;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha384Id)) {
+ ctx->digest = GCRY_MD_SHA384;
+ ctx->keyId = xmlSecGCryptKeyDataRsaId;
+ ctx->sign = xmlSecGCryptRsaPkcs1PkSign;
+ ctx->verify = xmlSecGCryptRsaPkcs1PkVerify;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha512Id)) {
+ ctx->digest = GCRY_MD_SHA512;
+ ctx->keyId = xmlSecGCryptKeyDataRsaId;
+ ctx->sign = xmlSecGCryptRsaPkcs1PkSign;
+ ctx->verify = xmlSecGCryptRsaPkcs1PkVerify;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+ if(1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* create digest ctx */
+ err = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_SECURE); /* we are paranoid */
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ /* done */
+ return(0);
+}
+
+static void
+xmlSecGCryptPkSignatureFinalize(xmlSecTransformPtr transform) {
+ xmlSecGCryptPkSignatureCtxPtr ctx;
+
+ xmlSecAssert(xmlSecGCryptPkSignatureCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGCryptPkSignatureSize));
+
+ ctx = xmlSecGCryptPkSignatureGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->key_data != NULL) {
+ xmlSecKeyDataDestroy(ctx->key_data);
+ }
+ if(ctx->digestCtx != NULL) {
+ gcry_md_close(ctx->digestCtx);
+ }
+
+ memset(ctx, 0, sizeof(xmlSecGCryptPkSignatureCtx));
+}
+
+static int
+xmlSecGCryptPkSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecGCryptPkSignatureCtxPtr ctx;
+ xmlSecKeyDataPtr key_data;
+
+ xmlSecAssert2(xmlSecGCryptPkSignatureCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptPkSignatureSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ ctx = xmlSecGCryptPkSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+ xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
+
+ key_data = xmlSecKeyGetValue(key);
+ xmlSecAssert2(key_data != NULL, -1);
+
+ if(ctx->key_data != NULL) {
+ xmlSecKeyDataDestroy(ctx->key_data);
+ }
+
+ ctx->key_data = xmlSecKeyDataDuplicate(key_data);
+ if(ctx->key_data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKeyDataDuplicate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecGCryptPkSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecGCryptPkSignatureCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecGCryptPkSignatureCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptPkSignatureSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecGCryptPkSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+
+ keyReq->keyId = ctx->keyId;
+ if(transform->operation == xmlSecTransformOperationSign) {
+ keyReq->keyType = xmlSecKeyDataTypePrivate;
+ keyReq->keyUsage = xmlSecKeyUsageSign;
+ } else {
+ keyReq->keyType = xmlSecKeyDataTypePublic;
+ keyReq->keyUsage = xmlSecKeyUsageVerify;
+ }
+ return(0);
+}
+
+
+static int
+xmlSecGCryptPkSignatureVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGCryptPkSignatureCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecGCryptPkSignatureCheckId(transform), -1);
+ xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptPkSignatureSize), -1);
+ xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGCryptPkSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->sign != NULL, -1);
+ xmlSecAssert2(ctx->verify != NULL, -1);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+ xmlSecAssert2(ctx->key_data != NULL, -1);
+
+ ret = ctx->verify(ctx->digest, ctx->key_data, ctx->dgst, ctx->dgstSize, data, dataSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "ctx->verify",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* check result */
+ if(ret == 1) {
+ transform->status = xmlSecTransformStatusOk;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "ctx->verify",
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "signature do not match");
+ transform->status = xmlSecTransformStatusFail;
+ }
+
+ /* done */
+ return(0);
+}
+
+static int
+xmlSecGCryptPkSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGCryptPkSignatureCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize;
+ xmlSecSize outSize;
+ int ret;
+
+ xmlSecAssert2(xmlSecGCryptPkSignatureCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptPkSignatureSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGCryptPkSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->sign != NULL, -1);
+ xmlSecAssert2(ctx->verify != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+
+ ctx = xmlSecGCryptPkSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->key_data != NULL, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ /* do nothing, already initialized */
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ xmlSecAssert2(outSize == 0, -1);
+
+ /* update the digest */
+ if(inSize > 0) {
+ gcry_md_write(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+
+ /* generate digest and signature */
+ if(last != 0) {
+ xmlSecByte* buf;
+
+ /* get the final digest */
+ gcry_md_final(ctx->digestCtx);
+ buf = gcry_md_read(ctx->digestCtx, ctx->digest);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_read",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* copy it to our internal buffer */
+ ctx->dgstSize = gcry_md_get_algo_dlen(ctx->digest);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+ xmlSecAssert2(ctx->dgstSize <= sizeof(ctx->dgst), -1);
+ memcpy(ctx->dgst, buf, ctx->dgstSize);
+
+ xmlSecAssert2(outSize == 0, -1);
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = ctx->sign(ctx->digest, ctx->key_data, ctx->dgst, ctx->dgstSize, out);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "ctx->sign",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ /* done */
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) || (transform->status == xmlSecTransformStatusFinished)) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/*****************************************************************************
+ *
+ * Helper
+ *
+ ****************************************************************************/
+static int
+xmlSecGCryptAppendMpi(gcry_mpi_t a, xmlSecBufferPtr out, xmlSecSize min_size) {
+ xmlSecSize outSize;
+ size_t written;
+ gpg_error_t err;
+ int ret;
+
+ xmlSecAssert2(a != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+
+ /* current size */
+ outSize = xmlSecBufferGetSize(out);
+
+ /* figure out how much space we need */
+ written = 0;
+ err = gcry_mpi_print(GCRYMPI_FMT_USG, NULL, 0, &written, a);
+ if((err != GPG_ERR_NO_ERROR) || (written == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_print",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ /* add zeros at the beggining (if needed) */
+ if((min_size > 0) && (written < min_size)) {
+ outSize += (min_size - written);
+ }
+
+ /* allocate space */
+ ret = xmlSecBufferSetMaxSize(out, outSize + written + 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", (int)(outSize + written + 1));
+ return(-1);
+ }
+ xmlSecAssert2(xmlSecBufferGetMaxSize(out) > outSize, -1);
+
+ /* add zeros at the beggining (if needed) */
+ if((min_size > 0) && (written < min_size)) {
+ xmlSecSize ii;
+ xmlSecByte * p = xmlSecBufferGetData(out);
+
+ for(ii = 0; ii < (min_size - written); ++ii) {
+ p[outSize - ii - 1] = 0;
+ }
+ }
+
+ /* write out */
+ written = 0;
+ err = gcry_mpi_print(GCRYMPI_FMT_USG,
+ xmlSecBufferGetData(out) + outSize,
+ xmlSecBufferGetMaxSize(out) - outSize,
+ &written, a);
+ if((err != GPG_ERR_NO_ERROR) || (written == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_print",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ /* reset size */
+ ret = xmlSecBufferSetSize(out, outSize + written);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d",
+ (int)(outSize + written));
+ return(-1);
+ }
+
+ /* done */
+ return(0);
+}
+
+#ifndef XMLSEC_NO_DSA
+
+#ifndef XMLSEC_NO_SHA1
+/****************************************************************************
+ *
+ * DSA-SHA1 signature transform
+ *
+ * http://www.w3.org/TR/xmldsig-core/#sec-SignatureAlg:
+ *
+ * The output of the DSA algorithm consists of a pair of integers
+ * usually referred by the pair (r, s). The signature value consists of
+ * the base64 encoding of the concatenation of two octet-streams that
+ * respectively result from the octet-encoding of the values r and s in
+ * that order. Integer to octet-stream conversion must be done according
+ * to the I2OSP operation defined in the RFC 2437 [PKCS1] specification
+ * with a l parameter equal to 20. For example, the SignatureValue element
+ * for a DSA signature (r, s) with values specified in hexadecimal:
+ *
+ * r = 8BAC1AB6 6410435C B7181F95 B16AB97C 92B341C0
+ * s = 41E2345F 1F56DF24 58F426D1 55B4BA2D B6DCD8C8
+ *
+ * from the example in Appendix 5 of the DSS standard would be
+ *
+ * <SignatureValue>i6watmQQQ1y3GB+VsWq5fJKzQcBB4jRfH1bfJFj0JtFVtLotttzYyA==</SignatureValue>
+ *
+ ***************************************************************************/
+static int
+xmlSecGCryptDsaPkSign(int digest ATTRIBUTE_UNUSED, xmlSecKeyDataPtr key_data,
+ const xmlSecByte* dgst, xmlSecSize dgstSize,
+ xmlSecBufferPtr out) {
+ gcry_mpi_t m_hash = NULL;
+ gcry_sexp_t s_data = NULL;
+ gcry_sexp_t s_sig = NULL;
+ gcry_sexp_t s_r = NULL;
+ gcry_sexp_t s_s = NULL;
+ gcry_mpi_t m_r = NULL;
+ gcry_mpi_t m_s = NULL;
+ gcry_sexp_t s_tmp;
+ gpg_error_t err;
+ int ret;
+ int res = -1;
+
+ xmlSecAssert2(key_data != NULL, -1);
+ xmlSecAssert2(xmlSecGCryptKeyDataDsaGetPrivateKey(key_data) != NULL, -1);
+ xmlSecAssert2(dgst != NULL, -1);
+ xmlSecAssert2(dgstSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+
+ /* get the current digest, can't use "hash" :( */
+ err = gcry_mpi_scan(&m_hash, GCRYMPI_FMT_USG, dgst, dgstSize, NULL);
+ if((err != GPG_ERR_NO_ERROR) || (m_hash == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_scan(hash)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ err = gcry_sexp_build (&s_data, NULL,
+ "(data (flags raw)(value %m))",
+ m_hash);
+ if((err != GPG_ERR_NO_ERROR) || (s_data == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(data)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* create signature */
+ err = gcry_pk_sign(&s_sig, s_data, xmlSecGCryptKeyDataDsaGetPrivateKey(key_data));
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_pk_sign",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* find signature value */
+ s_tmp = gcry_sexp_find_token(s_sig, "sig-val", 0);
+ if(s_tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_find_token(sig-val)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ gcry_sexp_release(s_sig);
+ s_sig = s_tmp;
+
+ s_tmp = gcry_sexp_find_token(s_sig, "dsa", 0);
+ if(s_tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_find_token(rsa)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ gcry_sexp_release(s_sig);
+ s_sig = s_tmp;
+
+ /* r */
+ s_r = gcry_sexp_find_token(s_sig, "r", 0);
+ if(s_r == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_find_token(r)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ m_r = gcry_sexp_nth_mpi(s_r, 1, GCRYMPI_FMT_USG);
+ if(m_r == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_nth_mpi(r)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* s */
+ s_s = gcry_sexp_find_token(s_sig, "s", 0);
+ if(s_s == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_find_token(s)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ m_s = gcry_sexp_nth_mpi(s_s, 1, GCRYMPI_FMT_USG);
+ if(m_s == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_nth_mpi(s)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* write out: r + s */
+ ret = xmlSecGCryptAppendMpi(m_r, out, 20);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppendMpi",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ xmlSecAssert2(xmlSecBufferGetSize(out) == 20, -1);
+ ret = xmlSecGCryptAppendMpi(m_s, out, 20);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppendMpi",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ xmlSecAssert2(xmlSecBufferGetSize(out) == (20 + 20), -1);
+
+ /* done */
+ res = 0;
+
+done:
+ if(m_hash != NULL) {
+ gcry_mpi_release(m_hash);
+ }
+ if(m_r != NULL) {
+ gcry_mpi_release(m_r);
+ }
+ if(m_s != NULL) {
+ gcry_mpi_release(m_s);
+ }
+
+ if(s_data != NULL) {
+ gcry_sexp_release(s_data);
+ }
+ if(s_sig != NULL) {
+ gcry_sexp_release(s_sig);
+ }
+ if(s_r != NULL) {
+ gcry_sexp_release(s_r);
+ }
+ if(s_s != NULL) {
+ gcry_sexp_release(s_s);
+ }
+
+ return(res);
+}
+
+static int
+xmlSecGCryptDsaPkVerify(int digest ATTRIBUTE_UNUSED, xmlSecKeyDataPtr key_data,
+ const xmlSecByte* dgst, xmlSecSize dgstSize,
+ const xmlSecByte* data, xmlSecSize dataSize) {
+ gcry_mpi_t m_hash = NULL;
+ gcry_sexp_t s_data = NULL;
+ gcry_mpi_t m_sig_r = NULL;
+ gcry_mpi_t m_sig_s = NULL;
+ gcry_sexp_t s_sig = NULL;
+ gpg_error_t err;
+ int res = -1;
+
+ xmlSecAssert2(key_data != NULL, -1);
+ xmlSecAssert2(xmlSecGCryptKeyDataDsaGetPublicKey(key_data) != NULL, -1);
+ xmlSecAssert2(dgst != NULL, -1);
+ xmlSecAssert2(dgstSize > 0, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize == (20 + 20), -1);
+
+ /* get the current digest, can't use "hash" :( */
+ err = gcry_mpi_scan(&m_hash, GCRYMPI_FMT_USG, dgst, dgstSize, NULL);
+ if((err != GPG_ERR_NO_ERROR) || (m_hash == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_scan(hash)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ err = gcry_sexp_build (&s_data, NULL,
+ "(data (flags raw)(value %m))",
+ m_hash);
+ if((err != GPG_ERR_NO_ERROR) || (s_data == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(data)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* get the existing signature */
+ err = gcry_mpi_scan(&m_sig_r, GCRYMPI_FMT_USG, data, 20, NULL);
+ if((err != GPG_ERR_NO_ERROR) || (m_sig_r == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_scan(r)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+ err = gcry_mpi_scan(&m_sig_s, GCRYMPI_FMT_USG, data + 20, 20, NULL);
+ if((err != GPG_ERR_NO_ERROR) || (m_sig_s == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_scan(s)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ err = gcry_sexp_build (&s_sig, NULL,
+ "(sig-val(dsa(r %m)(s %m)))",
+ m_sig_r, m_sig_s);
+ if((err != GPG_ERR_NO_ERROR) || (s_sig == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(sig-val)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* verify signature */
+ err = gcry_pk_verify(s_sig, s_data, xmlSecGCryptKeyDataDsaGetPublicKey(key_data));
+ if(err == GPG_ERR_NO_ERROR) {
+ res = 1; /* good signature */
+ } else if(err == GPG_ERR_BAD_SIGNATURE) {
+ res = 0; /* bad signature */
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_pk_verify",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* done */
+done:
+ if(m_hash != NULL) {
+ gcry_mpi_release(m_hash);
+ }
+ if(m_sig_r != NULL) {
+ gcry_mpi_release(m_sig_r);
+ }
+ if(m_sig_s != NULL) {
+ gcry_mpi_release(m_sig_s);
+ }
+
+ if(s_data != NULL) {
+ gcry_sexp_release(s_data);
+ }
+ if(s_sig != NULL) {
+ gcry_sexp_release(s_sig);
+ }
+
+ return(res);
+}
+
+
+static xmlSecTransformKlass xmlSecGCryptDsaSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptPkSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameDsaSha1, /* const xmlChar* name; */
+ xmlSecHrefDsaSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptPkSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptPkSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptPkSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptPkSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptPkSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptPkSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformDsaSha1GetKlass:
+ *
+ * The DSA-SHA1 signature transform klass.
+ *
+ * Returns: DSA-SHA1 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformDsaSha1GetKlass(void) {
+ return(&xmlSecGCryptDsaSha1Klass);
+}
+
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+
+/****************************************************************************
+ *
+ * RSA-SHA1 signature transform
+ *
+ * http://www.w3.org/TR/xmldsig-core/#sec-SignatureAlg:
+ *
+ * The SignatureValue content for an RSA signature is the base64 [MIME]
+ * encoding of the octet string computed as per RFC 2437 [PKCS1,
+ * section 8.1.1: Signature generation for the RSASSA-PKCS1-v1_5 signature
+ * scheme]. As specified in the EMSA-PKCS1-V1_5-ENCODE function RFC 2437
+ * [PKCS1, section 9.2.1], the value input to the signature function MUST
+ * contain a pre-pended algorithm object identifier for the hash function,
+ * but the availability of an ASN.1 parser and recognition of OIDs is not
+ * required of a signature verifier. The PKCS#1 v1.5 representation appears
+ * as:
+ *
+ * CRYPT (PAD (ASN.1 (OID, DIGEST (data))))
+ *
+ * Note that the padded ASN.1 will be of the following form:
+ *
+ * 01 | FF* | 00 | prefix | hash
+ *
+ * where "|" is concatenation, "01", "FF", and "00" are fixed octets of
+ * the corresponding hexadecimal value, "hash" is the SHA1 digest of the
+ * data, and "prefix" is the ASN.1 BER SHA1 algorithm designator prefix
+ * required in PKCS1 [RFC 2437], that is,
+ *
+ * hex 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14
+ *
+ * This prefix is included to make it easier to use standard cryptographic
+ * libraries. The FF octet MUST be repeated the maximum number of times such
+ * that the value of the quantity being CRYPTed is one octet shorter than
+ * the RSA modulus.
+ *
+ ***************************************************************************/
+static int
+xmlSecGCryptRsaPkcs1PkSign(int digest, xmlSecKeyDataPtr key_data,
+ const xmlSecByte* dgst, xmlSecSize dgstSize,
+ xmlSecBufferPtr out) {
+ gcry_sexp_t s_data = NULL;
+ gcry_mpi_t m_sig = NULL;
+ gcry_sexp_t s_sig = NULL;
+ gcry_sexp_t s_tmp;
+ gpg_error_t err;
+ int ret;
+ int res = -1;
+
+ xmlSecAssert2(key_data != NULL, -1);
+ xmlSecAssert2(xmlSecGCryptKeyDataRsaGetPrivateKey(key_data) != NULL, -1);
+ xmlSecAssert2(dgst != NULL, -1);
+ xmlSecAssert2(dgstSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+
+ /* get the current digest */
+ err = gcry_sexp_build (&s_data, NULL,
+ "(data (flags pkcs1)(hash %s %b))",
+ gcry_md_algo_name(digest),
+ (int)dgstSize, dgst);
+ if((err != GPG_ERR_NO_ERROR) || (s_data == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(data)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* create signature */
+ err = gcry_pk_sign(&s_sig, s_data, xmlSecGCryptKeyDataRsaGetPrivateKey(key_data));
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_pk_sign",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* find signature value */
+ s_tmp = gcry_sexp_find_token(s_sig, "sig-val", 0);
+ if(s_tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_find_token(sig-val)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ gcry_sexp_release(s_sig);
+ s_sig = s_tmp;
+
+ s_tmp = gcry_sexp_find_token(s_sig, "rsa", 0);
+ if(s_tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_find_token(rsa)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ gcry_sexp_release(s_sig);
+ s_sig = s_tmp;
+
+ s_tmp = gcry_sexp_find_token(s_sig, "s", 0);
+ if(s_tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_find_token(s)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ gcry_sexp_release(s_sig);
+ s_sig = s_tmp;
+
+ m_sig = gcry_sexp_nth_mpi(s_sig, 1, GCRYMPI_FMT_USG);
+ if(m_sig == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_nth_mpi(1)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* write out */
+ ret = xmlSecGCryptAppendMpi(m_sig, out, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppendMpi",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* done */
+ res = 0;
+
+done:
+ if(m_sig != NULL) {
+ gcry_mpi_release(m_sig);
+ }
+
+ if(s_data != NULL) {
+ gcry_sexp_release(s_data);
+ }
+ if(s_sig != NULL) {
+ gcry_sexp_release(s_sig);
+ }
+
+ return(res);
+}
+
+static int
+xmlSecGCryptRsaPkcs1PkVerify(int digest, xmlSecKeyDataPtr key_data,
+ const xmlSecByte* dgst, xmlSecSize dgstSize,
+ const xmlSecByte* data, xmlSecSize dataSize) {
+ gcry_sexp_t s_data = NULL;
+ gcry_mpi_t m_sig = NULL;
+ gcry_sexp_t s_sig = NULL;
+ gpg_error_t err;
+ int res = -1;
+
+ xmlSecAssert2(key_data != NULL, -1);
+ xmlSecAssert2(xmlSecGCryptKeyDataRsaGetPublicKey(key_data) != NULL, -1);
+ xmlSecAssert2(dgst != NULL, -1);
+ xmlSecAssert2(dgstSize > 0, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize > 0, -1);
+
+ /* get the current digest */
+ err = gcry_sexp_build (&s_data, NULL,
+ "(data (flags pkcs1)(hash %s %b))",
+ gcry_md_algo_name(digest),
+ (int)dgstSize, dgst);
+ if((err != GPG_ERR_NO_ERROR) || (s_data == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(data)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* get the existing signature */
+ err = gcry_mpi_scan(&m_sig, GCRYMPI_FMT_USG, data, dataSize, NULL);
+ if((err != GPG_ERR_NO_ERROR) || (m_sig == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_scan",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ err = gcry_sexp_build (&s_sig, NULL,
+ "(sig-val(rsa(s %m)))",
+ m_sig);
+ if((err != GPG_ERR_NO_ERROR) || (s_sig == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(sig-val)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* verify signature */
+ err = gcry_pk_verify(s_sig, s_data, xmlSecGCryptKeyDataRsaGetPublicKey(key_data));
+ if(err == GPG_ERR_NO_ERROR) {
+ res = 1; /* good signature */
+ } else if(err == GPG_ERR_BAD_SIGNATURE) {
+ res = 0; /* bad signature */
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_pk_verify",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* done */
+done:
+ if(m_sig != NULL) {
+ gcry_mpi_release(m_sig);
+ }
+
+ if(s_data != NULL) {
+ gcry_sexp_release(s_data);
+ }
+ if(s_sig != NULL) {
+ gcry_sexp_release(s_sig);
+ }
+
+ return(res);
+}
+
+
+#ifndef XMLSEC_NO_MD5
+/****************************************************************************
+ *
+ * RSA-MD5 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptRsaMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptPkSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaMd5, /* const xmlChar* name; */
+ xmlSecHrefRsaMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptPkSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptPkSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptPkSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptPkSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptPkSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptPkSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformRsaMd5GetKlass:
+ *
+ * The RSA-MD5 signature transform klass.
+ *
+ * Returns: RSA-MD5 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformRsaMd5GetKlass(void) {
+ return(&xmlSecGCryptRsaMd5Klass);
+}
+
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+/****************************************************************************
+ *
+ * RSA-RIPEMD160 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptRsaRipemd160Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptPkSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaRipemd160, /* const xmlChar* name; */
+ xmlSecHrefRsaRipemd160, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptPkSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptPkSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptPkSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptPkSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptPkSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptPkSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformRsaRipemd160GetKlass:
+ *
+ * The RSA-RIPEMD160 signature transform klass.
+ *
+ * Returns: RSA-RIPEMD160 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformRsaRipemd160GetKlass(void) {
+ return(&xmlSecGCryptRsaRipemd160Klass);
+}
+
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+/****************************************************************************
+ *
+ * RSA-SHA1 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptRsaSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptPkSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha1, /* const xmlChar* name; */
+ xmlSecHrefRsaSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptPkSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptPkSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptPkSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptPkSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptPkSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptPkSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformRsaSha1GetKlass:
+ *
+ * The RSA-SHA1 signature transform klass.
+ *
+ * Returns: RSA-SHA1 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformRsaSha1GetKlass(void) {
+ return(&xmlSecGCryptRsaSha1Klass);
+}
+
+#endif /* XMLSEC_NO_SHA1 */
+
+
+#ifndef XMLSEC_NO_SHA256
+/****************************************************************************
+ *
+ * RSA-SHA256 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptRsaSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptPkSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha256, /* const xmlChar* name; */
+ xmlSecHrefRsaSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptPkSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptPkSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptPkSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptPkSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptPkSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptPkSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformRsaSha256GetKlass:
+ *
+ * The RSA-SHA256 signature transform klass.
+ *
+ * Returns: RSA-SHA256 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformRsaSha256GetKlass(void) {
+ return(&xmlSecGCryptRsaSha256Klass);
+}
+
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/****************************************************************************
+ *
+ * RSA-SHA384 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptRsaSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptPkSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha384, /* const xmlChar* name; */
+ xmlSecHrefRsaSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptPkSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptPkSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptPkSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptPkSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptPkSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptPkSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformRsaSha384GetKlass:
+ *
+ * The RSA-SHA384 signature transform klass.
+ *
+ * Returns: RSA-SHA384 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformRsaSha384GetKlass(void) {
+ return(&xmlSecGCryptRsaSha384Klass);
+}
+
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/****************************************************************************
+ *
+ * RSA-SHA512 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptRsaSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptPkSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha512, /* const xmlChar* name; */
+ xmlSecHrefRsaSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptPkSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptPkSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptPkSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptPkSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptPkSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptPkSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformRsaSha512GetKlass:
+ *
+ * The RSA-SHA512 signature transform klass.
+ *
+ * Returns: RSA-SHA512 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformRsaSha512GetKlass(void) {
+ return(&xmlSecGCryptRsaSha512Klass);
+}
+
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+
+
diff --git a/src/gcrypt/symkeys.c b/src/gcrypt/symkeys.c
new file mode 100644
index 00000000..88272fe3
--- /dev/null
+++ b/src/gcrypt/symkeys.c
@@ -0,0 +1,441 @@
+/**
+ *
+ * XMLSec library
+ *
+ * DES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gcrypt/crypto.h>
+
+
+/*****************************************************************************
+ *
+ * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
+ *
+ ****************************************************************************/
+static int xmlSecGCryptSymKeyDataInitialize (xmlSecKeyDataPtr data);
+static int xmlSecGCryptSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecGCryptSymKeyDataFinalize (xmlSecKeyDataPtr data);
+static int xmlSecGCryptSymKeyDataXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGCryptSymKeyDataXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGCryptSymKeyDataBinRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGCryptSymKeyDataBinWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlSecByte** buf,
+ xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGCryptSymKeyDataGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecGCryptSymKeyDataGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecGCryptSymKeyDataGetSize (xmlSecKeyDataPtr data);
+static void xmlSecGCryptSymKeyDataDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecGCryptSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static int xmlSecGCryptSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
+
+#define xmlSecGCryptSymKeyDataCheckId(data) \
+ (xmlSecKeyDataIsValid((data)) && \
+ xmlSecGCryptSymKeyDataKlassCheck((data)->id))
+
+static int
+xmlSecGCryptSymKeyDataInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecGCryptSymKeyDataCheckId(data), -1);
+
+ return(xmlSecKeyDataBinaryValueInitialize(data));
+}
+
+static int
+xmlSecGCryptSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecGCryptSymKeyDataCheckId(dst), -1);
+ xmlSecAssert2(xmlSecGCryptSymKeyDataCheckId(src), -1);
+ xmlSecAssert2(dst->id == src->id, -1);
+
+ return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
+}
+
+static void
+xmlSecGCryptSymKeyDataFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecGCryptSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueFinalize(data);
+}
+
+static int
+xmlSecGCryptSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecGCryptSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
+}
+
+static int
+xmlSecGCryptSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecGCryptSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
+}
+
+static int
+xmlSecGCryptSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecGCryptSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
+}
+
+static int
+xmlSecGCryptSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlSecByte** buf, xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecGCryptSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
+}
+
+static int
+xmlSecGCryptSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecGCryptSymKeyDataCheckId(data), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecGCryptGenerateRandom(buffer, (sizeBits + 7) / 8));
+}
+
+static xmlSecKeyDataType
+xmlSecGCryptSymKeyDataGetType(xmlSecKeyDataPtr data) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecGCryptSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
+
+ return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
+}
+
+static xmlSecSize
+xmlSecGCryptSymKeyDataGetSize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecGCryptSymKeyDataCheckId(data), 0);
+
+ return(xmlSecKeyDataBinaryValueGetSize(data));
+}
+
+static void
+xmlSecGCryptSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecGCryptSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueDebugDump(data, output);
+}
+
+static void
+xmlSecGCryptSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecGCryptSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
+}
+
+static int
+xmlSecGCryptSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
+#ifndef XMLSEC_NO_DES
+ if(klass == xmlSecGCryptKeyDataDesId) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(klass == xmlSecGCryptKeyDataAesId) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_HMAC
+ if(klass == xmlSecGCryptKeyDataHmacId) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_HMAC */
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_AES
+/**************************************************************************
+ *
+ * <xmlsec:AESKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecGCryptKeyDataAesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameAESKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefAESKeyValue, /* const xmlChar* href; */
+ xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecGCryptSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecGCryptSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecGCryptSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecGCryptSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecGCryptSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecGCryptSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecGCryptSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecGCryptSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecGCryptSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecGCryptSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecGCryptSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecGCryptSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptKeyDataAesGetKlass:
+ *
+ * The AES key data klass.
+ *
+ * Returns: AES key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGCryptKeyDataAesGetKlass(void) {
+ return(&xmlSecGCryptKeyDataAesKlass);
+}
+
+/**
+ * xmlSecGCryptKeyDataAesSet:
+ * @data: the pointer to AES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of AES key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGCryptKeyDataAesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataAesId), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
+}
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+/**************************************************************************
+ *
+ * <xmlsec:DESKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecGCryptKeyDataDesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameDESKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefDESKeyValue, /* const xmlChar* href; */
+ xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecGCryptSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecGCryptSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecGCryptSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecGCryptSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecGCryptSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecGCryptSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecGCryptSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecGCryptSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecGCryptSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecGCryptSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecGCryptSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecGCryptSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptKeyDataDesGetKlass:
+ *
+ * The DES key data klass.
+ *
+ * Returns: DES key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGCryptKeyDataDesGetKlass(void) {
+ return(&xmlSecGCryptKeyDataDesKlass);
+}
+
+/**
+ * xmlSecGCryptKeyDataDesSet:
+ * @data: the pointer to DES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of DES key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGCryptKeyDataDesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDesId), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
+}
+
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_HMAC
+/**************************************************************************
+ *
+ * <xmlsec:HMACKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecGCryptKeyDataHmacKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameHMACKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
+ xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecGCryptSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecGCryptSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecGCryptSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecGCryptSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecGCryptSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecGCryptSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecGCryptSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecGCryptSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecGCryptSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecGCryptSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecGCryptSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecGCryptSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptKeyDataHmacGetKlass:
+ *
+ * The HMAC key data klass.
+ *
+ * Returns: HMAC key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGCryptKeyDataHmacGetKlass(void) {
+ return(&xmlSecGCryptKeyDataHmacKlass);
+}
+
+/**
+ * xmlSecGCryptKeyDataHmacSet:
+ * @data: the pointer to HMAC key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of HMAC key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGCryptKeyDataHmacSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataHmacId), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
+}
+
+#endif /* XMLSEC_NO_HMAC */
+
diff --git a/src/globals.h b/src/globals.h
index 35a238cc..31a57d6b 100644
--- a/src/globals.h
+++ b/src/globals.h
@@ -5,7 +5,7 @@
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
@@ -13,7 +13,7 @@
#define __XMLSEC_GLOBALS_H__
/**
- * Use autoconf defines if present.
+ * Use autoconf defines if present.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
diff --git a/src/gnutls/Makefile.am b/src/gnutls/Makefile.am
index 7d639a34..84ce637a 100644
--- a/src/gnutls/Makefile.am
+++ b/src/gnutls/Makefile.am
@@ -24,7 +24,15 @@ libxmlsec1_gnutls_la_SOURCES =\
crypto.c \
digests.c \
hmac.c \
+ kw_aes.c \
+ kw_des.c \
symkeys.c \
+ asymkeys.c \
+ signatures.c \
+ x509utils.h \
+ x509utils.c \
+ x509.c \
+ x509vfy.c \
globals.h \
$(NULL)
@@ -32,11 +40,13 @@ if SHAREDLIB_HACK
libxmlsec1_gnutls_la_SOURCES += ../strings.c
endif
+# xmlsec-gnutls library requires xmlsec-gcrypt
libxmlsec1_gnutls_la_LIBADD = \
- ../libxmlsec1.la \
$(GNUTLS_LIBS) \
$(LIBXSLT_LIBS) \
$(LIBXML_LIBS) \
+ ../libxmlsec1.la \
+ ../gcrypt/libxmlsec1-gcrypt.la \
$(NULL)
libxmlsec1_gnutls_la_DEPENDENCIES = \
diff --git a/src/gnutls/Makefile.in b/src/gnutls/Makefile.in
index f07a4b49..f4351c16 100644
--- a/src/gnutls/Makefile.in
+++ b/src/gnutls/Makefile.in
@@ -1,9 +1,9 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.3 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
-# Inc.
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -38,10 +38,13 @@ host_triplet = @host@
subdir = src/gnutls
DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/configure.in
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
@@ -66,35 +69,65 @@ am__nobase_list = $(am__nobase_strip_setup); \
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
am__installdirs = "$(DESTDIR)$(libdir)"
LTLIBRARIES = $(lib_LTLIBRARIES)
am__DEPENDENCIES_1 =
am__libxmlsec1_gnutls_la_SOURCES_DIST = app.c ciphers.c crypto.c \
- digests.c hmac.c symkeys.c globals.h ../strings.c
+ digests.c hmac.c kw_aes.c kw_des.c symkeys.c asymkeys.c \
+ signatures.c x509utils.h x509utils.c x509.c x509vfy.c \
+ globals.h ../strings.c
am__objects_1 =
@SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_gnutls_la-strings.lo
am_libxmlsec1_gnutls_la_OBJECTS = libxmlsec1_gnutls_la-app.lo \
libxmlsec1_gnutls_la-ciphers.lo libxmlsec1_gnutls_la-crypto.lo \
libxmlsec1_gnutls_la-digests.lo libxmlsec1_gnutls_la-hmac.lo \
- libxmlsec1_gnutls_la-symkeys.lo $(am__objects_1) \
+ libxmlsec1_gnutls_la-kw_aes.lo libxmlsec1_gnutls_la-kw_des.lo \
+ libxmlsec1_gnutls_la-symkeys.lo \
+ libxmlsec1_gnutls_la-asymkeys.lo \
+ libxmlsec1_gnutls_la-signatures.lo \
+ libxmlsec1_gnutls_la-x509utils.lo libxmlsec1_gnutls_la-x509.lo \
+ libxmlsec1_gnutls_la-x509vfy.lo $(am__objects_1) \
$(am__objects_2)
libxmlsec1_gnutls_la_OBJECTS = $(am_libxmlsec1_gnutls_la_OBJECTS)
-libxmlsec1_gnutls_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(libxmlsec1_gnutls_la_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+libxmlsec1_gnutls_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(libxmlsec1_gnutls_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
- $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
SOURCES = $(libxmlsec1_gnutls_la_SOURCES)
DIST_SOURCES = $(am__libxmlsec1_gnutls_la_SOURCES_DIST)
ETAGS = etags
@@ -102,6 +135,7 @@ CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
@@ -116,6 +150,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -124,6 +159,10 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
GNUTLS_LIBS = @GNUTLS_LIBS@
@@ -154,6 +193,7 @@ LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MAN2HTML = @MAN2HTML@
+MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
@@ -185,8 +225,10 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_ENABLED = @PKG_CONFIG_ENABLED@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
RANLIB = @RANLIB@
RM = @RM@
SED = @SED@
@@ -194,7 +236,6 @@ SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
TAR = @TAR@
-U = @U@
VERSION = @VERSION@
XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
@@ -213,6 +254,8 @@ XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
@@ -222,6 +265,7 @@ XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
XMLSEC_NO_DES = @XMLSEC_NO_DES@
XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
@@ -257,6 +301,7 @@ abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
@@ -289,7 +334,6 @@ libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
-lt_ECHO = @lt_ECHO@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
@@ -325,12 +369,17 @@ libxmlsec1_gnutls_la_CPPFLAGS = \
$(NULL)
libxmlsec1_gnutls_la_SOURCES = app.c ciphers.c crypto.c digests.c \
- hmac.c symkeys.c globals.h $(NULL) $(am__append_1)
+ hmac.c kw_aes.c kw_des.c symkeys.c asymkeys.c signatures.c \
+ x509utils.h x509utils.c x509.c x509vfy.c globals.h $(NULL) \
+ $(am__append_1)
+
+# xmlsec-gnutls library requires xmlsec-gcrypt
libxmlsec1_gnutls_la_LIBADD = \
- ../libxmlsec1.la \
$(GNUTLS_LIBS) \
$(LIBXSLT_LIBS) \
$(LIBXML_LIBS) \
+ ../libxmlsec1.la \
+ ../gcrypt/libxmlsec1-gcrypt.la \
$(NULL)
libxmlsec1_gnutls_la_DEPENDENCIES = \
@@ -406,8 +455,8 @@ clean-libLTLIBRARIES:
echo "rm -f \"$${dir}/so_locations\""; \
rm -f "$${dir}/so_locations"; \
done
-libxmlsec1-gnutls.la: $(libxmlsec1_gnutls_la_OBJECTS) $(libxmlsec1_gnutls_la_DEPENDENCIES)
- $(libxmlsec1_gnutls_la_LINK) -rpath $(libdir) $(libxmlsec1_gnutls_la_OBJECTS) $(libxmlsec1_gnutls_la_LIBADD) $(LIBS)
+libxmlsec1-gnutls.la: $(libxmlsec1_gnutls_la_OBJECTS) $(libxmlsec1_gnutls_la_DEPENDENCIES) $(EXTRA_libxmlsec1_gnutls_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libxmlsec1_gnutls_la_LINK) -rpath $(libdir) $(libxmlsec1_gnutls_la_OBJECTS) $(libxmlsec1_gnutls_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -416,82 +465,138 @@ distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-app.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-asymkeys.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-ciphers.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-crypto.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-digests.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-hmac.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-kw_aes.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-kw_des.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-signatures.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-strings.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-symkeys.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-x509.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-x509utils.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-x509vfy.Plo@am__quote@
.c.o:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
.c.obj:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
libxmlsec1_gnutls_la-app.lo: app.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-app.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-app.Tpo -c -o libxmlsec1_gnutls_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-app.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-app.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='app.c' object='libxmlsec1_gnutls_la-app.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-app.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-app.Tpo -c -o libxmlsec1_gnutls_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-app.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-app.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='app.c' object='libxmlsec1_gnutls_la-app.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
libxmlsec1_gnutls_la-ciphers.lo: ciphers.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-ciphers.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-ciphers.Tpo -c -o libxmlsec1_gnutls_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-ciphers.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-ciphers.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ciphers.c' object='libxmlsec1_gnutls_la-ciphers.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-ciphers.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-ciphers.Tpo -c -o libxmlsec1_gnutls_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-ciphers.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-ciphers.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ciphers.c' object='libxmlsec1_gnutls_la-ciphers.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
libxmlsec1_gnutls_la-crypto.lo: crypto.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-crypto.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-crypto.Tpo -c -o libxmlsec1_gnutls_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-crypto.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-crypto.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto.c' object='libxmlsec1_gnutls_la-crypto.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-crypto.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-crypto.Tpo -c -o libxmlsec1_gnutls_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-crypto.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-crypto.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='crypto.c' object='libxmlsec1_gnutls_la-crypto.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
libxmlsec1_gnutls_la-digests.lo: digests.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-digests.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-digests.Tpo -c -o libxmlsec1_gnutls_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-digests.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-digests.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='digests.c' object='libxmlsec1_gnutls_la-digests.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-digests.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-digests.Tpo -c -o libxmlsec1_gnutls_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-digests.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-digests.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='digests.c' object='libxmlsec1_gnutls_la-digests.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
libxmlsec1_gnutls_la-hmac.lo: hmac.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-hmac.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-hmac.Tpo -c -o libxmlsec1_gnutls_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-hmac.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-hmac.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='hmac.c' object='libxmlsec1_gnutls_la-hmac.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-hmac.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-hmac.Tpo -c -o libxmlsec1_gnutls_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-hmac.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-hmac.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hmac.c' object='libxmlsec1_gnutls_la-hmac.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+
+libxmlsec1_gnutls_la-kw_aes.lo: kw_aes.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-kw_aes.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-kw_aes.Tpo -c -o libxmlsec1_gnutls_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-kw_aes.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-kw_aes.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kw_aes.c' object='libxmlsec1_gnutls_la-kw_aes.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
+
+libxmlsec1_gnutls_la-kw_des.lo: kw_des.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-kw_des.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-kw_des.Tpo -c -o libxmlsec1_gnutls_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-kw_des.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-kw_des.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kw_des.c' object='libxmlsec1_gnutls_la-kw_des.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
libxmlsec1_gnutls_la-symkeys.lo: symkeys.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-symkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-symkeys.Tpo -c -o libxmlsec1_gnutls_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-symkeys.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-symkeys.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='symkeys.c' object='libxmlsec1_gnutls_la-symkeys.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-symkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-symkeys.Tpo -c -o libxmlsec1_gnutls_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-symkeys.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-symkeys.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='symkeys.c' object='libxmlsec1_gnutls_la-symkeys.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
+
+libxmlsec1_gnutls_la-asymkeys.lo: asymkeys.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-asymkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-asymkeys.Tpo -c -o libxmlsec1_gnutls_la-asymkeys.lo `test -f 'asymkeys.c' || echo '$(srcdir)/'`asymkeys.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-asymkeys.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-asymkeys.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asymkeys.c' object='libxmlsec1_gnutls_la-asymkeys.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-asymkeys.lo `test -f 'asymkeys.c' || echo '$(srcdir)/'`asymkeys.c
+
+libxmlsec1_gnutls_la-signatures.lo: signatures.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-signatures.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-signatures.Tpo -c -o libxmlsec1_gnutls_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-signatures.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-signatures.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='signatures.c' object='libxmlsec1_gnutls_la-signatures.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
+
+libxmlsec1_gnutls_la-x509utils.lo: x509utils.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-x509utils.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-x509utils.Tpo -c -o libxmlsec1_gnutls_la-x509utils.lo `test -f 'x509utils.c' || echo '$(srcdir)/'`x509utils.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-x509utils.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-x509utils.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='x509utils.c' object='libxmlsec1_gnutls_la-x509utils.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-x509utils.lo `test -f 'x509utils.c' || echo '$(srcdir)/'`x509utils.c
+
+libxmlsec1_gnutls_la-x509.lo: x509.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-x509.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-x509.Tpo -c -o libxmlsec1_gnutls_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-x509.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-x509.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='x509.c' object='libxmlsec1_gnutls_la-x509.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
+
+libxmlsec1_gnutls_la-x509vfy.lo: x509vfy.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-x509vfy.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-x509vfy.Tpo -c -o libxmlsec1_gnutls_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-x509vfy.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-x509vfy.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='x509vfy.c' object='libxmlsec1_gnutls_la-x509vfy.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
libxmlsec1_gnutls_la-strings.lo: ../strings.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-strings.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-strings.Tpo -c -o libxmlsec1_gnutls_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-strings.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-strings.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='../strings.c' object='libxmlsec1_gnutls_la-strings.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-strings.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-strings.Tpo -c -o libxmlsec1_gnutls_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-strings.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-strings.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='../strings.c' object='libxmlsec1_gnutls_la-strings.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
mostlyclean-libtool:
-rm -f *.lo
@@ -598,10 +703,15 @@ install-am: all-am
installcheck: installcheck-am
install-strip:
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- `test -z '$(STRIP)' || \
- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
mostlyclean-generic:
clean-generic:
diff --git a/src/gnutls/README b/src/gnutls/README
index 02c5fbbf..404aa878 100644
--- a/src/gnutls/README
+++ b/src/gnutls/README
@@ -1,9 +1,6 @@
-The xmlsec-gnutls implementation is really limited and is not ready
-for production use. The only supported crypto transforms are:
+The xmlsec-gnutls uses both libgcrypt and libgnutls because GnuTLS
+does not provide direct access to low-level crypto operations (digests,
+hmac, aes, des, etc.).
+
- - HMAC
- - Tripple DES
- - AES [128|192|256]
- - SHA1
- \ No newline at end of file
diff --git a/src/gnutls/app.c b/src/gnutls/app.c
index 54da1999..856257f3 100644
--- a/src/gnutls/app.c
+++ b/src/gnutls/app.c
@@ -1,17 +1,15 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
#include <string.h>
-#include <gnutls/gnutls.h>
-
#include <xmlsec/xmlsec.h>
#include <xmlsec/keys.h>
#include <xmlsec/transforms.h>
@@ -19,38 +17,56 @@
#include <xmlsec/gnutls/app.h>
#include <xmlsec/gnutls/crypto.h>
+#include <xmlsec/gnutls/x509.h>
+
+#include "x509utils.h"
+
+/**************************************************************************
+ *
+ * We use xmlsec-gcrypt for all the basic crypto ops
+ *
+ *****************************************************************************/
+#include <xmlsec/gcrypt/crypto.h>
+#include <xmlsec/gcrypt/app.h>
+
+static xmlSecKeyPtr xmlSecGnuTLSAppKeyFromCertLoad (const char *filename,
+ xmlSecKeyDataFormat format);
+static xmlSecKeyPtr xmlSecGnuTLSAppKeyFromCertLoadMemory (const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format);
/**
* xmlSecGnuTLSAppInit:
- * @config: the path to GnuTLS configuration (unused).
- *
+ * @config: the path to GnuTLS configuration (unused).
+ *
* General crypto engine initialization. This function is used
- * by XMLSec command line utility and called before
+ * by XMLSec command line utility and called before
* @xmlSecInit function.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecGnuTLSAppInit(const char* config ATTRIBUTE_UNUSED) {
- int ret;
-
- ret = gnutls_global_init();
- if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_global_init",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "ret=%d", ret);
- return(-1);
+xmlSecGnuTLSAppInit(const char* config) {
+ int err;
+
+ err = gnutls_global_init();
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_global_init",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(-1);
}
- return(0);
+
+ return(xmlSecGCryptAppInit(config));
}
/**
* xmlSecGnuTLSAppShutdown:
- *
+ *
* General crypto engine shutdown. This function is used
- * by XMLSec command line utility and called after
+ * by XMLSec command line utility and called after
* @xmlSecShutdown function.
*
* Returns: 0 on success or a negative value otherwise.
@@ -58,304 +74,787 @@ xmlSecGnuTLSAppInit(const char* config ATTRIBUTE_UNUSED) {
int
xmlSecGnuTLSAppShutdown(void) {
gnutls_global_deinit();
- return(0);
+
+ return(xmlSecGCryptAppShutdown());
}
/**
* xmlSecGnuTLSAppKeyLoad:
- * @filename: the key filename.
- * @format: the key file format.
- * @pwd: the key file password.
- * @pwdCallback: the key password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @filename: the key filename.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
- * Reads key from the a file (not implemented yet).
+ * Reads key from the a file.
*
* Returns: pointer to the key or NULL if an error occurs.
*/
xmlSecKeyPtr
xmlSecGnuTLSAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
- const char *pwd,
- void* pwdCallback,
- void* pwdCallbackCtx) {
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx) {
+ xmlSecKeyPtr key;
+
xmlSecAssert2(filename != NULL, NULL);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
-
- if (format == xmlSecKeyDataFormatPkcs12) {
- return (xmlSecGnuTLSAppPkcs12Load(filename, pwd, pwdCallback,
- pwdCallbackCtx));
+ switch(format) {
+#ifndef XMLSEC_NO_X509
+ case xmlSecKeyDataFormatPkcs12:
+ key = xmlSecGnuTLSAppPkcs12Load(filename, pwd, pwdCallback, pwdCallbackCtx);
+ break;
+ case xmlSecKeyDataFormatCertPem:
+ case xmlSecKeyDataFormatCertDer:
+ key = xmlSecGnuTLSAppKeyFromCertLoad(filename, format);
+ break;
+#endif /* XMLSEC_NO_X509 */
+ default:
+ key = xmlSecGCryptAppKeyLoad(filename, format, pwd, pwdCallback, pwdCallbackCtx);
+ break;
}
- /* TODO */
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSAppKeyLoad",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ return(key);
}
/**
* xmlSecGnuTLSAppKeyLoadMemory:
- * @data: the binary key data.
- * @dataSize: the size of binary key.
- * @format: the key file format.
- * @pwd: the key file password.
- * @pwdCallback: the key password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @data: the binary key data.
+ * @dataSize: the size of binary key.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
- * Reads key from the memory buffer (not implemented yet).
+ * Reads key from the memory buffer.
*
* Returns: pointer to the key or NULL if an error occurs.
*/
xmlSecKeyPtr
-xmlSecGnuTLSAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
- xmlSecKeyDataFormat format, const char *pwd,
- void* pwdCallback, void* pwdCallbackCtx) {
+xmlSecGnuTLSAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecKeyDataFormat format, const char *pwd,
+ void* pwdCallback, void* pwdCallbackCtx) {
+ xmlSecKeyPtr key;
+
xmlSecAssert2(data != NULL, NULL);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
- if (format == xmlSecKeyDataFormatPkcs12) {
- return (xmlSecGnuTLSAppPkcs12LoadMemory(data, dataSize, pwd,
- pwdCallback, pwdCallbackCtx));
+ switch(format) {
+#ifndef XMLSEC_NO_X509
+ case xmlSecKeyDataFormatPkcs12:
+ key = xmlSecGnuTLSAppPkcs12LoadMemory(data, dataSize, pwd, pwdCallback, pwdCallbackCtx);
+ break;
+ case xmlSecKeyDataFormatCertPem:
+ case xmlSecKeyDataFormatCertDer:
+ key = xmlSecGnuTLSAppKeyFromCertLoadMemory(data, dataSize, format);
+ break;
+#endif /* XMLSEC_NO_X509 */
+ default:
+ key = xmlSecGCryptAppKeyLoadMemory(data, dataSize, format, pwd, pwdCallback, pwdCallbackCtx);
+ break;
}
-
- /* TODO */
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSAppKeyLoadMemory",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ return(key);
}
#ifndef XMLSEC_NO_X509
/**
* xmlSecGnuTLSAppKeyCertLoad:
- * @key: the pointer to key.
- * @filename: the certificate filename.
- * @format: the certificate file format.
+ * @key: the pointer to key.
+ * @filename: the certificate filename.
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from $@filename and adds it to key.
*
- * Reads the certificate from $@filename and adds it to key
- * (not implemented yet).
- *
* Returns: 0 on success or a negative value otherwise.
*/
-int
-xmlSecGnuTLSAppKeyCertLoad(xmlSecKeyPtr key, const char* filename,
- xmlSecKeyDataFormat format) {
+int
+xmlSecGnuTLSAppKeyCertLoad(xmlSecKeyPtr key, const char* filename,
+ xmlSecKeyDataFormat format) {
+ xmlSecBuffer buffer;
+ int ret;
+
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
-
- /* TODO */
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSAppKeyCertLoad",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+
+ ret = xmlSecBufferInitialize(&buffer, 4*1024);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferReadFile(&buffer, filename);
+ if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL) || (xmlSecBufferGetSize(&buffer) <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferReadFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSAppKeyCertLoadMemory(key,
+ xmlSecBufferGetData(&buffer),
+ xmlSecBufferGetSize(&buffer),
+ format);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppKeyCertLoadMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(-1);
+ }
+
+ /* cleanup */
+ xmlSecBufferFinalize(&buffer);
+ return(0);
}
/**
* xmlSecGnuTLSAppKeyCertLoadMemory:
- * @key: the pointer to key.
- * @data: the certificate binary data.
- * @dataSize: the certificate binary data size.
- * @format: the certificate file format.
+ * @key: the pointer to key.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from memory buffer and adds it to key.
*
- * Reads the certificate from memory buffer and adds it to key (not implemented yet).
- *
* Returns: 0 on success or a negative value otherwise.
*/
-int
-xmlSecGnuTLSAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSize dataSize,
- xmlSecKeyDataFormat format) {
+int
+xmlSecGnuTLSAppKeyCertLoadMemory(xmlSecKeyPtr key,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format) {
+ gnutls_x509_crt_t cert;
+ xmlSecKeyDataPtr keyData;
+ int ret;
+
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize > 0, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
- /* TODO */
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSAppKeyCertLoadMemory",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ keyData = xmlSecKeyEnsureData(key, xmlSecGnuTLSKeyDataX509Id);
+ if(keyData == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cert = xmlSecGnuTLSX509CertRead(data, dataSize, format);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSKeyDataX509AdoptCert(keyData, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_x509_crt_deinit(cert);
+ return(-1);
+ }
+
+ return(0);
}
/**
* xmlSecGnuTLSAppPkcs12Load:
- * @filename: the PKCS12 key filename.
- * @pwd: the PKCS12 file password.
- * @pwdCallback: the password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @filename: the PKCS12 key filename.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
- * Reads key and all associated certificates from the PKCS12 file
- * (not implemented yet).
+ * Reads key and all associated certificates from the PKCS12 file.
* For uniformity, call xmlSecGnuTLSAppKeyLoad instead of this function. Pass
* in format=xmlSecKeyDataFormatPkcs12.
*
* Returns: pointer to the key or NULL if an error occurs.
*/
-xmlSecKeyPtr
-xmlSecGnuTLSAppPkcs12Load(const char *filename,
- const char *pwd ATTRIBUTE_UNUSED,
- void* pwdCallback ATTRIBUTE_UNUSED,
- void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+xmlSecKeyPtr
+xmlSecGnuTLSAppPkcs12Load(const char *filename,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx) {
+ xmlSecKeyPtr key;
+ xmlSecBuffer buffer;
+ int ret;
+
xmlSecAssert2(filename != NULL, NULL);
- /* TODO */
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSAppPkcs12Load",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ ret = xmlSecBufferInitialize(&buffer, 4*1024);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ret = xmlSecBufferReadFile(&buffer, filename);
+ if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL) || (xmlSecBufferGetSize(&buffer) <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferReadFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
+ }
+
+ key = xmlSecGnuTLSAppPkcs12LoadMemory(xmlSecBufferGetData(&buffer),
+ xmlSecBufferGetSize(&buffer),
+ pwd, pwdCallback, pwdCallbackCtx);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppPkcs12LoadMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
+ }
+
+ /* cleanup */
+ xmlSecBufferFinalize(&buffer);
+ return(key);
}
/**
* xmlSecGnuTLSAppPkcs12LoadMemory:
- * @data: the PKCS12 binary data.
- * @dataSize: the PKCS12 binary data size.
- * @pwd: the PKCS12 file password.
- * @pwdCallback: the password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @data: the PKCS12 binary data.
+ * @dataSize: the PKCS12 binary data size.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key and all associated certificates from the PKCS12 data in memory buffer.
* For uniformity, call xmlSecGnuTLSAppKeyLoadMemory instead of this function. Pass
- * in format=xmlSecKeyDataFormatPkcs12 (not implemented yet).
+ * in format=xmlSecKeyDataFormatPkcs12.
*
* Returns: pointer to the key or NULL if an error occurs.
*/
-xmlSecKeyPtr
-xmlSecGnuTLSAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
- const char *pwd, void* pwdCallback,
- void* pwdCallbackCtx) {
+xmlSecKeyPtr
+xmlSecGnuTLSAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+ const char *pwd,
+ void* pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED)
+{
+ xmlSecKeyPtr key = NULL;
+ xmlSecKeyPtr res = NULL;
+ xmlSecPtrList certsList;
+ xmlSecKeyDataPtr keyData = NULL;
+ xmlSecKeyDataPtr x509Data = NULL;
+ gnutls_x509_privkey_t priv_key = NULL;
+ gnutls_x509_crt_t key_cert = NULL;
+ xmlSecSize certsSize;
+ int ret;
+
xmlSecAssert2(data != NULL, NULL);
- /* TODO */
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSAppPkcs12LoadMemory",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecAssert2(dataSize > 0, NULL);
+
+ /* prepare */
+ ret = xmlSecPtrListInitialize(&(certsList), xmlSecGnuTLSX509CrtListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "certsList");
+ return(NULL);
+ }
+
+ /* load pkcs12 */
+ ret = xmlSecGnuTLSPkcs12LoadMemory(data, dataSize, pwd, &priv_key, &key_cert, &certsList);
+ if((ret < 0) || (priv_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSPkcs12LoadMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* create key */
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* create key value data */
+ keyData = xmlSecGnuTLSCreateKeyDataAndAdoptPrivKey(priv_key);
+ if(keyData == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSCreateKeyDataAndAdoptPrivKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ priv_key = NULL; /* owned by keyData now */
+
+ ret = xmlSecKeySetValue(key, keyData);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ keyData = NULL; /* owned by key now */
+
+
+ /* create x509 certs data */
+ certsSize = xmlSecPtrListGetSize(&certsList);
+ if((certsSize > 0) || (key_cert != NULL)) {
+ xmlSecSize ii;
+
+ x509Data = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataX509Id);
+ if(x509Data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataX509Id)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* set key's cert */
+ if(key_cert != NULL) {
+ ret = xmlSecGnuTLSKeyDataX509AdoptKeyCert(x509Data, key_cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ key_cert = NULL; /* owned by x509Data now */
+ }
+
+ /* copy all other certs */
+ for(ii = 0; ii < certsSize; ++ii) {
+ gnutls_x509_crt_t cert = xmlSecPtrListRemoveAndReturn(&certsList, ii);
+ if(cert == NULL) {
+ continue;
+ }
+
+ ret = xmlSecGnuTLSKeyDataX509AdoptCert(x509Data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_x509_crt_deinit(cert);
+ goto done;
+ }
+ }
+
+ /* set in the key */
+ ret = xmlSecKeyAdoptData(key, x509Data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyAdoptData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ x509Data = NULL; /* owned by key now */
+ }
+
+ /* success!!! */
+ res = key;
+ key = NULL;
+
+done:
+ if(key_cert != NULL) {
+ gnutls_x509_crt_deinit(key_cert);
+ }
+ if(priv_key != NULL) {
+ gnutls_x509_privkey_deinit(priv_key);
+ }
+ if(keyData != NULL) {
+ xmlSecKeyDataDestroy(keyData);
+ }
+ if(x509Data != NULL) {
+ xmlSecKeyDataDestroy(x509Data);
+ }
+ if(key != NULL) {
+ xmlSecKeyDestroy(key);
+ }
+ xmlSecPtrListFinalize(&certsList);
+ return(res);
+}
+
+static xmlSecKeyPtr
+xmlSecGnuTLSAppKeyFromCertLoad(const char *filename,
+ xmlSecKeyDataFormat format)
+{
+ xmlSecKeyPtr key;
+ xmlSecBuffer buffer;
+ int ret;
+
+ xmlSecAssert2(filename != NULL, NULL);
+
+ ret = xmlSecBufferInitialize(&buffer, 4*1024);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ret = xmlSecBufferReadFile(&buffer, filename);
+ if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL) || (xmlSecBufferGetSize(&buffer) <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferReadFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
+ }
+
+ key = xmlSecGnuTLSAppKeyFromCertLoadMemory(
+ xmlSecBufferGetData(&buffer),
+ xmlSecBufferGetSize(&buffer),
+ format);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppKeyFromCertLoadMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
+ }
+
+ /* cleanup */
+ xmlSecBufferFinalize(&buffer);
+ return(key);
+}
+
+static xmlSecKeyPtr
+xmlSecGnuTLSAppKeyFromCertLoadMemory(const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format)
+{
+ xmlSecKeyPtr key = NULL;
+ xmlSecKeyDataPtr keyData = NULL;
+ xmlSecKeyDataPtr x509Data = NULL;
+ gnutls_x509_crt_t cert = NULL;
+ xmlSecKeyPtr res = NULL;
+ int ret;
+
+ xmlSecAssert2(data != NULL, NULL);
+ xmlSecAssert2(dataSize > 0, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+ /* read cert */
+ cert = xmlSecGnuTLSX509CertRead(data, dataSize, format);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* create key */
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* create key value data */
+ keyData = xmlSecGnuTLSX509CertGetKey(cert);
+ if(keyData == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecKeySetValue(key, keyData);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ keyData = NULL; /* owned by key now */
+
+ /* create x509 data */
+ x509Data = xmlSecKeyEnsureData(key, xmlSecGnuTLSKeyDataX509Id);
+ if(x509Data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ ret = xmlSecGnuTLSKeyDataX509AdoptKeyCert(x509Data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ cert = NULL; /* owned by x509Data now */
+
+ /* success */
+ res = key;
+ key = NULL;
+
+done:
+ if(cert != NULL) {
+ gnutls_x509_crt_deinit(cert);
+ }
+ if(keyData != NULL) {
+ xmlSecKeyDataDestroy(keyData);
+ }
+ if(key != NULL) {
+ xmlSecKeyDestroy(key);
+ }
+ return(res);
}
/**
* xmlSecGnuTLSAppKeysMngrCertLoad:
- * @mngr: the keys manager.
- * @filename: the certificate file.
- * @format: the certificate file format.
- * @type: the flag that indicates is the certificate in @filename
- * trusted or not.
- *
+ * @mngr: the keys manager.
+ * @filename: the certificate file.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate in @filename
+ * trusted or not.
+ *
* Reads cert from @filename and adds to the list of trusted or known
- * untrusted certs in @store (not implemented yet).
+ * untrusted certs in @store.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecGnuTLSAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
- xmlSecKeyDataFormat format,
- xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+xmlSecGnuTLSAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr,
+ const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type) {
+ xmlSecBuffer buffer;
+ int ret;
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
- /* TODO */
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSAppKeysMngrCertLoad",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ ret = xmlSecBufferInitialize(&buffer, 4*1024);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferReadFile(&buffer, filename);
+ if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL) || (xmlSecBufferGetSize(&buffer) <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferReadFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSAppKeysMngrCertLoadMemory(mngr,
+ xmlSecBufferGetData(&buffer),
+ xmlSecBufferGetSize(&buffer),
+ format,
+ type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppKeysMngrCertLoadMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(-1);
+ }
+
+ /* cleanup */
+ xmlSecBufferFinalize(&buffer);
+ return(0);
}
/**
* xmlSecGnuTLSAppKeysMngrCertLoadMemory:
- * @mngr: the keys manager.
- * @data: the certificate binary data.
- * @dataSize: the certificate binary data size.
- * @format: the certificate file format.
- * @type: the flag that indicates is the certificate trusted or not.
- *
+ * @mngr: the keys manager.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate trusted or not.
+ *
* Reads cert from binary buffer @data and adds to the list of trusted or known
- * untrusted certs in @store (not implemented yet).
+ * untrusted certs in @store.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecGnuTLSAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* data,
- xmlSecSize dataSize, xmlSecKeyDataFormat format,
- xmlSecKeyDataType type) {
+xmlSecGnuTLSAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type) {
+ xmlSecKeyDataStorePtr x509Store;
+ gnutls_x509_crt_t cert;
+ int ret;
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize > 0, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
- /* TODO */
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSAppKeysMngrCertLoadMemory",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecGnuTLSX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGnuTLSX509StoreId");
+ return(-1);
+ }
+
+ cert = xmlSecGnuTLSX509CertRead(data, dataSize, format);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSX509StoreAdoptCert(x509Store, cert, type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509StoreAdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_x509_crt_deinit(cert);
+ return(-1);
+ }
+
+ return(0);
}
#endif /* XMLSEC_NO_X509 */
/**
* xmlSecGnuTLSAppDefaultKeysMngrInit:
- * @mngr: the pointer to keys manager.
+ * @mngr: the pointer to keys manager.
*
* Initializes @mngr with simple keys store #xmlSecSimpleKeysStoreId
* and a default GnuTLS crypto key data stores.
*
* Returns: 0 on success or a negative value otherwise.
- */
+ */
int
xmlSecGnuTLSAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) {
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
- /* create simple keys store if needed */
+ /* create simple keys store if needed */
if(xmlSecKeysMngrGetKeysStore(mngr) == NULL) {
- xmlSecKeyStorePtr keysStore;
-
- keysStore = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
- if(keysStore == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyStoreCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecSimpleKeysStoreId");
- return(-1);
- }
-
- ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrAdoptKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyStoreDestroy(keysStore);
- return(-1);
- }
- }
-
- ret = xmlSecGnuTLSKeysMngrInit(mngr);
+ xmlSecKeyStorePtr keysStore;
+
+ keysStore = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
+ if(keysStore == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecSimpleKeysStoreId");
+ return(-1);
+ }
+
+ ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrAdoptKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyStoreDestroy(keysStore);
+ return(-1);
+ }
+ }
+
+ ret = xmlSecGnuTLSKeysMngrInit(mngr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSKeysMngrInit",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKeysMngrInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
/* TODO */
mngr->getKey = xmlSecKeysMngrGetKey;
return(0);
@@ -363,125 +862,125 @@ xmlSecGnuTLSAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) {
/**
* xmlSecGnuTLSAppDefaultKeysMngrAdoptKey:
- * @mngr: the pointer to keys manager.
- * @key: the pointer to key.
+ * @mngr: the pointer to keys manager.
+ * @key: the pointer to key.
*
* Adds @key to the keys manager @mngr created with #xmlSecGnuTLSAppDefaultKeysMngrInit
* function.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecGnuTLSAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) {
xmlSecKeyStorePtr store;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(key != NULL, -1);
-
+
store = xmlSecKeysMngrGetKeysStore(mngr);
if(store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecSimpleKeysStoreAdoptKey(store, key);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSimpleKeysStoreAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
return(0);
}
/**
* xmlSecGnuTLSAppDefaultKeysMngrLoad:
- * @mngr: the pointer to keys manager.
- * @uri: the uri.
+ * @mngr: the pointer to keys manager.
+ * @uri: the uri.
*
- * Loads XML keys file from @uri to the keys manager @mngr created
+ * Loads XML keys file from @uri to the keys manager @mngr created
* with #xmlSecGnuTLSAppDefaultKeysMngrInit function.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecGnuTLSAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) {
xmlSecKeyStorePtr store;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(uri != NULL, -1);
-
+
store = xmlSecKeysMngrGetKeysStore(mngr);
if(store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecSimpleKeysStoreLoad(store, uri, mngr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSimpleKeysStoreLoad",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "uri=%s", xmlSecErrorsSafeString(uri));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreLoad",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s", xmlSecErrorsSafeString(uri));
+ return(-1);
+ }
+
return(0);
}
/**
* xmlSecGnuTLSAppDefaultKeysMngrSave:
- * @mngr: the pointer to keys manager.
- * @filename: the destination filename.
- * @type: the type of keys to save (public/private/symmetric).
+ * @mngr: the pointer to keys manager.
+ * @filename: the destination filename.
+ * @type: the type of keys to save (public/private/symmetric).
*
* Saves keys from @mngr to XML keys file.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecGnuTLSAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename, xmlSecKeyDataType type) {
xmlSecKeyStorePtr store;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
-
+
store = xmlSecKeysMngrGetKeysStore(mngr);
if(store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecSimpleKeysStoreSave(store, filename, type);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSimpleKeysStoreSave",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(filename));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreSave",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ return(-1);
+ }
+
return(0);
}
diff --git a/src/gnutls/asymkeys.c b/src/gnutls/asymkeys.c
new file mode 100644
index 00000000..6ac68a78
--- /dev/null
+++ b/src/gnutls/asymkeys.c
@@ -0,0 +1,455 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+
+/**************************************************************************
+ *
+ * We use xmlsec-gcrypt for all the basic crypto ops
+ *
+ *****************************************************************************/
+#include <xmlsec/gcrypt/crypto.h>
+#include <gcrypt.h>
+
+static void xmlSecGnuTLSDestroyParams(gnutls_datum_t * params, xmlSecSize num) {
+ xmlSecSize ii;
+
+ xmlSecAssert(params != NULL);
+ for(ii = 0; ii < num; ++ii) {
+ gnutls_free(params[ii].data);
+ }
+}
+
+static void xmlSecGnuTLSDestroyMpis(gcry_mpi_t * mpis, xmlSecSize num) {
+ xmlSecSize ii;
+
+ xmlSecAssert(mpis != NULL);
+ for(ii = 0; ii < num; ++ii) {
+ gcry_mpi_release(mpis[ii]);
+ }
+}
+
+static int xmlSecGnuTLSConvertParamsToMpis(gnutls_datum_t * params, xmlSecSize paramsNum,
+ gcry_mpi_t * mpis, xmlSecSize mpisNum) {
+
+ xmlSecSize ii;
+ int rc;
+
+ xmlSecAssert2(params != NULL, -1);
+ xmlSecAssert2(mpis != NULL, -1);
+ xmlSecAssert2(paramsNum == mpisNum, -1);
+
+ for(ii = 0; ii < paramsNum; ++ii) {
+ rc = gcry_mpi_scan(&(mpis[ii]), GCRYMPI_FMT_USG, params[ii].data, params[ii].size, NULL);
+ if((rc != GPG_ERR_NO_ERROR) || (mpis[ii] == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_scan",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
+ xmlSecGnuTLSDestroyMpis(mpis, ii); /* destroy up to now */
+ return(-1);
+ }
+ }
+
+ /* done */
+ return(0);
+}
+
+#ifndef XMLSEC_NO_DSA
+
+/**
+ * xmlSecGnuTLSKeyDataDsaGetKlass:
+ *
+ * The DSA key data klass.
+ *
+ * Returns: pointer to DSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGnuTLSKeyDataDsaGetKlass(void) {
+ return (xmlSecGCryptKeyDataDsaGetKlass());
+}
+
+/**
+ * xmlSecGnuTLSKeyDataDsaAdoptPrivateKey:
+ * @data: the pointer to DSA key data.
+ * @dsa_key: the pointer to GnuTLS DSA private key.
+ *
+ * Sets the value of DSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSKeyDataDsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey_t dsa_key) {
+ gnutls_datum_t params[5];
+ gcry_mpi_t mpis[5];
+ gcry_sexp_t priv_key = NULL;
+ gcry_sexp_t pub_key = NULL;
+ int rc;
+ int err;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), -1);
+ xmlSecAssert2(dsa_key != NULL, -1);
+ xmlSecAssert2(gnutls_x509_privkey_get_pk_algorithm(dsa_key) == GNUTLS_PK_DSA, -1);
+
+ /* get raw values */
+ err = gnutls_x509_privkey_export_dsa_raw(dsa_key,
+ &(params[0]), &(params[1]), &(params[2]),
+ &(params[3]), &(params[4]));
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_privkey_export_dsa_raw",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ /* convert to mpis */
+ ret = xmlSecGnuTLSConvertParamsToMpis(
+ params, sizeof(params)/sizeof(params[0]),
+ mpis, sizeof(mpis)/sizeof(mpis[0]));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSConvertParamsToMpis",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0]));
+ return(-1);
+ }
+ xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0]));
+
+ /* build expressions */
+ rc = gcry_sexp_build(&(priv_key), NULL, "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))",
+ mpis[0], mpis[1], mpis[2], mpis[3], mpis[4]);
+ if((rc != GPG_ERR_NO_ERROR) || (priv_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(private/dsa)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
+ xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
+ return(-1);
+ }
+ rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
+ mpis[0], mpis[1], mpis[2], mpis[3]);
+ if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(private/rsa)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
+ gcry_sexp_release(priv_key);
+ xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
+ return(-1);
+ }
+ xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
+
+ ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(data, pub_key, priv_key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKeyDataDsaAdoptKeyPair",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gcry_sexp_release(pub_key);
+ gcry_sexp_release(priv_key);
+ return(-1);
+ }
+
+ /* done, we "adopted" the key - destroy it! */
+ gnutls_x509_privkey_deinit(dsa_key);
+ return(0);
+}
+
+
+/**
+ * xmlSecGnuTLSKeyDataDsaAdoptPublicKey:
+ * @data: the pointer to DSA key data.
+ * @p: the pointer to p component of the DSA public key
+ * @q: the pointer to q component of the DSA public key
+ * @g: the pointer to g component of the DSA public key
+ * @y: the pointer to y component of the DSA public key
+ *
+ * Sets the value of DSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSKeyDataDsaAdoptPublicKey(xmlSecKeyDataPtr data,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y) {
+ gnutls_datum_t params[4];
+ gcry_mpi_t mpis[4];
+ gcry_sexp_t pub_key = NULL;
+ int rc;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), -1);
+ xmlSecAssert2(p != NULL, -1);
+ xmlSecAssert2(q != NULL, -1);
+ xmlSecAssert2(g != NULL, -1);
+ xmlSecAssert2(y != NULL, -1);
+
+ /* copy */
+ memcpy(&(params[0]), p, sizeof(*p));
+ memcpy(&(params[1]), q, sizeof(*q));
+ memcpy(&(params[2]), g, sizeof(*g));
+ memcpy(&(params[3]), y, sizeof(*y));
+
+ /* convert to mpis */
+ ret = xmlSecGnuTLSConvertParamsToMpis(
+ params, sizeof(params)/sizeof(params[0]),
+ mpis, sizeof(mpis)/sizeof(mpis[0]));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSConvertParamsToMpis",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ /* don't destroy params - we got them from outside !!! */
+ return(-1);
+ }
+ /* don't destroy params - we got them from outside !!! */
+
+ /* build expressions */
+ rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
+ mpis[0], mpis[1], mpis[2], mpis[3]);
+ if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(private/rsa)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
+ xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
+ return(-1);
+ }
+ xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
+
+ ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(data, pub_key, NULL);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKeyDataDsaAdoptKeyPair",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gcry_sexp_release(pub_key);
+ return(-1);
+ }
+
+ /* done, we "adopted" the key - destroy it! */
+ gnutls_free(p->data);
+ gnutls_free(q->data);
+ gnutls_free(g->data);
+ gnutls_free(y->data);
+ return(0);
+}
+
+#endif /* XMLSEC_NO_DSA */
+
+
+#ifndef XMLSEC_NO_RSA
+
+/**
+ * xmlSecGnuTLSKeyDataRsaGetKlass:
+ *
+ * The GnuTLS RSA key data klass.
+ *
+ * Returns: pointer to GnuTLS RSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGnuTLSKeyDataRsaGetKlass(void) {
+ return (xmlSecGCryptKeyDataRsaGetKlass());
+}
+
+/**
+ * xmlSecGnuTLSKeyDataRsaAdoptPrivateKey:
+ * @data: the pointer to RSA key data.
+ * @rsa_key: the pointer to GnuTLS RSA private key.
+ *
+ * Sets the value of RSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSKeyDataRsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey_t rsa_key) {
+ gnutls_datum_t params[6];
+ gcry_mpi_t mpis[6];
+ gcry_sexp_t priv_key = NULL;
+ gcry_sexp_t pub_key = NULL;
+ int rc;
+ int err;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), -1);
+ xmlSecAssert2(rsa_key != NULL, -1);
+ xmlSecAssert2(gnutls_x509_privkey_get_pk_algorithm(rsa_key) == GNUTLS_PK_RSA, -1);
+
+ /* get raw values */
+ err = gnutls_x509_privkey_export_rsa_raw(rsa_key,
+ &(params[0]), &(params[1]), &(params[2]),
+ &(params[3]), &(params[4]), &(params[5]));
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_privkey_export_rsa_raw",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ /* convert to mpis */
+ ret = xmlSecGnuTLSConvertParamsToMpis(
+ params, sizeof(params)/sizeof(params[0]),
+ mpis, sizeof(mpis)/sizeof(mpis[0]));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSConvertParamsToMpis",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0]));
+ return(-1);
+ }
+ xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0]));
+
+ /* build expressions */
+ rc = gcry_sexp_build(&(priv_key), NULL, "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
+ mpis[0], mpis[1], mpis[2],
+ mpis[3], mpis[4], mpis[5]);
+ if((rc != GPG_ERR_NO_ERROR) || (priv_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(private/rsa)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
+ xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
+ return(-1);
+ }
+ rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(rsa((n%m)(e%m))))",
+ mpis[0], mpis[1]);
+ if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(private/rsa)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
+ gcry_sexp_release(priv_key);
+ xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
+ return(-1);
+ }
+ xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
+
+ ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(data, pub_key, priv_key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKeyDataRsaAdoptKeyPair",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gcry_sexp_release(pub_key);
+ gcry_sexp_release(priv_key);
+ return(-1);
+ }
+
+ /* done, we "adopted" the key - destroy it! */
+ gnutls_x509_privkey_deinit(rsa_key);
+ return(0);
+}
+
+
+/**
+ * xmlSecGnuTLSKeyDataRsaAdoptPublicKey:
+ * @data: the pointer to RSA key data.
+ * @m: the pointer to m component of the RSA public key
+ * @e: the pointer to e component of the RSA public key
+ *
+ * Sets the value of RSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSKeyDataRsaAdoptPublicKey(xmlSecKeyDataPtr data,
+ gnutls_datum_t * m, gnutls_datum_t * e) {
+ gnutls_datum_t params[2];
+ gcry_mpi_t mpis[2];
+ gcry_sexp_t pub_key = NULL;
+ int rc;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), -1);
+ xmlSecAssert2(m != NULL, -1);
+ xmlSecAssert2(e != NULL, -1);
+
+ /* copy */
+ memcpy(&(params[0]), m, sizeof(*m));
+ memcpy(&(params[1]), e, sizeof(*e));
+
+ /* convert to mpis */
+ ret = xmlSecGnuTLSConvertParamsToMpis(
+ params, sizeof(params)/sizeof(params[0]),
+ mpis, sizeof(mpis)/sizeof(mpis[0]));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSConvertParamsToMpis",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ /* don't destroy params - we got them from outside !!! */
+ return(-1);
+ }
+ /* don't destroy params - we got them from outside !!! */
+
+ /* build expressions */
+ rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(rsa((n%m)(e%m))))",
+ mpis[0], mpis[1]);
+ if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(private/rsa)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
+ xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
+ return(-1);
+ }
+ xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
+
+ ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(data, pub_key, NULL);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKeyDataRsaAdoptKeyPair",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gcry_sexp_release(pub_key);
+ return(-1);
+ }
+
+ /* done, we "adopted" the key - destroy it! */
+ gnutls_free(m->data);
+ gnutls_free(e->data);
+ return(0);
+}
+#endif /* XMLSEC_NO_RSA */
diff --git a/src/gnutls/ciphers.c b/src/gnutls/ciphers.c
index b9421597..eacfede6 100644
--- a/src/gnutls/ciphers.c
+++ b/src/gnutls/ciphers.c
@@ -1,18 +1,15 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
#include <string.h>
-#include <gnutls/gnutls.h>
-#include <gcrypt.h>
-
#include <xmlsec/xmlsec.h>
#include <xmlsec/keys.h>
#include <xmlsec/transforms.h>
@@ -22,839 +19,64 @@
/**************************************************************************
*
- * Internal GnuTLS Block cipher CTX
- *
- *****************************************************************************/
-typedef struct _xmlSecGnuTLSBlockCipherCtx xmlSecGnuTLSBlockCipherCtx,
- *xmlSecGnuTLSBlockCipherCtxPtr;
-struct _xmlSecGnuTLSBlockCipherCtx {
- int cipher;
- int mode;
- GcryCipherHd cipherCtx;
- xmlSecKeyDataId keyId;
- int keyInitialized;
- int ctxInitialized;
-};
-
-static int xmlSecGnuTLSBlockCipherCtxInit (xmlSecGnuTLSBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecGnuTLSBlockCipherCtxUpdate (xmlSecGnuTLSBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecGnuTLSBlockCipherCtxFinal (xmlSecGnuTLSBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx);
-static int
-xmlSecGnuTLSBlockCipherCtxInit(xmlSecGnuTLSBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in, xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx) {
- int blockLen;
- int ret;
-
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->cipher != 0, -1);
- xmlSecAssert2(ctx->cipherCtx != NULL, -1);
- xmlSecAssert2(ctx->keyInitialized != 0, -1);
- xmlSecAssert2(ctx->ctxInitialized == 0, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- /* iv len == block len */
- blockLen = gcry_cipher_get_algo_blklen(ctx->cipher);
- xmlSecAssert2(blockLen > 0, -1);
-
- if(encrypt) {
- xmlSecByte* iv;
- xmlSecSize outSize;
-
- /* allocate space for IV */
- outSize = xmlSecBufferGetSize(out);
- ret = xmlSecBufferSetSize(out, outSize + blockLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + blockLen);
- return(-1);
- }
- iv = xmlSecBufferGetData(out) + outSize;
-
- /* generate and use random iv */
- gcry_randomize(iv, blockLen, GCRY_STRONG_RANDOM);
- ret = gcry_cipher_setiv(ctx->cipherCtx, iv, blockLen);
- if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "gcry_cipher_setiv",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "ret=%d", ret);
- return(-1);
- }
- } else {
- /* if we don't have enough data, exit and hope that
- * we'll have iv next time */
- if(xmlSecBufferGetSize(in) < (xmlSecSize)blockLen) {
- return(0);
- }
- xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
-
- /* set iv */
- ret = gcry_cipher_setiv(ctx->cipherCtx, xmlSecBufferGetData(in), blockLen);
- if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "gcry_cipher_setiv",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "ret=%d", ret);
- return(-1);
- }
-
- /* and remove from input */
- ret = xmlSecBufferRemoveHead(in, blockLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", blockLen);
- return(-1);
- }
- }
-
- ctx->ctxInitialized = 1;
- return(0);
-}
-
-static int
-xmlSecGnuTLSBlockCipherCtxUpdate(xmlSecGnuTLSBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in, xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx) {
- xmlSecSize inSize, inBlocks, outSize;
- int blockLen;
- xmlSecByte* outBuf;
- int ret;
-
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->cipher != 0, -1);
- xmlSecAssert2(ctx->cipherCtx != NULL, -1);
- xmlSecAssert2(ctx->ctxInitialized != 0, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- blockLen = gcry_cipher_get_algo_blklen(ctx->cipher);
- xmlSecAssert2(blockLen > 0, -1);
-
- inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
-
- if(inSize < (xmlSecSize)blockLen) {
- return(0);
- }
-
- if(encrypt) {
- inBlocks = inSize / ((xmlSecSize)blockLen);
- } else {
- /* we want to have the last block in the input buffer
- * for padding check */
- inBlocks = (inSize - 1) / ((xmlSecSize)blockLen);
- }
- inSize = inBlocks * ((xmlSecSize)blockLen);
-
- /* we write out the input size plus may be one block */
- ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + inSize + blockLen);
- return(-1);
- }
- outBuf = xmlSecBufferGetData(out) + outSize;
-
- if(encrypt) {
- ret = gcry_cipher_encrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
- xmlSecBufferGetData(in), inSize);
- if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "gcry_cipher_encrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "ret=%d", ret);
- return(-1);
- }
- } else {
- ret = gcry_cipher_decrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
- xmlSecBufferGetData(in), inSize);
- if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "gcry_cipher_decrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "ret=%d", ret);
- return(-1);
- }
- }
-
- /* set correct output buffer size */
- ret = xmlSecBufferSetSize(out, outSize + inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + inSize);
- return(-1);
- }
-
- /* remove the processed block from input */
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
- return(0);
-}
-
-static int
-xmlSecGnuTLSBlockCipherCtxFinal(xmlSecGnuTLSBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx) {
- xmlSecSize inSize, outSize;
- int blockLen, outLen = 0;
- xmlSecByte* inBuf;
- xmlSecByte* outBuf;
- int ret;
-
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->cipher != 0, -1);
- xmlSecAssert2(ctx->cipherCtx != NULL, -1);
- xmlSecAssert2(ctx->ctxInitialized != 0, -1);
- xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- blockLen = gcry_cipher_get_algo_blklen(ctx->cipher);
- xmlSecAssert2(blockLen > 0, -1);
-
- inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
-
- if(encrypt != 0) {
- xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1);
-
- /* create padding */
- ret = xmlSecBufferSetMaxSize(in, blockLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", blockLen);
- return(-1);
- }
- inBuf = xmlSecBufferGetData(in);
-
- /* create random padding */
- if((xmlSecSize)blockLen > (inSize + 1)) {
- gcry_randomize(inBuf + inSize, blockLen - inSize - 1,
- GCRY_STRONG_RANDOM); /* as usual, we are paranoid */
- }
- inBuf[blockLen - 1] = blockLen - inSize;
- inSize = blockLen;
- } else {
- if(inSize != (xmlSecSize)blockLen) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "data=%d;block=%d", inSize, blockLen);
- return(-1);
- }
- }
-
- /* process last block */
- ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + 2 * blockLen);
- return(-1);
- }
- outBuf = xmlSecBufferGetData(out) + outSize;
-
- if(encrypt) {
- ret = gcry_cipher_encrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
- xmlSecBufferGetData(in), inSize);
- if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "gcry_cipher_encrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "ret=%d", ret);
- return(-1);
- }
- } else {
- ret = gcry_cipher_decrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
- xmlSecBufferGetData(in), inSize);
- if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "gcry_cipher_decrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "ret=%d", ret);
- return(-1);
- }
- }
-
- if(encrypt == 0) {
- /* check padding */
- if(inSize < outBuf[blockLen - 1]) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "padding=%d;buffer=%d",
- outBuf[blockLen - 1], inSize);
- return(-1);
- }
- outLen = inSize - outBuf[blockLen - 1];
- } else {
- outLen = inSize;
- }
-
- /* set correct output buffer size */
- ret = xmlSecBufferSetSize(out, outSize + outLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + outLen);
- return(-1);
- }
-
- /* remove the processed block from input */
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
-
-
- /* set correct output buffer size */
- ret = xmlSecBufferSetSize(out, outSize + outLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + outLen);
- return(-1);
- }
-
- /* remove the processed block from input */
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
-
- return(0);
-}
-
-
-/******************************************************************************
- *
- * Block Cipher transforms
+ * We use xmlsec-gcrypt for all the basic crypto ops
*
- * xmlSecGnuTLSBlockCipherCtx block is located after xmlSecTransform structure
- *
*****************************************************************************/
-#define xmlSecGnuTLSBlockCipherSize \
- (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSBlockCipherCtx))
-#define xmlSecGnuTLSBlockCipherGetCtx(transform) \
- ((xmlSecGnuTLSBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-
-static int xmlSecGnuTLSBlockCipherInitialize (xmlSecTransformPtr transform);
-static void xmlSecGnuTLSBlockCipherFinalize (xmlSecTransformPtr transform);
-static int xmlSecGnuTLSBlockCipherSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecGnuTLSBlockCipherSetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecGnuTLSBlockCipherExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecGnuTLSBlockCipherCheckId (xmlSecTransformPtr transform);
-
-
-
-static int
-xmlSecGnuTLSBlockCipherCheckId(xmlSecTransformPtr transform) {
-#ifndef XMLSEC_NO_DES
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformDes3CbcId)) {
- return(1);
- }
-#endif /* XMLSEC_NO_DES */
-
-#ifndef XMLSEC_NO_AES
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformAes128CbcId) ||
- xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformAes192CbcId) ||
- xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformAes256CbcId)) {
-
- return(1);
- }
-#endif /* XMLSEC_NO_AES */
-
- return(0);
-}
-
-static int
-xmlSecGnuTLSBlockCipherInitialize(xmlSecTransformPtr transform) {
- xmlSecGnuTLSBlockCipherCtxPtr ctx;
-#ifndef XMLSEC_GNUTLS_OLD
- gpg_err_code_t ret;
-#endif /* XMLSEC_GNUTLS_OLD */
-
- xmlSecAssert2(xmlSecGnuTLSBlockCipherCheckId(transform), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize), -1);
-
- ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- memset(ctx, 0, sizeof(xmlSecGnuTLSBlockCipherCtx));
-
-#ifndef XMLSEC_NO_DES
- if(transform->id == xmlSecGnuTLSTransformDes3CbcId) {
- ctx->cipher = GCRY_CIPHER_3DES;
- ctx->mode = GCRY_CIPHER_MODE_CBC;
- ctx->keyId = xmlSecGnuTLSKeyDataDesId;
- } else
-#endif /* XMLSEC_NO_DES */
-
-#ifndef XMLSEC_NO_AES
- if(transform->id == xmlSecGnuTLSTransformAes128CbcId) {
- ctx->cipher = GCRY_CIPHER_AES128;
- ctx->mode = GCRY_CIPHER_MODE_CBC;
- ctx->keyId = xmlSecGnuTLSKeyDataAesId;
- } else if(transform->id == xmlSecGnuTLSTransformAes192CbcId) {
- ctx->cipher = GCRY_CIPHER_AES192;
- ctx->mode = GCRY_CIPHER_MODE_CBC;
- ctx->keyId = xmlSecGnuTLSKeyDataAesId;
- } else if(transform->id == xmlSecGnuTLSTransformAes256CbcId) {
- ctx->cipher = GCRY_CIPHER_AES256;
- ctx->mode = GCRY_CIPHER_MODE_CBC;
- ctx->keyId = xmlSecGnuTLSKeyDataAesId;
- } else
-#endif /* XMLSEC_NO_AES */
+#include <xmlsec/gcrypt/crypto.h>
- if(1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-#ifndef XMLSEC_GNUTLS_OLD
- ret = gcry_cipher_open(&ctx->cipherCtx, ctx->cipher, ctx->mode, GCRY_CIPHER_SECURE); /* we are paranoid */
- if(ret != GPG_ERR_NO_ERROR) {
-#else /* XMLSEC_GNUTLS_OLD */
- ctx->cipherCtx = gcry_cipher_open(ctx->cipher, ctx->mode, GCRY_CIPHER_SECURE); /* we are paranoid */
- if(ctx->cipherCtx == NULL) {
-#endif /* XMLSEC_GNUTLS_OLD */
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "gcry_cipher_open",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- return(0);
-}
-
-static void
-xmlSecGnuTLSBlockCipherFinalize(xmlSecTransformPtr transform) {
- xmlSecGnuTLSBlockCipherCtxPtr ctx;
-
- xmlSecAssert(xmlSecGnuTLSBlockCipherCheckId(transform));
- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize));
-
- ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
- xmlSecAssert(ctx != NULL);
-
- if(ctx->cipherCtx != NULL) {
- gcry_cipher_close(ctx->cipherCtx);
- }
-
- memset(ctx, 0, sizeof(xmlSecGnuTLSBlockCipherCtx));
-}
-
-static int
-xmlSecGnuTLSBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
- xmlSecGnuTLSBlockCipherCtxPtr ctx;
-
- xmlSecAssert2(xmlSecGnuTLSBlockCipherCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize), -1);
- xmlSecAssert2(keyReq != NULL, -1);
-
- ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->cipher != 0, -1);
- xmlSecAssert2(ctx->keyId != NULL, -1);
-
- keyReq->keyId = ctx->keyId;
- keyReq->keyType = xmlSecKeyDataTypeSymmetric;
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- keyReq->keyUsage = xmlSecKeyUsageEncrypt;
- } else {
- keyReq->keyUsage = xmlSecKeyUsageDecrypt;
- }
-
- keyReq->keyBitsSize = 8 * gcry_cipher_get_algo_keylen(ctx->cipher);
- return(0);
-}
-
-static int
-xmlSecGnuTLSBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
- xmlSecGnuTLSBlockCipherCtxPtr ctx;
- xmlSecBufferPtr buffer;
- xmlSecSize keySize;
- int ret;
-
- xmlSecAssert2(xmlSecGnuTLSBlockCipherCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize), -1);
- xmlSecAssert2(key != NULL, -1);
-
- ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->cipherCtx != NULL, -1);
- xmlSecAssert2(ctx->cipher != 0, -1);
- xmlSecAssert2(ctx->keyInitialized == 0, -1);
- xmlSecAssert2(ctx->keyId != NULL, -1);
- xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
-
- keySize = gcry_cipher_get_algo_keylen(ctx->cipher);
- xmlSecAssert2(keySize > 0, -1);
-
- buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
- xmlSecAssert2(buffer != NULL, -1);
-
- if(xmlSecBufferGetSize(buffer) < keySize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
- "keySize=%d;expected=%d",
- xmlSecBufferGetSize(buffer), keySize);
- return(-1);
- }
-
- xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
- ret = gcry_cipher_setkey(ctx->cipherCtx, xmlSecBufferGetData(buffer), keySize);
- if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "gcry_cipher_setkey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "ret=%d", ret);
- return(-1);
- }
-
- ctx->keyInitialized = 1;
- return(0);
-}
-
-static int
-xmlSecGnuTLSBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecGnuTLSBlockCipherCtxPtr ctx;
- xmlSecBufferPtr in, out;
- int ret;
-
- xmlSecAssert2(xmlSecGnuTLSBlockCipherCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize), -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- in = &(transform->inBuf);
- out = &(transform->outBuf);
-
- ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
- }
-
- if(transform->status == xmlSecTransformStatusWorking) {
- if(ctx->ctxInitialized == 0) {
- ret = xmlSecGnuTLSBlockCipherCtxInit(ctx, in, out,
- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
- xmlSecTransformGetName(transform), transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecGnuTLSBlockCipherCtxInit",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
- if((ctx->ctxInitialized == 0) && (last != 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "not enough data to initialize transform");
- return(-1);
- }
- if(ctx->ctxInitialized != 0) {
- ret = xmlSecGnuTLSBlockCipherCtxUpdate(ctx, in, out,
- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
- xmlSecTransformGetName(transform), transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecGnuTLSBlockCipherCtxUpdate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
- if(last) {
- ret = xmlSecGnuTLSBlockCipherCtxFinal(ctx, in, out,
- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
- xmlSecTransformGetName(transform), transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecGnuTLSBlockCipherCtxFinal",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- transform->status = xmlSecTransformStatusFinished;
- }
- } else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
- } else if(transform->status == xmlSecTransformStatusNone) {
- /* the only way we can get here is if there is no enough data in the input */
- xmlSecAssert2(last == 0, -1);
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
- }
-
- return(0);
-}
#ifndef XMLSEC_NO_AES
-/*********************************************************************
- *
- * AES CBC cipher transforms
- *
- ********************************************************************/
-static xmlSecTransformKlass xmlSecGnuTLSAes128CbcKlass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameAes128Cbc, /* const xmlChar* name; */
- xmlSecHrefAes128Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecGnuTLSBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecGnuTLSBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
/**
* xmlSecGnuTLSTransformAes128CbcGetKlass:
- *
+ *
* AES 128 CBC encryption transform klass.
- *
+ *
* Returns: pointer to AES 128 CBC encryption transform.
- */
-xmlSecTransformId
+ */
+xmlSecTransformId
xmlSecGnuTLSTransformAes128CbcGetKlass(void) {
- return(&xmlSecGnuTLSAes128CbcKlass);
+ return (xmlSecGCryptTransformAes128CbcGetKlass());
}
-static xmlSecTransformKlass xmlSecGnuTLSAes192CbcKlass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameAes192Cbc, /* const xmlChar* name; */
- xmlSecHrefAes192Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecGnuTLSBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecGnuTLSBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
/**
* xmlSecGnuTLSTransformAes192CbcGetKlass:
- *
+ *
* AES 192 CBC encryption transform klass.
- *
+ *
* Returns: pointer to AES 192 CBC encryption transform.
- */
-xmlSecTransformId
+ */
+xmlSecTransformId
xmlSecGnuTLSTransformAes192CbcGetKlass(void) {
- return(&xmlSecGnuTLSAes192CbcKlass);
+ return (xmlSecGCryptTransformAes192CbcGetKlass());
}
-static xmlSecTransformKlass xmlSecGnuTLSAes256CbcKlass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameAes256Cbc, /* const xmlChar* name; */
- xmlSecHrefAes256Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecGnuTLSBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecGnuTLSBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
/**
* xmlSecGnuTLSTransformAes256CbcGetKlass:
- *
+ *
* AES 256 CBC encryption transform klass.
- *
+ *
* Returns: pointer to AES 256 CBC encryption transform.
- */
-xmlSecTransformId
+ */
+xmlSecTransformId
xmlSecGnuTLSTransformAes256CbcGetKlass(void) {
- return(&xmlSecGnuTLSAes256CbcKlass);
+ return (xmlSecGCryptTransformAes256CbcGetKlass());
}
-
#endif /* XMLSEC_NO_AES */
#ifndef XMLSEC_NO_DES
-static xmlSecTransformKlass xmlSecGnuTLSDes3CbcKlass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameDes3Cbc, /* const xmlChar* name; */
- xmlSecHrefDes3Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecGnuTLSBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecGnuTLSBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-/**
+/**
* xmlSecGnuTLSTransformDes3CbcGetKlass:
*
* Triple DES CBC encryption transform klass.
- *
+ *
* Returns: pointer to Triple DES encryption transform.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecGnuTLSTransformDes3CbcGetKlass(void) {
- return(&xmlSecGnuTLSDes3CbcKlass);
+ return (xmlSecGCryptTransformDes3CbcGetKlass());
}
#endif /* XMLSEC_NO_DES */
diff --git a/src/gnutls/crypto.c b/src/gnutls/crypto.c
index dbf69f21..83175e69 100644
--- a/src/gnutls/crypto.c
+++ b/src/gnutls/crypto.c
@@ -1,16 +1,15 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
#include <string.h>
-#include <gnutls/gnutls.h>
#include <gcrypt.h>
#include <xmlsec/xmlsec.h>
@@ -22,6 +21,7 @@
#include <xmlsec/gnutls/app.h>
#include <xmlsec/gnutls/crypto.h>
+#include <xmlsec/gnutls/x509.h>
static xmlSecCryptoDLFunctionsPtr gXmlSecGnuTLSFunctions = NULL;
@@ -35,79 +35,197 @@ static xmlSecCryptoDLFunctionsPtr gXmlSecGnuTLSFunctions = NULL;
xmlSecCryptoDLFunctionsPtr
xmlSecCryptoGetFunctions_gnutls(void) {
static xmlSecCryptoDLFunctions functions;
-
+
if(gXmlSecGnuTLSFunctions != NULL) {
- return(gXmlSecGnuTLSFunctions);
+ return(gXmlSecGnuTLSFunctions);
}
memset(&functions, 0, sizeof(functions));
gXmlSecGnuTLSFunctions = &functions;
- /**
+ /********************************************************************
+ *
* Crypto Init/shutdown
- */
- gXmlSecGnuTLSFunctions->cryptoInit = xmlSecGnuTLSInit;
- gXmlSecGnuTLSFunctions->cryptoShutdown = xmlSecGnuTLSShutdown;
- gXmlSecGnuTLSFunctions->cryptoKeysMngrInit = xmlSecGnuTLSKeysMngrInit;
+ *
+ ********************************************************************/
+ gXmlSecGnuTLSFunctions->cryptoInit = xmlSecGnuTLSInit;
+ gXmlSecGnuTLSFunctions->cryptoShutdown = xmlSecGnuTLSShutdown;
+ gXmlSecGnuTLSFunctions->cryptoKeysMngrInit = xmlSecGnuTLSKeysMngrInit;
- /**
+ /********************************************************************
+ *
* Key data ids
- */
-#ifndef XMLSEC_NO_AES
- gXmlSecGnuTLSFunctions->keyDataAesGetKlass = xmlSecGnuTLSKeyDataAesGetKlass;
+ *
+ ********************************************************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecGnuTLSFunctions->keyDataAesGetKlass = xmlSecGnuTLSKeyDataAesGetKlass;
#endif /* XMLSEC_NO_AES */
-#ifndef XMLSEC_NO_DES
- gXmlSecGnuTLSFunctions->keyDataDesGetKlass = xmlSecGnuTLSKeyDataDesGetKlass;
+#ifndef XMLSEC_NO_DES
+ gXmlSecGnuTLSFunctions->keyDataDesGetKlass = xmlSecGnuTLSKeyDataDesGetKlass;
#endif /* XMLSEC_NO_DES */
-#ifndef XMLSEC_NO_HMAC
- gXmlSecGnuTLSFunctions->keyDataHmacGetKlass = xmlSecGnuTLSKeyDataHmacGetKlass;
-#endif /* XMLSEC_NO_HMAC */
+#ifndef XMLSEC_NO_DSA
+ gXmlSecGnuTLSFunctions->keyDataDsaGetKlass = xmlSecGnuTLSKeyDataDsaGetKlass;
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_HMAC
+ gXmlSecGnuTLSFunctions->keyDataHmacGetKlass = xmlSecGnuTLSKeyDataHmacGetKlass;
+#endif /* XMLSEC_NO_HMAC */
+
+#ifndef XMLSEC_NO_RSA
+ gXmlSecGnuTLSFunctions->keyDataRsaGetKlass = xmlSecGnuTLSKeyDataRsaGetKlass;
+#endif /* XMLSEC_NO_RSA */
- /**
+#ifndef XMLSEC_NO_X509
+ gXmlSecGnuTLSFunctions->keyDataX509GetKlass = xmlSecGnuTLSKeyDataX509GetKlass;
+ gXmlSecGnuTLSFunctions->keyDataRawX509CertGetKlass = xmlSecGnuTLSKeyDataRawX509CertGetKlass;
+#endif /* XMLSEC_NO_X509 */
+
+ /********************************************************************
+ *
* Key data store ids
- */
+ *
+ ********************************************************************/
+#ifndef XMLSEC_NO_X509
+ gXmlSecGnuTLSFunctions->x509StoreGetKlass = xmlSecGnuTLSX509StoreGetKlass;
+#endif /* XMLSEC_NO_X509 */
- /**
+ /********************************************************************
+ *
* Crypto transforms ids
- */
-#ifndef XMLSEC_NO_AES
- gXmlSecGnuTLSFunctions->transformAes128CbcGetKlass = xmlSecGnuTLSTransformAes128CbcGetKlass;
- gXmlSecGnuTLSFunctions->transformAes192CbcGetKlass = xmlSecGnuTLSTransformAes192CbcGetKlass;
- gXmlSecGnuTLSFunctions->transformAes256CbcGetKlass = xmlSecGnuTLSTransformAes256CbcGetKlass;
+ *
+ ********************************************************************/
+
+ /******************************* AES ********************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecGnuTLSFunctions->transformAes128CbcGetKlass = xmlSecGnuTLSTransformAes128CbcGetKlass;
+ gXmlSecGnuTLSFunctions->transformAes192CbcGetKlass = xmlSecGnuTLSTransformAes192CbcGetKlass;
+ gXmlSecGnuTLSFunctions->transformAes256CbcGetKlass = xmlSecGnuTLSTransformAes256CbcGetKlass;
+ gXmlSecGnuTLSFunctions->transformKWAes128GetKlass = xmlSecGnuTLSTransformKWAes128GetKlass;
+ gXmlSecGnuTLSFunctions->transformKWAes192GetKlass = xmlSecGnuTLSTransformKWAes192GetKlass;
+ gXmlSecGnuTLSFunctions->transformKWAes256GetKlass = xmlSecGnuTLSTransformKWAes256GetKlass;
#endif /* XMLSEC_NO_AES */
-#ifndef XMLSEC_NO_DES
- gXmlSecGnuTLSFunctions->transformDes3CbcGetKlass = xmlSecGnuTLSTransformDes3CbcGetKlass;
+ /******************************* DES ********************************/
+#ifndef XMLSEC_NO_DES
+ gXmlSecGnuTLSFunctions->transformDes3CbcGetKlass = xmlSecGnuTLSTransformDes3CbcGetKlass;
+ gXmlSecGnuTLSFunctions->transformKWDes3GetKlass = xmlSecGnuTLSTransformKWDes3GetKlass;
#endif /* XMLSEC_NO_DES */
+ /******************************* DSA ********************************/
+#ifndef XMLSEC_NO_DSA
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecGnuTLSFunctions->transformDsaSha1GetKlass = xmlSecGnuTLSTransformDsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+ /******************************* HMAC ********************************/
#ifndef XMLSEC_NO_HMAC
- gXmlSecGnuTLSFunctions->transformHmacSha1GetKlass = xmlSecGnuTLSTransformHmacSha1GetKlass;
- gXmlSecGnuTLSFunctions->transformHmacRipemd160GetKlass = xmlSecGnuTLSTransformHmacRipemd160GetKlass;
- gXmlSecGnuTLSFunctions->transformHmacMd5GetKlass = xmlSecGnuTLSTransformHmacMd5GetKlass;
+
+#ifndef XMLSEC_NO_MD5
+ gXmlSecGnuTLSFunctions->transformHmacMd5GetKlass = xmlSecGnuTLSTransformHmacMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecGnuTLSFunctions->transformHmacRipemd160GetKlass = xmlSecGnuTLSTransformHmacRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecGnuTLSFunctions->transformHmacSha1GetKlass = xmlSecGnuTLSTransformHmacSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecGnuTLSFunctions->transformHmacSha256GetKlass = xmlSecGnuTLSTransformHmacSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecGnuTLSFunctions->transformHmacSha384GetKlass = xmlSecGnuTLSTransformHmacSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecGnuTLSFunctions->transformHmacSha512GetKlass = xmlSecGnuTLSTransformHmacSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
#endif /* XMLSEC_NO_HMAC */
-#ifndef XMLSEC_NO_SHA1
- gXmlSecGnuTLSFunctions->transformSha1GetKlass = xmlSecGnuTLSTransformSha1GetKlass;
+ /******************************* MD5 ********************************/
+#ifndef XMLSEC_NO_MD5
+ gXmlSecGnuTLSFunctions->transformMd5GetKlass = xmlSecGnuTLSTransformMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+ /******************************* RIPEMD160 ********************************/
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecGnuTLSFunctions->transformRipemd160GetKlass = xmlSecGnuTLSTransformRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+ /******************************* RSA ********************************/
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ gXmlSecGnuTLSFunctions->transformRsaMd5GetKlass = xmlSecGnuTLSTransformRsaMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecGnuTLSFunctions->transformRsaRipemd160GetKlass = xmlSecGnuTLSTransformRsaRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecGnuTLSFunctions->transformRsaSha1GetKlass = xmlSecGnuTLSTransformRsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecGnuTLSFunctions->transformRsaSha256GetKlass = xmlSecGnuTLSTransformRsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecGnuTLSFunctions->transformRsaSha384GetKlass = xmlSecGnuTLSTransformRsaSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecGnuTLSFunctions->transformRsaSha512GetKlass = xmlSecGnuTLSTransformRsaSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+ /******************************* SHA ********************************/
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecGnuTLSFunctions->transformSha1GetKlass = xmlSecGnuTLSTransformSha1GetKlass;
#endif /* XMLSEC_NO_SHA1 */
- /**
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecGnuTLSFunctions->transformSha256GetKlass = xmlSecGnuTLSTransformSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecGnuTLSFunctions->transformSha384GetKlass = xmlSecGnuTLSTransformSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecGnuTLSFunctions->transformSha512GetKlass = xmlSecGnuTLSTransformSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+
+ /********************************************************************
+ *
* High level routines form xmlsec command line utility
- */
- gXmlSecGnuTLSFunctions->cryptoAppInit = xmlSecGnuTLSAppInit;
- gXmlSecGnuTLSFunctions->cryptoAppShutdown = xmlSecGnuTLSAppShutdown;
- gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrInit = xmlSecGnuTLSAppDefaultKeysMngrInit;
- gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecGnuTLSAppDefaultKeysMngrAdoptKey;
- gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecGnuTLSAppDefaultKeysMngrLoad;
- gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrSave = xmlSecGnuTLSAppDefaultKeysMngrSave;
+ *
+ ********************************************************************/
+ gXmlSecGnuTLSFunctions->cryptoAppInit = xmlSecGnuTLSAppInit;
+ gXmlSecGnuTLSFunctions->cryptoAppShutdown = xmlSecGnuTLSAppShutdown;
+ gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrInit = xmlSecGnuTLSAppDefaultKeysMngrInit;
+ gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecGnuTLSAppDefaultKeysMngrAdoptKey;
+ gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecGnuTLSAppDefaultKeysMngrLoad;
+ gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrSave = xmlSecGnuTLSAppDefaultKeysMngrSave;
#ifndef XMLSEC_NO_X509
- gXmlSecGnuTLSFunctions->cryptoAppKeysMngrCertLoad = xmlSecGnuTLSAppKeysMngrCertLoad;
- gXmlSecGnuTLSFunctions->cryptoAppPkcs12Load = xmlSecGnuTLSAppPkcs12Load;
- gXmlSecGnuTLSFunctions->cryptoAppKeyCertLoad = xmlSecGnuTLSAppKeyCertLoad;
+ gXmlSecGnuTLSFunctions->cryptoAppKeysMngrCertLoad = xmlSecGnuTLSAppKeysMngrCertLoad;
+ gXmlSecGnuTLSFunctions->cryptoAppPkcs12Load = xmlSecGnuTLSAppPkcs12Load;
+ gXmlSecGnuTLSFunctions->cryptoAppKeyCertLoad = xmlSecGnuTLSAppKeyCertLoad;
#endif /* XMLSEC_NO_X509 */
- gXmlSecGnuTLSFunctions->cryptoAppKeyLoad = xmlSecGnuTLSAppKeyLoad;
- gXmlSecGnuTLSFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecGnuTLSAppGetDefaultPwdCallback();
+ gXmlSecGnuTLSFunctions->cryptoAppKeyLoad = xmlSecGnuTLSAppKeyLoad;
+ gXmlSecGnuTLSFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecGnuTLSAppGetDefaultPwdCallback();
return(gXmlSecGnuTLSFunctions);
}
@@ -115,51 +233,51 @@ xmlSecCryptoGetFunctions_gnutls(void) {
/**
* xmlSecGnuTLSInit:
- *
- * XMLSec library specific crypto engine initialization.
+ *
+ * XMLSec library specific crypto engine initialization.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecGnuTLSInit (void) {
/* Check loaded xmlsec library version */
if(xmlSecCheckVersionExact() != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecCheckVersionExact",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCheckVersionExact",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* register our klasses */
if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_gnutls()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
return(0);
}
/**
* xmlSecGnuTLSShutdown:
- *
- * XMLSec library specific crypto engine shutdown.
+ *
+ * XMLSec library specific crypto engine shutdown.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecGnuTLSShutdown(void) {
return(0);
}
/**
* xmlSecGnuTLSKeysMngrInit:
- * @mngr: the pointer to keys manager.
+ * @mngr: the pointer to keys manager.
*
* Adds GnuTLS specific key data stores in keys manager.
*
@@ -167,38 +285,66 @@ xmlSecGnuTLSShutdown(void) {
*/
int
xmlSecGnuTLSKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+ int ret;
+
xmlSecAssert2(mngr != NULL, -1);
- /* TODO: add key data stores */
+#ifndef XMLSEC_NO_X509
+ /* create x509 store if needed */
+ if(xmlSecKeysMngrGetDataStore(mngr, xmlSecGnuTLSX509StoreId) == NULL) {
+ xmlSecKeyDataStorePtr x509Store;
+
+ x509Store = xmlSecKeyDataStoreCreate(xmlSecGnuTLSX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGnuTLSX509StoreId");
+ return(-1);
+ }
+
+ ret = xmlSecKeysMngrAdoptDataStore(mngr, x509Store);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrAdoptDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataStoreDestroy(x509Store);
+ return(-1);
+ }
+ }
+#endif /* XMLSEC_NO_X509 */
return(0);
}
/**
* xmlSecGnuTLSGenerateRandom:
- * @buffer: the destination buffer.
- * @size: the numer of bytes to generate.
+ * @buffer: the destination buffer.
+ * @size: the numer of bytes to generate.
*
* Generates @size random bytes and puts result in @buffer.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecGnuTLSGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) {
+xmlSecGnuTLSGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) {
int ret;
-
+
xmlSecAssert2(buffer != NULL, -1);
xmlSecAssert2(size > 0, -1);
ret = xmlSecBufferSetSize(buffer, size);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", size);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return(-1);
}
-
+
/* get random data */
gcry_randomize(xmlSecBufferGetData(buffer), size, GCRY_STRONG_RANDOM);
return(0);
diff --git a/src/gnutls/digests.c b/src/gnutls/digests.c
index fb8109de..2df20706 100644
--- a/src/gnutls/digests.c
+++ b/src/gnutls/digests.c
@@ -1,18 +1,15 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
#include <string.h>
-#include <gnutls/gnutls.h>
-#include <gcrypt.h>
-
#include <xmlsec/xmlsec.h>
#include <xmlsec/keys.h>
#include <xmlsec/transforms.h>
@@ -21,298 +18,95 @@
#include <xmlsec/gnutls/app.h>
#include <xmlsec/gnutls/crypto.h>
-#define XMLSEC_GNUTLS_MAX_DIGEST_SIZE 32
-
/**************************************************************************
*
- * Internal GNUTLS Digest CTX
+ * We use xmlsec-gcrypt for all the basic crypto ops
*
*****************************************************************************/
-typedef struct _xmlSecGnuTLSDigestCtx xmlSecGnuTLSDigestCtx, *xmlSecGnuTLSDigestCtxPtr;
-struct _xmlSecGnuTLSDigestCtx {
- int digest;
- GcryMDHd digestCtx;
- xmlSecByte dgst[XMLSEC_GNUTLS_MAX_DIGEST_SIZE];
- xmlSecSize dgstSize; /* dgst size in bytes */
-};
+#include <xmlsec/gcrypt/crypto.h>
-/******************************************************************************
- *
- * Digest transforms
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGnuTLSTransformSha1GetKlass:
*
- * xmlSecGnuTLSDigestCtx is located after xmlSecTransform
+ * SHA-1 digest transform klass.
*
- *****************************************************************************/
-#define xmlSecGnuTLSDigestSize \
- (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSDigestCtx))
-#define xmlSecGnuTLSDigestGetCtx(transform) \
- ((xmlSecGnuTLSDigestCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-
-static int xmlSecGnuTLSDigestInitialize (xmlSecTransformPtr transform);
-static void xmlSecGnuTLSDigestFinalize (xmlSecTransformPtr transform);
-static int xmlSecGnuTLSDigestVerify (xmlSecTransformPtr transform,
- const xmlSecByte* data,
- xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecGnuTLSDigestExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecGnuTLSDigestCheckId (xmlSecTransformPtr transform);
-
-static int
-xmlSecGnuTLSDigestCheckId(xmlSecTransformPtr transform) {
-
-#ifndef XMLSEC_NO_SHA1
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha1Id)) {
- return(1);
- }
-#endif /* XMLSEC_NO_SHA1 */
-
- return(0);
+ * Returns: pointer to SHA-1 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformSha1GetKlass(void) {
+ return (xmlSecGCryptTransformSha1GetKlass());
}
+#endif /* XMLSEC_NO_SHA1 */
-static int
-xmlSecGnuTLSDigestInitialize(xmlSecTransformPtr transform) {
- xmlSecGnuTLSDigestCtxPtr ctx;
-#ifndef XMLSEC_GNUTLS_OLD
- gpg_err_code_t ret;
-#endif /* XMLSEC_GNUTLS_OLD */
-
- xmlSecAssert2(xmlSecGnuTLSDigestCheckId(transform), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSDigestSize), -1);
-
- ctx = xmlSecGnuTLSDigestGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- /* initialize context */
- memset(ctx, 0, sizeof(xmlSecGnuTLSDigestCtx));
-
-#ifndef XMLSEC_NO_SHA1
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha1Id)) {
- ctx->digest = GCRY_MD_SHA1;
- } else
-#endif /* XMLSEC_NO_SHA1 */
- if(1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
-#ifndef XMLSEC_GNUTLS_OLD
- ret = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_SECURE); /* we are paranoid */
- if(ret != GPG_ERR_NO_ERROR) {
-#else /* XMLSEC_GNUTLS_OLD */
- ctx->digestCtx = gcry_md_open(ctx->digest, GCRY_MD_FLAG_SECURE); /* we are paranoid */
- if(ctx->digestCtx == NULL) {
-#endif /* XMLSEC_GNUTLS_OLD */
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "gcry_md_open",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- return(0);
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecGnuTLSTransformSha256GetKlass:
+ *
+ * SHA256 digest transform klass.
+ *
+ * Returns: pointer to SHA256 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformSha256GetKlass(void) {
+ return (xmlSecGCryptTransformSha256GetKlass());
}
+#endif /* XMLSEC_NO_SHA256 */
-static void
-xmlSecGnuTLSDigestFinalize(xmlSecTransformPtr transform) {
- xmlSecGnuTLSDigestCtxPtr ctx;
-
- xmlSecAssert(xmlSecGnuTLSDigestCheckId(transform));
- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSDigestSize));
-
- ctx = xmlSecGnuTLSDigestGetCtx(transform);
- xmlSecAssert(ctx != NULL);
-
- if(ctx->digestCtx != NULL) {
- gcry_md_close(ctx->digestCtx);
- }
- memset(ctx, 0, sizeof(xmlSecGnuTLSDigestCtx));
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecGnuTLSTransformSha384GetKlass:
+ *
+ * SHA384 digest transform klass.
+ *
+ * Returns: pointer to SHA384 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformSha384GetKlass(void) {
+ return (xmlSecGCryptTransformSha384GetKlass());
}
+#endif /* XMLSEC_NO_SHA384 */
-static int
-xmlSecGnuTLSDigestVerify(xmlSecTransformPtr transform,
- const xmlSecByte* data, xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx) {
- xmlSecGnuTLSDigestCtxPtr ctx;
-
- xmlSecAssert2(xmlSecGnuTLSDigestCheckId(transform), -1);
- xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSDigestSize), -1);
- xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
- xmlSecAssert2(data != NULL, -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- ctx = xmlSecGnuTLSDigestGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->dgstSize > 0, -1);
-
- if(dataSize != ctx->dgstSize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "data and digest sizes are different (data=%d, dgst=%d)",
- dataSize, ctx->dgstSize);
- transform->status = xmlSecTransformStatusFail;
- return(0);
- }
-
- if(memcmp(ctx->dgst, data, dataSize) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "data and digest do not match");
- transform->status = xmlSecTransformStatusFail;
- return(0);
- }
-
- transform->status = xmlSecTransformStatusOk;
- return(0);
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecGnuTLSTransformSha512GetKlass:
+ *
+ * SHA512 digest transform klass.
+ *
+ * Returns: pointer to SHA512 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformSha512GetKlass(void) {
+ return (xmlSecGCryptTransformSha512GetKlass());
}
+#endif /* XMLSEC_NO_SHA512 */
-static int
-xmlSecGnuTLSDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecGnuTLSDigestCtxPtr ctx;
- xmlSecBufferPtr in, out;
- int ret;
-
- xmlSecAssert2(xmlSecGnuTLSDigestCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
- xmlSecAssert2(transformCtx != NULL, -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSDigestSize), -1);
-
- ctx = xmlSecGnuTLSDigestGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->digest != GCRY_MD_NONE, -1);
- xmlSecAssert2(ctx->digestCtx != NULL, -1);
-
- in = &(transform->inBuf);
- out = &(transform->outBuf);
-
- if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
- }
-
- if(transform->status == xmlSecTransformStatusWorking) {
- xmlSecSize inSize;
-
- inSize = xmlSecBufferGetSize(in);
- if(inSize > 0) {
- gcry_md_write(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
- }
- if(last) {
- xmlSecByte* buf;
-
- /* get the final digest */
- gcry_md_final(ctx->digestCtx);
- buf = gcry_md_read(ctx->digestCtx, ctx->digest);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "gcry_md_read",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* copy it to our internal buffer */
- ctx->dgstSize = gcry_md_get_algo_dlen(ctx->digest);
- xmlSecAssert2(ctx->dgstSize > 0, -1);
- xmlSecAssert2(ctx->dgstSize <= sizeof(ctx->dgst), -1);
- memcpy(ctx->dgst, buf, ctx->dgstSize);
-
- /* and to the output if needed */
- if(transform->operation == xmlSecTransformOperationSign) {
- ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", ctx->dgstSize);
- return(-1);
- }
- }
- transform->status = xmlSecTransformStatusFinished;
- }
- } else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
- }
-
- return(0);
-}
+#ifndef XMLSEC_NO_MD5
-#ifndef XMLSEC_NO_SHA1
-/******************************************************************************
+/**
+ * xmlSecGnuTLSTransformMd5GetKlass:
*
- * SHA1 Digest transforms
+ * MD5 digest transform klass.
*
- *****************************************************************************/
-static xmlSecTransformKlass xmlSecGnuTLSSha1Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSDigestSize, /* xmlSecSize objSize */
-
- /* data */
- xmlSecNameSha1, /* const xmlChar* name; */
- xmlSecHrefSha1, /* const xmlChar* href; */
- xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
-
- /* methods */
- xmlSecGnuTLSDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecGnuTLSDigestVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSDigestExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
+ * Returns: pointer to MD5 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformMd5GetKlass(void) {
+ return (xmlSecGCryptTransformMd5GetKlass());
+}
+#endif /* XMLSEC_NO_MD5 */
-/**
- * xmlSecGnuTLSTransformSha1GetKlass:
+#ifndef XMLSEC_NO_RIPEMD160
+/**
+ * xmlSecGnuTLSTransformRipemd160GetKlass:
*
- * SHA-1 digest transform klass.
+ * RIPEMD160 digest transform klass.
*
- * Returns: pointer to SHA-1 digest transform klass.
+ * Returns: pointer to RIPEMD160 digest transform klass.
*/
-xmlSecTransformId
-xmlSecGnuTLSTransformSha1GetKlass(void) {
- return(&xmlSecGnuTLSSha1Klass);
+xmlSecTransformId
+xmlSecGnuTLSTransformRipemd160GetKlass(void) {
+ return (xmlSecGCryptTransformRipemd160GetKlass());
}
-#endif /* XMLSEC_NO_SHA1 */
-
-
+#endif /* XMLSEC_NO_RIPEMD160 */
diff --git a/src/gnutls/globals.h b/src/gnutls/globals.h
index 272a27b8..b49e2404 100644
--- a/src/gnutls/globals.h
+++ b/src/gnutls/globals.h
@@ -5,14 +5,14 @@
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#ifndef __XMLSEC_GLOBALS_H__
#define __XMLSEC_GLOBALS_H__
/**
- * Use autoconf defines if present.
+ * Use autoconf defines if present.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -21,4 +21,11 @@
#define IN_XMLSEC_CRYPTO
#define XMLSEC_PRIVATE
+#define XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err) \
+ "error code=%d; error message='%s'", \
+ (int)err, xmlSecErrorsSafeString(gcry_strerror((err)))
+#define XMLSEC_GNUTLS_REPORT_ERROR(err) \
+ "error code=%d; error message='%s'", \
+ (int)err, xmlSecErrorsSafeString(gnutls_strerror((err)))
+
#endif /* ! __XMLSEC_GLOBALS_H__ */
diff --git a/src/gnutls/hmac.c b/src/gnutls/hmac.c
index bc106471..5d1acfc2 100644
--- a/src/gnutls/hmac.c
+++ b/src/gnutls/hmac.c
@@ -1,9 +1,9 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#ifndef XMLSEC_NO_HMAC
@@ -11,9 +11,6 @@
#include <string.h>
-#include <gnutls/gnutls.h>
-#include <gcrypt.h>
-
#include <xmlsec/xmlsec.h>
#include <xmlsec/xmltree.h>
#include <xmlsec/keys.h>
@@ -23,579 +20,122 @@
#include <xmlsec/gnutls/app.h>
#include <xmlsec/gnutls/crypto.h>
-/* sizes in bits */
-#define XMLSEC_GNUTLS_MIN_HMAC_SIZE 80
-#define XMLSEC_GNUTLS_MAX_HMAC_SIZE (128 * 8)
-
/**************************************************************************
*
- * Configuration
+ * We use xmlsec-gcrypt for all the basic crypto ops
*
*****************************************************************************/
-static int g_xmlsec_gnutls_hmac_min_length = XMLSEC_GNUTLS_MIN_HMAC_SIZE;
+#include <xmlsec/gcrypt/crypto.h>
/**
- * xmlSecGnuTLSHmacGetMinOutputLength:
- *
+ * xmlSecGnuTLSHmacGetMinOutputLength:
+ *
* Gets the value of min HMAC length.
- *
+ *
* Returns: the min HMAC output length
*/
int xmlSecGnuTLSHmacGetMinOutputLength(void)
{
- return g_xmlsec_gnutls_hmac_min_length;
+ return xmlSecGCryptHmacGetMinOutputLength();
}
/**
- * xmlSecGnuTLSHmacSetMinOutputLength:
- * @min_length: the new min length
- *
+ * xmlSecGnuTLSHmacSetMinOutputLength:
+ * @min_length: the new min length
+ *
* Sets the min HMAC output length
*/
void xmlSecGnuTLSHmacSetMinOutputLength(int min_length)
{
- g_xmlsec_gnutls_hmac_min_length = min_length;
+ xmlSecGCryptHmacSetMinOutputLength(min_length);
}
-/**************************************************************************
- *
- * Internal GNUTLS HMAC CTX
- *
- *****************************************************************************/
-typedef struct _xmlSecGnuTLSHmacCtx xmlSecGnuTLSHmacCtx, *xmlSecGnuTLSHmacCtxPtr;
-struct _xmlSecGnuTLSHmacCtx {
- int digest;
- GcryMDHd digestCtx;
- xmlSecByte dgst[XMLSEC_GNUTLS_MAX_HMAC_SIZE / 8];
- xmlSecSize dgstSize; /* dgst size in bits */
-};
-/******************************************************************************
- *
- * HMAC transforms
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGnuTLSTransformHmacSha1GetKlass:
*
- * xmlSecGnuTLSHmacCtx is located after xmlSecTransform
+ * The HMAC-SHA1 transform klass.
*
- *****************************************************************************/
-#define xmlSecGnuTLSHmacGetCtx(transform) \
- ((xmlSecGnuTLSHmacCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-#define xmlSecGnuTLSHmacSize \
- (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSHmacCtx))
-#define xmlSecGnuTLSHmacCheckId(transform) \
- (xmlSecTransformCheckId((transform), xmlSecGnuTLSTransformHmacSha1Id) || \
- xmlSecTransformCheckId((transform), xmlSecGnuTLSTransformHmacMd5Id) || \
- xmlSecTransformCheckId((transform), xmlSecGnuTLSTransformHmacRipemd160Id))
-
-static int xmlSecGnuTLSHmacInitialize (xmlSecTransformPtr transform);
-static void xmlSecGnuTLSHmacFinalize (xmlSecTransformPtr transform);
-static int xmlSecGnuTLSHmacNodeRead (xmlSecTransformPtr transform,
- xmlNodePtr node,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecGnuTLSHmacSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecGnuTLSHmacSetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecGnuTLSHmacVerify (xmlSecTransformPtr transform,
- const xmlSecByte* data,
- xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecGnuTLSHmacExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-
-static int
-xmlSecGnuTLSHmacInitialize(xmlSecTransformPtr transform) {
- xmlSecGnuTLSHmacCtxPtr ctx;
-#ifndef XMLSEC_GNUTLS_OLD
- gpg_err_code_t ret;
-#endif /* XMLSEC_GNUTLS_OLD */
-
- xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
-
- ctx = xmlSecGnuTLSHmacGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- memset(ctx, 0, sizeof(xmlSecGnuTLSHmacCtx));
- if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha1Id)) {
- ctx->digest = GCRY_MD_SHA1;
- } else if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacMd5Id)) {
- ctx->digest = GCRY_MD_MD5;
- } else if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacRipemd160Id)) {
- ctx->digest = GCRY_MD_RMD160;
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
-#ifndef XMLSEC_GNUTLS_OLD
- ret = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_HMAC | GCRY_MD_FLAG_SECURE); /* we are paranoid */
- if(ret != GPG_ERR_NO_ERROR) {
-#else /* XMLSEC_GNUTLS_OLD */
- ctx->digestCtx = gcry_md_open(ctx->digest, GCRY_MD_FLAG_HMAC | GCRY_MD_FLAG_SECURE); /* we are paranoid */
- if(ctx->digestCtx == NULL) {
-#endif /* XMLSEC_GNUTLS_OLD */
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "gcry_md_open",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- return(0);
-}
-
-static void
-xmlSecGnuTLSHmacFinalize(xmlSecTransformPtr transform) {
- xmlSecGnuTLSHmacCtxPtr ctx;
-
- xmlSecAssert(xmlSecGnuTLSHmacCheckId(transform));
- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize));
-
- ctx = xmlSecGnuTLSHmacGetCtx(transform);
- xmlSecAssert(ctx != NULL);
-
- if(ctx->digestCtx != NULL) {
- gcry_md_close(ctx->digestCtx);
- }
- memset(ctx, 0, sizeof(xmlSecGnuTLSHmacCtx));
+ * Returns: the HMAC-SHA1 transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacSha1GetKlass(void) {
+ return (xmlSecGCryptTransformHmacSha1GetKlass());
}
+#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
/**
- * xmlSecGnuTLSHmacNodeRead:
+ * xmlSecGnuTLSTransformHmacSha256GetKlass:
*
- * HMAC (http://www.w3.org/TR/xmldsig-core/#sec-HMAC):
+ * The HMAC-SHA256 transform klass.
*
- * The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits
- * as a parameter; if the parameter is not specified then all the bits of the
- * hash are output. An example of an HMAC SignatureMethod element:
- * <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
- * <HMACOutputLength>128</HMACOutputLength>
- * </SignatureMethod>
- *
- * Schema Definition:
- *
- * <simpleType name="HMACOutputLengthType">
- * <restriction base="integer"/>
- * </simpleType>
- *
- * DTD:
- *
- * <!ELEMENT HMACOutputLength (#PCDATA)>
+ * Returns: the HMAC-SHA256 transform klass.
*/
-static int
-xmlSecGnuTLSHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
- xmlSecGnuTLSHmacCtxPtr ctx;
- xmlNodePtr cur;
-
- xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
- xmlSecAssert2(node != NULL, -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- ctx = xmlSecGnuTLSHmacGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- cur = xmlSecGetNextElementNode(node->children);
- if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
- xmlChar *content;
-
- content = xmlNodeGetContent(cur);
- if(content != NULL) {
- ctx->dgstSize = atoi((char*)content);
- xmlFree(content);
- }
-
- /* Ensure that HMAC length is greater than min specified.
- Otherwise, an attacker can set this lenght to 0 or very
- small value
- */
- if((int)ctx->dgstSize < xmlSecGnuTLSHmacGetMinOutputLength()) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
- "HMAC output length is too small");
- return(-1);
- }
-
- cur = xmlSecGetNextElementNode(cur->next);
- }
-
- if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "no nodes expected");
- return(-1);
- }
- return(0);
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacSha256GetKlass(void) {
+ return (xmlSecGCryptTransformHmacSha256GetKlass());
}
+#endif /* XMLSEC_NO_SHA256 */
-
-static int
-xmlSecGnuTLSHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
- xmlSecGnuTLSHmacCtxPtr ctx;
-
- xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
- xmlSecAssert2(keyReq != NULL, -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
-
- ctx = xmlSecGnuTLSHmacGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- keyReq->keyId = xmlSecGnuTLSKeyDataHmacId;
- keyReq->keyType= xmlSecKeyDataTypeSymmetric;
- if(transform->operation == xmlSecTransformOperationSign) {
- keyReq->keyUsage = xmlSecKeyUsageSign;
- } else {
- keyReq->keyUsage = xmlSecKeyUsageVerify;
- }
-
- return(0);
-}
-
-static int
-xmlSecGnuTLSHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
- xmlSecGnuTLSHmacCtxPtr ctx;
- xmlSecKeyDataPtr value;
- xmlSecBufferPtr buffer;
- int ret;
-
- xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
- xmlSecAssert2(key != NULL, -1);
-
- ctx = xmlSecGnuTLSHmacGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->digestCtx != NULL, -1);
-
- value = xmlSecKeyGetValue(key);
- xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecGnuTLSKeyDataHmacId), -1);
-
- buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
- xmlSecAssert2(buffer != NULL, -1);
-
- if(xmlSecBufferGetSize(buffer) == 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
- "key is empty");
- return(-1);
- }
-
- ret = gcry_md_setkey(ctx->digestCtx, xmlSecBufferGetData(buffer),
- xmlSecBufferGetSize(buffer));
- if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "gcry_md_setkey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "ret=%d", ret);
- return(-1);
- }
- return(0);
-}
-
-static int
-xmlSecGnuTLSHmacVerify(xmlSecTransformPtr transform,
- const xmlSecByte* data, xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx) {
- static xmlSecByte last_byte_masks[] =
- { 0xFF, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
-
- xmlSecGnuTLSHmacCtxPtr ctx;
- xmlSecByte mask;
-
- xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
- xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
- xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
- xmlSecAssert2(data != NULL, -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- ctx = xmlSecGnuTLSHmacGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->digestCtx != NULL, -1);
- xmlSecAssert2(ctx->dgstSize > 0, -1);
-
- /* compare the digest size in bytes */
- if(dataSize != ((ctx->dgstSize + 7) / 8)){
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "data=%d;dgst=%d",
- dataSize, ((ctx->dgstSize + 7) / 8));
- transform->status = xmlSecTransformStatusFail;
- return(0);
- }
-
- /* we check the last byte separatelly */
- xmlSecAssert2(dataSize > 0, -1);
- mask = last_byte_masks[ctx->dgstSize % 8];
- if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_DATA_NOT_MATCH,
- "data and digest do not match (last byte)");
- transform->status = xmlSecTransformStatusFail;
- return(0);
- }
-
- /* now check the rest of the digest */
- if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_DATA_NOT_MATCH,
- "data and digest do not match");
- transform->status = xmlSecTransformStatusFail;
- return(0);
- }
-
- transform->status = xmlSecTransformStatusOk;
- return(0);
-}
-
-static int
-xmlSecGnuTLSHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecGnuTLSHmacCtxPtr ctx;
- xmlSecBufferPtr in, out;
- xmlSecByte* dgst;
- xmlSecSize dgstSize;
- int ret;
-
- xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
- xmlSecAssert2(transformCtx != NULL, -1);
-
- ctx = xmlSecGnuTLSHmacGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->digestCtx != NULL, -1);
-
- in = &(transform->inBuf);
- out = &(transform->outBuf);
-
- if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
- }
-
- if(transform->status == xmlSecTransformStatusWorking) {
- xmlSecSize inSize;
-
- inSize = xmlSecBufferGetSize(in);
- if(inSize > 0) {
- gcry_md_write(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
- }
- if(last) {
- /* get the final digest */
- gcry_md_final(ctx->digestCtx);
- dgst = gcry_md_read(ctx->digestCtx, ctx->digest);
- if(dgst == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "gcry_md_read",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* copy it to our internal buffer */
- dgstSize = gcry_md_get_algo_dlen(ctx->digest);
- xmlSecAssert2(dgstSize > 0, -1);
- xmlSecAssert2(dgstSize <= sizeof(ctx->dgst), -1);
- memcpy(ctx->dgst, dgst, dgstSize);
-
- /* check/set the result digest size */
- if(ctx->dgstSize == 0) {
- ctx->dgstSize = dgstSize * 8; /* no dgst size specified, use all we have */
- } else if(ctx->dgstSize <= 8 * dgstSize) {
- dgstSize = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "result-bits=%d;required-bits=%d",
- 8 * dgstSize, ctx->dgstSize);
- return(-1);
- }
-
- if(transform->operation == xmlSecTransformOperationSign) {
- ret = xmlSecBufferAppend(out, ctx->dgst, dgstSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", dgstSize);
- return(-1);
- }
- }
- transform->status = xmlSecTransformStatusFinished;
- }
- } else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "size=%d", transform->status);
- return(-1);
- }
-
- return(0);
-}
-
-/**
- * HMAC SHA1
- */
-static xmlSecTransformKlass xmlSecGnuTLSHmacSha1Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSHmacSize, /* xmlSecSize objSize */
-
- xmlSecNameHmacSha1, /* const xmlChar* name; */
- xmlSecHrefHmacSha1, /* const xmlChar *href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecGnuTLSHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecGnuTLSHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecGnuTLSHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecGnuTLSHmacVerify, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSHmacExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-/**
- * xmlSecGnuTLSTransformHmacSha1GetKlass:
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecGnuTLSTransformHmacSha384GetKlass:
*
- * The HMAC-SHA1 transform klass.
+ * The HMAC-SHA384 transform klass.
*
- * Returns: the HMAC-SHA1 transform klass.
+ * Returns: the HMAC-SHA384 transform klass.
*/
-xmlSecTransformId
-xmlSecGnuTLSTransformHmacSha1GetKlass(void) {
- return(&xmlSecGnuTLSHmacSha1Klass);
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacSha384GetKlass(void) {
+ return (xmlSecGCryptTransformHmacSha384GetKlass());
}
+#endif /* XMLSEC_NO_SHA384 */
-/**
- * HMAC Ripemd160
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecGnuTLSTransformHmacSha512GetKlass:
+ *
+ * The HMAC-SHA512 transform klass.
+ *
+ * Returns: the HMAC-SHA512 transform klass.
*/
-static xmlSecTransformKlass xmlSecGnuTLSHmacRipemd160Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSHmacSize, /* xmlSecSize objSize */
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacSha512GetKlass(void) {
+ return (xmlSecGCryptTransformHmacSha512GetKlass());
+}
+#endif /* XMLSEC_NO_SHA512 */
- xmlSecNameHmacRipemd160, /* const xmlChar* name; */
- xmlSecHrefHmacRipemd160, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecGnuTLSHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecGnuTLSHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecGnuTLSHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecGnuTLSHmacVerify, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSHmacExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-/**
+#ifndef XMLSEC_NO_RIPEMD160
+/**
* xmlSecGnuTLSTransformHmacRipemd160GetKlass:
*
* The HMAC-RIPEMD160 transform klass.
*
* Returns: the HMAC-RIPEMD160 transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecGnuTLSTransformHmacRipemd160GetKlass(void) {
- return(&xmlSecGnuTLSHmacRipemd160Klass);
+ return (xmlSecGCryptTransformHmacRipemd160GetKlass());
}
+#endif /* XMLSEC_NO_RIPEMD160 */
-/**
- * HMAC Md5
- */
-static xmlSecTransformKlass xmlSecGnuTLSHmacMd5Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecGnuTLSHmacSize, /* xmlSecSize objSize */
-
- xmlSecNameHmacMd5, /* const xmlChar* name; */
- xmlSecHrefHmacMd5, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecGnuTLSHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecGnuTLSHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecGnuTLSHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecGnuTLSHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecGnuTLSHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecGnuTLSHmacVerify, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecGnuTLSHmacExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-/**
+#ifndef XMLSEC_NO_MD5
+/**
* xmlSecGnuTLSTransformHmacMd5GetKlass:
*
* The HMAC-MD5 transform klass.
*
* Returns: the HMAC-MD5 transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecGnuTLSTransformHmacMd5GetKlass(void) {
- return(&xmlSecGnuTLSHmacMd5Klass);
+ return (xmlSecGCryptTransformHmacMd5GetKlass());
}
+#endif /* XMLSEC_NO_MD5 */
#endif /* XMLSEC_NO_HMAC */
diff --git a/src/gnutls/kw_aes.c b/src/gnutls/kw_aes.c
new file mode 100644
index 00000000..63f8a6be
--- /dev/null
+++ b/src/gnutls/kw_aes.c
@@ -0,0 +1,72 @@
+/**
+ *
+ * XMLSec library
+ *
+ * AES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef XMLSEC_NO_AES
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+
+/**************************************************************************
+ *
+ * We use xmlsec-gcrypt for all the basic crypto ops
+ *
+ *****************************************************************************/
+#include <xmlsec/gcrypt/crypto.h>
+
+
+
+/**
+ * xmlSecGnuTLSTransformKWAes128GetKlass:
+ *
+ * The AES-128 kew wrapper transform klass.
+ *
+ * Returns: AES-128 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWAes128GetKlass(void) {
+ return(xmlSecGCryptTransformKWAes128GetKlass());
+}
+
+/**
+ * xmlSecGnuTLSTransformKWAes192GetKlass:
+ *
+ * The AES-192 kew wrapper transform klass.
+ *
+ * Returns: AES-192 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWAes192GetKlass(void) {
+ return(xmlSecGCryptTransformKWAes192GetKlass());
+}
+
+/**
+ * xmlSecGnuTLSTransformKWAes256GetKlass:
+ *
+ * The AES-256 kew wrapper transform klass.
+ *
+ * Returns: AES-256 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWAes256GetKlass(void) {
+ return(xmlSecGCryptTransformKWAes256GetKlass());
+}
+
+#endif /* XMLSEC_NO_AES */
diff --git a/src/gnutls/kw_des.c b/src/gnutls/kw_des.c
new file mode 100644
index 00000000..5d2a2e55
--- /dev/null
+++ b/src/gnutls/kw_des.c
@@ -0,0 +1,51 @@
+/**
+ *
+ * XMLSec library
+ *
+ * DES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef XMLSEC_NO_DES
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <gcrypt.h>
+
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+
+/**************************************************************************
+ *
+ * We use xmlsec-gcrypt for all the basic crypto ops
+ *
+ *****************************************************************************/
+#include <xmlsec/gcrypt/crypto.h>
+
+
+/**
+ * xmlSecGnuTLSTransformKWDes3GetKlass:
+ *
+ * The Triple DES key wrapper transform klass.
+ *
+ * Returns: Triple DES key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWDes3GetKlass(void) {
+ return(xmlSecGCryptTransformKWDes3GetKlass());
+}
+
+#endif /* XMLSEC_NO_DES */
+
diff --git a/src/gnutls/signatures.c b/src/gnutls/signatures.c
new file mode 100644
index 00000000..98d1f832
--- /dev/null
+++ b/src/gnutls/signatures.c
@@ -0,0 +1,148 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+
+/**************************************************************************
+ *
+ * We use xmlsec-gcrypt for all the basic crypto ops
+ *
+ *****************************************************************************/
+#include <xmlsec/gcrypt/crypto.h>
+#include <gcrypt.h>
+
+
+#ifndef XMLSEC_NO_DSA
+
+#ifndef XMLSEC_NO_SHA1
+
+/**
+ * xmlSecGnuTLSTransformDsaSha1GetKlass:
+ *
+ * The DSA-SHA1 signature transform klass.
+ *
+ * Returns: DSA-SHA1 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformDsaSha1GetKlass(void) {
+ return (xmlSecGCryptTransformDsaSha1GetKlass());
+}
+
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+
+/**
+ * xmlSecGnuTLSTransformRsaMd5GetKlass:
+ *
+ * The RSA-MD5 signature transform klass.
+ *
+ * Returns: RSA-MD5 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformRsaMd5GetKlass(void) {
+ return (xmlSecGCryptTransformRsaMd5GetKlass());
+}
+
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+
+/**
+ * xmlSecGnuTLSTransformRsaRipemd160GetKlass:
+ *
+ * The RSA-RIPEMD160 signature transform klass.
+ *
+ * Returns: RSA-RIPEMD160 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformRsaRipemd160GetKlass(void) {
+ return (xmlSecGCryptTransformRsaRipemd160GetKlass());
+}
+
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGnuTLSTransformRsaSha1GetKlass:
+ *
+ * The RSA-SHA1 signature transform klass.
+ *
+ * Returns: RSA-SHA1 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformRsaSha1GetKlass(void) {
+ return (xmlSecGCryptTransformRsaSha1GetKlass());
+}
+
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+
+/**
+ * xmlSecGnuTLSTransformRsaSha256GetKlass:
+ *
+ * The RSA-SHA256 signature transform klass.
+ *
+ * Returns: RSA-SHA256 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformRsaSha256GetKlass(void) {
+ return (xmlSecGCryptTransformRsaSha256GetKlass());
+}
+
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+
+/**
+ * xmlSecGnuTLSTransformRsaSha384GetKlass:
+ *
+ * The RSA-SHA384 signature transform klass.
+ *
+ * Returns: RSA-SHA384 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformRsaSha384GetKlass(void) {
+ return (xmlSecGCryptTransformRsaSha384GetKlass());
+}
+
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecGnuTLSTransformRsaSha512GetKlass:
+ *
+ * The RSA-SHA512 signature transform klass.
+ *
+ * Returns: RSA-SHA512 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformRsaSha512GetKlass(void) {
+ return (xmlSecGCryptTransformRsaSha512GetKlass());
+}
+
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+
+
diff --git a/src/gnutls/symkeys.c b/src/gnutls/symkeys.c
index 4a11d13a..b1521d62 100644
--- a/src/gnutls/symkeys.c
+++ b/src/gnutls/symkeys.c
@@ -1,12 +1,12 @@
-/**
+/**
*
* XMLSec library
- *
+ *
* DES Algorithm support
- *
+ *
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -24,236 +24,33 @@
#include <xmlsec/gnutls/crypto.h>
-/*****************************************************************************
- *
- * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
- *
- ****************************************************************************/
-static int xmlSecGnuTLSSymKeyDataInitialize (xmlSecKeyDataPtr data);
-static int xmlSecGnuTLSSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
- xmlSecKeyDataPtr src);
-static void xmlSecGnuTLSSymKeyDataFinalize (xmlSecKeyDataPtr data);
-static int xmlSecGnuTLSSymKeyDataXmlRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecGnuTLSSymKeyDataXmlWrite (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecGnuTLSSymKeyDataBinRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- const xmlSecByte* buf,
- xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecGnuTLSSymKeyDataBinWrite (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlSecByte** buf,
- xmlSecSize* bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecGnuTLSSymKeyDataGenerate (xmlSecKeyDataPtr data,
- xmlSecSize sizeBits,
- xmlSecKeyDataType type);
-
-static xmlSecKeyDataType xmlSecGnuTLSSymKeyDataGetType (xmlSecKeyDataPtr data);
-static xmlSecSize xmlSecGnuTLSSymKeyDataGetSize (xmlSecKeyDataPtr data);
-static void xmlSecGnuTLSSymKeyDataDebugDump (xmlSecKeyDataPtr data,
- FILE* output);
-static void xmlSecGnuTLSSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
- FILE* output);
-static int xmlSecGnuTLSSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
-
-#define xmlSecGnuTLSSymKeyDataCheckId(data) \
- (xmlSecKeyDataIsValid((data)) && \
- xmlSecGnuTLSSymKeyDataKlassCheck((data)->id))
-
-static int
-xmlSecGnuTLSSymKeyDataInitialize(xmlSecKeyDataPtr data) {
- xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(data), -1);
-
- return(xmlSecKeyDataBinaryValueInitialize(data));
-}
-
-static int
-xmlSecGnuTLSSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
- xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(dst), -1);
- xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(src), -1);
- xmlSecAssert2(dst->id == src->id, -1);
-
- return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
-}
-
-static void
-xmlSecGnuTLSSymKeyDataFinalize(xmlSecKeyDataPtr data) {
- xmlSecAssert(xmlSecGnuTLSSymKeyDataCheckId(data));
-
- xmlSecKeyDataBinaryValueFinalize(data);
-}
-
-static int
-xmlSecGnuTLSSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecAssert2(xmlSecGnuTLSSymKeyDataKlassCheck(id), -1);
-
- return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
-}
-
-static int
-xmlSecGnuTLSSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecAssert2(xmlSecGnuTLSSymKeyDataKlassCheck(id), -1);
-
- return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
-}
-
-static int
-xmlSecGnuTLSSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- const xmlSecByte* buf, xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecAssert2(xmlSecGnuTLSSymKeyDataKlassCheck(id), -1);
-
- return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
-}
-
-static int
-xmlSecGnuTLSSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlSecByte** buf, xmlSecSize* bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecAssert2(xmlSecGnuTLSSymKeyDataKlassCheck(id), -1);
-
- return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
-}
-
-static int
-xmlSecGnuTLSSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
- xmlSecBufferPtr buffer;
-
- xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(data), -1);
- xmlSecAssert2(sizeBits > 0, -1);
-
- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
- xmlSecAssert2(buffer != NULL, -1);
-
- return(xmlSecGnuTLSGenerateRandom(buffer, (sizeBits + 7) / 8));
-}
-
-static xmlSecKeyDataType
-xmlSecGnuTLSSymKeyDataGetType(xmlSecKeyDataPtr data) {
- xmlSecBufferPtr buffer;
-
- xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
-
- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
- xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
-
- return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
-}
-
-static xmlSecSize
-xmlSecGnuTLSSymKeyDataGetSize(xmlSecKeyDataPtr data) {
- xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(data), 0);
-
- return(xmlSecKeyDataBinaryValueGetSize(data));
-}
-
-static void
-xmlSecGnuTLSSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
- xmlSecAssert(xmlSecGnuTLSSymKeyDataCheckId(data));
-
- xmlSecKeyDataBinaryValueDebugDump(data, output);
-}
-
-static void
-xmlSecGnuTLSSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
- xmlSecAssert(xmlSecGnuTLSSymKeyDataCheckId(data));
-
- xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
-}
-
-static int
-xmlSecGnuTLSSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
-#ifndef XMLSEC_NO_DES
- if(klass == xmlSecGnuTLSKeyDataDesId) {
- return(1);
- }
-#endif /* XMLSEC_NO_DES */
-
-#ifndef XMLSEC_NO_AES
- if(klass == xmlSecGnuTLSKeyDataAesId) {
- return(1);
- }
-#endif /* XMLSEC_NO_AES */
-
-#ifndef XMLSEC_NO_HMAC
- if(klass == xmlSecGnuTLSKeyDataHmacId) {
- return(1);
- }
-#endif /* XMLSEC_NO_HMAC */
-
- return(0);
-}
-
-#ifndef XMLSEC_NO_AES
/**************************************************************************
*
- * <xmlsec:AESKeyValue> processing
+ * We use xmlsec-gcrypt for all the basic crypto ops
*
- *************************************************************************/
-static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataAesKlass = {
- sizeof(xmlSecKeyDataKlass),
- xmlSecKeyDataBinarySize,
-
- /* data */
- xmlSecNameAESKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefAESKeyValue, /* const xmlChar* href; */
- xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
- xmlSecNs, /* const xmlChar* dataNodeNs; */
-
- /* constructors/destructor */
- xmlSecGnuTLSSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecGnuTLSSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecGnuTLSSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- xmlSecGnuTLSSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
- /* get info */
- xmlSecGnuTLSSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
- xmlSecGnuTLSSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
-
- /* read/write */
- xmlSecGnuTLSSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecGnuTLSSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- xmlSecGnuTLSSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
- xmlSecGnuTLSSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ *****************************************************************************/
+#include <xmlsec/gcrypt/crypto.h>
- /* debug */
- xmlSecGnuTLSSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecGnuTLSSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
- /* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-/**
+#ifndef XMLSEC_NO_AES
+/**
* xmlSecGnuTLSKeyDataAesGetKlass:
- *
+ *
* The AES key data klass.
*
* Returns: AES key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecGnuTLSKeyDataAesGetKlass(void) {
- return(&xmlSecGnuTLSKeyDataAesKlass);
+ return (xmlSecGCryptKeyDataAesGetKlass());
}
/**
* xmlSecGnuTLSKeyDataAesSet:
- * @data: the pointer to AES key data.
- * @buf: the pointer to key value.
- * @bufSize: the key value size (in bytes).
+ * @data: the pointer to AES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
*
* Sets the value of AES key data.
*
@@ -261,80 +58,28 @@ xmlSecGnuTLSKeyDataAesGetKlass(void) {
*/
int
xmlSecGnuTLSKeyDataAesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
- xmlSecBufferPtr buffer;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataAesId), -1);
- xmlSecAssert2(buf != NULL, -1);
- xmlSecAssert2(bufSize > 0, -1);
-
- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
- xmlSecAssert2(buffer != NULL, -1);
-
- return(xmlSecBufferSetData(buffer, buf, bufSize));
+ return (xmlSecGCryptKeyDataAesSet(data, buf, bufSize));
}
#endif /* XMLSEC_NO_AES */
#ifndef XMLSEC_NO_DES
-/**************************************************************************
- *
- * <xmlsec:DESKeyValue> processing
- *
- *************************************************************************/
-static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataDesKlass = {
- sizeof(xmlSecKeyDataKlass),
- xmlSecKeyDataBinarySize,
-
- /* data */
- xmlSecNameDESKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefDESKeyValue, /* const xmlChar* href; */
- xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
- xmlSecNs, /* const xmlChar* dataNodeNs; */
-
- /* constructors/destructor */
- xmlSecGnuTLSSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecGnuTLSSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecGnuTLSSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- xmlSecGnuTLSSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
- /* get info */
- xmlSecGnuTLSSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
- xmlSecGnuTLSSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
-
- /* read/write */
- xmlSecGnuTLSSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecGnuTLSSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- xmlSecGnuTLSSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
- xmlSecGnuTLSSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
-
- /* debug */
- xmlSecGnuTLSSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecGnuTLSSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
-
- /* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-/**
+/**
* xmlSecGnuTLSKeyDataDesGetKlass:
- *
+ *
* The DES key data klass.
*
* Returns: DES key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecGnuTLSKeyDataDesGetKlass(void) {
- return(&xmlSecGnuTLSKeyDataDesKlass);
+ return (xmlSecGCryptKeyDataDesGetKlass());
}
/**
* xmlSecGnuTLSKeyDataDesSet:
- * @data: the pointer to DES key data.
- * @buf: the pointer to key value.
- * @bufSize: the key value size (in bytes).
+ * @data: the pointer to DES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
*
* Sets the value of DES key data.
*
@@ -342,81 +87,30 @@ xmlSecGnuTLSKeyDataDesGetKlass(void) {
*/
int
xmlSecGnuTLSKeyDataDesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
- xmlSecBufferPtr buffer;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDesId), -1);
- xmlSecAssert2(buf != NULL, -1);
- xmlSecAssert2(bufSize > 0, -1);
-
- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
- xmlSecAssert2(buffer != NULL, -1);
-
- return(xmlSecBufferSetData(buffer, buf, bufSize));
+ return (xmlSecGCryptKeyDataDesSet(data, buf, bufSize));
}
#endif /* XMLSEC_NO_DES */
#ifndef XMLSEC_NO_HMAC
-/**************************************************************************
- *
- * <xmlsec:HMACKeyValue> processing
- *
- *************************************************************************/
-static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataHmacKlass = {
- sizeof(xmlSecKeyDataKlass),
- xmlSecKeyDataBinarySize,
-
- /* data */
- xmlSecNameHMACKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
- xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
- xmlSecNs, /* const xmlChar* dataNodeNs; */
-
- /* constructors/destructor */
- xmlSecGnuTLSSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecGnuTLSSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecGnuTLSSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- xmlSecGnuTLSSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
- /* get info */
- xmlSecGnuTLSSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
- xmlSecGnuTLSSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
-
- /* read/write */
- xmlSecGnuTLSSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecGnuTLSSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- xmlSecGnuTLSSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
- xmlSecGnuTLSSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
- /* debug */
- xmlSecGnuTLSSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecGnuTLSSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
-
- /* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-/**
+/**
* xmlSecGnuTLSKeyDataHmacGetKlass:
- *
+ *
* The HMAC key data klass.
*
* Returns: HMAC key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecGnuTLSKeyDataHmacGetKlass(void) {
- return(&xmlSecGnuTLSKeyDataHmacKlass);
+ return (xmlSecGCryptKeyDataHmacGetKlass());
}
/**
* xmlSecGnuTLSKeyDataHmacSet:
- * @data: the pointer to HMAC key data.
- * @buf: the pointer to key value.
- * @bufSize: the key value size (in bytes).
+ * @data: the pointer to HMAC key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
*
* Sets the value of HMAC key data.
*
@@ -424,16 +118,7 @@ xmlSecGnuTLSKeyDataHmacGetKlass(void) {
*/
int
xmlSecGnuTLSKeyDataHmacSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
- xmlSecBufferPtr buffer;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataHmacId), -1);
- xmlSecAssert2(buf != NULL, -1);
- xmlSecAssert2(bufSize > 0, -1);
-
- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
- xmlSecAssert2(buffer != NULL, -1);
-
- return(xmlSecBufferSetData(buffer, buf, bufSize));
+ return (xmlSecGCryptKeyDataHmacSet(data, buf, bufSize));
}
#endif /* XMLSEC_NO_HMAC */
diff --git a/src/gnutls/x509.c b/src/gnutls/x509.c
new file mode 100644
index 00000000..52d46ab4
--- /dev/null
+++ b/src/gnutls/x509.c
@@ -0,0 +1,1960 @@
+/**
+ * XMLSec library
+ *
+ * X509 support
+ *
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#ifndef XMLSEC_NO_X509
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <time.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/x509.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/private.h>
+
+#include <xmlsec/gnutls/crypto.h>
+#include <xmlsec/gnutls/x509.h>
+
+#include "x509utils.h"
+
+/*************************************************************************
+ *
+ * X509 utility functions
+ *
+ ************************************************************************/
+static int xmlSecGnuTLSX509DataNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509CertificateNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509CertificateNodeWrite (gnutls_x509_crt_t cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509SubjectNameNodeWrite (gnutls_x509_crt_t cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509IssuerSerialNodeWrite (gnutls_x509_crt_t cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509SKINodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509SKINodeWrite (gnutls_x509_crt_t cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509CRLNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509CRLNodeWrite (gnutls_x509_crl_t crl,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
+ xmlSecKeyPtr key,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+/*************************************************************************
+ *
+ * Internal GnuTLS X509 data CTX
+ *
+ ************************************************************************/
+typedef struct _xmlSecGnuTLSX509DataCtx xmlSecGnuTLSX509DataCtx,
+ *xmlSecGnuTLSX509DataCtxPtr;
+struct _xmlSecGnuTLSX509DataCtx {
+ gnutls_x509_crt_t keyCert;
+ xmlSecPtrList certsList;
+ xmlSecPtrList crlsList;
+};
+
+
+/**************************************************************************
+ *
+ * <dsig:X509Data> processing
+ *
+ *
+ * The X509Data Element (http://www.w3.org/TR/xmldsig-core/#sec-X509Data)
+ *
+ * An X509Data element within KeyInfo contains one or more identifiers of keys
+ * or X509 certificates (or certificates' identifiers or a revocation list).
+ * The content of X509Data is:
+ *
+ * 1. At least one element, from the following set of element types; any of these may appear together or more than once iff (if and only if) each instance describes or is related to the same certificate:
+ * 2.
+ * * The X509IssuerSerial element, which contains an X.509 issuer
+ * distinguished name/serial number pair that SHOULD be compliant
+ * with RFC2253 [LDAP-DN],
+ * * The X509SubjectName element, which contains an X.509 subject
+ * distinguished name that SHOULD be compliant with RFC2253 [LDAP-DN],
+ * * The X509SKI element, which contains the base64 encoded plain (i.e.
+ * non-DER-encoded) value of a X509 V.3 SubjectKeyIdentifier extension.
+ * * The X509Certificate element, which contains a base64-encoded [X509v3]
+ * certificate, and
+ * * Elements from an external namespace which accompanies/complements any
+ * of the elements above.
+ * * The X509CRL element, which contains a base64-encoded certificate
+ * revocation list (CRL) [X509v3].
+ *
+ * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear
+ * MUST refer to the certificate or certificates containing the validation key.
+ * All such elements that refer to a particular individual certificate MUST be
+ * grouped inside a single X509Data element and if the certificate to which
+ * they refer appears, it MUST also be in that X509Data element.
+ *
+ * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that relate to
+ * the same key but different certificates MUST be grouped within a single
+ * KeyInfo but MAY occur in multiple X509Data elements.
+ *
+ * All certificates appearing in an X509Data element MUST relate to the
+ * validation key by either containing it or being part of a certification
+ * chain that terminates in a certificate containing the validation key.
+ *
+ * No ordering is implied by the above constraints.
+ *
+ * Note, there is no direct provision for a PKCS#7 encoded "bag" of
+ * certificates or CRLs. However, a set of certificates and CRLs can occur
+ * within an X509Data element and multiple X509Data elements can occur in a
+ * KeyInfo. Whenever multiple certificates occur in an X509Data element, at
+ * least one such certificate must contain the public key which verifies the
+ * signature.
+ *
+ * Schema Definition
+ *
+ * <element name="X509Data" type="ds:X509DataType"/>
+ * <complexType name="X509DataType">
+ * <sequence maxOccurs="unbounded">
+ * <choice>
+ * <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
+ * <element name="X509SKI" type="base64Binary"/>
+ * <element name="X509SubjectName" type="string"/>
+ * <element name="X509Certificate" type="base64Binary"/>
+ * <element name="X509CRL" type="base64Binary"/>
+ * <any namespace="##other" processContents="lax"/>
+ * </choice>
+ * </sequence>
+ * </complexType>
+ * <complexType name="X509IssuerSerialType">
+ * <sequence>
+ * <element name="X509IssuerName" type="string"/>
+ * <element name="X509SerialNumber" type="integer"/>
+ * </sequence>
+ * </complexType>
+ *
+ * DTD
+ *
+ * <!ELEMENT X509Data ((X509IssuerSerial | X509SKI | X509SubjectName |
+ * X509Certificate | X509CRL)+ %X509.ANY;)>
+ * <!ELEMENT X509IssuerSerial (X509IssuerName, X509SerialNumber) >
+ * <!ELEMENT X509IssuerName (#PCDATA) >
+ * <!ELEMENT X509SubjectName (#PCDATA) >
+ * <!ELEMENT X509SerialNumber (#PCDATA) >
+ * <!ELEMENT X509SKI (#PCDATA) >
+ * <!ELEMENT X509Certificate (#PCDATA) >
+ * <!ELEMENT X509CRL (#PCDATA) >
+ *
+ * -----------------------------------------------------------------------
+ *
+ * xmlSecGnuTLSX509DataCtx is located after xmlSecTransform
+ *
+ *************************************************************************/
+#define xmlSecGnuTLSX509DataSize \
+ (sizeof(xmlSecKeyData) + sizeof(xmlSecGnuTLSX509DataCtx))
+#define xmlSecGnuTLSX509DataGetCtx(data) \
+ ((xmlSecGnuTLSX509DataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData)))
+
+static int xmlSecGnuTLSKeyDataX509Initialize (xmlSecKeyDataPtr data);
+static int xmlSecGnuTLSKeyDataX509Duplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecGnuTLSKeyDataX509Finalize (xmlSecKeyDataPtr data);
+static int xmlSecGnuTLSKeyDataX509XmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSKeyDataX509XmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static xmlSecKeyDataType xmlSecGnuTLSKeyDataX509GetType (xmlSecKeyDataPtr data);
+static const xmlChar* xmlSecGnuTLSKeyDataX509GetIdentifier (xmlSecKeyDataPtr data);
+
+static void xmlSecGnuTLSKeyDataX509DebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecGnuTLSKeyDataX509DebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+
+
+
+static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataX509Klass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecGnuTLSX509DataSize,
+
+ /* data */
+ xmlSecNameX509Data,
+ xmlSecKeyDataUsageKeyInfoNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefX509Data, /* const xmlChar* href; */
+ xmlSecNodeX509Data, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecGnuTLSKeyDataX509Initialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecGnuTLSKeyDataX509Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecGnuTLSKeyDataX509Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecGnuTLSKeyDataX509GetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ xmlSecGnuTLSKeyDataX509GetIdentifier, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecGnuTLSKeyDataX509XmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecGnuTLSKeyDataX509XmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecGnuTLSKeyDataX509DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecGnuTLSKeyDataX509DebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSKeyDataX509GetKlass:
+ *
+ * The GnuTLS X509 key data klass (http://www.w3.org/TR/xmldsig-core/#sec-X509Data).
+ *
+ * Returns: the X509 data klass.
+ */
+xmlSecKeyDataId
+xmlSecGnuTLSKeyDataX509GetKlass(void) {
+ return(&xmlSecGnuTLSKeyDataX509Klass);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataX509GetKeyCert:
+ * @data: the pointer to X509 key data.
+ *
+ * Gets the certificate from which the key was extracted.
+ *
+ * Returns: the key's certificate or NULL if key data was not used for key
+ * extraction or an error occurs.
+ */
+gnutls_x509_crt_t
+xmlSecGnuTLSKeyDataX509GetKeyCert(xmlSecKeyDataPtr data) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), NULL);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ return(ctx->keyCert);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataX509AdoptKeyCert:
+ * @data: the pointer to X509 key data.
+ * @cert: the pointer to GnuTLS X509 certificate.
+ *
+ * Sets the key's certificate in @data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGnuTLSKeyDataX509AdoptKeyCert(xmlSecKeyDataPtr data, gnutls_x509_crt_t cert) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(cert != NULL, -1);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(ctx->keyCert != NULL) {
+ gnutls_x509_crt_deinit(ctx->keyCert);
+ }
+ ctx->keyCert = cert;
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataX509AdoptCert:
+ * @data: the pointer to X509 key data.
+ * @cert: the pointer to GnuTLS X509 certificate.
+ *
+ * Adds certificate to the X509 key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGnuTLSKeyDataX509AdoptCert(xmlSecKeyDataPtr data, gnutls_x509_crt_t cert) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(cert != NULL, -1);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ ret = xmlSecPtrListAdd(&(ctx->certsList), cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataX509GetCert:
+ * @data: the pointer to X509 key data.
+ * @pos: the desired certificate position.
+ *
+ * Gets a certificate from X509 key data.
+ *
+ * Returns: the pointer to certificate or NULL if @pos is larger than the
+ * number of certificates in @data or an error occurs.
+ */
+gnutls_x509_crt_t
+xmlSecGnuTLSKeyDataX509GetCert(xmlSecKeyDataPtr data, xmlSecSize pos) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), NULL);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ return(xmlSecPtrListGetItem(&(ctx->certsList), pos));
+}
+
+/**
+ * xmlSecGnuTLSKeyDataX509GetCertsSize:
+ * @data: the pointer to X509 key data.
+ *
+ * Gets the number of certificates in @data.
+ *
+ * Returns: te number of certificates in @data.
+ */
+xmlSecSize
+xmlSecGnuTLSKeyDataX509GetCertsSize(xmlSecKeyDataPtr data) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), 0);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ return(xmlSecPtrListGetSize(&(ctx->certsList)));
+}
+
+/**
+ * xmlSecGnuTLSKeyDataX509AdoptCrl:
+ * @data: the pointer to X509 key data.
+ * @crl: the pointer to GnuTLS X509 crl.
+ *
+ * Adds crl to the X509 key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGnuTLSKeyDataX509AdoptCrl(xmlSecKeyDataPtr data, gnutls_x509_crl_t crl) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(crl != NULL, -1);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ ret = xmlSecPtrListAdd(&(ctx->crlsList), crl);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataX509GetCrl:
+ * @data: the pointer to X509 key data.
+ * @pos: the desired crl position.
+ *
+ * Gets a crl from X509 key data.
+ *
+ * Returns: the pointer to crl or NULL if @pos is larger than the
+ * number of crls in @data or an error occurs.
+ */
+gnutls_x509_crl_t
+xmlSecGnuTLSKeyDataX509GetCrl(xmlSecKeyDataPtr data, xmlSecSize pos) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), NULL);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ return(xmlSecPtrListGetItem(&(ctx->crlsList), pos));
+}
+
+/**
+ * xmlSecGnuTLSKeyDataX509GetCrlsSize:
+ * @data: the pointer to X509 key data.
+ *
+ * Gets the number of crls in @data.
+ *
+ * Returns: te number of crls in @data.
+ */
+xmlSecSize
+xmlSecGnuTLSKeyDataX509GetCrlsSize(xmlSecKeyDataPtr data) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), 0);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ return(xmlSecPtrListGetSize(&(ctx->crlsList)));
+}
+
+
+static int
+xmlSecGnuTLSKeyDataX509Initialize(xmlSecKeyDataPtr data) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecGnuTLSX509DataCtx));
+
+ ret = xmlSecPtrListInitialize(&(ctx->certsList), xmlSecGnuTLSX509CrtListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "certsList");
+ return(-1);
+ }
+
+ ret = xmlSecPtrListInitialize(&(ctx->crlsList), xmlSecGnuTLSX509CrlListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "crlsList");
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecGnuTLSKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecGnuTLSX509DataCtxPtr ctxSrc;
+ xmlSecGnuTLSX509DataCtxPtr ctxDst;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecGnuTLSKeyDataX509Id), -1);
+
+ ctxSrc = xmlSecGnuTLSX509DataGetCtx(src);
+ xmlSecAssert2(ctxSrc != NULL, 0);
+ ctxDst = xmlSecGnuTLSX509DataGetCtx(dst);
+ xmlSecAssert2(ctxDst != NULL, 0);
+
+ /* copy key cert if exist */
+ if(ctxDst->keyCert != NULL) {
+ gnutls_x509_crt_deinit(ctxDst->keyCert);
+ ctxDst->keyCert = NULL;
+ }
+ if(ctxSrc->keyCert != NULL) {
+ ctxDst->keyCert = xmlSecGnuTLSX509CertDup(ctxSrc->keyCert);
+ if(ctxDst->keyCert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
+ "xmlSecGnuTLSX509CertDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ /* copy certsList if exists */
+ xmlSecPtrListEmpty(&(ctxDst->certsList));
+ ret = xmlSecPtrListCopy(&(ctxDst->certsList), &(ctxSrc->certsList));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
+ "xmlSecPtrListCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "certsList");
+ return(-1);
+ }
+
+ /* copy crlsList if exists */
+ xmlSecPtrListEmpty(&(ctxDst->crlsList));
+ ret = xmlSecPtrListCopy(&(ctxDst->crlsList), &(ctxSrc->crlsList));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
+ "xmlSecPtrListCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "crlsList");
+ return(-1);
+ }
+ /* done */
+ return(0);
+}
+
+static void
+xmlSecGnuTLSKeyDataX509Finalize(xmlSecKeyDataPtr data) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id));
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecPtrListFinalize(&(ctx->crlsList));
+ xmlSecPtrListFinalize(&(ctx->certsList));
+ if(ctx->keyCert != NULL) {
+ gnutls_x509_crt_deinit(ctx->keyCert);
+ }
+ memset(ctx, 0, sizeof(xmlSecGnuTLSX509DataCtx));
+}
+
+static int
+xmlSecGnuTLSKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecGnuTLSKeyDataX509Id, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ data = xmlSecKeyEnsureData(key, id);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSX509DataNodeRead(data, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSX509DataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) {
+ ret = xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSKeyDataX509VerifyAndExtractKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+static int
+xmlSecGnuTLSKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
+ gnutls_x509_crt_t cert;
+ gnutls_x509_crl_t crl;
+ xmlSecSize size, pos;
+ int content;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecGnuTLSKeyDataX509Id, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx);
+ if (content < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecX509DataGetNodeContent",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "content=%d", content);
+ return(-1);
+ } else if(content == 0) {
+ /* by default we are writing certificates and crls */
+ content = XMLSEC_X509DATA_DEFAULT;
+ }
+
+ /* get x509 data */
+ data = xmlSecKeyGetData(key, id);
+ if(data == NULL) {
+ /* no x509 data in the key */
+ return(0);
+ }
+
+ /* write certs */
+ size = xmlSecGnuTLSKeyDataX509GetCertsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ cert = xmlSecGnuTLSKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
+ ret = xmlSecGnuTLSX509CertificateNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSX509CertificateNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
+ ret = xmlSecGnuTLSX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSX509SubjectNameNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
+ ret = xmlSecGnuTLSX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSX509IssuerSerialNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
+ ret = xmlSecGnuTLSX509SKINodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSX509SKINodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+ }
+
+ /* write crls if needed */
+ if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
+ size = xmlSecGnuTLSKeyDataX509GetCrlsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ crl = xmlSecGnuTLSKeyDataX509GetCrl(data, pos);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSKeyDataX509GetCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSX509CRLNodeWrite(crl, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSX509CRLNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+ }
+
+ /* done */
+ return(0);
+}
+
+
+static xmlSecKeyDataType
+xmlSecGnuTLSKeyDataX509GetType(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), xmlSecKeyDataTypeUnknown);
+
+ /* TODO: return verified/not verified status */
+ return(xmlSecKeyDataTypeUnknown);
+}
+
+static const xmlChar*
+xmlSecGnuTLSKeyDataX509GetIdentifier(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), NULL);
+
+ /* TODO */
+ return(NULL);
+}
+
+static void
+xmlSecGnuTLSKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecSize size, pos;
+
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== X509 Data:\n");
+
+ /* key cert */
+ {
+ gnutls_x509_crt_t cert;
+
+ cert = xmlSecGnuTLSKeyDataX509GetKeyCert(data);
+ if(cert != NULL) {
+ fprintf(output, "==== Key Certificate:\n");
+ xmlSecGnuTLSX509CertDebugDump(cert, output);
+ }
+ }
+
+ /* other certs */
+ size = xmlSecGnuTLSKeyDataX509GetCertsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ gnutls_x509_crt_t cert;
+
+ cert = xmlSecGnuTLSKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "==== Certificate:\n");
+ xmlSecGnuTLSX509CertDebugDump(cert, output);
+ }
+
+ /* crls */
+ size = xmlSecGnuTLSKeyDataX509GetCrlsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ gnutls_x509_crl_t crl;
+
+ crl = xmlSecGnuTLSKeyDataX509GetCrl(data, pos);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataX509GetCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "==== Crl:\n");
+ xmlSecGnuTLSX509CrlDebugDump(crl, output);
+ }
+}
+
+static void
+xmlSecGnuTLSKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecSize size, pos;
+
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<X509Data>\n");
+
+ /* key cert */
+ {
+ gnutls_x509_crt_t cert;
+
+ cert = xmlSecGnuTLSKeyDataX509GetKeyCert(data);
+ if(cert != NULL) {
+ fprintf(output, "<KeyCertificate>\n");
+ xmlSecGnuTLSX509CertDebugXmlDump(cert, output);
+ fprintf(output, "</KeyCertificate>\n");
+ }
+ }
+
+ /* other certs */
+ size = xmlSecGnuTLSKeyDataX509GetCertsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ gnutls_x509_crt_t cert;
+
+ cert = xmlSecGnuTLSKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "<Certificate>\n");
+ xmlSecGnuTLSX509CertDebugXmlDump(cert, output);
+ fprintf(output, "</Certificate>\n");
+ }
+
+ /* other crls */
+ size = xmlSecGnuTLSKeyDataX509GetCrlsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ gnutls_x509_crl_t crl;
+
+ crl = xmlSecGnuTLSKeyDataX509GetCrl(data, pos);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataX509GetCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "<CRL>\n");
+ xmlSecGnuTLSX509CrlDebugXmlDump(crl, output);
+ fprintf(output, "</CRL>\n");
+ }
+
+ /* we don't print out crls */
+ fprintf(output, "</X509Data>\n");
+}
+
+static int
+xmlSecGnuTLSX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ for(cur = xmlSecGetNextElementNode(node->children);
+ cur != NULL;
+ cur = xmlSecGetNextElementNode(cur->next)) {
+
+ ret = 0;
+ if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) {
+ ret = xmlSecGnuTLSX509CertificateNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
+ ret = xmlSecGnuTLSX509SubjectNameNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
+ ret = xmlSecGnuTLSX509IssuerSerialNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
+ ret = xmlSecGnuTLSX509SKINodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
+ ret = xmlSecGnuTLSX509CRLNodeRead(data, cur, keyInfoCtx);
+ } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) {
+ /* laxi schema validation: ignore unknown nodes */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "read node failed");
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+static int
+xmlSecGnuTLSX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar *content;
+ gnutls_x509_crt_t cert;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlNodeGetContent(node);
+ if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
+ if(content != NULL) {
+ xmlFree(content);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+ }
+
+ cert = xmlSecGnuTLSX509CertBase64DerRead(content);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSX509CertBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_x509_crt_deinit(cert);
+ xmlFree(content);
+ return(-1);
+ }
+
+ xmlFree(content);
+ return(0);
+}
+
+static int
+xmlSecGnuTLSX509CertificateNodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar* buf;
+ xmlNodePtr cur;
+
+ xmlSecAssert2(cert != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ /* set base64 lines size from context */
+ buf = xmlSecGnuTLSX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
+ xmlFree(buf);
+ return(-1);
+ }
+
+ /* todo: add \n around base64 data - from context */
+ /* todo: add errors check */
+ xmlNodeSetContent(cur, xmlSecStringCR);
+ xmlNodeSetContent(cur, buf);
+ xmlFree(buf);
+ return(0);
+}
+
+
+
+#define XMLSEC_GNUTLS_IS_SPACE(ch) \
+ (((ch) == ' ') || ((ch) == '\r') || ((ch) == '\n'))
+
+static void
+xmlSecGnuTLSX509Trim(xmlChar * str) {
+ xmlChar * p, * q;
+
+ xmlSecAssert(str != NULL);
+
+ /* skip spaces from the beggining */
+ p = str;
+ while(XMLSEC_GNUTLS_IS_SPACE(*p) && ((*p) != '\0')) ++p;
+ if(p != str) {
+ for(q = str; ; ++q, ++p) {
+ (*q) = (*p);
+ if((*p) == '\0') {
+ break;
+ }
+ }
+ }
+
+ /* skip spaces from the end */
+ for(p = str; (*p) != '\0'; ++p);
+ while((p > str) && (XMLSEC_GNUTLS_IS_SPACE(*(p - 1)))) *(--p) = '\0';
+}
+
+static int
+xmlSecGnuTLSX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+ xmlChar* subject;
+ gnutls_x509_crt_t cert;
+ gnutls_x509_crt_t cert2;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecGnuTLSX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ subject = xmlNodeGetContent(node);
+ if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) {
+ if(subject != NULL) {
+ xmlFree(subject);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+ }
+
+ xmlSecGnuTLSX509Trim(subject);
+ cert = xmlSecGnuTLSX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
+ if(cert == NULL){
+
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "subject=%s",
+ xmlSecErrorsSafeString(subject));
+ xmlFree(subject);
+ return(-1);
+ }
+
+ xmlFree(subject);
+ return(0);
+ }
+
+ cert2 = xmlSecGnuTLSX509CertDup(cert);
+ if(cert2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSX509CertDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ xmlFree(subject);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert2);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_x509_crt_deinit(cert2);
+ xmlFree(subject);
+ return(-1);
+ }
+
+ xmlFree(subject);
+ return(0);
+}
+
+static int
+xmlSecGnuTLSX509SubjectNameNodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+ xmlChar* buf = NULL;
+ xmlNodePtr cur = NULL;
+
+ xmlSecAssert2(cert != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* add node */
+ cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
+ return(-1);
+ }
+
+ /* get subject */
+ buf = xmlSecGnuTLSX509CertGetSubjectDN(cert);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetSubjectDN",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* set value */
+ xmlSecNodeEncodeAndSetContent(cur, buf);
+
+ /* done */
+ xmlFree(buf);
+ return(0);
+}
+
+static int
+xmlSecGnuTLSX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+ xmlNodePtr cur;
+ xmlChar *issuerName;
+ xmlChar *issuerSerial;
+ gnutls_x509_crt_t cert;
+ gnutls_x509_crt_t cert2;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecGnuTLSX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(node->children);
+ if(cur == NULL) {
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ return(0);
+ }
+
+ /* the first is required node X509IssuerName */
+ if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ issuerName = xmlNodeGetContent(cur);
+ if(issuerName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is required node X509SerialNumber */
+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+ xmlFree(issuerName);
+ return(-1);
+ }
+ issuerSerial = xmlNodeGetContent(cur);
+ if(issuerSerial == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ xmlFree(issuerName);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+
+ xmlSecGnuTLSX509Trim(issuerName);
+ xmlSecGnuTLSX509Trim(issuerSerial);
+ cert = xmlSecGnuTLSX509StoreFindCert(x509Store, NULL, issuerName, issuerSerial, NULL, keyInfoCtx);
+ if(cert == NULL){
+
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "issuerName=%s;issuerSerial=%s",
+ xmlSecErrorsSafeString(issuerName),
+ xmlSecErrorsSafeString(issuerSerial));
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(0);
+ }
+
+ cert2 = xmlSecGnuTLSX509CertDup(cert);
+ if(cert2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSX509CertDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert2);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_x509_crt_deinit(cert2);
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(0);
+}
+
+static int
+xmlSecGnuTLSX509IssuerSerialNodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+ xmlNodePtr cur;
+ xmlNodePtr issuerNameNode;
+ xmlNodePtr issuerNumberNode;
+ xmlChar* buf;
+
+ xmlSecAssert2(cert != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* create xml nodes */
+ cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
+ return(-1);
+ }
+
+ issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
+ if(issuerNameNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+ return(-1);
+ }
+
+ issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
+ if(issuerNumberNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+ return(-1);
+ }
+
+ /* write data */
+ buf = xmlSecGnuTLSX509CertGetIssuerDN(cert);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetIssuerDN",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecNodeEncodeAndSetContent(issuerNameNode, buf);
+ xmlFree(buf);
+
+ buf = xmlSecGnuTLSX509CertGetIssuerSerial(cert);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetIssuerSerial",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecNodeEncodeAndSetContent(issuerNumberNode, buf);
+ xmlFree(buf);
+
+ return(0);
+}
+
+
+static int
+xmlSecGnuTLSX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+ xmlChar* ski;
+ gnutls_x509_crt_t cert;
+ gnutls_x509_crt_t cert2;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecGnuTLSX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ski = xmlNodeGetContent(node);
+ if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) {
+ if(ski != NULL) {
+ xmlFree(ski);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ return(-1);
+ }
+ return(0);
+ }
+
+ xmlSecGnuTLSX509Trim(ski);
+ cert = xmlSecGnuTLSX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
+ if(cert == NULL){
+ xmlFree(ski);
+
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "ski=%s",
+ xmlSecErrorsSafeString(ski));
+ return(-1);
+ }
+ return(0);
+ }
+
+ cert2 = xmlSecGnuTLSX509CertDup(cert);
+ if(cert2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSX509CertDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(ski);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert2);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_x509_crt_deinit(cert2);
+ xmlFree(ski);
+ return(-1);
+ }
+
+ xmlFree(ski);
+ return(0);
+}
+
+static int
+xmlSecGnuTLSX509SKINodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+ xmlChar *buf = NULL;
+ xmlNodePtr cur = NULL;
+
+ xmlSecAssert2(cert != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* add node */
+ cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "new_node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ return(-1);
+ }
+
+ /* write value */
+ buf = xmlSecGnuTLSX509CertGetSKI(cert);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetSKI",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ xmlSecNodeEncodeAndSetContent(cur, buf);
+ xmlFree(buf);
+
+ return(0);
+}
+
+static int
+xmlSecGnuTLSX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar *content;
+ gnutls_x509_crl_t crl;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlNodeGetContent(node);
+ if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
+ if(content != NULL) {
+ xmlFree(content);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+ }
+
+ crl = xmlSecGnuTLSX509CrlBase64DerRead(content);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSX509CrlBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSKeyDataX509AdoptCrl(data, crl);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataX509AdoptCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_x509_crl_deinit(crl);
+ xmlFree(content);
+ return(-1);
+ }
+
+ xmlFree(content);
+ return(0);
+}
+
+static int
+xmlSecGnuTLSX509CRLNodeWrite(gnutls_x509_crl_t crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar* buf = NULL;
+ xmlNodePtr cur = NULL;
+
+ xmlSecAssert2(crl != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ /* set base64 lines size from context */
+ buf = xmlSecGnuTLSX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CrlBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "new_node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509CRL));
+ xmlFree(buf);
+ return(-1);
+ }
+ /* todo: add \n around base64 data - from context */
+ /* todo: add errors check */
+ xmlNodeSetContent(cur, xmlSecStringCR);
+ xmlNodeSetContent(cur, buf);
+ xmlFree(buf);
+
+ return(0);
+}
+
+
+static int
+xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+ xmlSecKeyDataStorePtr x509Store;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecGnuTLSX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((ctx->keyCert == NULL) && (xmlSecPtrListGetSize(&(ctx->certsList)) > 0) && (xmlSecKeyGetValue(key) == NULL)) {
+ gnutls_x509_crt_t cert;
+
+ cert = xmlSecGnuTLSX509StoreVerify(x509Store, &(ctx->certsList), &(ctx->crlsList), keyInfoCtx);
+ if(cert != NULL) {
+ xmlSecKeyDataPtr keyValue;
+
+ ctx->keyCert = xmlSecGnuTLSX509CertDup(cert);
+ if(ctx->keyCert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSX509CertDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ keyValue = xmlSecGnuTLSX509CertGetKey(ctx->keyCert);
+ if(keyValue == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSX509CertGetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* verify that the key matches our expectations */
+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeyReqMatchKeyValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyValue);
+ return(-1);
+ }
+
+ ret = xmlSecKeySetValue(key, keyValue);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyValue);
+ return(-1);
+ }
+
+ /* get expiration time */
+ key->notValidBefore = gnutls_x509_crt_get_activation_time(ctx->keyCert);
+ if(key->notValidBefore == (time_t)-1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "gnutls_x509_crt_get_activation_time",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ key->notValidAfter = gnutls_x509_crt_get_expiration_time(ctx->keyCert);
+ if(key->notValidAfter == (time_t)-1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "gnutls_x509_crt_get_expiration_time",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSX509CertGetKey:
+ * @cert: the certificate.
+ *
+ * Extracts public key from the @cert.
+ *
+ * Returns: public key value or NULL if an error occurs.
+ */
+xmlSecKeyDataPtr
+xmlSecGnuTLSX509CertGetKey(gnutls_x509_crt_t cert) {
+ xmlSecKeyDataPtr data;
+ int alg;
+ unsigned int bits;
+ int err;
+ int ret;
+
+ xmlSecAssert2(cert != NULL, NULL);
+
+ alg = gnutls_x509_crt_get_pk_algorithm(cert, &bits);
+ if(alg < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_pk_algorithm",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(alg));
+ return(NULL);
+ }
+
+ switch(alg) {
+#ifndef XMLSEC_NO_RSA
+ case GNUTLS_PK_RSA:
+ {
+ gnutls_datum_t m, e;
+
+ data = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataRsaId);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGnuTLSKeyDataRsaId");
+ return(NULL);
+ }
+
+ err = gnutls_x509_crt_get_pk_rsa_raw(cert, &m, &e);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_pk_rsa_raw",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ ret = xmlSecGnuTLSKeyDataRsaAdoptPublicKey(data, &m, &e);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKeyDataRsaAdoptPublicKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_free(m.data);
+ gnutls_free(e.data);
+ return(NULL);
+ }
+ /* m and e are owned by data now */
+ }
+ break;
+#endif /* XMLSEC_NO_RSA */
+
+#ifndef XMLSEC_NO_DSA
+ case GNUTLS_PK_DSA:
+ {
+ gnutls_datum_t p, q, g, y;
+
+ data = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataDsaId);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGnuTLSKeyDataDsaId");
+ return(NULL);
+ }
+
+ err = gnutls_x509_crt_get_pk_dsa_raw(cert, &p, &q, &g, &y);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_pk_dsa_raw",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ ret = xmlSecGnuTLSKeyDataDsaAdoptPublicKey(data, &p, &q, &g, &y);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKeyDataDsaAdoptPublicKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_free(p.data);
+ gnutls_free(q.data);
+ gnutls_free(g.data);
+ gnutls_free(y.data);
+ return(NULL);
+ }
+ /* p, q, g and y are owned by data now */
+ }
+ break;
+#endif /* XMLSEC_NO_DSA */
+
+ default:
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_pk_algorithm",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "Unsupported algorithm %d", (int)alg);
+ return(NULL);
+ }
+ }
+
+ /* data */
+ return(data);
+}
+
+
+/**************************************************************************
+ *
+ * Raw X509 Certificate processing
+ *
+ *
+ *************************************************************************/
+static int xmlSecGnuTLSKeyDataRawX509CertBinRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataRawX509CertKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ sizeof(xmlSecKeyData),
+
+ /* data */
+ xmlSecNameRawX509Cert,
+ xmlSecKeyDataUsageRetrievalMethodNodeBin,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefRawX509Cert, /* const xmlChar* href; */
+ NULL, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ NULL, /* xmlSecKeyDataInitializeMethod initialize; */
+ NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ NULL, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecGnuTLSKeyDataRawX509CertBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSKeyDataRawX509CertGetKlass:
+ *
+ * The raw X509 certificates key data klass.
+ *
+ * Returns: raw X509 certificates key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGnuTLSKeyDataRawX509CertGetKlass(void) {
+ return(&xmlSecGnuTLSKeyDataRawX509CertKlass);
+}
+
+static int
+xmlSecGnuTLSKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
+ gnutls_x509_crt_t cert;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecGnuTLSKeyDataRawX509CertId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ cert = xmlSecGnuTLSX509CertRead(buf, bufSize, xmlSecKeyDataFormatCertDer);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ data = xmlSecKeyEnsureData(key, xmlSecGnuTLSKeyDataX509Id);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_x509_crt_deinit(cert);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_x509_crt_deinit(cert);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSKeyDataX509VerifyAndExtractKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+#endif /* XMLSEC_NO_X509 */
diff --git a/src/gnutls/x509utils.c b/src/gnutls/x509utils.c
new file mode 100644
index 00000000..0dc70003
--- /dev/null
+++ b/src/gnutls/x509utils.c
@@ -0,0 +1,1687 @@
+/**
+ * XMLSec library
+ *
+ * X509 support
+ *
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#ifndef XMLSEC_NO_X509
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <time.h>
+
+#include <libxml/tree.h>
+
+
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#include <gnutls/pkcs12.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/x509.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/private.h>
+
+#include <xmlsec/gnutls/crypto.h>
+#include <xmlsec/gnutls/x509.h>
+
+#include "x509utils.h"
+
+
+/**************************************************************************
+ *
+ * X509 crt list
+ *
+ *****************************************************************************/
+static xmlSecPtr xmlSecGnuTLSX509CrtListDuplicateItem (xmlSecPtr ptr);
+static void xmlSecGnuTLSX509CrtListDestroyItem (xmlSecPtr ptr);
+static void xmlSecGnuTLSX509CrtListDebugDumpItem (xmlSecPtr ptr,
+ FILE* output);
+static void xmlSecGnuTLSX509CrtListDebugXmlDumpItem (xmlSecPtr ptr,
+ FILE* output);
+
+static xmlSecPtrListKlass xmlSecGnuTLSX509CrtListKlass = {
+ BAD_CAST "gnutls-x509-crt-list",
+ xmlSecGnuTLSX509CrtListDuplicateItem, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ xmlSecGnuTLSX509CrtListDestroyItem, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ xmlSecGnuTLSX509CrtListDebugDumpItem, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ xmlSecGnuTLSX509CrtListDebugXmlDumpItem, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+};
+
+xmlSecPtrListId
+xmlSecGnuTLSX509CrtListGetKlass(void) {
+ return(&xmlSecGnuTLSX509CrtListKlass);
+}
+
+static xmlSecPtr
+xmlSecGnuTLSX509CrtListDuplicateItem(xmlSecPtr ptr) {
+ xmlSecAssert2(ptr != NULL, NULL);
+
+ return xmlSecGnuTLSX509CertDup((gnutls_x509_crt_t)ptr);
+}
+
+static void
+xmlSecGnuTLSX509CrtListDestroyItem(xmlSecPtr ptr) {
+ xmlSecAssert(ptr != NULL);
+
+ gnutls_x509_crt_deinit((gnutls_x509_crt_t)ptr);
+}
+
+static void
+xmlSecGnuTLSX509CrtListDebugDumpItem(xmlSecPtr ptr, FILE* output) {
+ xmlSecAssert(ptr != NULL);
+ xmlSecAssert(output != NULL);
+
+ xmlSecGnuTLSX509CertDebugDump((gnutls_x509_crt_t)ptr, output);
+}
+
+
+static void
+xmlSecGnuTLSX509CrtListDebugXmlDumpItem(xmlSecPtr ptr, FILE* output) {
+ xmlSecAssert(ptr != NULL);
+ xmlSecAssert(output != NULL);
+
+ xmlSecGnuTLSX509CertDebugXmlDump((gnutls_x509_crt_t)ptr, output);
+}
+
+/**************************************************************************
+ *
+ * X509 crl list
+ *
+ *****************************************************************************/
+static xmlSecPtr xmlSecGnuTLSX509CrlListDuplicateItem (xmlSecPtr ptr);
+static void xmlSecGnuTLSX509CrlListDestroyItem (xmlSecPtr ptr);
+static void xmlSecGnuTLSX509CrlListDebugDumpItem (xmlSecPtr ptr,
+ FILE* output);
+static void xmlSecGnuTLSX509CrlListDebugXmlDumpItem (xmlSecPtr ptr,
+ FILE* output);
+
+static xmlSecPtrListKlass xmlSecGnuTLSX509CrlListKlass = {
+ BAD_CAST "gnutls-x509-crl-list",
+ xmlSecGnuTLSX509CrlListDuplicateItem, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ xmlSecGnuTLSX509CrlListDestroyItem, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ xmlSecGnuTLSX509CrlListDebugDumpItem, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ xmlSecGnuTLSX509CrlListDebugXmlDumpItem, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+};
+
+xmlSecPtrListId
+xmlSecGnuTLSX509CrlListGetKlass(void) {
+ return(&xmlSecGnuTLSX509CrlListKlass);
+}
+
+static xmlSecPtr
+xmlSecGnuTLSX509CrlListDuplicateItem(xmlSecPtr ptr) {
+ xmlSecAssert2(ptr != NULL, NULL);
+
+ return xmlSecGnuTLSX509CrlDup((gnutls_x509_crl_t)ptr);
+}
+
+static void
+xmlSecGnuTLSX509CrlListDestroyItem(xmlSecPtr ptr) {
+ xmlSecAssert(ptr != NULL);
+
+ gnutls_x509_crl_deinit((gnutls_x509_crl_t)ptr);
+}
+
+static void
+xmlSecGnuTLSX509CrlListDebugDumpItem(xmlSecPtr ptr, FILE* output) {
+ xmlSecAssert(ptr != NULL);
+ xmlSecAssert(output != NULL);
+
+ xmlSecGnuTLSX509CrlDebugDump((gnutls_x509_crl_t)ptr, output);
+}
+
+
+static void
+xmlSecGnuTLSX509CrlListDebugXmlDumpItem(xmlSecPtr ptr, FILE* output) {
+ xmlSecAssert(ptr != NULL);
+ xmlSecAssert(output != NULL);
+
+ xmlSecGnuTLSX509CrlDebugXmlDump((gnutls_x509_crl_t)ptr, output);
+}
+
+/*************************************************************************
+ *
+ * x509 certs utils/helpers
+ *
+ ************************************************************************/
+
+/* HACK: gnutls doesn't have cert duplicate function, so we simply
+ write cert out and then read it back */
+gnutls_x509_crt_t
+xmlSecGnuTLSX509CertDup(gnutls_x509_crt_t src) {
+ xmlChar * buf = NULL;
+ gnutls_x509_crt_t res = NULL;
+
+ xmlSecAssert2(src != NULL, NULL);
+
+ buf = xmlSecGnuTLSX509CertBase64DerWrite(src, 0);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+ }
+
+ res = xmlSecGnuTLSX509CertBase64DerRead(buf);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(buf);
+ return (NULL);
+ }
+
+ /* done */
+ xmlFree(buf);
+ return (res);
+}
+
+xmlChar *
+xmlSecGnuTLSX509CertGetSubjectDN(gnutls_x509_crt_t cert) {
+ char* buf = NULL;
+ size_t bufSize = 0;
+ int err;
+
+ xmlSecAssert2(cert != NULL, NULL);
+
+ /* get subject size */
+ err = gnutls_x509_crt_get_dn(cert, NULL, &bufSize);
+ if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_dn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ /* allocate buffer */
+ buf = (char *)xmlMalloc(bufSize + 1);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)bufSize);
+ return(NULL);
+ }
+
+ /* finally write it out */
+ err = gnutls_x509_crt_get_dn(cert, buf, &bufSize);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_dn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* done */
+ return(BAD_CAST buf);
+}
+
+xmlChar *
+xmlSecGnuTLSX509CertGetIssuerDN(gnutls_x509_crt_t cert) {
+ char* buf = NULL;
+ size_t bufSize = 0;
+ int err;
+
+ xmlSecAssert2(cert != NULL, NULL);
+
+ /* get issuer size */
+ err = gnutls_x509_crt_get_issuer_dn(cert, NULL, &bufSize);
+ if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_issuer_dn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ /* allocate buffer */
+ buf = (char *)xmlMalloc(bufSize + 1);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)bufSize);
+ return(NULL);
+ }
+
+ /* finally write it out */
+ err = gnutls_x509_crt_get_issuer_dn(cert, buf, &bufSize);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_issuer_dn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* done */
+ return(BAD_CAST buf);
+}
+
+xmlChar *
+xmlSecGnuTLSX509CertGetIssuerSerial(gnutls_x509_crt_t cert) {
+ xmlChar * res = NULL;
+ unsigned char* buf = NULL;
+ size_t bufSize = 0;
+ int err;
+
+ xmlSecAssert2(cert != NULL, NULL);
+
+ /* get issuer serial size */
+ err = gnutls_x509_crt_get_serial(cert, NULL, &bufSize);
+ if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_serial",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ /* allocate buffer */
+ buf = (unsigned char *)xmlMalloc(bufSize + 1);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)bufSize);
+ return(NULL);
+ }
+
+ /* write it out */
+ err = gnutls_x509_crt_get_serial(cert, buf, &bufSize);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_serial",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* convert to string */
+ res = xmlSecGnuTLSASN1IntegerWrite(buf, bufSize);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSASN1IntegerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* done */
+ xmlFree(buf);
+ return(res);
+}
+
+xmlChar *
+xmlSecGnuTLSX509CertGetSKI(gnutls_x509_crt_t cert) {
+ xmlChar * res = NULL;
+ xmlSecByte* buf = NULL;
+ size_t bufSize = 0;
+ unsigned int critical = 0;
+ int err;
+
+ xmlSecAssert2(cert != NULL, NULL);
+
+ /* get ski size */
+ err = gnutls_x509_crt_get_subject_key_id(cert, NULL, &bufSize, &critical);
+ if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_subject_key_id",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ /* allocate buffer */
+ buf = (xmlSecByte *)xmlMalloc(bufSize + 1);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)bufSize);
+ return(NULL);
+ }
+
+ /* write it out */
+ err = gnutls_x509_crt_get_subject_key_id(cert, buf, &bufSize, &critical);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_subject_key_id",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* convert to string */
+ res = xmlSecBase64Encode(buf, bufSize, 0);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* done */
+ xmlFree(buf);
+ return(res);
+}
+
+
+gnutls_x509_crt_t
+xmlSecGnuTLSX509CertBase64DerRead(xmlChar* buf) {
+ int ret;
+
+ xmlSecAssert2(buf != NULL, NULL);
+
+ /* usual trick with base64 decoding "in-place" */
+ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecGnuTLSX509CertRead((const xmlSecByte*)buf, ret, xmlSecKeyDataFormatCertDer));
+}
+
+gnutls_x509_crt_t
+xmlSecGnuTLSX509CertRead(const xmlSecByte* buf, xmlSecSize size, xmlSecKeyDataFormat format) {
+ gnutls_x509_crt_t cert = NULL;
+ gnutls_x509_crt_fmt_t fmt;
+ gnutls_datum_t data;
+ int err;
+
+ xmlSecAssert2(buf != NULL, NULL);
+ xmlSecAssert2(size > 0, NULL);
+
+ /* figure out format */
+ switch(format) {
+ case xmlSecKeyDataFormatPem:
+ case xmlSecKeyDataFormatCertPem:
+ fmt = GNUTLS_X509_FMT_PEM;
+ break;
+ case xmlSecKeyDataFormatDer:
+ case xmlSecKeyDataFormatCertDer:
+ fmt = GNUTLS_X509_FMT_DER;
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(NULL);
+ }
+
+ /* read cert */
+ err = gnutls_x509_crt_init(&cert);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_init",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ data.data = (unsigned char*)buf;
+ data.size = size;
+ err = gnutls_x509_crt_import(cert, &data, fmt);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_import",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ gnutls_x509_crt_deinit(cert);
+ return(NULL);
+ }
+
+ return(cert);
+}
+
+xmlChar*
+xmlSecGnuTLSX509CertBase64DerWrite(gnutls_x509_crt_t cert, int base64LineWrap) {
+ xmlChar * res = NULL;
+ xmlSecByte* buf = NULL;
+ size_t bufSize = 0;
+ int err;
+
+ xmlSecAssert2(cert != NULL, NULL);
+
+ /* get size */
+ err = gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_DER, NULL, &bufSize);
+ if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_export(GNUTLS_X509_FMT_DER)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ /* allocate buffer */
+ buf = (xmlSecByte *)xmlMalloc(bufSize + 1);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)bufSize);
+ return(NULL);
+ }
+
+ /* write it out */
+ err = gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_DER, buf, &bufSize);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_export(GNUTLS_X509_FMT_DER)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* convert to string */
+ res = xmlSecBase64Encode(buf, bufSize, base64LineWrap);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* done */
+ xmlFree(buf);
+ return(res);
+}
+
+void
+xmlSecGnuTLSX509CertDebugDump(gnutls_x509_crt_t cert, FILE* output) {
+ xmlChar * buf;
+
+ xmlSecAssert(cert != NULL);
+ xmlSecAssert(output != NULL);
+
+ buf = xmlSecGnuTLSX509CertGetSubjectDN(cert);
+ if(buf != NULL) {
+ fprintf(output, "==== Subject Name: %s\n", buf);
+ xmlFree(buf);
+ } else {
+ fprintf(output, "==== Subject Name: unknown\n");
+ }
+
+ buf = xmlSecGnuTLSX509CertGetIssuerDN(cert);
+ if(buf != NULL) {
+ fprintf(output, "==== Issuer Name: %s\n", buf);
+ xmlFree(buf);
+ } else {
+ fprintf(output, "==== Issuer Name: unknown\n");
+ }
+
+ buf = xmlSecGnuTLSX509CertGetIssuerSerial(cert);
+ if(buf != NULL) {
+ fprintf(output, "==== Issuer Serial: %s\n", buf);
+ xmlFree(buf);
+ } else {
+ fprintf(output, "==== Issuer Serial: unknown\n");
+ }
+}
+
+void
+xmlSecGnuTLSX509CertDebugXmlDump(gnutls_x509_crt_t cert, FILE* output) {
+ xmlChar * buf;
+
+ xmlSecAssert(cert != NULL);
+ xmlSecAssert(output != NULL);
+
+ buf = xmlSecGnuTLSX509CertGetSubjectDN(cert);
+ if(buf != NULL) {
+ fprintf(output, "<SubjectName>%s</SubjectName>\n", buf);
+ xmlFree(buf);
+ } else {
+ fprintf(output, "<SubjectName>unknown</SubjectName>\n");
+ }
+
+ buf = xmlSecGnuTLSX509CertGetIssuerDN(cert);
+ if(buf != NULL) {
+ fprintf(output, "<IssuerName>%s</IssuerName>\n", buf);
+ xmlFree(buf);
+ } else {
+ fprintf(output, "<IssuerName>unknown</IssuerName>\n");
+ }
+
+ buf = xmlSecGnuTLSX509CertGetIssuerSerial(cert);
+ if(buf != NULL) {
+ fprintf(output, "<SerialNumber>%s</SerialNumber>\n", buf);
+ xmlFree(buf);
+ } else {
+ fprintf(output, "<SerialNumber>unknown</SerialNumber>\n");
+ }
+}
+
+/*************************************************************************
+ *
+ * x509 crls utils/helpers
+ *
+ ************************************************************************/
+
+/* HACK: gnutls doesn't have crl duplicate function, so we simply
+ write crl out and then read it back */
+gnutls_x509_crl_t
+xmlSecGnuTLSX509CrlDup(gnutls_x509_crl_t src) {
+ xmlChar * buf = NULL;
+ gnutls_x509_crl_t res = NULL;
+
+ xmlSecAssert2(src != NULL, NULL);
+
+ buf = xmlSecGnuTLSX509CrlBase64DerWrite(src, 0);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CrlBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+ }
+
+ res = xmlSecGnuTLSX509CrlBase64DerRead(buf);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CrlBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(buf);
+ return (NULL);
+ }
+
+ /* done */
+ xmlFree(buf);
+ return (res);
+}
+
+xmlChar *
+xmlSecGnuTLSX509CrlGetIssuerDN(gnutls_x509_crl_t crl) {
+ char* buf = NULL;
+ size_t bufSize = 0;
+ int err;
+
+ xmlSecAssert2(crl != NULL, NULL);
+
+ /* get issuer size */
+ err = gnutls_x509_crl_get_issuer_dn(crl, NULL, &bufSize);
+ if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crl_get_issuer_dn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ /* allocate buffer */
+ buf = (char *)xmlMalloc(bufSize + 1);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)bufSize);
+ return(NULL);
+ }
+
+ /* finally write it out */
+ err = gnutls_x509_crl_get_issuer_dn(crl, buf, &bufSize);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crl_get_issuer_dn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* done */
+ return(BAD_CAST buf);
+}
+
+gnutls_x509_crl_t
+xmlSecGnuTLSX509CrlBase64DerRead(xmlChar* buf) {
+ int ret;
+
+ xmlSecAssert2(buf != NULL, NULL);
+
+ /* usual trick with base64 decoding "in-place" */
+ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecGnuTLSX509CrlRead((const xmlSecByte*)buf, ret, xmlSecKeyDataFormatCertDer));
+}
+
+gnutls_x509_crl_t
+xmlSecGnuTLSX509CrlRead(const xmlSecByte* buf, xmlSecSize size, xmlSecKeyDataFormat format) {
+ gnutls_x509_crl_t crl = NULL;
+ gnutls_x509_crt_fmt_t fmt;
+ gnutls_datum_t data;
+ int err;
+
+ xmlSecAssert2(buf != NULL, NULL);
+ xmlSecAssert2(size > 0, NULL);
+
+ /* figure out format */
+ switch(format) {
+ case xmlSecKeyDataFormatPem:
+ case xmlSecKeyDataFormatCertPem:
+ fmt = GNUTLS_X509_FMT_PEM;
+ break;
+ case xmlSecKeyDataFormatDer:
+ case xmlSecKeyDataFormatCertDer:
+ fmt = GNUTLS_X509_FMT_DER;
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(NULL);
+ }
+
+ /* read crl */
+ err = gnutls_x509_crl_init(&crl);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crl_init",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ data.data = (unsigned char*)buf;
+ data.size = size;
+ err = gnutls_x509_crl_import(crl, &data, fmt);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crl_import",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ gnutls_x509_crl_deinit(crl);
+ return(NULL);
+ }
+
+ return(crl);
+}
+
+xmlChar*
+xmlSecGnuTLSX509CrlBase64DerWrite(gnutls_x509_crl_t crl, int base64LineWrap) {
+ xmlChar * res = NULL;
+ xmlSecByte* buf = NULL;
+ size_t bufSize = 0;
+ int err;
+
+ xmlSecAssert2(crl != NULL, NULL);
+
+ /* get size */
+ err = gnutls_x509_crl_export(crl, GNUTLS_X509_FMT_DER, NULL, &bufSize);
+ if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crl_export(GNUTLS_X509_FMT_DER)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ /* allocate buffer */
+ buf = (xmlSecByte *)xmlMalloc(bufSize + 1);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)bufSize);
+ return(NULL);
+ }
+
+ /* write it out */
+ err = gnutls_x509_crl_export(crl, GNUTLS_X509_FMT_DER, buf, &bufSize);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crl_export(GNUTLS_X509_FMT_DER)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* convert to string */
+ res = xmlSecBase64Encode(buf, bufSize, base64LineWrap);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* done */
+ xmlFree(buf);
+ return(res);
+}
+
+void
+xmlSecGnuTLSX509CrlDebugDump(gnutls_x509_crl_t crl, FILE* output) {
+ xmlChar * buf;
+
+ xmlSecAssert(crl != NULL);
+ xmlSecAssert(output != NULL);
+
+ buf = xmlSecGnuTLSX509CrlGetIssuerDN(crl);
+ if(buf != NULL) {
+ fprintf(output, "==== Issuer Name: %s\n", buf);
+ xmlFree(buf);
+ } else {
+ fprintf(output, "==== Issuer Name: unknown\n");
+ }
+}
+
+void
+xmlSecGnuTLSX509CrlDebugXmlDump(gnutls_x509_crl_t crl, FILE* output) {
+ xmlChar * buf;
+
+ xmlSecAssert(crl != NULL);
+ xmlSecAssert(output != NULL);
+
+ buf = xmlSecGnuTLSX509CrlGetIssuerDN(crl);
+ if(buf != NULL) {
+ fprintf(output, "<IssuerName>%s</IssuerName>\n", buf);
+ xmlFree(buf);
+ } else {
+ fprintf(output, "<IssuerName>unknown</IssuerName>\n");
+ }
+}
+
+/*************************************************************************
+ *
+ * Misc. utils/helpers
+ *
+ ************************************************************************/
+xmlChar*
+xmlSecGnuTLSASN1IntegerWrite(const unsigned char * data, size_t len) {
+ xmlChar *res = NULL;
+ int resLen = 64; /* not more than 64 chars */
+ unsigned long long int val = 0;
+ size_t ii = 0;
+ int shift = 0;
+
+ xmlSecAssert2(data != NULL, NULL);
+ xmlSecAssert2(len <= 9, NULL);
+
+ /* HACK : to be fixed after GnuTLS provides a way to read opaque ASN1 integer */
+ for(ii = len; ii > 0; --ii, shift += 8) {
+ val |= ((unsigned long long)data[ii - 1]) << shift;
+ }
+
+ res = (xmlChar*)xmlMalloc(resLen + 1);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)resLen);
+ return (NULL);
+ }
+
+ xmlSecStrPrintf(res, resLen, BAD_CAST "%llu", val);
+ return(res);
+}
+
+/*************************************************************************
+ *
+ * pkcs12 utils/helpers
+ *
+ ************************************************************************/
+int
+xmlSecGnuTLSPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+ const char *pwd,
+ gnutls_x509_privkey_t * priv_key,
+ gnutls_x509_crt_t * key_cert,
+ xmlSecPtrListPtr certsList)
+{
+ gnutls_pkcs12_t pkcs12 = NULL;
+ gnutls_pkcs12_bag_t bag = NULL;
+ gnutls_x509_crt_t cert = NULL;
+ gnutls_datum_t datum;
+ xmlSecSize certsSize;
+ int res = -1;
+ int idx;
+ int err;
+ int ret;
+
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize > 0, -1);
+ xmlSecAssert2(priv_key != NULL, -1);
+ xmlSecAssert2((*priv_key) == NULL, -1);
+ xmlSecAssert2(key_cert!= NULL, -1);
+ xmlSecAssert2((*key_cert) == NULL, -1);
+ xmlSecAssert2(certsList != NULL, -1);
+
+ /* read pkcs12 in internal structure */
+ err = gnutls_pkcs12_init(&pkcs12);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_pkcs12_init",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+
+ datum.data = (unsigned char *)data;
+ datum.size = dataSize;
+ err = gnutls_pkcs12_import(pkcs12, &datum, GNUTLS_X509_FMT_DER, 0);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_pkcs12_import",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* verify */
+ err = gnutls_pkcs12_verify_mac(pkcs12, pwd);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_pkcs12_verify_mac",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* scan the pkcs structure and find the first private key */
+ for(idx = 0; ; ++idx) {
+ int bag_type;
+ int elements_in_bag;
+ int ii;
+
+ err = gnutls_pkcs12_bag_init(&bag);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_pkcs12_bag_init",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+
+ err = gnutls_pkcs12_get_bag(pkcs12, idx, bag);
+ if(err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ /* scanned the whole pkcs12, stop */
+ break;
+ } else if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_pkcs12_get_bag",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* check if we need to decrypt the bag */
+ bag_type = gnutls_pkcs12_bag_get_type(bag, 0);
+ if(bag_type < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_pkcs12_bag_get_type",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(bag_type));
+ goto done;
+ }
+ if(bag_type == GNUTLS_BAG_ENCRYPTED) {
+ err = gnutls_pkcs12_bag_decrypt(bag, pwd);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_pkcs12_bag_decrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+ }
+
+ /* scan elements in bag */
+ elements_in_bag = gnutls_pkcs12_bag_get_count(bag);
+ if(elements_in_bag < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_pkcs12_bag_get_count",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(bag_type));
+ goto done;
+ }
+ for(ii = 0; ii < elements_in_bag; ++ii) {
+ bag_type = gnutls_pkcs12_bag_get_type(bag, ii);
+ if(bag_type < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_pkcs12_bag_get_type",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(bag_type));
+ goto done;
+ }
+
+ err = gnutls_pkcs12_bag_get_data(bag, ii, &datum);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_pkcs12_bag_get_data",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+
+ switch(bag_type) {
+ case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
+ case GNUTLS_BAG_PKCS8_KEY:
+ /* we want only the first private key */
+ if((*priv_key) == NULL) {
+ err = gnutls_x509_privkey_init(priv_key);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_privkey_init",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+
+ err = gnutls_x509_privkey_import_pkcs8((*priv_key),
+ &datum, GNUTLS_X509_FMT_DER,
+ pwd,
+ (bag_type == GNUTLS_BAG_PKCS8_KEY) ? GNUTLS_PKCS_PLAIN : 0);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_privkey_import_pkcs8",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+ }
+ break;
+ case GNUTLS_BAG_CERTIFICATE:
+ err = gnutls_x509_crt_init(&cert);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_init",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+
+ err = gnutls_x509_crt_import(cert, &datum, GNUTLS_X509_FMT_DER);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_import",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+
+ ret = xmlSecPtrListAdd(certsList, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd(certsList)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ cert = NULL; /* owned by certsList now */
+ break;
+ default:
+ /* ignore unknown bag element */
+ break;
+ }
+ }
+
+ /* done with bag */
+ gnutls_pkcs12_bag_deinit(bag);
+ bag = NULL;
+ }
+
+ /* check we have private key */
+ if((*priv_key) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "Private key was not found in pkcs12 object");
+ goto done;
+ }
+
+ /* we will search for key cert using the key id */
+ certsSize = xmlSecPtrListGetSize(certsList);
+ if(certsSize > 0) {
+ size_t cert_id_size = 0;
+ size_t key_id_size = 0;
+ xmlSecByte cert_id[100];
+ xmlSecByte key_id[100];
+ xmlSecSize ii;
+
+ key_id_size = sizeof(key_id);
+ err = gnutls_x509_privkey_get_key_id((*priv_key), 0, key_id, &key_id_size);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_privkey_get_key_id",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+ for(ii = 0; ii < certsSize; ++ii) {
+ gnutls_x509_crt_t tmp;
+
+ tmp = xmlSecPtrListGetItem(certsList, ii);
+ if(tmp == NULL) {
+ continue;
+ }
+
+ cert_id_size = sizeof(cert_id);
+ err = gnutls_x509_crt_get_key_id(tmp, 0, cert_id, &cert_id_size);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_key_id",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* if key ids match, then this is THE key cert!!! */
+ if((key_id_size == cert_id_size) && (memcmp(key_id, cert_id, key_id_size) == 0)) {
+ (*key_cert) = xmlSecGnuTLSX509CertDup(tmp);
+ if((*key_cert) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ break;
+ }
+ }
+
+ /* check we have key cert */
+ if((*key_cert) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "Certificate for the private key was not found in pkcs12 object");
+ goto done;
+ }
+ }
+
+
+ /* success!!! */
+ res = 0;
+
+done:
+ if(cert != NULL) {
+ gnutls_x509_crt_deinit(cert);
+ }
+ if(bag != NULL) {
+ gnutls_pkcs12_bag_deinit(bag);
+ }
+ if(pkcs12 != NULL) {
+ gnutls_pkcs12_deinit(pkcs12);
+ }
+ return(res);
+}
+
+xmlSecKeyDataPtr
+xmlSecGnuTLSCreateKeyDataAndAdoptPrivKey(gnutls_x509_privkey_t priv_key) {
+ xmlSecKeyDataPtr res = NULL;
+ int key_alg;
+ int ret;
+
+ xmlSecAssert2(priv_key != NULL, NULL);
+
+ /* create key value data */
+ key_alg = gnutls_x509_privkey_get_pk_algorithm(priv_key);
+ if(key_alg < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_privkey_get_pk_algorithm",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(key_alg));
+ return (NULL);
+ }
+ switch(key_alg) {
+#ifndef XMLSEC_NO_RSA
+ case GNUTLS_PK_RSA:
+ res = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataRsaId);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGnuTLSKeyDataRsaId");
+ return(NULL);
+ }
+
+ ret = xmlSecGnuTLSKeyDataRsaAdoptPrivateKey(res, priv_key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKeyDataRsaAdoptPrivateKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGnuTLSKeyDataRsaId");
+ xmlSecKeyDataDestroy(res);
+ return(NULL);
+ }
+ break;
+#endif /* XMLSEC_NO_RSA */
+
+#ifndef XMLSEC_NO_DSA
+ case GNUTLS_PK_DSA:
+ res = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataDsaId);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGnuTLSKeyDataDsaId");
+ return(NULL);
+ }
+
+ ret = xmlSecGnuTLSKeyDataDsaAdoptPrivateKey(res, priv_key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKeyDataDsaAdoptPrivateKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGnuTLSKeyDataDsaId");
+ xmlSecKeyDataDestroy(res);
+ return(NULL);
+ }
+ break;
+#endif /* XMLSEC_NO_DSA */
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_privkey_get_pk_algorithm",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "Unsupported algorithm %d", (int)key_alg);
+ return(NULL);
+ }
+
+ /* done */
+ return(res);
+}
+
+/*************************************************************************
+ *
+ * LDAP DN parser
+ *
+ ************************************************************************/
+void
+xmlSecGnuTLSDnAttrsInitialize(xmlSecGnuTLSDnAttr * attrs, xmlSecSize attrsSize) {
+ xmlSecAssert(attrs != NULL);
+ xmlSecAssert(attrsSize > 0);
+
+ memset(attrs, 0, attrsSize * sizeof(xmlSecGnuTLSDnAttr));
+}
+
+void
+xmlSecGnuTLSDnAttrsDeinitialize(xmlSecGnuTLSDnAttr * attrs, xmlSecSize attrsSize) {
+ xmlSecSize ii;
+
+ xmlSecAssert(attrs != NULL);
+ xmlSecAssert(attrsSize > 0);
+
+ for(ii = 0; ii < attrsSize; ++ii) {
+ if(attrs[ii].key != NULL) {
+ xmlFree(attrs[ii].key);
+ }
+ if(attrs[ii].value != NULL) {
+ xmlFree(attrs[ii].value);
+ }
+ }
+ memset(attrs, 0, attrsSize * sizeof(xmlSecGnuTLSDnAttr));
+}
+
+const xmlSecGnuTLSDnAttr *
+xmlSecGnuTLSDnAttrrsFind(const xmlSecGnuTLSDnAttr * attrs,
+ xmlSecSize attrsSize,
+ const xmlChar * key)
+{
+ xmlSecSize ii;
+
+ xmlSecAssert2(attrs != NULL, NULL);
+ xmlSecAssert2(attrsSize > 0, NULL);
+ xmlSecAssert2(key != NULL, NULL);
+
+ for(ii = 0; ii < attrsSize; ++ii) {
+ /* simple case */
+ if(xmlStrcasecmp(key, attrs[ii].key) == 0) {
+ return(&(attrs[ii]));
+ }
+
+ /* special case for emailAddress (as usual) */
+ if((xmlStrcasecmp(key, BAD_CAST "emailAddress") == 0) &&
+ (xmlStrcasecmp(attrs[ii].key, BAD_CAST "email") == 0))
+ {
+ return(&(attrs[ii]));
+ }
+ if((xmlStrcasecmp(key, BAD_CAST "email") == 0) &&
+ (xmlStrcasecmp(attrs[ii].key, BAD_CAST "emailAddress") == 0))
+ {
+ return(&(attrs[ii]));
+ }
+ }
+
+ /* not found :( */
+ return(NULL);
+}
+
+int
+xmlSecGnuTLSDnAttrsEqual(const xmlSecGnuTLSDnAttr * ll, xmlSecSize llSize,
+ const xmlSecGnuTLSDnAttr * rr, xmlSecSize rrSize)
+{
+ xmlSecSize llNum = 0;
+ xmlSecSize rrNum = 0;
+ const xmlSecGnuTLSDnAttr * tmp;
+ xmlSecSize ii;
+
+ xmlSecAssert2(ll != NULL, -1);
+ xmlSecAssert2(llSize > 0, -1);
+ xmlSecAssert2(rr != NULL, -1);
+ xmlSecAssert2(rrSize > 0, -1);
+
+ /* compare number of non-nullattributes */
+ for(ii = 0; ii < llSize; ++ii) {
+ if(ll[ii].key != NULL) {
+ ++llNum;
+ }
+ }
+ for(ii = 0; ii < rrSize; ++ii) {
+ if(rr[ii].key != NULL) {
+ ++rrNum;
+ }
+ }
+ if(llNum != rrNum) {
+ return(0);
+ }
+
+ /* make sure that all ll attrs are equal to rr attrs */
+ for(ii = 0; ii < llSize; ++ii) {
+ if(ll[ii].key == NULL) {
+ continue;
+ }
+
+ tmp = xmlSecGnuTLSDnAttrrsFind(rr, rrSize, ll[ii].key);
+ if(tmp == NULL) {
+ return(0); /* attribute was not found */
+ }
+
+ if(!xmlStrEqual(ll[ii].value, tmp->value)) {
+ return(0); /* different values */
+ }
+ }
+
+ /* good!!! */
+ return(1);
+}
+
+/*
+Distinguished name syntax
+
+The formal syntax for a Distinguished Name (DN) is based on RFC 2253.
+The Backus Naur Form (BNF) syntax is defined as follows:
+
+ <name> ::= <name-component> ( <spaced-separator> )
+ | <name-component> <spaced-separator> <name>
+
+ <spaced-separator> ::= <optional-space>
+ <separator>
+ <optional-space>
+
+ <separator> ::= "," | ";"
+
+ <optional-space> ::= ( <CR> ) *( " " )
+
+ <name-component> ::= <attribute>
+ | <attribute> <optional-space> "+"
+ <optional-space> <name-component>
+
+ <attribute> ::= <string>
+ | <key> <optional-space> "=" <optional-space> <string>
+
+ <key> ::= 1*( <keychar> ) | "OID." <oid> | "oid." <oid>
+ <keychar> ::= letters, numbers, and space
+
+ <oid> ::= <digitstring> | <digitstring> "." <oid>
+ <digitstring> ::= 1*<digit>
+ <digit> ::= digits 0-9
+
+ <string> ::= *( <stringchar> | <pair> )
+ | '"' *( <stringchar> | <special> | <pair> ) '"'
+ | "#" <hex>
+
+
+ <special> ::= "," | "=" | <CR> | "+" | "<" | ">"
+ | "#" | ";"
+
+ <pair> ::= "\" ( <special> | "\" | '"')
+ <stringchar> ::= any character except <special> or "\" or '"'
+
+
+ <hex> ::= 2*<hexchar>
+ <hexchar> ::= 0-9, a-f, A-F
+
+A semicolon (;) character can be used to separate RDNs in a distinguished name,
+although the comma (,) character is the typical notation.
+
+White-space characters (spaces) might be present on either side of the comma or
+semicolon. The white-space characters are ignored, and the semicolon is replaced
+with a comma.
+
+In addition, space (' ' ASCII 32) characters may be present either before or
+after a '+' or '='. These space characters are ignored when parsing.
+*/
+enum xmlSecGnuTLSDnParseState {
+ xmlSecGnuTLSDnParseState_BeforeNameComponent = 0,
+ xmlSecGnuTLSDnParseState_Key,
+ xmlSecGnuTLSDnParseState_BeforeString,
+ xmlSecGnuTLSDnParseState_String,
+ xmlSecGnuTLSDnParseState_QuotedString,
+ xmlSecGnuTLSDnParseState_AfterQuotedString
+};
+
+#define XMLSEC_GNUTLS_IS_SPACE(ch) \
+ (((ch) == ' ') || ((ch) == '\n') || ((ch) == '\r'))
+
+int
+xmlSecGnuTLSDnAttrsParse(const xmlChar * dn,
+ xmlSecGnuTLSDnAttr * attrs, xmlSecSize attrsSize)
+{
+ xmlChar * tmp = NULL;
+ xmlChar * p;
+ xmlChar ch;
+ enum xmlSecGnuTLSDnParseState state;
+ int slash;
+ xmlSecSize pos;
+ int res = -1;
+
+ xmlSecAssert2(dn != NULL, -1);
+ xmlSecAssert2(attrs != NULL, -1);
+ xmlSecAssert2(attrsSize > 0, -1);
+
+ /* allocate buffer, we don't need more than string */
+ tmp = (xmlChar *)xmlMalloc(xmlStrlen(dn) + 1);
+ if(tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)(xmlStrlen(dn) + 1));
+ goto done;
+ }
+
+ /* state machine */
+ state = xmlSecGnuTLSDnParseState_BeforeNameComponent;
+ slash = 0;
+ pos = 0;
+ p = tmp;
+ for(ch = (*dn); ; ch = *(++dn)) {
+ switch(state) {
+ case xmlSecGnuTLSDnParseState_BeforeNameComponent:
+ if(!XMLSEC_GNUTLS_IS_SPACE(ch)) {
+ *(p++) = ch; /* we are sure we have enough buffer */
+ state = xmlSecGnuTLSDnParseState_Key;
+ } else {
+ /* just skip space */
+ }
+ break;
+ case xmlSecGnuTLSDnParseState_Key:
+ /* we don't support
+ 1) <attribute><optional-space>"+"<optional-space><name-component>
+ 2) <attribute> ::= <string>
+ */
+ if(ch != '=') {
+ *(p++) = ch; /* we are sure we have enough buffer */
+ } else {
+ *(p) = '\0';
+ /* remove spaces back */
+ while((p > tmp) && (XMLSEC_GNUTLS_IS_SPACE(*(p - 1)))) {
+ *(--p) = '\0';
+ }
+
+ /* insert into the attrs */
+ if(pos >= attrsSize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "Not enough space: size=%d", (int)attrsSize);
+ goto done;
+ }
+ attrs[pos].key = xmlStrdup(tmp);
+ if(attrs[pos].key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)(xmlStrlen(tmp) + 1));
+ goto done;
+ }
+
+ state = xmlSecGnuTLSDnParseState_BeforeString;
+ p = tmp;
+ }
+ break;
+ case xmlSecGnuTLSDnParseState_BeforeString:
+ if(!XMLSEC_GNUTLS_IS_SPACE(ch)) {
+ if(ch != '\"') {
+ state = xmlSecGnuTLSDnParseState_String;
+ slash = 0;
+ --dn; /* small hack, so we can look at the same char
+ again with the correct state */
+ } else {
+ state = xmlSecGnuTLSDnParseState_QuotedString;
+ slash = 0;
+ }
+ } else {
+ /* just skip space */
+ }
+ break;
+ case xmlSecGnuTLSDnParseState_String:
+ if(slash == 1) {
+ *(p++) = ch; /* we are sure we have enough buffer */
+ slash = 0;
+ } else if(ch == '\\') {
+ slash = 1;
+ } else if((ch == ',') || (ch == ';') || (ch == '\0')) {
+ *(p) = '\0';
+ /* remove spaces back */
+ while((p > tmp) && (XMLSEC_GNUTLS_IS_SPACE(*(p - 1)))) {
+ *(--p) = '\0';
+ }
+
+ attrs[pos].value = xmlStrdup(tmp);
+ if(attrs[pos].value == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)(xmlStrlen(tmp) + 1));
+ goto done;
+ }
+ state = xmlSecGnuTLSDnParseState_BeforeNameComponent;
+ ++pos;
+ p = tmp;
+ } else {
+ *(p++) = ch; /* we are sure we have enough buffer */
+ }
+ break;
+ case xmlSecGnuTLSDnParseState_QuotedString:
+ if(slash == 1) {
+ *(p++) = ch; /* we are sure we have enough buffer */
+ slash = 0;
+ } else if(ch == '\\') {
+ slash = 1;
+ } else if(ch == '\"') {
+ *(p) = '\0';
+ /* don't remove spaces for quoted string */
+
+ attrs[pos].value = xmlStrdup(tmp);
+ if(attrs[pos].value == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)(xmlStrlen(tmp) + 1));
+ goto done;
+ }
+ state = xmlSecGnuTLSDnParseState_AfterQuotedString;
+ ++pos;
+ p = tmp;
+ } else {
+ *(p++) = ch; /* we are sure we have enough buffer */
+ }
+ break;
+ case xmlSecGnuTLSDnParseState_AfterQuotedString:
+ if(!XMLSEC_GNUTLS_IS_SPACE(ch)) {
+ if((ch == ',') || (ch == ';') || (ch == '\0')) {
+ state = xmlSecGnuTLSDnParseState_BeforeNameComponent;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "Unexpected character %c (expected space or ',' or ';')",
+ ch);
+ goto done;
+ }
+ } else {
+ /* just skip space */
+ }
+ break;
+ }
+
+ if(ch == '\0') {
+ /* done */
+ break;
+ }
+ }
+
+ /* check end state */
+ if(state != xmlSecGnuTLSDnParseState_BeforeNameComponent) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "Unexpected state %d at the end of parsing",
+ (int)state);
+ goto done;
+ }
+
+ /* debug
+ {
+ xmlSecSize ii;
+ for(ii = 0; ii < attrsSize; ++ii) {
+ if(attrs[ii].key != NULL) {
+ printf("DEBUG: attrs - %s=>%s\n", attrs[ii].key, attrs[ii].value);
+ }
+ }
+ }
+ */
+
+ /* done */
+ res = 0;
+
+done:
+ if(tmp != NULL) {
+ xmlFree(tmp);
+ }
+ return(res);
+}
+
+
+#endif /* XMLSEC_NO_X509 */
+
+
+
diff --git a/src/gnutls/x509utils.h b/src/gnutls/x509utils.h
new file mode 100644
index 00000000..b939b248
--- /dev/null
+++ b/src/gnutls/x509utils.h
@@ -0,0 +1,143 @@
+/*
+ * XML Security Library
+ *
+ * THIS IS A PRIVATE XMLSEC HEADER FILE
+ * DON'T USE IT IN YOUR APPLICATION
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_GNUTLS_X509UTILS_H__
+#define __XMLSEC_GNUTLS_X509UTILS_H__
+
+#ifndef XMLSEC_PRIVATE
+#error "gnutls/x509utils.h file contains private xmlsec definitions and should not be used outside xmlsec or xmlsec-<crypto> libraries"
+#endif /* XMLSEC_PRIVATE */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#ifndef XMLSEC_NO_X509
+
+/**************************************************************************
+ *
+ * X509 certs list
+ *
+ *****************************************************************************/
+#define xmlSecGnuTLSX509CrtListId \
+ xmlSecGnuTLSX509CrtListGetKlass()
+xmlSecPtrListId xmlSecGnuTLSX509CrtListGetKlass (void);
+
+/**************************************************************************
+ *
+ * X509 crls list
+ *
+ *****************************************************************************/
+#define xmlSecGnuTLSX509CrlListId \
+ xmlSecGnuTLSX509CrlListGetKlass()
+xmlSecPtrListId xmlSecGnuTLSX509CrlListGetKlass (void);
+
+/*************************************************************************
+ *
+ * x509 certs utils/helpers
+ *
+ ************************************************************************/
+gnutls_x509_crt_t xmlSecGnuTLSX509CertDup (gnutls_x509_crt_t src);
+xmlChar * xmlSecGnuTLSX509CertGetSubjectDN (gnutls_x509_crt_t cert);
+xmlChar * xmlSecGnuTLSX509CertGetIssuerDN (gnutls_x509_crt_t cert);
+xmlChar * xmlSecGnuTLSX509CertGetIssuerSerial (gnutls_x509_crt_t cert);
+xmlChar * xmlSecGnuTLSX509CertGetSKI (gnutls_x509_crt_t cert);
+gnutls_x509_crt_t xmlSecGnuTLSX509CertRead (const xmlSecByte* buf,
+ xmlSecSize size,
+ xmlSecKeyDataFormat format);
+gnutls_x509_crt_t xmlSecGnuTLSX509CertBase64DerRead (xmlChar* buf);
+xmlChar* xmlSecGnuTLSX509CertBase64DerWrite (gnutls_x509_crt_t cert,
+ int base64LineWrap);
+void xmlSecGnuTLSX509CertDebugDump (gnutls_x509_crt_t cert,
+ FILE* output);
+void xmlSecGnuTLSX509CertDebugXmlDump (gnutls_x509_crt_t cert,
+ FILE* output);
+
+/*************************************************************************
+ *
+ * x509 crls utils/helpers
+ *
+ ************************************************************************/
+gnutls_x509_crl_t xmlSecGnuTLSX509CrlDup (gnutls_x509_crl_t src);
+xmlChar * xmlSecGnuTLSX509CrLGetIssuerDN (gnutls_x509_crl_t crl);
+gnutls_x509_crl_t xmlSecGnuTLSX509CrlRead (const xmlSecByte* buf,
+ xmlSecSize size,
+ xmlSecKeyDataFormat format);
+gnutls_x509_crl_t xmlSecGnuTLSX509CrlBase64DerRead (xmlChar* buf);
+xmlChar* xmlSecGnuTLSX509CrlBase64DerWrite (gnutls_x509_crl_t crl,
+ int base64LineWrap);
+void xmlSecGnuTLSX509CrlDebugDump (gnutls_x509_crl_t crl,
+ FILE* output);
+void xmlSecGnuTLSX509CrlDebugXmlDump (gnutls_x509_crl_t crl,
+ FILE* output);
+
+/*************************************************************************
+ *
+ * Misc. utils/helpers
+ *
+ ************************************************************************/
+xmlChar* xmlSecGnuTLSASN1IntegerWrite (const unsigned char * data,
+ size_t len);
+
+
+
+/*************************************************************************
+ *
+ * pkcs12 utils/helpers
+ *
+ ************************************************************************/
+int xmlSecGnuTLSPkcs12LoadMemory (const xmlSecByte* data,
+ xmlSecSize dataSize,
+ const char *pwd,
+ gnutls_x509_privkey_t * priv_key,
+ gnutls_x509_crt_t * key_cert,
+ xmlSecPtrListPtr certsList);
+
+/*************************************************************************
+ *
+ * keydata utils/helpers
+ *
+ ************************************************************************/
+xmlSecKeyDataPtr xmlSecGnuTLSCreateKeyDataAndAdoptPrivKey(gnutls_x509_privkey_t priv_key);
+
+
+/*************************************************************************
+ *
+ * LDAP DN parser
+ *
+ ************************************************************************/
+typedef struct _xmlSecGnuTLSDnAttr {
+ xmlChar * key;
+ xmlChar * value;
+} xmlSecGnuTLSDnAttr;
+
+void xmlSecGnuTLSDnAttrsInitialize (xmlSecGnuTLSDnAttr * attrs,
+ xmlSecSize attrsSize);
+void xmlSecGnuTLSDnAttrsDeinitialize (xmlSecGnuTLSDnAttr * attrs,
+ xmlSecSize attrsSize);
+const xmlSecGnuTLSDnAttr * xmlSecGnuTLSDnAttrrsFind (const xmlSecGnuTLSDnAttr * attrs,
+ xmlSecSize attrsSize,
+ const xmlChar * key);
+int xmlSecGnuTLSDnAttrsEqual (const xmlSecGnuTLSDnAttr * ll,
+ xmlSecSize llSize,
+ const xmlSecGnuTLSDnAttr * rr,
+ xmlSecSize rrSize);
+int xmlSecGnuTLSDnAttrsParse (const xmlChar * dn,
+ xmlSecGnuTLSDnAttr * attrs,
+ xmlSecSize attrsSize);
+#endif /* XMLSEC_NO_X509 */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+
+#endif /* ! __XMLSEC_GNUTLS_X509UTILS_H__ */
diff --git a/src/gnutls/x509vfy.c b/src/gnutls/x509vfy.c
new file mode 100644
index 00000000..fd15c5ac
--- /dev/null
+++ b/src/gnutls/x509vfy.c
@@ -0,0 +1,802 @@
+/**
+ * XMLSec library
+ *
+ * X509 support
+ *
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#ifndef XMLSEC_NO_X509
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+#include <xmlsec/gnutls/x509.h>
+
+#include "x509utils.h"
+
+/**************************************************************************
+ *
+ * Internal GnuTLS X509 store CTX
+ *
+ *************************************************************************/
+typedef struct _xmlSecGnuTLSX509StoreCtx xmlSecGnuTLSX509StoreCtx,
+ *xmlSecGnuTLSX509StoreCtxPtr;
+struct _xmlSecGnuTLSX509StoreCtx {
+ xmlSecPtrList certsTrusted;
+ xmlSecPtrList certsUntrusted;
+};
+
+/****************************************************************************
+ *
+ * xmlSecGnuTLSKeyDataStoreX509Id:
+ *
+ * xmlSecGnuTLSX509StoreCtx is located after xmlSecTransform
+ *
+ ***************************************************************************/
+#define xmlSecGnuTLSX509StoreGetCtx(store) \
+ ((xmlSecGnuTLSX509StoreCtxPtr)(((xmlSecByte*)(store)) + \
+ sizeof(xmlSecKeyDataStoreKlass)))
+#define xmlSecGnuTLSX509StoreSize \
+ (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecGnuTLSX509StoreCtx))
+
+static int xmlSecGnuTLSX509StoreInitialize (xmlSecKeyDataStorePtr store);
+static void xmlSecGnuTLSX509StoreFinalize (xmlSecKeyDataStorePtr store);
+
+static xmlSecKeyDataStoreKlass xmlSecGnuTLSX509StoreKlass = {
+ sizeof(xmlSecKeyDataStoreKlass),
+ xmlSecGnuTLSX509StoreSize,
+
+ /* data */
+ xmlSecNameX509Store, /* const xmlChar* name; */
+
+ /* constructors/destructor */
+ xmlSecGnuTLSX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */
+ xmlSecGnuTLSX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+static gnutls_x509_crt_t xmlSecGnuTLSX509FindCert (xmlSecPtrListPtr certs,
+ const xmlChar *subjectName,
+ const xmlChar *issuerName,
+ const xmlChar *issuerSerial,
+ const xmlChar *ski);
+static gnutls_x509_crt_t xmlSecGnuTLSX509FindSignedCert (xmlSecPtrListPtr certs,
+ gnutls_x509_crt_t cert);
+static gnutls_x509_crt_t xmlSecGnuTLSX509FindSignerCert (xmlSecPtrListPtr certs,
+ gnutls_x509_crt_t cert);
+
+
+/**
+ * xmlSecGnuTLSX509StoreGetKlass:
+ *
+ * The GnuTLS X509 certificates key data store klass.
+ *
+ * Returns: pointer to GnuTLS X509 certificates key data store klass.
+ */
+xmlSecKeyDataStoreId
+xmlSecGnuTLSX509StoreGetKlass(void) {
+ return(&xmlSecGnuTLSX509StoreKlass);
+}
+
+/**
+ * xmlSecGnuTLSX509StoreFindCert:
+ * @store: the pointer to X509 key data store klass.
+ * @subjectName: the desired certificate name.
+ * @issuerName: the desired certificate issuer name.
+ * @issuerSerial: the desired certificate issuer serial number.
+ * @ski: the desired certificate SKI.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Searches @store for a certificate that matches given criteria.
+ *
+ * Returns: pointer to found certificate or NULL if certificate is not found
+ * or an error occurs.
+ */
+gnutls_x509_crt_t
+xmlSecGnuTLSX509StoreFindCert(xmlSecKeyDataStorePtr store,
+ const xmlChar *subjectName,
+ const xmlChar *issuerName,
+ const xmlChar *issuerSerial,
+ const xmlChar *ski,
+ const xmlSecKeyInfoCtx* keyInfoCtx) {
+ xmlSecGnuTLSX509StoreCtxPtr ctx;
+ gnutls_x509_crt_t res = NULL;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecGnuTLSX509StoreId), NULL);
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+
+ ctx = xmlSecGnuTLSX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ if(res == NULL) {
+ res = xmlSecGnuTLSX509FindCert(&(ctx->certsTrusted), subjectName, issuerName, issuerSerial, ski);
+ }
+ if(res == NULL) {
+ res = xmlSecGnuTLSX509FindCert(&(ctx->certsUntrusted), subjectName, issuerName, issuerSerial, ski);
+ }
+ return(res);
+}
+
+static int
+xmlSecGnuTLSX509CheckTime(const gnutls_x509_crt_t * cert_list,
+ xmlSecSize cert_list_length,
+ time_t ts)
+{
+ time_t notValidBefore, notValidAfter;
+ xmlSecSize ii;
+
+ xmlSecAssert2(cert_list != NULL, -1);
+
+ for(ii = 0; ii < cert_list_length; ++ii) {
+ const gnutls_x509_crt_t cert = cert_list[ii];
+ if(cert == NULL) {
+ continue;
+ }
+
+ /* get expiration times */
+ notValidBefore = gnutls_x509_crt_get_activation_time(cert);
+ if(notValidBefore == (time_t)-1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_activation_time",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ notValidAfter = gnutls_x509_crt_get_expiration_time(cert);
+ if(notValidAfter == (time_t)-1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_expiration_time",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* check */
+ if(ts < notValidBefore) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_YET_VALID,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
+ }
+ if(ts > notValidAfter) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_CERT_HAS_EXPIRED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
+ }
+ }
+
+ /* GOOD! */
+ return(1);
+}
+
+/**
+ * xmlSecGnuTLSX509StoreVerify:
+ * @store: the pointer to X509 key data store klass.
+ * @certs: the untrusted certificates.
+ * @crls: the crls.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Verifies @certs list.
+ *
+ * Returns: pointer to the first verified certificate from @certs.
+ */
+gnutls_x509_crt_t
+xmlSecGnuTLSX509StoreVerify(xmlSecKeyDataStorePtr store,
+ xmlSecPtrListPtr certs,
+ xmlSecPtrListPtr crls,
+ const xmlSecKeyInfoCtx* keyInfoCtx) {
+ xmlSecGnuTLSX509StoreCtxPtr ctx;
+ gnutls_x509_crt_t res = NULL;
+ xmlSecSize certs_size = 0;
+ gnutls_x509_crt_t * cert_list = NULL;
+ xmlSecSize cert_list_length;
+ gnutls_x509_crl_t * crl_list = NULL;
+ xmlSecSize crl_list_length;
+ gnutls_x509_crt_t * ca_list = NULL;
+ xmlSecSize ca_list_length;
+ time_t verification_time;
+ unsigned int flags = 0;
+ xmlSecSize ii;
+ int ret;
+ int err;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecGnuTLSX509StoreId), NULL);
+ xmlSecAssert2(certs != NULL, NULL);
+ xmlSecAssert2(crls != NULL, NULL);
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+
+ certs_size = xmlSecPtrListGetSize(certs);
+ if(certs_size <= 0) {
+ /* nothing to do */
+ return(NULL);
+ }
+
+ ctx = xmlSecGnuTLSX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ /* Prepare */
+ cert_list_length = certs_size + xmlSecPtrListGetSize(&(ctx->certsUntrusted));
+ if(cert_list_length > 0) {
+ cert_list = (gnutls_x509_crt_t *)xmlMalloc(sizeof(gnutls_x509_crt_t) * cert_list_length);
+ if(cert_list == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)(sizeof(gnutls_x509_crt_t) * cert_list_length));
+ goto done;
+ }
+ }
+ crl_list_length = xmlSecPtrListGetSize(crls);
+ if(crl_list_length > 0) {
+ crl_list = (gnutls_x509_crl_t *)xmlMalloc(sizeof(gnutls_x509_crl_t) * crl_list_length);
+ if(crl_list == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)(sizeof(gnutls_x509_crl_t) * crl_list_length));
+ goto done;
+ }
+ for(ii = 0; ii < crl_list_length; ++ii) {
+ crl_list[ii] = xmlSecPtrListGetItem(crls, ii);
+ if(crl_list[ii] == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlSecPtrListGetItem(crls)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+ }
+
+ ca_list_length = xmlSecPtrListGetSize(&(ctx->certsTrusted));
+ if(ca_list_length > 0) {
+ ca_list = (gnutls_x509_crt_t *)xmlMalloc(sizeof(gnutls_x509_crt_t) * ca_list_length);
+ if(ca_list == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)(sizeof(gnutls_x509_crt_t) * ca_list_length));
+ goto done;
+ }
+ for(ii = 0; ii < ca_list_length; ++ii) {
+ ca_list[ii] = xmlSecPtrListGetItem(&(ctx->certsTrusted), ii);
+ if(ca_list[ii] == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlSecPtrListGetItem(certsTrusted)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+ }
+
+ /* gnutls doesn't allow to specify "verification" timestamp so
+ we have to do it ourselves */
+ verification_time = (keyInfoCtx->certsVerificationTime > 0) ?
+ keyInfoCtx->certsVerificationTime :
+ time(0);
+ flags |= GNUTLS_VERIFY_DISABLE_TIME_CHECKS;
+
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS) != 0) {
+ flags |= GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2;
+ flags |= GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5;
+ }
+
+ /* We are going to build all possible cert chains and try to verify them */
+ for(ii = 0; (ii < certs_size) && (res == NULL); ++ii) {
+ gnutls_x509_crt_t cert, cert2;
+ xmlSecSize cert_list_cur_length = 0;
+ unsigned int verify = 0;
+
+ cert = xmlSecPtrListGetItem(certs, ii);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlSecPtrListGetItem(certs)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* check if we are the "leaf" node in the certs chain */
+ if(xmlSecGnuTLSX509FindSignedCert(certs, cert) != NULL) {
+ continue;
+ }
+
+ /* build the chain */
+ for(cert2 = cert, cert_list_cur_length = 0;
+ (cert2 != NULL) && (cert_list_cur_length < cert_list_length);
+ ++cert_list_cur_length)
+ {
+ gnutls_x509_crt_t tmp;
+
+ /* store */
+ cert_list[cert_list_cur_length] = cert2;
+
+ /* find next */
+ tmp = xmlSecGnuTLSX509FindSignerCert(certs, cert2);
+ if(tmp == NULL) {
+ tmp = xmlSecGnuTLSX509FindSignerCert(&(ctx->certsUntrusted), cert2);
+ }
+ cert2 = tmp;
+ }
+
+ /* try to verify */
+ err = gnutls_x509_crt_list_verify(
+ cert_list, (int)cert_list_cur_length, /* certs chain */
+ ca_list, (int)ca_list_length, /* trusted cas */
+ crl_list, (int)crl_list_length, /* crls */
+ flags, /* flags */
+ &verify);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_list_verify",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ /* don't stop, continue! */
+ continue;
+ } else if(verify != 0){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_list_verify",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "Verification failed: verify=%u", verify);
+ /* don't stop, continue! */
+ continue;
+ }
+
+ /* gnutls doesn't allow to specify "verification" timestamp so
+ we have to do it ourselves */
+ ret = xmlSecGnuTLSX509CheckTime(cert_list, cert_list_cur_length, verification_time);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "Time verification failed");
+ /* don't stop, continue! */
+ continue;
+ }
+
+ /* DONE! */
+ res = cert;
+ }
+
+done:
+ /* cleanup */
+ if(ca_list != NULL) {
+ xmlFree(ca_list);
+ }
+ if(crl_list != NULL) {
+ xmlFree(crl_list);
+ }
+ if(cert_list != NULL) {
+ xmlFree(cert_list);
+ }
+
+ return(res);
+}
+
+/**
+ * xmlSecGnuTLSX509StoreAdoptCert:
+ * @store: the pointer to X509 key data store klass.
+ * @cert: the pointer to GnuTLS X509 certificate.
+ * @type: the certificate type (trusted/untrusted).
+ *
+ * Adds trusted (root) or untrusted certificate to the store.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGnuTLSX509StoreAdoptCert(xmlSecKeyDataStorePtr store, gnutls_x509_crt_t cert, xmlSecKeyDataType type) {
+ xmlSecGnuTLSX509StoreCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecGnuTLSX509StoreId), -1);
+ xmlSecAssert2(cert != NULL, -1);
+
+ ctx = xmlSecGnuTLSX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if((type & xmlSecKeyDataTypeTrusted) != 0) {
+ ret = xmlSecPtrListAdd(&(ctx->certsTrusted), cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlSecPtrListAdd(trusted)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+ ret = xmlSecPtrListAdd(&(ctx->certsUntrusted), cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlSecPtrListAdd(untrusted)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ /* done */
+ return(0);
+}
+
+static int
+xmlSecGnuTLSX509StoreInitialize(xmlSecKeyDataStorePtr store) {
+ xmlSecGnuTLSX509StoreCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecGnuTLSX509StoreId), -1);
+
+ ctx = xmlSecGnuTLSX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecGnuTLSX509StoreCtx));
+
+ ret = xmlSecPtrListInitialize(&(ctx->certsTrusted), xmlSecGnuTLSX509CrtListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlSecPtrListInitialize(trusted)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecPtrListInitialize(&(ctx->certsUntrusted), xmlSecGnuTLSX509CrtListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlSecPtrListInitialize(untrusted)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecGnuTLSX509StoreFinalize(xmlSecKeyDataStorePtr store) {
+ xmlSecGnuTLSX509StoreCtxPtr ctx;
+ xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecGnuTLSX509StoreId));
+
+ ctx = xmlSecGnuTLSX509StoreGetCtx(store);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecPtrListFinalize(&(ctx->certsTrusted));
+ xmlSecPtrListFinalize(&(ctx->certsUntrusted));
+
+ memset(ctx, 0, sizeof(xmlSecGnuTLSX509StoreCtx));
+}
+
+
+/*****************************************************************************
+ *
+ * Low-level x509 functions
+ *
+ *****************************************************************************/
+#define XMLSEC_GNUTLS_DN_ATTRS_SIZE 1024
+static int
+xmlSecGnuTLSX509DnsEqual(const xmlChar * ll, const xmlChar * rr) {
+ xmlSecGnuTLSDnAttr ll_attrs[XMLSEC_GNUTLS_DN_ATTRS_SIZE];
+ xmlSecGnuTLSDnAttr rr_attrs[XMLSEC_GNUTLS_DN_ATTRS_SIZE];
+ int ret;
+ int res = -1;
+
+ xmlSecAssert2(ll != NULL, -1);
+ xmlSecAssert2(rr != NULL, -1);
+
+ /* fast version first */
+ if(xmlStrEqual(ll, rr)) {
+ return(1);
+ }
+
+ /* prepare */
+ xmlSecGnuTLSDnAttrsInitialize(ll_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE);
+ xmlSecGnuTLSDnAttrsInitialize(rr_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE);
+
+ /* parse */
+ ret = xmlSecGnuTLSDnAttrsParse(ll, ll_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSDnAttrsParse(ll)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecGnuTLSDnAttrsParse(rr, rr_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSDnAttrsParse(rr)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* compare */
+ ret = xmlSecGnuTLSDnAttrsEqual(ll_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE,
+ rr_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE);
+ if(ret == 1) {
+ res = 1;
+ } else if(ret == 0) {
+ res = 0;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSDnAttrsEqual",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+done:
+ xmlSecGnuTLSDnAttrsDeinitialize(ll_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE);
+ xmlSecGnuTLSDnAttrsDeinitialize(rr_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE);
+ return(res);
+}
+
+static gnutls_x509_crt_t
+xmlSecGnuTLSX509FindCert(xmlSecPtrListPtr certs,
+ const xmlChar *subjectName,
+ const xmlChar *issuerName,
+ const xmlChar *issuerSerial,
+ const xmlChar *ski) {
+ xmlSecSize ii, sz;
+
+ xmlSecAssert2(certs != NULL, NULL);
+
+ /* todo: this is not the fastest way to search certs */
+ sz = xmlSecPtrListGetSize(certs);
+ for(ii = 0; (ii < sz); ++ii) {
+ gnutls_x509_crt_t cert = xmlSecPtrListGetItem(certs, ii);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListGetItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%i", (int)ii);
+ return(NULL);
+ }
+
+ if(subjectName != NULL) {
+ xmlChar * tmp;
+
+ tmp = xmlSecGnuTLSX509CertGetSubjectDN(cert);
+ if(tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetSubjectDN",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%i", (int)ii);
+ return(NULL);
+ }
+
+ if(xmlSecGnuTLSX509DnsEqual(subjectName, tmp) == 1) {
+ xmlFree(tmp);
+ return(cert);
+ }
+ xmlFree(tmp);
+ } else if((issuerName != NULL) && (issuerSerial != NULL)) {
+ xmlChar * tmp1;
+ xmlChar * tmp2;
+
+ tmp1 = xmlSecGnuTLSX509CertGetIssuerDN(cert);
+ if(tmp1 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetIssuerDN",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%i", (int)ii);
+ return(NULL);
+ }
+
+ tmp2 = xmlSecGnuTLSX509CertGetIssuerSerial(cert);
+ if(tmp2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetIssuerSerial",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%i", (int)ii);
+ xmlFree(tmp1);
+ return(NULL);
+ }
+
+ if((xmlSecGnuTLSX509DnsEqual(issuerName, tmp1) == 1) && xmlStrEqual(issuerSerial, tmp2)) {
+ xmlFree(tmp1);
+ xmlFree(tmp2);
+ return(cert);
+ }
+ xmlFree(tmp1);
+ xmlFree(tmp2);
+ } else if(ski != NULL) {
+ xmlChar * tmp;
+
+ tmp = xmlSecGnuTLSX509CertGetSKI(cert);
+ if(tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetSKI",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%i", (int)ii);
+ return(NULL);
+ }
+
+ if(xmlStrEqual(ski, tmp)) {
+ xmlFree(tmp);
+ return(cert);
+ }
+ xmlFree(tmp);
+ }
+ }
+
+ return(NULL);
+}
+
+/* signed cert has issuer dn equal to our's subject dn */
+static gnutls_x509_crt_t
+xmlSecGnuTLSX509FindSignedCert(xmlSecPtrListPtr certs, gnutls_x509_crt_t cert) {
+ gnutls_x509_crt_t res = NULL;
+ xmlChar * subject = NULL;
+ xmlSecSize ii, sz;
+
+ xmlSecAssert2(certs != NULL, NULL);
+ xmlSecAssert2(cert != NULL, NULL);
+
+ /* get subject */
+ subject = xmlSecGnuTLSX509CertGetSubjectDN(cert);
+ if(subject == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetSubjectDN",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* todo: this is not the fastest way to search certs */
+ sz = xmlSecPtrListGetSize(certs);
+ for(ii = 0; (ii < sz) && (res == NULL); ++ii) {
+ gnutls_x509_crt_t tmp;
+ xmlChar * issuer;
+
+ tmp = xmlSecPtrListGetItem(certs, ii);
+ if(tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListGetItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%i", (int)ii);
+ goto done;
+ }
+
+ issuer = xmlSecGnuTLSX509CertGetIssuerDN(tmp);
+ if(issuer == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetIssuerDN",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%i", (int)ii);
+ goto done;
+ }
+
+ /* are we done? */
+ if(xmlSecGnuTLSX509DnsEqual(subject, issuer) == 1) {
+ res = tmp;
+ }
+ xmlFree(issuer);
+ }
+
+done:
+ if(subject != NULL) {
+ xmlFree(subject);
+ }
+ return(res);
+}
+
+/* signer cert has subject dn equal to our's issuer dn */
+static gnutls_x509_crt_t
+xmlSecGnuTLSX509FindSignerCert(xmlSecPtrListPtr certs, gnutls_x509_crt_t cert) {
+ gnutls_x509_crt_t res = NULL;
+ xmlChar * issuer = NULL;
+ xmlSecSize ii, sz;
+
+ xmlSecAssert2(certs != NULL, NULL);
+ xmlSecAssert2(cert != NULL, NULL);
+
+ /* get issuer */
+ issuer = xmlSecGnuTLSX509CertGetIssuerDN(cert);
+ if(issuer == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetIssuerDN",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* todo: this is not the fastest way to search certs */
+ sz = xmlSecPtrListGetSize(certs);
+ for(ii = 0; (ii < sz) && (res == NULL); ++ii) {
+ gnutls_x509_crt_t tmp;
+ xmlChar * subject;
+
+ tmp = xmlSecPtrListGetItem(certs, ii);
+ if(tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListGetItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%i", (int)ii);
+ goto done;
+ }
+
+ subject = xmlSecGnuTLSX509CertGetSubjectDN(tmp);
+ if(subject == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetSubjectDN",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%i", (int)ii);
+ goto done;
+ }
+
+ /* are we done? */
+ if((xmlSecGnuTLSX509DnsEqual(issuer, subject) == 1)) {
+ res = tmp;
+ }
+ xmlFree(subject);
+ }
+
+done:
+ if(issuer != NULL) {
+ xmlFree(issuer);
+ }
+ return(res);
+}
+
+#endif /* XMLSEC_NO_X509 */
+
+
diff --git a/src/io.c b/src/io.c
index a691f68b..42e91337 100644
--- a/src/io.c
+++ b/src/io.c
@@ -1,17 +1,17 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* Input uri transform and utility functions.
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
#include <stdlib.h>
-#include <string.h>
+#include <string.h>
#include <errno.h>
#include <libxml/uri.h>
@@ -22,7 +22,7 @@
#include <libxml/nanohttp.h>
#endif /* LIBXML_HTTP_ENABLED */
-#ifdef LIBXML_FTP_ENABLED
+#ifdef LIBXML_FTP_ENABLED
#include <libxml/nanoftp.h>
#endif /* LIBXML_FTP_ENABLED */
@@ -45,46 +45,46 @@ typedef struct _xmlSecIOCallback {
xmlInputCloseCallback closecallback;
} xmlSecIOCallback, *xmlSecIOCallbackPtr;
-static xmlSecIOCallbackPtr xmlSecIOCallbackCreate (xmlInputMatchCallback matchFunc,
- xmlInputOpenCallback openFunc,
- xmlInputReadCallback readFunc,
- xmlInputCloseCallback closeFunc);
-static void xmlSecIOCallbackDestroy (xmlSecIOCallbackPtr callbacks);
+static xmlSecIOCallbackPtr xmlSecIOCallbackCreate (xmlInputMatchCallback matchFunc,
+ xmlInputOpenCallback openFunc,
+ xmlInputReadCallback readFunc,
+ xmlInputCloseCallback closeFunc);
+static void xmlSecIOCallbackDestroy (xmlSecIOCallbackPtr callbacks);
-static xmlSecIOCallbackPtr
-xmlSecIOCallbackCreate(xmlInputMatchCallback matchFunc, xmlInputOpenCallback openFunc,
- xmlInputReadCallback readFunc, xmlInputCloseCallback closeFunc) {
+static xmlSecIOCallbackPtr
+xmlSecIOCallbackCreate(xmlInputMatchCallback matchFunc, xmlInputOpenCallback openFunc,
+ xmlInputReadCallback readFunc, xmlInputCloseCallback closeFunc) {
xmlSecIOCallbackPtr callbacks;
-
+
xmlSecAssert2(matchFunc != NULL, NULL);
-
+
/* Allocate a new xmlSecIOCallback and fill the fields. */
callbacks = (xmlSecIOCallbackPtr)xmlMalloc(sizeof(xmlSecIOCallback));
if(callbacks == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "sizeof(xmlSecIOCallback)=%d",
- sizeof(xmlSecIOCallback));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecIOCallback)=%d",
+ sizeof(xmlSecIOCallback));
+ return(NULL);
}
- memset(callbacks, 0, sizeof(xmlSecIOCallback));
+ memset(callbacks, 0, sizeof(xmlSecIOCallback));
callbacks->matchcallback = matchFunc;
callbacks->opencallback = openFunc;
callbacks->readcallback = readFunc;
callbacks->closecallback = closeFunc;
-
+
return(callbacks);
}
-static void
+static void
xmlSecIOCallbackDestroy(xmlSecIOCallbackPtr callbacks) {
xmlSecAssert(callbacks != NULL);
- memset(callbacks, 0, sizeof(xmlSecIOCallback));
- xmlFree(callbacks);
+ memset(callbacks, 0, sizeof(xmlSecIOCallback));
+ xmlFree(callbacks);
}
/*******************************************************************
@@ -94,30 +94,30 @@ xmlSecIOCallbackDestroy(xmlSecIOCallbackPtr callbacks) {
******************************************************************/
static xmlSecPtrListKlass xmlSecIOCallbackPtrListKlass = {
BAD_CAST "io-callbacks-list",
- NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
(xmlSecPtrDestroyItemMethod)xmlSecIOCallbackDestroy,/* xmlSecPtrDestroyItemMethod destroyItem; */
- NULL, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
- NULL /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ NULL /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
};
-#define xmlSecIOCallbackPtrListId xmlSecIOCallbackPtrListGetKlass ()
-static xmlSecPtrListId xmlSecIOCallbackPtrListGetKlass (void);
-static xmlSecIOCallbackPtr xmlSecIOCallbackPtrListFind (xmlSecPtrListPtr list,
- const char* uri);
+#define xmlSecIOCallbackPtrListId xmlSecIOCallbackPtrListGetKlass ()
+static xmlSecPtrListId xmlSecIOCallbackPtrListGetKlass (void);
+static xmlSecIOCallbackPtr xmlSecIOCallbackPtrListFind (xmlSecPtrListPtr list,
+ const char* uri);
/**
- * xmlSecIOCallbackPtrListGetKlass:
+ * xmlSecIOCallbackPtrListGetKlass:
*
* The keys list klass.
*
* Returns: keys list id.
*/
-static xmlSecPtrListId
+static xmlSecPtrListId
xmlSecIOCallbackPtrListGetKlass(void) {
return(&xmlSecIOCallbackPtrListKlass);
}
-static xmlSecIOCallbackPtr
+static xmlSecIOCallbackPtr
xmlSecIOCallbackPtrListFind(xmlSecPtrListPtr list, const char* uri) {
xmlSecIOCallbackPtr callbacks;
xmlSecSize i, size;
@@ -127,13 +127,13 @@ xmlSecIOCallbackPtrListFind(xmlSecPtrListPtr list, const char* uri) {
size = xmlSecPtrListGetSize(list);
for(i = 0; i < size; ++i) {
- callbacks = (xmlSecIOCallbackPtr)xmlSecPtrListGetItem(list, i);
- xmlSecAssert2(callbacks != NULL, NULL);
- xmlSecAssert2(callbacks->matchcallback != NULL, NULL);
-
- if((callbacks->matchcallback(uri)) != 0) {
- return(callbacks);
- }
+ callbacks = (xmlSecIOCallbackPtr)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert2(callbacks != NULL, NULL);
+ xmlSecAssert2(callbacks->matchcallback != NULL, NULL);
+
+ if((callbacks->matchcallback(uri)) != 0) {
+ return(callbacks);
+ }
}
return(NULL);
}
@@ -147,18 +147,18 @@ static xmlSecPtrList xmlSecAllIOCallbacks;
* Applications should not call this function directly.
*
* Returns: 0 on success or a negative value otherwise.
- */
+ */
int
-xmlSecIOInit(void) {
+xmlSecIOInit(void) {
int ret;
-
+
ret = xmlSecPtrListInitialize(&xmlSecAllIOCallbacks, xmlSecIOCallbackPtrListId);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListPtrInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListPtrInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
@@ -166,9 +166,9 @@ xmlSecIOInit(void) {
xmlNanoHTTPInit();
#endif /* LIBXML_HTTP_ENABLED */
-#ifdef LIBXML_FTP_ENABLED
+#ifdef LIBXML_FTP_ENABLED
xmlNanoFTPInit();
-#endif /* LIBXML_FTP_ENABLED */
+#endif /* LIBXML_FTP_ENABLED */
return(xmlSecIORegisterDefaultCallbacks());
}
@@ -178,7 +178,7 @@ xmlSecIOInit(void) {
*
* The IO clenaup (called from #xmlSecShutdown function).
* Applications should not call this function directly.
- */
+ */
void
xmlSecIOShutdown(void) {
@@ -186,9 +186,9 @@ xmlSecIOShutdown(void) {
xmlNanoHTTPCleanup();
#endif /* LIBXML_HTTP_ENABLED */
-#ifdef LIBXML_FTP_ENABLED
+#ifdef LIBXML_FTP_ENABLED
xmlNanoFTPCleanup();
-#endif /* LIBXML_FTP_ENABLED */
+#endif /* LIBXML_FTP_ENABLED */
xmlSecPtrListFinalize(&xmlSecAllIOCallbacks);
}
@@ -197,7 +197,7 @@ xmlSecIOShutdown(void) {
* xmlSecIOCleanupCallbacks:
*
* Clears the entire input callback table. this includes the
- * compiled-in I/O.
+ * compiled-in I/O.
*/
void
xmlSecIOCleanupCallbacks(void) {
@@ -206,10 +206,10 @@ xmlSecIOCleanupCallbacks(void) {
/**
* xmlSecIORegisterCallbacks:
- * @matchFunc: the protocol match callback.
- * @openFunc: the open stream callback.
- * @readFunc: the read from stream callback.
- * @closeFunc: the close stream callback.
+ * @matchFunc: the protocol match callback.
+ * @openFunc: the open stream callback.
+ * @readFunc: the read from stream callback.
+ * @closeFunc: the close stream callback.
*
* Register a new set of I/O callback for handling parser input.
*
@@ -217,32 +217,32 @@ xmlSecIOCleanupCallbacks(void) {
*/
int
xmlSecIORegisterCallbacks(xmlInputMatchCallback matchFunc,
- xmlInputOpenCallback openFunc, xmlInputReadCallback readFunc,
- xmlInputCloseCallback closeFunc) {
+ xmlInputOpenCallback openFunc, xmlInputReadCallback readFunc,
+ xmlInputCloseCallback closeFunc) {
xmlSecIOCallbackPtr callbacks;
int ret;
-
+
xmlSecAssert2(matchFunc != NULL, -1);
-
+
callbacks = xmlSecIOCallbackCreate(matchFunc, openFunc, readFunc, closeFunc);
if(callbacks == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecIOCallbackCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecIOCallbackCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
ret = xmlSecPtrListAdd(&xmlSecAllIOCallbacks, callbacks);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecIOCallbackDestroy(callbacks);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecIOCallbackDestroy(callbacks);
+ return(-1);
}
return(0);
}
@@ -258,42 +258,42 @@ xmlSecIORegisterCallbacks(xmlInputMatchCallback matchFunc,
int
xmlSecIORegisterDefaultCallbacks(void) {
int ret;
-
+
#ifdef LIBXML_HTTP_ENABLED
ret = xmlSecIORegisterCallbacks(xmlIOHTTPMatch, xmlIOHTTPOpen,
- xmlIOHTTPRead, xmlIOHTTPClose);
+ xmlIOHTTPRead, xmlIOHTTPClose);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecIORegisterCallbacks",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "http");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecIORegisterCallbacks",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "http");
+ return(-1);
}
#endif /* LIBXML_HTTP_ENABLED */
#ifdef LIBXML_FTP_ENABLED
ret = xmlSecIORegisterCallbacks(xmlIOFTPMatch, xmlIOFTPOpen,
- xmlIOFTPRead, xmlIOFTPClose);
+ xmlIOFTPRead, xmlIOFTPClose);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecIORegisterCallbacks",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "ftp");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecIORegisterCallbacks",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ftp");
+ return(-1);
}
#endif /* LIBXML_FTP_ENABLED */
ret = xmlSecIORegisterCallbacks(xmlFileMatch, xmlFileOpen,
- xmlFileRead, xmlFileClose);
+ xmlFileRead, xmlFileClose);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecIORegisterCallbacks",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "file");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecIORegisterCallbacks",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "file");
+ return(-1);
}
return(0);
@@ -301,60 +301,60 @@ xmlSecIORegisterDefaultCallbacks(void) {
-
+
/**************************************************************
*
* Input URI Transform
*
* xmlSecInputURICtx is located after xmlSecTransform
- *
+ *
**************************************************************/
-typedef struct _xmlSecInputURICtx xmlSecInputURICtx,
- *xmlSecInputURICtxPtr;
+typedef struct _xmlSecInputURICtx xmlSecInputURICtx,
+ *xmlSecInputURICtxPtr;
struct _xmlSecInputURICtx {
- xmlSecIOCallbackPtr clbks;
- void* clbksCtx;
+ xmlSecIOCallbackPtr clbks;
+ void* clbksCtx;
};
#define xmlSecTransformInputUriSize \
- (sizeof(xmlSecTransform) + sizeof(xmlSecInputURICtx))
+ (sizeof(xmlSecTransform) + sizeof(xmlSecInputURICtx))
#define xmlSecTransformInputUriGetCtx(transform) \
((xmlSecTransformCheckSize((transform), xmlSecTransformInputUriSize)) ? \
- (xmlSecInputURICtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)) : \
- (xmlSecInputURICtxPtr)NULL)
+ (xmlSecInputURICtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)) : \
+ (xmlSecInputURICtxPtr)NULL)
-static int xmlSecTransformInputURIInitialize (xmlSecTransformPtr transform);
-static void xmlSecTransformInputURIFinalize (xmlSecTransformPtr transform);
-static int xmlSecTransformInputURIPopBin (xmlSecTransformPtr transform,
- xmlSecByte* data,
- xmlSecSize maxDataSize,
- xmlSecSize* dataSize,
- xmlSecTransformCtxPtr transformCtx);
+static int xmlSecTransformInputURIInitialize (xmlSecTransformPtr transform);
+static void xmlSecTransformInputURIFinalize (xmlSecTransformPtr transform);
+static int xmlSecTransformInputURIPopBin (xmlSecTransformPtr transform,
+ xmlSecByte* data,
+ xmlSecSize maxDataSize,
+ xmlSecSize* dataSize,
+ xmlSecTransformCtxPtr transformCtx);
static xmlSecTransformKlass xmlSecTransformInputURIKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecTransformInputUriSize, /* xmlSecSize objSize */
-
- BAD_CAST "input-uri", /* const xmlChar* name; */
- NULL, /* const xmlChar* href; */
- 0, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecTransformInputURIInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecTransformInputURIFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- NULL, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformInputURIPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- NULL, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecTransformInputUriSize, /* xmlSecSize objSize */
+
+ BAD_CAST "input-uri", /* const xmlChar* name; */
+ NULL, /* const xmlChar* href; */
+ 0, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecTransformInputURIInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformInputURIFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformInputURIPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ NULL, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
@@ -364,15 +364,15 @@ static xmlSecTransformKlass xmlSecTransformInputURIKlass = {
*
* Returns: input URI transform id.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformInputURIGetKlass(void) {
return(&xmlSecTransformInputURIKlass);
}
-/**
+/**
* xmlSecTransformInputURIOpen:
- * @transform: the pointer to IO transform.
- * @uri: the URL to open.
+ * @transform: the pointer to IO transform.
+ * @uri: the URL to open.
*
* Opens the given @uri for reading.
*
@@ -381,7 +381,7 @@ xmlSecTransformInputURIGetKlass(void) {
int
xmlSecTransformInputURIOpen(xmlSecTransformPtr transform, const xmlChar *uri) {
xmlSecInputURICtxPtr ctx;
-
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformInputURIId), -1);
xmlSecAssert2(uri != NULL, -1);
@@ -396,16 +396,16 @@ xmlSecTransformInputURIOpen(xmlSecTransformPtr transform, const xmlChar *uri) {
* try with an unescaped version of the uri
*/
if(ctx->clbks == NULL) {
- char *unescaped;
-
+ char *unescaped;
+
unescaped = xmlURIUnescapeString((char*)uri, 0, NULL);
- if (unescaped != NULL) {
- ctx->clbks = xmlSecIOCallbackPtrListFind(&xmlSecAllIOCallbacks, unescaped);
- if(ctx->clbks != NULL) {
- ctx->clbksCtx = ctx->clbks->opencallback(unescaped);
- }
- xmlFree(unescaped);
- }
+ if (unescaped != NULL) {
+ ctx->clbks = xmlSecIOCallbackPtrListFind(&xmlSecAllIOCallbacks, unescaped);
+ if(ctx->clbks != NULL) {
+ ctx->clbksCtx = ctx->clbks->opencallback(unescaped);
+ }
+ xmlFree(unescaped);
+ }
}
/*
@@ -413,23 +413,23 @@ xmlSecTransformInputURIOpen(xmlSecTransformPtr transform, const xmlChar *uri) {
* filename
*/
if (ctx->clbks == NULL) {
- ctx->clbks = xmlSecIOCallbackPtrListFind(&xmlSecAllIOCallbacks, (char*)uri);
- if(ctx->clbks != NULL) {
- ctx->clbksCtx = ctx->clbks->opencallback((char*)uri);
- }
+ ctx->clbks = xmlSecIOCallbackPtrListFind(&xmlSecAllIOCallbacks, (char*)uri);
+ if(ctx->clbks != NULL) {
+ ctx->clbksCtx = ctx->clbks->opencallback((char*)uri);
+ }
}
if((ctx->clbks == NULL) || (ctx->clbksCtx == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "opencallback",
- XMLSEC_ERRORS_R_IO_FAILED,
- "uri=%s;errno=%d",
- xmlSecErrorsSafeString(uri),
- errno);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "opencallback",
+ XMLSEC_ERRORS_R_IO_FAILED,
+ "uri=%s;errno=%d",
+ xmlSecErrorsSafeString(uri),
+ errno);
+ return(-1);
}
-
+
return(0);
}
@@ -441,7 +441,7 @@ xmlSecTransformInputURIInitialize(xmlSecTransformPtr transform) {
ctx = xmlSecTransformInputUriGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
-
+
memset(ctx, 0, sizeof(xmlSecInputURICtx));
return(0);
}
@@ -456,19 +456,19 @@ xmlSecTransformInputURIFinalize(xmlSecTransformPtr transform) {
xmlSecAssert(ctx != NULL);
if((ctx->clbksCtx != NULL) && (ctx->clbks != NULL) && (ctx->clbks->closecallback != NULL)) {
- (ctx->clbks->closecallback)(ctx->clbksCtx);
+ (ctx->clbks->closecallback)(ctx->clbksCtx);
}
memset(ctx, 0, sizeof(xmlSecInputURICtx));
}
-static int
+static int
xmlSecTransformInputURIPopBin(xmlSecTransformPtr transform, xmlSecByte* data,
- xmlSecSize maxDataSize, xmlSecSize* dataSize,
- xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize maxDataSize, xmlSecSize* dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
xmlSecInputURICtxPtr ctx;
int ret;
-
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformInputURIId), -1);
xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(dataSize != NULL, -1);
@@ -476,20 +476,20 @@ xmlSecTransformInputURIPopBin(xmlSecTransformPtr transform, xmlSecByte* data,
ctx = xmlSecTransformInputUriGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
-
+
if((ctx->clbksCtx != NULL) && (ctx->clbks != NULL) && (ctx->clbks->readcallback != NULL)) {
ret = (ctx->clbks->readcallback)(ctx->clbksCtx, (char*)data, (int)maxDataSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "readcallback",
- XMLSEC_ERRORS_R_IO_FAILED,
- "errno=%d", errno);
- return(-1);
- }
- (*dataSize) = ret;
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "readcallback",
+ XMLSEC_ERRORS_R_IO_FAILED,
+ "errno=%d", errno);
+ return(-1);
+ }
+ (*dataSize) = ret;
} else {
- (*dataSize) = 0;
+ (*dataSize) = 0;
}
return(0);
}
diff --git a/src/keyinfo.c b/src/keyinfo.c
index 6e327b2b..00390fa7 100644
--- a/src/keyinfo.c
+++ b/src/keyinfo.c
@@ -1,26 +1,26 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
- * <dsig:KeyInfo/> element processing
+ * <dsig:KeyInfo/> element processing
* (http://www.w3.org/TR/xmlSec-core/#sec-KeyInfo:
*
* The KeyInfo Element
*
- * KeyInfo is an optional element that enables the recipient(s) to obtain
- * the key needed to validate the signature. KeyInfo may contain keys,
- * names, certificates and other public key management information, such as
- * in-band key distribution or key agreement data.
- *
+ * KeyInfo is an optional element that enables the recipient(s) to obtain
+ * the key needed to validate the signature. KeyInfo may contain keys,
+ * names, certificates and other public key management information, such as
+ * in-band key distribution or key agreement data.
+ *
* Schema Definition:
*
- * <element name="KeyInfo" type="ds:KeyInfoType"/>
+ * <element name="KeyInfo" type="ds:KeyInfoType"/>
* <complexType name="KeyInfoType" mixed="true">
- * <choice maxOccurs="unbounded">
- * <element ref="ds:KeyName"/>
- * <element ref="ds:KeyValue"/>
- * <element ref="ds:RetrievalMethod"/>
- * <element ref="ds:X509Data"/>
- * <element ref="ds:PGPData"/>
+ * <choice maxOccurs="unbounded">
+ * <element ref="ds:KeyName"/>
+ * <element ref="ds:KeyValue"/>
+ * <element ref="ds:RetrievalMethod"/>
+ * <element ref="ds:X509Data"/>
+ * <element ref="ds:PGPData"/>
* <element ref="ds:SPKIData"/>
* <element ref="ds:MgmtData"/>
* <any processContents="lax" namespace="##other"/>
@@ -28,24 +28,24 @@
* </choice>
* <attribute name="Id" type="ID" use="optional"/>
* </complexType>
- *
+ *
* DTD:
- *
+ *
* <!ELEMENT KeyInfo (#PCDATA|KeyName|KeyValue|RetrievalMethod|
- * X509Data|PGPData|SPKIData|MgmtData %KeyInfo.ANY;)* >
+ * X509Data|PGPData|SPKIData|MgmtData %KeyInfo.ANY;)* >
* <!ATTLIST KeyInfo Id ID #IMPLIED >
- *
+ *
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
#include <stdlib.h>
#include <string.h>
-
+
#include <libxml/tree.h>
#include <xmlsec/xmlsec.h>
@@ -61,14 +61,14 @@
/**************************************************************************
*
- * Hi level functions
+ * High-level functions
*
*************************************************************************/
/**
* xmlSecKeyInfoNodeRead:
- * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
- * @key: the pointer to result key object.
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
+ * @key: the pointer to result key object.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
*
* Parses the <dsig:KeyInfo/> element @keyInfoNode, extracts the key data
* and stores into @key.
@@ -82,123 +82,123 @@ xmlSecKeyInfoNodeRead(xmlNodePtr keyInfoNode, xmlSecKeyPtr key, xmlSecKeyInfoCtx
xmlSecKeyDataId dataId;
xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(keyInfoNode != NULL, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeRead, -1);
- for(cur = xmlSecGetNextElementNode(keyInfoNode->children);
- (cur != NULL) &&
- (((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND) != 0) ||
- (xmlSecKeyIsValid(key) == 0) ||
- (xmlSecKeyMatch(key, NULL, &(keyInfoCtx->keyReq)) == 0));
- cur = xmlSecGetNextElementNode(cur->next)) {
-
- /* find data id */
- nodeName = cur->name;
- nodeNs = xmlSecGetNodeNsHref(cur);
-
- /* use global list only if we don't have a local one */
- if(xmlSecPtrListGetSize(&(keyInfoCtx->enabledKeyData)) > 0) {
- dataId = xmlSecKeyDataIdListFindByNode(&(keyInfoCtx->enabledKeyData),
- nodeName, nodeNs, xmlSecKeyDataUsageKeyInfoNodeRead);
- } else {
- dataId = xmlSecKeyDataIdListFindByNode(xmlSecKeyDataIdsGet(),
- nodeName, nodeNs, xmlSecKeyDataUsageKeyInfoNodeRead);
- }
- if(dataId != xmlSecKeyDataIdUnknown) {
- /* read data node */
- ret = xmlSecKeyDataXmlRead(dataId, key, cur, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
- "xmlSecKeyDataXmlRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
- } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_UNKNOWN_CHILD) != 0) {
- /* there is a laxi schema validation but application may
- * desire to disable unknown nodes*/
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ for(cur = xmlSecGetNextElementNode(keyInfoNode->children);
+ (cur != NULL) &&
+ (((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND) != 0) ||
+ (xmlSecKeyIsValid(key) == 0) ||
+ (xmlSecKeyMatch(key, NULL, &(keyInfoCtx->keyReq)) == 0));
+ cur = xmlSecGetNextElementNode(cur->next)) {
+
+ /* find data id */
+ nodeName = cur->name;
+ nodeNs = xmlSecGetNodeNsHref(cur);
+
+ /* use global list only if we don't have a local one */
+ if(xmlSecPtrListGetSize(&(keyInfoCtx->enabledKeyData)) > 0) {
+ dataId = xmlSecKeyDataIdListFindByNode(&(keyInfoCtx->enabledKeyData),
+ nodeName, nodeNs, xmlSecKeyDataUsageKeyInfoNodeRead);
+ } else {
+ dataId = xmlSecKeyDataIdListFindByNode(xmlSecKeyDataIdsGet(),
+ nodeName, nodeNs, xmlSecKeyDataUsageKeyInfoNodeRead);
+ }
+ if(dataId != xmlSecKeyDataIdUnknown) {
+ /* read data node */
+ ret = xmlSecKeyDataXmlRead(dataId, key, cur, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeyDataXmlRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_UNKNOWN_CHILD) != 0) {
+ /* there is a laxi schema validation but application may
+ * desire to disable unknown nodes*/
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
-
- return(0);
+
+ return(0);
}
/**
* xmlSecKeyInfoNodeWrite:
- * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
- * @key: the pointer to key object.
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
+ * @key: the pointer to key object.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
*
* Writes the @key into the <dsig:KeyInfo/> element template @keyInfoNode.
*
* Returns: 0 on success or -1 if an error occurs.
*/
-int
+int
xmlSecKeyInfoNodeWrite(xmlNodePtr keyInfoNode, xmlSecKeyPtr key, xmlSecKeyInfoCtxPtr keyInfoCtx) {
const xmlChar* nodeName;
const xmlChar* nodeNs;
xmlSecKeyDataId dataId;
xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(keyInfoNode != NULL, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeWrite, -1);
- for(cur = xmlSecGetNextElementNode(keyInfoNode->children);
- cur != NULL;
- cur = xmlSecGetNextElementNode(cur->next)) {
-
- /* find data id */
- nodeName = cur->name;
- nodeNs = xmlSecGetNodeNsHref(cur);
-
- /* use global list only if we don't have a local one */
- if(xmlSecPtrListGetSize(&(keyInfoCtx->enabledKeyData)) > 0) {
- dataId = xmlSecKeyDataIdListFindByNode(&(keyInfoCtx->enabledKeyData),
- nodeName, nodeNs,
- xmlSecKeyDataUsageKeyInfoNodeWrite);
- } else {
- dataId = xmlSecKeyDataIdListFindByNode(xmlSecKeyDataIdsGet(),
- nodeName, nodeNs,
- xmlSecKeyDataUsageKeyInfoNodeWrite);
- }
- if(dataId != xmlSecKeyDataIdUnknown) {
- ret = xmlSecKeyDataXmlWrite(dataId, key, cur, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
- "xmlSecKeyDataXmlWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
- } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_UNKNOWN_CHILD) != 0) {
- /* laxi schema validation but application can disable it*/
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ for(cur = xmlSecGetNextElementNode(keyInfoNode->children);
+ cur != NULL;
+ cur = xmlSecGetNextElementNode(cur->next)) {
+
+ /* find data id */
+ nodeName = cur->name;
+ nodeNs = xmlSecGetNodeNsHref(cur);
+
+ /* use global list only if we don't have a local one */
+ if(xmlSecPtrListGetSize(&(keyInfoCtx->enabledKeyData)) > 0) {
+ dataId = xmlSecKeyDataIdListFindByNode(&(keyInfoCtx->enabledKeyData),
+ nodeName, nodeNs,
+ xmlSecKeyDataUsageKeyInfoNodeWrite);
+ } else {
+ dataId = xmlSecKeyDataIdListFindByNode(xmlSecKeyDataIdsGet(),
+ nodeName, nodeNs,
+ xmlSecKeyDataUsageKeyInfoNodeWrite);
+ }
+ if(dataId != xmlSecKeyDataIdUnknown) {
+ ret = xmlSecKeyDataXmlWrite(dataId, key, cur, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeyDataXmlWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_UNKNOWN_CHILD) != 0) {
+ /* laxi schema validation but application can disable it*/
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
-
+
return(0);
-}
+}
/**************************************************************************
*
@@ -207,96 +207,96 @@ xmlSecKeyInfoNodeWrite(xmlNodePtr keyInfoNode, xmlSecKeyPtr key, xmlSecKeyInfoCt
*************************************************************************/
/**
* xmlSecKeyInfoCtxCreate:
- * @keysMngr: the pointer to keys manager (may be NULL).
+ * @keysMngr: the pointer to keys manager (may be NULL).
*
* Allocates and initializes <dsig:KeyInfo/> element processing context.
- * Caller is responsible for freeing it by calling #xmlSecKeyInfoCtxDestroy
+ * Caller is responsible for freeing it by calling #xmlSecKeyInfoCtxDestroy
* function.
*
* Returns: pointer to newly allocated object or NULL if an error occurs.
*/
-xmlSecKeyInfoCtxPtr
+xmlSecKeyInfoCtxPtr
xmlSecKeyInfoCtxCreate(xmlSecKeysMngrPtr keysMngr) {
xmlSecKeyInfoCtxPtr keyInfoCtx;
int ret;
-
+
/* Allocate a new xmlSecKeyInfoCtx and fill the fields. */
keyInfoCtx = (xmlSecKeyInfoCtxPtr)xmlMalloc(sizeof(xmlSecKeyInfoCtx));
if(keyInfoCtx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", sizeof(xmlSecKeyInfoCtx));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", sizeof(xmlSecKeyInfoCtx));
+ return(NULL);
}
-
+
ret = xmlSecKeyInfoCtxInitialize(keyInfoCtx, keysMngr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyInfoCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyInfoCtxDestroy(keyInfoCtx);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyInfoCtxDestroy(keyInfoCtx);
+ return(NULL);
}
-
+
return(keyInfoCtx);
}
-/**
+/**
* xmlSecKeyInfoCtxDestroy:
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
*
* Destroys @keyInfoCtx object created with #xmlSecKeyInfoCtxCreate function.
*/
-void
+void
xmlSecKeyInfoCtxDestroy(xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecAssert(keyInfoCtx != NULL);
-
+
xmlSecKeyInfoCtxFinalize(keyInfoCtx);
xmlFree(keyInfoCtx);
}
-/**
+/**
* xmlSecKeyInfoCtxInitialize:
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
- * @keysMngr: the pointer to keys manager (may be NULL).
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ * @keysMngr: the pointer to keys manager (may be NULL).
*
- * Initializes <dsig:KeyInfo/> element processing context. Caller is
+ * Initializes <dsig:KeyInfo/> element processing context. Caller is
* responsible for cleaning it up by #xmlSecKeyInfoCtxFinalize function.
- *
+ *
* Returns: 0 on success and a negative value if an error occurs.
*/
-int
+int
xmlSecKeyInfoCtxInitialize(xmlSecKeyInfoCtxPtr keyInfoCtx, xmlSecKeysMngrPtr keysMngr) {
int ret;
-
+
xmlSecAssert2(keyInfoCtx != NULL, -1);
-
+
memset(keyInfoCtx, 0, sizeof(xmlSecKeyInfoCtx));
keyInfoCtx->keysMngr = keysMngr;
- keyInfoCtx->base64LineSize = xmlSecBase64GetDefaultLineSize();
+ keyInfoCtx->base64LineSize = xmlSecBase64GetDefaultLineSize();
ret = xmlSecPtrListInitialize(&(keyInfoCtx->enabledKeyData), xmlSecKeyDataIdListId);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
keyInfoCtx->maxRetrievalMethodLevel = 1;
ret = xmlSecTransformCtxInitialize(&(keyInfoCtx->retrievalMethodCtx));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
#ifndef XMLSEC_NO_XMLENC
@@ -309,28 +309,28 @@ xmlSecKeyInfoCtxInitialize(xmlSecKeyInfoCtxPtr keyInfoCtx, xmlSecKeysMngrPtr key
ret = xmlSecKeyReqInitialize(&(keyInfoCtx->keyReq));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyReqInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyReqInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
return(0);
}
-/**
+/**
* xmlSecKeyInfoCtxFinalize:
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
*
* Cleans up the @keyInfoCtx initialized with #xmlSecKeyInfoCtxInitialize
* function.
*/
-void
+void
xmlSecKeyInfoCtxFinalize(xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecAssert(keyInfoCtx != NULL);
-
+
xmlSecPtrListFinalize(&(keyInfoCtx->enabledKeyData));
xmlSecTransformCtxFinalize(&(keyInfoCtx->retrievalMethodCtx));
xmlSecKeyReqFinalize(&(keyInfoCtx->keyReq));
@@ -344,281 +344,281 @@ xmlSecKeyInfoCtxFinalize(xmlSecKeyInfoCtxPtr keyInfoCtx) {
memset(keyInfoCtx, 0, sizeof(xmlSecKeyInfoCtx));
}
-/**
+/**
* xmlSecKeyInfoCtxReset:
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
- *
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
* Resets the @keyInfoCtx state. User settings are not changed.
*/
-void
+void
xmlSecKeyInfoCtxReset(xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecAssert(keyInfoCtx != NULL);
-
+
xmlSecTransformCtxReset(&(keyInfoCtx->retrievalMethodCtx));
keyInfoCtx->curRetrievalMethodLevel = 0;
#ifndef XMLSEC_NO_XMLENC
- if(keyInfoCtx->encCtx != NULL) {
+ if(keyInfoCtx->encCtx != NULL) {
xmlSecEncCtxReset(keyInfoCtx->encCtx);
}
keyInfoCtx->curEncryptedKeyLevel = 0;
#endif /* XMLSEC_NO_XMLENC */
-
+
xmlSecKeyReqReset(&(keyInfoCtx->keyReq));
}
-/**
+/**
* xmlSecKeyInfoCtxCreateEncCtx:
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
- *
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
* Creates encryption context form processing <enc:EncryptedKey/> child
* of <dsig:KeyInfo/> element.
- *
+ *
* Returns: 0 on success and a negative value if an error occurs.
*/
-int
+int
xmlSecKeyInfoCtxCreateEncCtx(xmlSecKeyInfoCtxPtr keyInfoCtx) {
#ifndef XMLSEC_NO_XMLENC
xmlSecEncCtxPtr tmp;
int ret;
-
+
xmlSecAssert2(keyInfoCtx != NULL, -1);
xmlSecAssert2(keyInfoCtx->encCtx == NULL, -1);
- /* we have to use tmp variable to avoid a recursive loop */
+ /* we have to use tmp variable to avoid a recursive loop */
tmp = xmlSecEncCtxCreate(keyInfoCtx->keysMngr);
if(tmp == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecEncCtxCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
tmp->mode = xmlEncCtxModeEncryptedKey;
-
+
/* copy user preferences from our current ctx */
switch(keyInfoCtx->mode) {
- case xmlSecKeyInfoModeRead:
- ret = xmlSecKeyInfoCtxCopyUserPref(&(tmp->keyInfoReadCtx), keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyInfoCtxCopyUserPref",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecEncCtxDestroy(tmp);
- return(-1);
- }
- break;
- case xmlSecKeyInfoModeWrite:
- ret = xmlSecKeyInfoCtxCopyUserPref(&(tmp->keyInfoWriteCtx), keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyInfoCtxCopyUserPref",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecEncCtxDestroy(tmp);
- return(-1);
- }
- break;
- }
+ case xmlSecKeyInfoModeRead:
+ ret = xmlSecKeyInfoCtxCopyUserPref(&(tmp->keyInfoReadCtx), keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecEncCtxDestroy(tmp);
+ return(-1);
+ }
+ break;
+ case xmlSecKeyInfoModeWrite:
+ ret = xmlSecKeyInfoCtxCopyUserPref(&(tmp->keyInfoWriteCtx), keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecEncCtxDestroy(tmp);
+ return(-1);
+ }
+ break;
+ }
keyInfoCtx->encCtx = tmp;
-
+
return(0);
-#else /* XMLSEC_NO_XMLENC */
+#else /* XMLSEC_NO_XMLENC */
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xml encryption",
- XMLSEC_ERRORS_R_DISABLED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ NULL,
+ "xml encryption",
+ XMLSEC_ERRORS_R_DISABLED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
-#endif /* XMLSEC_NO_XMLENC */
+#endif /* XMLSEC_NO_XMLENC */
}
-/**
+/**
* xmlSecKeyInfoCtxCopyUserPref:
- * @dst: the pointer to destination context object.
- * @src: the pointer to source context object.
+ * @dst: the pointer to destination context object.
+ * @src: the pointer to source context object.
*
* Copies user preferences from @src context to @dst context.
- *
+ *
* Returns: 0 on success and a negative value if an error occurs.
*/
-int
+int
xmlSecKeyInfoCtxCopyUserPref(xmlSecKeyInfoCtxPtr dst, xmlSecKeyInfoCtxPtr src) {
int ret;
-
+
xmlSecAssert2(dst != NULL, -1);
xmlSecAssert2(src != NULL, -1);
-
- dst->userData = src->userData;
- dst->flags = src->flags;
- dst->flags2 = src->flags2;
- dst->keysMngr = src->keysMngr;
- dst->mode = src->mode;
- dst->base64LineSize = src->base64LineSize;
+
+ dst->userData = src->userData;
+ dst->flags = src->flags;
+ dst->flags2 = src->flags2;
+ dst->keysMngr = src->keysMngr;
+ dst->mode = src->mode;
+ dst->base64LineSize = src->base64LineSize;
ret = xmlSecPtrListCopy(&(dst->enabledKeyData), &(src->enabledKeyData));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListCopy",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "enabledKeyData");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "enabledKeyData");
+ return(-1);
}
-
+
/* <dsig:RetrievalMethod/> */
dst->maxRetrievalMethodLevel= src->maxRetrievalMethodLevel;
- ret = xmlSecTransformCtxCopyUserPref(&(dst->retrievalMethodCtx),
- &(src->retrievalMethodCtx));
+ ret = xmlSecTransformCtxCopyUserPref(&(dst->retrievalMethodCtx),
+ &(src->retrievalMethodCtx));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxCopyUserPref",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "enabledKeyData");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "enabledKeyData");
+ return(-1);
}
- /* <enc:EncryptedContext /> */
+ /* <enc:EncryptedContext /> */
#ifndef XMLSEC_NO_XMLENC
xmlSecAssert2(dst->encCtx == NULL, -1);
- if(src->encCtx != NULL) {
- dst->encCtx = xmlSecEncCtxCreate(dst->keysMngr);
- if(dst->encCtx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecEncCtxCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- dst->encCtx->mode = xmlEncCtxModeEncryptedKey;
+ if(src->encCtx != NULL) {
+ dst->encCtx = xmlSecEncCtxCreate(dst->keysMngr);
+ if(dst->encCtx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ dst->encCtx->mode = xmlEncCtxModeEncryptedKey;
ret = xmlSecEncCtxCopyUserPref(dst->encCtx, src->encCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecEncCtxCopyUserPref",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
- dst->maxEncryptedKeyLevel = src->maxEncryptedKeyLevel;
+ dst->maxEncryptedKeyLevel = src->maxEncryptedKeyLevel;
#endif /* XMLSEC_NO_XMLENC */
- /* <dsig:X509Data /> */
+ /* <dsig:X509Data /> */
#ifndef XMLSEC_NO_X509
- dst->certsVerificationTime = src->certsVerificationTime;
- dst->certsVerificationDepth = src->certsVerificationDepth;
+ dst->certsVerificationTime = src->certsVerificationTime;
+ dst->certsVerificationDepth = src->certsVerificationDepth;
#endif /* XMLSEC_NO_X509 */
-
+
return(0);
}
-/**
+/**
* xmlSecKeyInfoCtxDebugDump:
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
- * @output: the output file pointer.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ * @output: the output file pointer.
*
* Prints user settings and current context state to @output.
*/
-void
+void
xmlSecKeyInfoCtxDebugDump(xmlSecKeyInfoCtxPtr keyInfoCtx, FILE* output) {
xmlSecAssert(keyInfoCtx != NULL);
xmlSecAssert(output != NULL);
switch(keyInfoCtx->mode) {
- case xmlSecKeyInfoModeRead:
- fprintf(output, "= KEY INFO READ CONTEXT\n");
- break;
- case xmlSecKeyInfoModeWrite:
- fprintf(output, "= KEY INFO WRITE CONTEXT\n");
- break;
+ case xmlSecKeyInfoModeRead:
+ fprintf(output, "= KEY INFO READ CONTEXT\n");
+ break;
+ case xmlSecKeyInfoModeWrite:
+ fprintf(output, "= KEY INFO WRITE CONTEXT\n");
+ break;
}
-
+
fprintf(output, "== flags: 0x%08x\n", keyInfoCtx->flags);
fprintf(output, "== flags2: 0x%08x\n", keyInfoCtx->flags2);
if(xmlSecPtrListGetSize(&(keyInfoCtx->enabledKeyData)) > 0) {
- fprintf(output, "== enabled key data: ");
- xmlSecKeyDataIdListDebugDump(&(keyInfoCtx->enabledKeyData), output);
+ fprintf(output, "== enabled key data: ");
+ xmlSecKeyDataIdListDebugDump(&(keyInfoCtx->enabledKeyData), output);
} else {
- fprintf(output, "== enabled key data: all\n");
+ fprintf(output, "== enabled key data: all\n");
}
fprintf(output, "== RetrievalMethod level (cur/max): %d/%d\n",
- keyInfoCtx->curRetrievalMethodLevel,
- keyInfoCtx->maxRetrievalMethodLevel);
+ keyInfoCtx->curRetrievalMethodLevel,
+ keyInfoCtx->maxRetrievalMethodLevel);
xmlSecTransformCtxDebugDump(&(keyInfoCtx->retrievalMethodCtx), output);
-
+
#ifndef XMLSEC_NO_XMLENC
fprintf(output, "== EncryptedKey level (cur/max): %d/%d\n",
- keyInfoCtx->curEncryptedKeyLevel,
- keyInfoCtx->maxEncryptedKeyLevel);
+ keyInfoCtx->curEncryptedKeyLevel,
+ keyInfoCtx->maxEncryptedKeyLevel);
if(keyInfoCtx->encCtx != NULL) {
- xmlSecEncCtxDebugDump(keyInfoCtx->encCtx, output);
+ xmlSecEncCtxDebugDump(keyInfoCtx->encCtx, output);
}
#endif /* XMLSEC_NO_XMLENC */
xmlSecKeyReqDebugDump(&(keyInfoCtx->keyReq), output);
}
-/**
+/**
* xmlSecKeyInfoCtxDebugXmlDump:
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
- * @output: the output file pointer.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ * @output: the output file pointer.
*
- * Prints user settings and current context state in XML format to @output.
+ * Prints user settings and current context state in XML format to @output.
*/
-void
+void
xmlSecKeyInfoCtxDebugXmlDump(xmlSecKeyInfoCtxPtr keyInfoCtx, FILE* output) {
xmlSecAssert(keyInfoCtx != NULL);
xmlSecAssert(output != NULL);
switch(keyInfoCtx->mode) {
- case xmlSecKeyInfoModeRead:
- fprintf(output, "<KeyInfoReadContext>\n");
- break;
- case xmlSecKeyInfoModeWrite:
- fprintf(output, "<KeyInfoWriteContext>\n");
- break;
+ case xmlSecKeyInfoModeRead:
+ fprintf(output, "<KeyInfoReadContext>\n");
+ break;
+ case xmlSecKeyInfoModeWrite:
+ fprintf(output, "<KeyInfoWriteContext>\n");
+ break;
}
-
+
fprintf(output, "<Flags>%08x</Flags>\n", keyInfoCtx->flags);
fprintf(output, "<Flags2>%08x</Flags2>\n", keyInfoCtx->flags2);
if(xmlSecPtrListGetSize(&(keyInfoCtx->enabledKeyData)) > 0) {
- fprintf(output, "<EnabledKeyData>\n");
- xmlSecKeyDataIdListDebugXmlDump(&(keyInfoCtx->enabledKeyData), output);
- fprintf(output, "</EnabledKeyData>\n");
+ fprintf(output, "<EnabledKeyData>\n");
+ xmlSecKeyDataIdListDebugXmlDump(&(keyInfoCtx->enabledKeyData), output);
+ fprintf(output, "</EnabledKeyData>\n");
} else {
- fprintf(output, "<EnabledKeyData>all</EnabledKeyData>\n");
+ fprintf(output, "<EnabledKeyData>all</EnabledKeyData>\n");
}
fprintf(output, "<RetrievalMethodLevel cur=\"%d\" max=\"%d\" />\n",
- keyInfoCtx->curRetrievalMethodLevel,
- keyInfoCtx->maxRetrievalMethodLevel);
+ keyInfoCtx->curRetrievalMethodLevel,
+ keyInfoCtx->maxRetrievalMethodLevel);
xmlSecTransformCtxDebugXmlDump(&(keyInfoCtx->retrievalMethodCtx), output);
#ifndef XMLSEC_NO_XMLENC
fprintf(output, "<EncryptedKeyLevel cur=\"%d\" max=\"%d\" />\n",
- keyInfoCtx->curEncryptedKeyLevel,
- keyInfoCtx->maxEncryptedKeyLevel);
+ keyInfoCtx->curEncryptedKeyLevel,
+ keyInfoCtx->maxEncryptedKeyLevel);
if(keyInfoCtx->encCtx != NULL) {
- xmlSecEncCtxDebugXmlDump(keyInfoCtx->encCtx, output);
+ xmlSecEncCtxDebugXmlDump(keyInfoCtx->encCtx, output);
}
#endif /* XMLSEC_NO_XMLENC */
-
+
xmlSecKeyReqDebugXmlDump(&(keyInfoCtx->keyReq), output);
switch(keyInfoCtx->mode) {
- case xmlSecKeyInfoModeRead:
- fprintf(output, "</KeyInfoReadContext>\n");
- break;
- case xmlSecKeyInfoModeWrite:
- fprintf(output, "</KeyInfoWriteContext>\n");
- break;
+ case xmlSecKeyInfoModeRead:
+ fprintf(output, "</KeyInfoReadContext>\n");
+ break;
+ case xmlSecKeyInfoModeWrite:
+ fprintf(output, "</KeyInfoWriteContext>\n");
+ break;
}
}
@@ -627,14 +627,14 @@ xmlSecKeyInfoCtxDebugXmlDump(xmlSecKeyInfoCtxPtr keyInfoCtx, FILE* output) {
* <dsig:KeyName/> processing
*
*************************************************************************/
-static int xmlSecKeyDataNameXmlRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecKeyDataNameXmlWrite (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecKeyDataNameXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecKeyDataNameXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
static xmlSecKeyDataKlass xmlSecKeyDataNameKlass = {
sizeof(xmlSecKeyDataKlass),
@@ -642,59 +642,59 @@ static xmlSecKeyDataKlass xmlSecKeyDataNameKlass = {
/* data */
xmlSecNameKeyName,
- xmlSecKeyDataUsageKeyInfoNode, /* xmlSecKeyDataUsage usage; */
- NULL, /* const xmlChar* href; */
- xmlSecNodeKeyName, /* const xmlChar* dataNodeName; */
- xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyInfoNode, /* xmlSecKeyDataUsage usage; */
+ NULL, /* const xmlChar* href; */
+ xmlSecNodeKeyName, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- NULL, /* xmlSecKeyDataInitializeMethod initialize; */
- NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
- NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
- NULL, /* xmlSecKeyDataGenerateMethod generate; */
-
+ NULL, /* xmlSecKeyDataInitializeMethod initialize; */
+ NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
+
/* get info */
- NULL, /* xmlSecKeyDataGetTypeMethod getType; */
- NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ NULL, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- xmlSecKeyDataNameXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecKeyDataNameXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- NULL, /* xmlSecKeyDataBinReadMethod binRead; */
- NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ xmlSecKeyDataNameXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecKeyDataNameXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecKeyDataNameGetKlass:
*
- * The <dsig:KeyName/> element key data klass
+ * The <dsig:KeyName/> element key data klass
* (http://www.w3.org/TR/xmldsig-core/#sec-KeyName):
*
- * The KeyName element contains a string value (in which white space is
- * significant) which may be used by the signer to communicate a key
- * identifier to the recipient. Typically, KeyName contains an identifier
- * related to the key pair used to sign the message, but it may contain
- * other protocol-related information that indirectly identifies a key pair.
- * (Common uses of KeyName include simple string names for keys, a key index,
- * a distinguished name (DN), an email address, etc.)
+ * The KeyName element contains a string value (in which white space is
+ * significant) which may be used by the signer to communicate a key
+ * identifier to the recipient. Typically, KeyName contains an identifier
+ * related to the key pair used to sign the message, but it may contain
+ * other protocol-related information that indirectly identifies a key pair.
+ * (Common uses of KeyName include simple string names for keys, a key index,
+ * a distinguished name (DN), an email address, etc.)
*
* Returns: the <dsig:KeyName/> element processing key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecKeyDataNameGetKlass(void) {
return(&xmlSecKeyDataNameKlass);
}
-static int
+static int
xmlSecKeyDataNameXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
const xmlChar* oldName;
xmlChar* newName;
@@ -709,65 +709,65 @@ xmlSecKeyDataNameXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node,
oldName = xmlSecKeyGetName(key);
newName = xmlNodeGetContent(node);
if(newName == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* TODO: do we need to decode the name? */
-
+
/* compare name values */
if((oldName != NULL) && !xmlStrEqual(oldName, newName)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "key name is already specified",
- XMLSEC_ERRORS_R_INVALID_KEY_DATA,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(newName);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "key name is already specified",
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(newName);
+ return(-1);
}
/* try to find key in the manager */
if((xmlSecKeyGetValue(key) == NULL) && (keyInfoCtx->keysMngr != NULL)) {
- xmlSecKeyPtr tmpKey;
-
- tmpKey = xmlSecKeysMngrFindKey(keyInfoCtx->keysMngr, newName, keyInfoCtx);
- if(tmpKey != NULL) {
- /* erase any current information in the key */
- xmlSecKeyEmpty(key);
-
- /* TODO: since we will destroy tmpKey anyway, we can easily
- * just re-assign key data values. It'll save use some memory
- * malloc/free
- */
-
- /* and copy what we've found */
- ret = xmlSecKeyCopy(key, tmpKey);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyCopy",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDestroy(tmpKey);
- xmlFree(newName);
- return(-1);
- }
- xmlSecKeyDestroy(tmpKey);
- }
- }
-
+ xmlSecKeyPtr tmpKey;
+
+ tmpKey = xmlSecKeysMngrFindKey(keyInfoCtx->keysMngr, newName, keyInfoCtx);
+ if(tmpKey != NULL) {
+ /* erase any current information in the key */
+ xmlSecKeyEmpty(key);
+
+ /* TODO: since we will destroy tmpKey anyway, we can easily
+ * just re-assign key data values. It'll save use some memory
+ * malloc/free
+ */
+
+ /* and copy what we've found */
+ ret = xmlSecKeyCopy(key, tmpKey);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(tmpKey);
+ xmlFree(newName);
+ return(-1);
+ }
+ xmlSecKeyDestroy(tmpKey);
+ }
+ }
+
/* finally set key name if it is not there */
if(xmlSecKeyGetName(key) == NULL) {
- xmlSecKeySetName(key, newName);
+ xmlSecKeySetName(key, newName);
}
xmlFree(newName);
return(0);
}
-static int
+static int
xmlSecKeyDataNameXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
const xmlChar* name;
@@ -779,7 +779,7 @@ xmlSecKeyDataNameXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node,
name = xmlSecKeyGetName(key);
if(name != NULL) {
- xmlSecNodeEncodeAndSetContent(node, name);
+ xmlSecNodeEncodeAndSetContent(node, name);
}
return(0);
}
@@ -789,14 +789,14 @@ xmlSecKeyDataNameXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node,
* <dsig:KeyValue/> processing
*
*************************************************************************/
-static int xmlSecKeyDataValueXmlRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecKeyDataValueXmlWrite (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecKeyDataValueXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecKeyDataValueXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
static xmlSecKeyDataKlass xmlSecKeyDataValueKlass = {
sizeof(xmlSecKeyDataKlass),
@@ -804,54 +804,54 @@ static xmlSecKeyDataKlass xmlSecKeyDataValueKlass = {
/* data */
xmlSecNameKeyValue,
- xmlSecKeyDataUsageKeyInfoNode, /* xmlSecKeyDataUsage usage; */
- NULL, /* const xmlChar* href; */
- xmlSecNodeKeyValue, /* const xmlChar* dataNodeName; */
- xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyInfoNode, /* xmlSecKeyDataUsage usage; */
+ NULL, /* const xmlChar* href; */
+ xmlSecNodeKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- NULL, /* xmlSecKeyDataInitializeMethod initialize; */
- NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
- NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
- NULL, /* xmlSecKeyDataGenerateMethod generate; */
-
+ NULL, /* xmlSecKeyDataInitializeMethod initialize; */
+ NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
+
/* get info */
- NULL, /* xmlSecKeyDataGetTypeMethod getType; */
- NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ NULL, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- xmlSecKeyDataValueXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecKeyDataValueXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- NULL, /* xmlSecKeyDataBinReadMethod binRead; */
- NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ xmlSecKeyDataValueXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecKeyDataValueXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecKeyDataValueGetKlass:
*
- * The <dsig:KeyValue/> element key data klass
+ * The <dsig:KeyValue/> element key data klass
* (http://www.w3.org/TR/xmldsig-core/#sec-KeyValue):
*
- * The KeyValue element contains a single public key that may be useful in
- * validating the signature.
- *
+ * The KeyValue element contains a single public key that may be useful in
+ * validating the signature.
+ *
* Returns: the <dsig:KeyValue/> element processing key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecKeyDataValueGetKlass(void) {
return(&xmlSecKeyDataValueKlass);
}
-static int
+static int
xmlSecKeyDataValueXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
const xmlChar* nodeName;
const xmlChar* nodeNs;
@@ -867,8 +867,8 @@ xmlSecKeyDataValueXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node,
cur = xmlSecGetNextElementNode(node->children);
if(cur == NULL) {
- /* just an empty node */
- return(0);
+ /* just an empty node */
+ return(0);
}
/* find data id */
@@ -877,105 +877,105 @@ xmlSecKeyDataValueXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node,
/* use global list only if we don't have a local one */
if(xmlSecPtrListGetSize(&(keyInfoCtx->enabledKeyData)) > 0) {
- dataId = xmlSecKeyDataIdListFindByNode(&(keyInfoCtx->enabledKeyData),
- nodeName, nodeNs, xmlSecKeyDataUsageKeyValueNodeRead);
- } else {
- dataId = xmlSecKeyDataIdListFindByNode(xmlSecKeyDataIdsGet(),
- nodeName, nodeNs, xmlSecKeyDataUsageKeyValueNodeRead);
+ dataId = xmlSecKeyDataIdListFindByNode(&(keyInfoCtx->enabledKeyData),
+ nodeName, nodeNs, xmlSecKeyDataUsageKeyValueNodeRead);
+ } else {
+ dataId = xmlSecKeyDataIdListFindByNode(xmlSecKeyDataIdsGet(),
+ nodeName, nodeNs, xmlSecKeyDataUsageKeyValueNodeRead);
}
if(dataId != xmlSecKeyDataIdUnknown) {
- /* read data node */
- ret = xmlSecKeyDataXmlRead(dataId, key, cur, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyDataXmlRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
+ /* read data node */
+ ret = xmlSecKeyDataXmlRead(dataId, key, cur, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataXmlRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
} else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_KEYVALUE_STOP_ON_UNKNOWN_CHILD) != 0) {
- /* laxi schema validation but application can disable it */
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ /* laxi schema validation but application can disable it */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* <dsig:KeyValue/> might have only one node */
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
return(0);
}
-static int
+static int
xmlSecKeyDataValueXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
const xmlChar* nodeName;
- const xmlChar* nodeNs;
+ const xmlChar* nodeNs;
xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(id == xmlSecKeyDataValueId, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeWrite, -1);
- if(!xmlSecKeyDataIsValid(key->value) ||
+ if(!xmlSecKeyDataIsValid(key->value) ||
!xmlSecKeyDataCheckUsage(key->value, xmlSecKeyDataUsageKeyValueNodeWrite)){
- /* nothing to write */
- return(0);
+ /* nothing to write */
+ return(0);
}
- if((xmlSecPtrListGetSize(&(keyInfoCtx->enabledKeyData)) > 0) &&
+ if((xmlSecPtrListGetSize(&(keyInfoCtx->enabledKeyData)) > 0) &&
(xmlSecKeyDataIdListFind(&(keyInfoCtx->enabledKeyData), id) != 1)) {
- /* we are not enabled to write out key data with this id */
- return(0);
+ /* we are not enabled to write out key data with this id */
+ return(0);
}
if(xmlSecKeyReqMatchKey(&(keyInfoCtx->keyReq), key) != 1) {
- /* we are not allowed to write out this key */
- return(0);
+ /* we are not allowed to write out this key */
+ return(0);
}
nodeName = key->value->id->dataNodeName;
nodeNs = key->value->id->dataNodeNs;
xmlSecAssert2(nodeName != NULL, -1);
-
+
/* remove all existing key value */
xmlNodeSetContent(node, NULL);
-
+
/* create key node */
cur = xmlSecAddChild(node, nodeName, nodeNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ return(-1);
}
ret = xmlSecKeyDataXmlWrite(key->value->id, key, cur, keyInfoCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyDataXmlWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataXmlWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
}
return(0);
@@ -986,14 +986,14 @@ xmlSecKeyDataValueXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node
* <dsig:RetrievalMethod/> processing
*
*************************************************************************/
-static int xmlSecKeyDataRetrievalMethodXmlRead(xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecKeyDataRetrievalMethodXmlWrite(xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecKeyDataRetrievalMethodXmlRead(xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecKeyDataRetrievalMethodXmlWrite(xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
@@ -1003,67 +1003,67 @@ static xmlSecKeyDataKlass xmlSecKeyDataRetrievalMethodKlass = {
/* data */
xmlSecNameRetrievalMethod,
- xmlSecKeyDataUsageKeyInfoNode, /* xmlSecKeyDataUsage usage; */
- NULL, /* const xmlChar* href; */
- xmlSecNodeRetrievalMethod, /* const xmlChar* dataNodeName; */
- xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyInfoNode, /* xmlSecKeyDataUsage usage; */
+ NULL, /* const xmlChar* href; */
+ xmlSecNodeRetrievalMethod, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- NULL, /* xmlSecKeyDataInitializeMethod initialize; */
- NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
- NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
- NULL, /* xmlSecKeyDataGenerateMethod generate; */
-
+ NULL, /* xmlSecKeyDataInitializeMethod initialize; */
+ NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
+
/* get info */
- NULL, /* xmlSecKeyDataGetTypeMethod getType; */
- NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ NULL, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- xmlSecKeyDataRetrievalMethodXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecKeyDataRetrievalMethodXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- NULL, /* xmlSecKeyDataBinReadMethod binRead; */
- NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ xmlSecKeyDataRetrievalMethodXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecKeyDataRetrievalMethodXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-static int xmlSecKeyDataRetrievalMethodReadXmlResult(xmlSecKeyDataId typeId,
- xmlSecKeyPtr key,
- const xmlChar* buffer,
- xmlSecSize bufferSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecKeyDataRetrievalMethodReadXmlResult(xmlSecKeyDataId typeId,
+ xmlSecKeyPtr key,
+ const xmlChar* buffer,
+ xmlSecSize bufferSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
-/**
+/**
* xmlSecKeyDataRetrievalMethodGetKlass:
*
- * The <dsig:RetrievalMethod/> element key data klass
+ * The <dsig:RetrievalMethod/> element key data klass
* (http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod):
- * A RetrievalMethod element within KeyInfo is used to convey a reference to
- * KeyInfo information that is stored at another location. For example,
- * several signatures in a document might use a key verified by an X.509v3
- * certificate chain appearing once in the document or remotely outside the
- * document; each signature's KeyInfo can reference this chain using a single
- * RetrievalMethod element instead of including the entire chain with a
+ * A RetrievalMethod element within KeyInfo is used to convey a reference to
+ * KeyInfo information that is stored at another location. For example,
+ * several signatures in a document might use a key verified by an X.509v3
+ * certificate chain appearing once in the document or remotely outside the
+ * document; each signature's KeyInfo can reference this chain using a single
+ * RetrievalMethod element instead of including the entire chain with a
* sequence of X509Certificate elements.
*
- * RetrievalMethod uses the same syntax and dereferencing behavior as
+ * RetrievalMethod uses the same syntax and dereferencing behavior as
* Reference's URI and The Reference Processing Model.
- *
+ *
* Returns: the <dsig:RetrievalMethod/> element processing key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecKeyDataRetrievalMethodGetKlass(void) {
return(&xmlSecKeyDataRetrievalMethodKlass);
}
-static int
+static int
xmlSecKeyDataRetrievalMethodXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataId dataId = xmlSecKeyDataIdUnknown;
xmlChar *retrType = NULL;
@@ -1071,7 +1071,7 @@ xmlSecKeyDataRetrievalMethodXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNod
xmlNodePtr cur;
int res = -1;
int ret;
-
+
xmlSecAssert2(id == xmlSecKeyDataRetrievalMethodId, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(node != NULL, -1);
@@ -1081,41 +1081,41 @@ xmlSecKeyDataRetrievalMethodXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNod
/* check retrieval level */
if(keyInfoCtx->curRetrievalMethodLevel >= keyInfoCtx->maxRetrievalMethodLevel) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- NULL,
- XMLSEC_ERRORS_R_MAX_RETRIEVALS_LEVEL,
- "cur=%d;max=%d",
- keyInfoCtx->curRetrievalMethodLevel,
- keyInfoCtx->maxRetrievalMethodLevel);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_MAX_RETRIEVALS_LEVEL,
+ "cur=%d;max=%d",
+ keyInfoCtx->curRetrievalMethodLevel,
+ keyInfoCtx->maxRetrievalMethodLevel);
+ goto done;
}
++keyInfoCtx->curRetrievalMethodLevel;
retrType = xmlGetProp(node, xmlSecAttrType);
if(retrType != NULL) {
- /* use global list only if we don't have a local one */
- if(xmlSecPtrListGetSize(&(keyInfoCtx->enabledKeyData)) > 0) {
- dataId = xmlSecKeyDataIdListFindByHref(&(keyInfoCtx->enabledKeyData),
- retrType, xmlSecKeyDataUsageRetrievalMethodNode);
- } else {
- dataId = xmlSecKeyDataIdListFindByHref(xmlSecKeyDataIdsGet(),
- retrType, xmlSecKeyDataUsageRetrievalMethodNode);
- }
+ /* use global list only if we don't have a local one */
+ if(xmlSecPtrListGetSize(&(keyInfoCtx->enabledKeyData)) > 0) {
+ dataId = xmlSecKeyDataIdListFindByHref(&(keyInfoCtx->enabledKeyData),
+ retrType, xmlSecKeyDataUsageRetrievalMethodNode);
+ } else {
+ dataId = xmlSecKeyDataIdListFindByHref(xmlSecKeyDataIdsGet(),
+ retrType, xmlSecKeyDataUsageRetrievalMethodNode);
+ }
}
/* laxi schema validation but aplication can disable it */
if(dataId == xmlSecKeyDataIdUnknown) {
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_UNKNOWN_HREF) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecAttrType),
- XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
- "value=%s", xmlSecErrorsSafeString(retrType));
- } else {
- res = 0;
- }
- goto done;
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_UNKNOWN_HREF) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecAttrType),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "value=%s", xmlSecErrorsSafeString(retrType));
+ } else {
+ res = 0;
+ }
+ goto done;
}
/* destroy prev retrieval method context */
@@ -1125,100 +1125,100 @@ xmlSecKeyDataRetrievalMethodXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNod
uri = xmlGetProp(node, xmlSecAttrURI);
ret = xmlSecTransformCtxSetUri(&(keyInfoCtx->retrievalMethodCtx), uri, node);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecTransformCtxSetUri",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "uri=%s",
- xmlSecErrorsSafeString(uri));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecTransformCtxSetUri",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s",
+ xmlSecErrorsSafeString(uri));
+ goto done;
}
/* the only one node is optional Transforms node */
cur = xmlSecGetNextElementNode(node->children);
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeTransforms, xmlSecDSigNs))) {
- ret = xmlSecTransformCtxNodesListRead(&(keyInfoCtx->retrievalMethodCtx),
- cur, xmlSecTransformUsageDSigTransform);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecTransformCtxNodesListRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- goto done;
- }
+ ret = xmlSecTransformCtxNodesListRead(&(keyInfoCtx->retrievalMethodCtx),
+ cur, xmlSecTransformUsageDSigTransform);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecTransformCtxNodesListRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ goto done;
+ }
cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
/* finally get transforms results */
ret = xmlSecTransformCtxExecute(&(keyInfoCtx->retrievalMethodCtx), node->doc);
- if((ret < 0) ||
+ if((ret < 0) ||
(keyInfoCtx->retrievalMethodCtx.result == NULL) ||
(xmlSecBufferGetData(keyInfoCtx->retrievalMethodCtx.result) == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecTransformCtxExecute",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecTransformCtxExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
- /* assume that the data is in XML if we could not find id */
- if((dataId == xmlSecKeyDataIdUnknown) ||
+ /* assume that the data is in XML if we could not find id */
+ if((dataId == xmlSecKeyDataIdUnknown) ||
((dataId->usage & xmlSecKeyDataUsageRetrievalMethodNodeXml) != 0)) {
- ret = xmlSecKeyDataRetrievalMethodReadXmlResult(dataId, key,
- xmlSecBufferGetData(keyInfoCtx->retrievalMethodCtx.result),
+ ret = xmlSecKeyDataRetrievalMethodReadXmlResult(dataId, key,
+ xmlSecBufferGetData(keyInfoCtx->retrievalMethodCtx.result),
xmlSecBufferGetSize(keyInfoCtx->retrievalMethodCtx.result),
- keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyDataRetrievalMethodReadXmlResult",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
+ keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataRetrievalMethodReadXmlResult",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
} else {
- ret = xmlSecKeyDataBinRead(dataId, key,
- xmlSecBufferGetData(keyInfoCtx->retrievalMethodCtx.result),
+ ret = xmlSecKeyDataBinRead(dataId, key,
+ xmlSecBufferGetData(keyInfoCtx->retrievalMethodCtx.result),
xmlSecBufferGetSize(keyInfoCtx->retrievalMethodCtx.result),
- keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyDataBinRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
+ keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataBinRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
}
--keyInfoCtx->curRetrievalMethodLevel;
-
- res = 0;
+
+ res = 0;
done:
if(uri != NULL) {
- xmlFree(uri);
+ xmlFree(uri);
}
if(retrType != NULL) {
- xmlFree(retrType);
+ xmlFree(retrType);
}
return(res);
}
-static int
+static int
xmlSecKeyDataRetrievalMethodXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecAssert2(id == xmlSecKeyDataRetrievalMethodId, -1);
xmlSecAssert2(key != NULL, -1);
@@ -1232,40 +1232,40 @@ xmlSecKeyDataRetrievalMethodXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNo
static int
xmlSecKeyDataRetrievalMethodReadXmlResult(xmlSecKeyDataId typeId, xmlSecKeyPtr key,
- const xmlChar* buffer, xmlSecSize bufferSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ const xmlChar* buffer, xmlSecSize bufferSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlDocPtr doc;
xmlNodePtr cur;
const xmlChar* nodeName;
const xmlChar* nodeNs;
xmlSecKeyDataId dataId;
int ret;
-
+
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(buffer != NULL, -1);
- xmlSecAssert2(bufferSize > 0, -1);
+ xmlSecAssert2(bufferSize > 0, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeRead, -1);
doc = xmlRecoverMemory((const char*)buffer, bufferSize);
if(doc == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(typeId)),
- "xmlRecoverMemory",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(typeId)),
+ "xmlRecoverMemory",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
cur = xmlDocGetRootElement(doc);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(typeId)),
- "xmlDocGetRootElement",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFreeDoc(doc);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(typeId)),
+ "xmlDocGetRootElement",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(doc);
+ return(-1);
}
nodeName = cur->name;
@@ -1273,50 +1273,50 @@ xmlSecKeyDataRetrievalMethodReadXmlResult(xmlSecKeyDataId typeId, xmlSecKeyPtr k
/* use global list only if we don't have a local one */
if(xmlSecPtrListGetSize(&(keyInfoCtx->enabledKeyData)) > 0) {
- dataId = xmlSecKeyDataIdListFindByNode(&(keyInfoCtx->enabledKeyData),
- nodeName, nodeNs, xmlSecKeyDataUsageRetrievalMethodNodeXml);
- } else {
- dataId = xmlSecKeyDataIdListFindByNode(xmlSecKeyDataIdsGet(),
- nodeName, nodeNs, xmlSecKeyDataUsageRetrievalMethodNodeXml);
+ dataId = xmlSecKeyDataIdListFindByNode(&(keyInfoCtx->enabledKeyData),
+ nodeName, nodeNs, xmlSecKeyDataUsageRetrievalMethodNodeXml);
+ } else {
+ dataId = xmlSecKeyDataIdListFindByNode(xmlSecKeyDataIdsGet(),
+ nodeName, nodeNs, xmlSecKeyDataUsageRetrievalMethodNodeXml);
}
if(dataId == xmlSecKeyDataIdUnknown) {
- xmlFreeDoc(doc);
-
- /* laxi schema validation but application can disable it */
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_KEYVALUE_STOP_ON_UNKNOWN_CHILD) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(typeId)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- return(0);
+ xmlFreeDoc(doc);
+
+ /* laxi schema validation but application can disable it */
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_KEYVALUE_STOP_ON_UNKNOWN_CHILD) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(typeId)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
} else if((typeId != xmlSecKeyDataIdUnknown) && (typeId != dataId) &&
- ((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_MISMATCH_HREF) != 0)) {
-
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(typeId)),
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
- XMLSEC_ERRORS_R_MAX_RETRIEVAL_TYPE_MISMATCH,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFreeDoc(doc);
- return(-1);
+ ((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_MISMATCH_HREF) != 0)) {
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(typeId)),
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ XMLSEC_ERRORS_R_MAX_RETRIEVAL_TYPE_MISMATCH,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(doc);
+ return(-1);
}
/* read data node */
ret = xmlSecKeyDataXmlRead(dataId, key, cur, keyInfoCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(typeId)),
- "xmlSecKeyDataXmlRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- xmlFreeDoc(doc);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(typeId)),
+ "xmlSecKeyDataXmlRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ xmlFreeDoc(doc);
+ return(-1);
}
-
+
xmlFreeDoc(doc);
return(0);
}
@@ -1328,14 +1328,14 @@ xmlSecKeyDataRetrievalMethodReadXmlResult(xmlSecKeyDataId typeId, xmlSecKeyPtr k
* <enc:EncryptedKey/> processing
*
*************************************************************************/
-static int xmlSecKeyDataEncryptedKeyXmlRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecKeyDataEncryptedKeyXmlWrite (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecKeyDataEncryptedKeyXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecKeyDataEncryptedKeyXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
@@ -1345,60 +1345,60 @@ static xmlSecKeyDataKlass xmlSecKeyDataEncryptedKeyKlass = {
/* data */
xmlSecNameEncryptedKey,
- xmlSecKeyDataUsageKeyInfoNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefEncryptedKey, /* const xmlChar* href; */
- xmlSecNodeEncryptedKey, /* const xmlChar* dataNodeName; */
- xmlSecEncNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyInfoNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefEncryptedKey, /* const xmlChar* href; */
+ xmlSecNodeEncryptedKey, /* const xmlChar* dataNodeName; */
+ xmlSecEncNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- NULL, /* xmlSecKeyDataInitializeMethod initialize; */
- NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
- NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
- NULL, /* xmlSecKeyDataGenerateMethod generate; */
-
+ NULL, /* xmlSecKeyDataInitializeMethod initialize; */
+ NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
+
/* get info */
- NULL, /* xmlSecKeyDataGetTypeMethod getType; */
- NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ NULL, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- xmlSecKeyDataEncryptedKeyXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecKeyDataEncryptedKeyXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- NULL, /* xmlSecKeyDataBinReadMethod binRead; */
- NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ xmlSecKeyDataEncryptedKeyXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecKeyDataEncryptedKeyXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecKeyDataEncryptedKeyGetKlass:
*
- * The <enc:EncryptedKey/> element key data klass
+ * The <enc:EncryptedKey/> element key data klass
* (http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey):
*
- * The EncryptedKey element is used to transport encryption keys from
- * the originator to a known recipient(s). It may be used as a stand-alone
- * XML document, be placed within an application document, or appear inside
- * an EncryptedData element as a child of a ds:KeyInfo element. The key value
- * is always encrypted to the recipient(s). When EncryptedKey is decrypted the
- * resulting octets are made available to the EncryptionMethod algorithm
+ * The EncryptedKey element is used to transport encryption keys from
+ * the originator to a known recipient(s). It may be used as a stand-alone
+ * XML document, be placed within an application document, or appear inside
+ * an EncryptedData element as a child of a ds:KeyInfo element. The key value
+ * is always encrypted to the recipient(s). When EncryptedKey is decrypted the
+ * resulting octets are made available to the EncryptionMethod algorithm
* without any additional processing.
- *
+ *
* Returns: the <enc:EncryptedKey/> element processing key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecKeyDataEncryptedKeyGetKlass(void) {
return(&xmlSecKeyDataEncryptedKeyKlass);
}
-static int
+static int
xmlSecKeyDataEncryptedKeyXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecBufferPtr result;
int ret;
@@ -1409,70 +1409,70 @@ xmlSecKeyDataEncryptedKeyXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePt
xmlSecAssert2(keyInfoCtx != NULL, -1);
xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeRead, -1);
- /* check the enc level */
+ /* check the enc level */
if(keyInfoCtx->curEncryptedKeyLevel >= keyInfoCtx->maxEncryptedKeyLevel) {
xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- NULL,
- XMLSEC_ERRORS_R_MAX_ENCKEY_LEVEL,
- "cur=%d;max=%d",
- keyInfoCtx->curEncryptedKeyLevel,
- keyInfoCtx->maxEncryptedKeyLevel);
- return(-1);
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_MAX_ENCKEY_LEVEL,
+ "cur=%d;max=%d",
+ keyInfoCtx->curEncryptedKeyLevel,
+ keyInfoCtx->maxEncryptedKeyLevel);
+ return(-1);
}
++keyInfoCtx->curEncryptedKeyLevel;
- /* init Enc context */
+ /* init Enc context */
if(keyInfoCtx->encCtx != NULL) {
- xmlSecEncCtxReset(keyInfoCtx->encCtx);
+ xmlSecEncCtxReset(keyInfoCtx->encCtx);
} else {
- ret = xmlSecKeyInfoCtxCreateEncCtx(keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyInfoCtxCreateEncCtx",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ ret = xmlSecKeyInfoCtxCreateEncCtx(keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyInfoCtxCreateEncCtx",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
}
xmlSecAssert2(keyInfoCtx->encCtx != NULL, -1);
-
+
result = xmlSecEncCtxDecryptToBuffer(keyInfoCtx->encCtx, node);
if((result == NULL) || (xmlSecBufferGetData(result) == NULL)) {
- /* We might have multiple EncryptedKey elements, encrypted
- * for different receipints but application can enforce
- * correct enc key.
- */
+ /* We might have multiple EncryptedKey elements, encrypted
+ * for different receipints but application can enforce
+ * correct enc key.
+ */
if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_ENCKEY_DONT_STOP_ON_FAILED_DECRYPTION) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecEncCtxDecryptToBuffer",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecEncCtxDecryptToBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
}
-
+
ret = xmlSecKeyDataBinRead(keyInfoCtx->keyReq.keyId, key,
- xmlSecBufferGetData(result),
- xmlSecBufferGetSize(result),
- keyInfoCtx);
+ xmlSecBufferGetData(result),
+ xmlSecBufferGetSize(result),
+ keyInfoCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyDataBinRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataBinRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
--keyInfoCtx->curEncryptedKeyLevel;
return(0);
}
-static int
+static int
xmlSecKeyDataEncryptedKeyXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyInfoCtx keyInfoCtx2;
xmlSecByte *keyBuf = NULL;
@@ -1486,73 +1486,73 @@ xmlSecKeyDataEncryptedKeyXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodeP
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeWrite, -1);
-
+
/* dump key to a binary buffer */
ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx2, NULL);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyInfoCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
-
+
ret = xmlSecKeyInfoCtxCopyUserPref(&keyInfoCtx2, keyInfoCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyInfoCtxCopyUserPref",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyInfoCtxFinalize(&keyInfoCtx2);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyInfoCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx2);
+ goto done;
}
keyInfoCtx2.keyReq.keyType = xmlSecKeyDataTypeAny;
ret = xmlSecKeyDataBinWrite(key->value->id, key, &keyBuf, &keySize, &keyInfoCtx2);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyDataBinWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyInfoCtxFinalize(&keyInfoCtx2);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataBinWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx2);
+ goto done;
}
xmlSecKeyInfoCtxFinalize(&keyInfoCtx2);
-
- /* init Enc context */
+
+ /* init Enc context */
if(keyInfoCtx->encCtx != NULL) {
- xmlSecEncCtxReset(keyInfoCtx->encCtx);
+ xmlSecEncCtxReset(keyInfoCtx->encCtx);
} else {
- ret = xmlSecKeyInfoCtxCreateEncCtx(keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyInfoCtxCreateEncCtx",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
+ ret = xmlSecKeyInfoCtxCreateEncCtx(keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyInfoCtxCreateEncCtx",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
}
xmlSecAssert2(keyInfoCtx->encCtx != NULL, -1);
ret = xmlSecEncCtxBinaryEncrypt(keyInfoCtx->encCtx, node, keyBuf, keySize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecEncCtxBinaryEncrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecEncCtxBinaryEncrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
-
+
res = 0;
done:
if(keyBuf != NULL) {
- memset(keyBuf, 0, keySize);
- xmlFree(keyBuf); keyBuf = NULL;
+ memset(keyBuf, 0, keySize);
+ xmlFree(keyBuf); keyBuf = NULL;
}
return(res);
}
diff --git a/src/keys.c b/src/keys.c
index 44522aa1..1d2f7331 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -1,18 +1,18 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* Keys.
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
#include <stdlib.h>
#include <string.h>
-
+
#include <libxml/tree.h>
#include <xmlsec/xmlsec.h>
@@ -29,15 +29,15 @@
* xmlSecKeyUseWith
*
*************************************************************************/
-/**
+/**
* xmlSecKeyUseWithInitialize:
* @keyUseWith: the pointer to information about key application/user.
- *
+ *
* Initializes @keyUseWith object.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecKeyUseWithInitialize(xmlSecKeyUseWithPtr keyUseWith) {
xmlSecAssert2(keyUseWith != NULL, -1);
@@ -45,34 +45,34 @@ xmlSecKeyUseWithInitialize(xmlSecKeyUseWithPtr keyUseWith) {
return(0);
}
-/**
+/**
* xmlSecKeyUseWithFinalize:
* @keyUseWith: the pointer to information about key application/user.
*
* Finalizes @keyUseWith object.
*/
-void
+void
xmlSecKeyUseWithFinalize(xmlSecKeyUseWithPtr keyUseWith) {
xmlSecAssert(keyUseWith != NULL);
-
+
xmlSecKeyUseWithReset(keyUseWith);
memset(keyUseWith, 0, sizeof(xmlSecKeyUseWith));
}
-/**
+/**
* xmlSecKeyUseWithReset:
* @keyUseWith: the pointer to information about key application/user.
- *
+ *
* Resets the @keyUseWith to its state after initialization.
*/
-void
+void
xmlSecKeyUseWithReset(xmlSecKeyUseWithPtr keyUseWith) {
xmlSecAssert(keyUseWith != NULL);
xmlSecKeyUseWithSet(keyUseWith, NULL, NULL);
}
-/**
+/**
* xmlSecKeyUseWithCopy:
* @dst: the pointer to destination object.
* @src: the pointer to source object.
@@ -81,15 +81,15 @@ xmlSecKeyUseWithReset(xmlSecKeyUseWithPtr keyUseWith) {
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecKeyUseWithCopy(xmlSecKeyUseWithPtr dst, xmlSecKeyUseWithPtr src) {
xmlSecAssert2(dst != NULL, -1);
xmlSecAssert2(src != NULL, -1);
-
+
return(xmlSecKeyUseWithSet(dst, src->application, src->identifier));
}
-/**
+/**
* xmlSecKeyUseWithCreate:
* @application: the application value.
* @identifier: the identifier value.
@@ -99,7 +99,7 @@ xmlSecKeyUseWithCopy(xmlSecKeyUseWithPtr dst, xmlSecKeyUseWithPtr src) {
*
* Returns: pointer to newly created object or NULL if an error occurs.
*/
-xmlSecKeyUseWithPtr
+xmlSecKeyUseWithPtr
xmlSecKeyUseWithCreate(const xmlChar* application, const xmlChar* identifier) {
xmlSecKeyUseWithPtr keyUseWith;
int ret;
@@ -107,42 +107,42 @@ xmlSecKeyUseWithCreate(const xmlChar* application, const xmlChar* identifier) {
/* Allocate a new xmlSecKeyUseWith and fill the fields. */
keyUseWith = (xmlSecKeyUseWithPtr)xmlMalloc(sizeof(xmlSecKeyUseWith));
if(keyUseWith == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "sizeof(xmlSecKeyUseWith)=%d",
- sizeof(xmlSecKeyUseWith));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecKeyUseWith)=%d",
+ sizeof(xmlSecKeyUseWith));
+ return(NULL);
}
- memset(keyUseWith, 0, sizeof(xmlSecKeyUseWith));
+ memset(keyUseWith, 0, sizeof(xmlSecKeyUseWith));
ret = xmlSecKeyUseWithInitialize(keyUseWith);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyUseWithInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyUseWithInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyUseWithDestroy(keyUseWith);
- return(NULL);
+ return(NULL);
}
ret = xmlSecKeyUseWithSet(keyUseWith, application, identifier);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyUseWithSet",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyUseWithSet",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyUseWithDestroy(keyUseWith);
- return(NULL);
+ return(NULL);
}
return(keyUseWith);
}
-/**
+/**
* xmlSecKeyUseWithDuplicate:
* @keyUseWith: the pointer to information about key application/user.
*
@@ -151,7 +151,7 @@ xmlSecKeyUseWithCreate(const xmlChar* application, const xmlChar* identifier) {
*
* Returns: pointer to newly created object or NULL if an error occurs.
*/
-xmlSecKeyUseWithPtr
+xmlSecKeyUseWithPtr
xmlSecKeyUseWithDuplicate(xmlSecKeyUseWithPtr keyUseWith) {
int ret;
@@ -161,36 +161,36 @@ xmlSecKeyUseWithDuplicate(xmlSecKeyUseWithPtr keyUseWith) {
newKeyUseWith = xmlSecKeyUseWithCreate(NULL, NULL);
if(newKeyUseWith == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyUseWithCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyUseWithCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
ret = xmlSecKeyUseWithCopy(newKeyUseWith, keyUseWith);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyUseWithCopy",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyUseWithCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyUseWithDestroy(keyUseWith);
- return(NULL);
+ return(NULL);
}
return(newKeyUseWith);
}
-/**
+/**
* xmlSecKeyUseWithDestroy:
* @keyUseWith: the pointer to information about key application/user.
*
* Destroys @keyUseWith created with @xmlSecKeyUseWithCreate or @xmlSecKeyUseWithDuplicate
* functions.
*/
-void
+void
xmlSecKeyUseWithDestroy(xmlSecKeyUseWithPtr keyUseWith) {
xmlSecAssert(keyUseWith != NULL);
@@ -198,82 +198,82 @@ xmlSecKeyUseWithDestroy(xmlSecKeyUseWithPtr keyUseWith) {
xmlFree(keyUseWith);
}
-/**
+/**
* xmlSecKeyUseWithSet:
* @keyUseWith: the pointer to information about key application/user.
* @application: the new application value.
* @identifier: the new identifier value.
- *
+ *
* Sets @application and @identifier in the @keyUseWith.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecKeyUseWithSet(xmlSecKeyUseWithPtr keyUseWith, const xmlChar* application, const xmlChar* identifier) {
xmlSecAssert2(keyUseWith != NULL, -1);
-
+
if(keyUseWith->application != NULL) {
- xmlFree(keyUseWith->application);
- keyUseWith->application = NULL;
+ xmlFree(keyUseWith->application);
+ keyUseWith->application = NULL;
}
if(keyUseWith->identifier != NULL) {
- xmlFree(keyUseWith->identifier);
- keyUseWith->identifier = NULL;
+ xmlFree(keyUseWith->identifier);
+ keyUseWith->identifier = NULL;
}
-
+
if(application != NULL) {
- keyUseWith->application = xmlStrdup(application);
- if(keyUseWith->application == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "xmlStrlen(application)=%d",
- xmlStrlen(application));
- return(-1);
- }
+ keyUseWith->application = xmlStrdup(application);
+ if(keyUseWith->application == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "xmlStrlen(application)=%d",
+ xmlStrlen(application));
+ return(-1);
+ }
}
if(identifier != NULL) {
- keyUseWith->identifier = xmlStrdup(identifier);
- if(keyUseWith->identifier == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "xmlStrlen(identifier)=%d",
- xmlStrlen(identifier));
- return(-1);
- }
+ keyUseWith->identifier = xmlStrdup(identifier);
+ if(keyUseWith->identifier == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "xmlStrlen(identifier)=%d",
+ xmlStrlen(identifier));
+ return(-1);
+ }
}
-
+
return(0);
}
-/**
+/**
* xmlSecKeyUseWithDebugDump:
* @keyUseWith: the pointer to information about key application/user.
* @output: the pointer to output FILE.
*
* Prints xmlSecKeyUseWith debug information to a file @output.
*/
-void
+void
xmlSecKeyUseWithDebugDump(xmlSecKeyUseWithPtr keyUseWith, FILE* output) {
xmlSecAssert(keyUseWith != NULL);
xmlSecAssert(output != NULL);
- fprintf(output, "=== KeyUseWith: application=\"%s\",identifier=\"%s\"\n",
+ fprintf(output, "=== KeyUseWith: application=\"%s\",identifier=\"%s\"\n",
(keyUseWith->application) ? keyUseWith->application : BAD_CAST "",
- (keyUseWith->identifier) ? keyUseWith->identifier : BAD_CAST "");
+ (keyUseWith->identifier) ? keyUseWith->identifier : BAD_CAST "");
}
-/**
+/**
* xmlSecKeyUseWithDebugXmlDump:
* @keyUseWith: the pointer to information about key application/user.
* @output: the pointer to output FILE.
*
* Prints xmlSecKeyUseWith debug information to a file @output in XML format.
*/
-void
+void
xmlSecKeyUseWithDebugXmlDump(xmlSecKeyUseWithPtr keyUseWith, FILE* output) {
xmlSecAssert(keyUseWith != NULL);
xmlSecAssert(output != NULL);
@@ -287,7 +287,7 @@ xmlSecKeyUseWithDebugXmlDump(xmlSecKeyUseWithPtr keyUseWith, FILE* output) {
fprintf(output, "<Identifier>");
xmlSecPrintXmlString(output, keyUseWith->identifier);
fprintf(output, "</Identifier>");
-
+
fprintf(output, "</KeyUseWith>\n");
}
@@ -298,20 +298,20 @@ xmlSecKeyUseWithDebugXmlDump(xmlSecKeyUseWithPtr keyUseWith, FILE* output) {
**********************************************************************/
static xmlSecPtrListKlass xmlSecKeyUseWithPtrListKlass = {
BAD_CAST "key-use-with-list",
- (xmlSecPtrDuplicateItemMethod)xmlSecKeyUseWithDuplicate, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
- (xmlSecPtrDestroyItemMethod)xmlSecKeyUseWithDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
- (xmlSecPtrDebugDumpItemMethod)xmlSecKeyUseWithDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
- (xmlSecPtrDebugDumpItemMethod)xmlSecKeyUseWithDebugXmlDump, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+ (xmlSecPtrDuplicateItemMethod)xmlSecKeyUseWithDuplicate, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ (xmlSecPtrDestroyItemMethod)xmlSecKeyUseWithDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecKeyUseWithDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecKeyUseWithDebugXmlDump, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
};
/**
* xmlSecKeyUseWithPtrListGetKlass:
- *
+ *
* The key data list klass.
*
* Returns: pointer to the key data list klass.
*/
-xmlSecPtrListId
+xmlSecPtrListId
xmlSecKeyUseWithPtrListGetKlass(void) {
return(&xmlSecKeyUseWithPtrListKlass);
}
@@ -321,41 +321,41 @@ xmlSecKeyUseWithPtrListGetKlass(void) {
* xmlSecKeyReq - what key are we looking for?
*
*************************************************************************/
-/**
+/**
* xmlSecKeyReqInitialize:
- * @keyReq: the pointer to key requirements object.
+ * @keyReq: the pointer to key requirements object.
*
* Initialize key requirements object. Caller is responsible for
* cleaning it with #xmlSecKeyReqFinalize function.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecKeyReqInitialize(xmlSecKeyReqPtr keyReq) {
int ret;
-
+
xmlSecAssert2(keyReq != NULL, -1);
-
+
memset(keyReq, 0, sizeof(xmlSecKeyReq));
-
- keyReq->keyUsage = xmlSecKeyUsageAny; /* by default you can do whatever you want with the key */
- ret = xmlSecPtrListInitialize(&keyReq->keyUseWithList, xmlSecKeyUseWithPtrListId);
+
+ keyReq->keyUsage = xmlSecKeyUsageAny; /* by default you can do whatever you want with the key */
+ ret = xmlSecPtrListInitialize(&keyReq->keyUseWithList, xmlSecKeyUseWithPtrListId);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
return(0);
}
/**
* xmlSecKeyReqFinalize:
- * @keyReq: the pointer to key requirements object.
+ * @keyReq: the pointer to key requirements object.
*
* Cleans the key requirements object initialized with #xmlSecKeyReqInitialize
* function.
@@ -364,56 +364,56 @@ void
xmlSecKeyReqFinalize(xmlSecKeyReqPtr keyReq) {
xmlSecAssert(keyReq != NULL);
- xmlSecPtrListFinalize(&keyReq->keyUseWithList);
+ xmlSecPtrListFinalize(&keyReq->keyUseWithList);
memset(keyReq, 0, sizeof(xmlSecKeyReq));
}
-/**
+/**
* xmlSecKeyReqReset:
- * @keyReq: the pointer to key requirements object.
+ * @keyReq: the pointer to key requirements object.
*
* Resets key requirements object for new key search.
*/
-void
+void
xmlSecKeyReqReset(xmlSecKeyReqPtr keyReq) {
xmlSecAssert(keyReq != NULL);
xmlSecPtrListEmpty(&keyReq->keyUseWithList);
- keyReq->keyId = NULL;
- keyReq->keyType = 0;
- keyReq->keyUsage = xmlSecKeyUsageAny;
- keyReq->keyBitsSize = 0;
+ keyReq->keyId = NULL;
+ keyReq->keyType = 0;
+ keyReq->keyUsage = xmlSecKeyUsageAny;
+ keyReq->keyBitsSize = 0;
}
/**
* xmlSecKeyReqCopy:
- * @dst: the pointer to destination object.
- * @src: the pointer to source object.
+ * @dst: the pointer to destination object.
+ * @src: the pointer to source object.
*
* Copies key requirements from @src object to @dst object.
- *
+ *
* Returns: 0 on success and a negative value if an error occurs.
*/
-int
+int
xmlSecKeyReqCopy(xmlSecKeyReqPtr dst, xmlSecKeyReqPtr src) {
int ret;
-
+
xmlSecAssert2(dst != NULL, -1);
xmlSecAssert2(src != NULL, -1);
- dst->keyId = src->keyId;
- dst->keyType = src->keyType;
- dst->keyUsage = src->keyUsage;
- dst->keyBitsSize = src->keyBitsSize;
+ dst->keyId = src->keyId;
+ dst->keyType = src->keyType;
+ dst->keyUsage = src->keyUsage;
+ dst->keyBitsSize = src->keyBitsSize;
ret = xmlSecPtrListCopy(&dst->keyUseWithList, &src->keyUseWithList);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListCopy",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
@@ -421,24 +421,24 @@ xmlSecKeyReqCopy(xmlSecKeyReqPtr dst, xmlSecKeyReqPtr src) {
/**
* xmlSecKeyReqMatchKey:
- * @keyReq: the pointer to key requirements object.
- * @key: the pointer to key.
+ * @keyReq: the pointer to key requirements object.
+ * @key: the pointer to key.
*
* Checks whether @key matches key requirements @keyReq.
*
* Returns: 1 if key matches requirements, 0 if not and a negative value
* if an error occurs.
*/
-int
+int
xmlSecKeyReqMatchKey(xmlSecKeyReqPtr keyReq, xmlSecKeyPtr key) {
xmlSecAssert2(keyReq != NULL, -1);
xmlSecAssert2(xmlSecKeyIsValid(key), -1);
if((keyReq->keyType != xmlSecKeyDataTypeUnknown) && ((xmlSecKeyGetType(key) & keyReq->keyType) == 0)) {
- return(0);
+ return(0);
}
if((keyReq->keyUsage != xmlSecKeyDataUsageUnknown) && ((keyReq->keyUsage & key->usage) == 0)) {
- return(0);
+ return(0);
}
return(xmlSecKeyReqMatchKeyValue(keyReq, xmlSecKeyGetValue(key)));
@@ -446,64 +446,64 @@ xmlSecKeyReqMatchKey(xmlSecKeyReqPtr keyReq, xmlSecKeyPtr key) {
/**
* xmlSecKeyReqMatchKeyValue:
- * @keyReq: the pointer to key requirements.
- * @value: the pointer to key value.
+ * @keyReq: the pointer to key requirements.
+ * @value: the pointer to key value.
*
* Checks whether @keyValue matches key requirements @keyReq.
*
* Returns: 1 if key value matches requirements, 0 if not and a negative value
* if an error occurs.
*/
-int
+int
xmlSecKeyReqMatchKeyValue(xmlSecKeyReqPtr keyReq, xmlSecKeyDataPtr value) {
xmlSecAssert2(keyReq != NULL, -1);
xmlSecAssert2(value != NULL, -1);
-
- if((keyReq->keyId != xmlSecKeyDataIdUnknown) &&
+
+ if((keyReq->keyId != xmlSecKeyDataIdUnknown) &&
(!xmlSecKeyDataCheckId(value, keyReq->keyId))) {
- return(0);
+ return(0);
}
- if((keyReq->keyBitsSize > 0) &&
- (xmlSecKeyDataGetSize(value) > 0) &&
+ if((keyReq->keyBitsSize > 0) &&
+ (xmlSecKeyDataGetSize(value) > 0) &&
(xmlSecKeyDataGetSize(value) < keyReq->keyBitsSize)) {
-
- return(0);
+
+ return(0);
}
return(1);
}
-/**
+/**
* xmlSecKeyReqDebugDump:
- * @keyReq: the pointer to key requirements object.
- * @output: the pointer to output FILE.
+ * @keyReq: the pointer to key requirements object.
+ * @output: the pointer to output FILE.
*
* Prints debug information about @keyReq into @output.
- */
-void
+ */
+void
xmlSecKeyReqDebugDump(xmlSecKeyReqPtr keyReq, FILE* output) {
xmlSecAssert(keyReq != NULL);
xmlSecAssert(output != NULL);
fprintf(output, "=== KeyReq:\n");
- fprintf(output, "==== keyId: %s\n",
- (xmlSecKeyDataKlassGetName(keyReq->keyId)) ?
- xmlSecKeyDataKlassGetName(keyReq->keyId) :
- BAD_CAST "NULL");
+ fprintf(output, "==== keyId: %s\n",
+ (xmlSecKeyDataKlassGetName(keyReq->keyId)) ?
+ xmlSecKeyDataKlassGetName(keyReq->keyId) :
+ BAD_CAST "NULL");
fprintf(output, "==== keyType: 0x%08x\n", keyReq->keyType);
fprintf(output, "==== keyUsage: 0x%08x\n", keyReq->keyUsage);
fprintf(output, "==== keyBitsSize: %d\n", keyReq->keyBitsSize);
xmlSecPtrListDebugDump(&(keyReq->keyUseWithList), output);
}
-/**
+/**
* xmlSecKeyReqDebugXmlDump:
- * @keyReq: the pointer to key requirements object.
- * @output: the pointer to output FILE.
+ * @keyReq: the pointer to key requirements object.
+ * @output: the pointer to output FILE.
*
* Prints debug information about @keyReq into @output in XML format.
- */
-void
+ */
+void
xmlSecKeyReqDebugXmlDump(xmlSecKeyReqPtr keyReq, FILE* output) {
xmlSecAssert(keyReq != NULL);
xmlSecAssert(output != NULL);
@@ -530,124 +530,124 @@ xmlSecKeyReqDebugXmlDump(xmlSecKeyReqPtr keyReq, FILE* output) {
/**
* xmlSecKeyCreate:
*
- * Allocates and initializes new key. Caller is responsible for
+ * Allocates and initializes new key. Caller is responsible for
* freeing returned object with #xmlSecKeyDestroy function.
*
* Returns: the pointer to newly allocated @xmlSecKey structure
* or NULL if an error occurs.
*/
-xmlSecKeyPtr
+xmlSecKeyPtr
xmlSecKeyCreate(void) {
xmlSecKeyPtr key;
-
+
/* Allocate a new xmlSecKey and fill the fields. */
key = (xmlSecKeyPtr)xmlMalloc(sizeof(xmlSecKey));
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "sizeof(xmlSecKey)=%d",
- sizeof(xmlSecKey));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecKey)=%d",
+ sizeof(xmlSecKey));
+ return(NULL);
}
- memset(key, 0, sizeof(xmlSecKey));
- key->usage = xmlSecKeyUsageAny;
+ memset(key, 0, sizeof(xmlSecKey));
+ key->usage = xmlSecKeyUsageAny;
return(key);
}
/**
* xmlSecKeyEmpty:
- * @key: the pointer to key.
+ * @key: the pointer to key.
*
* Clears the @key data.
*/
void
xmlSecKeyEmpty(xmlSecKeyPtr key) {
- xmlSecAssert(key != NULL);
-
+ xmlSecAssert(key != NULL);
+
if(key->value != NULL) {
- xmlSecKeyDataDestroy(key->value);
+ xmlSecKeyDataDestroy(key->value);
}
if(key->name != NULL) {
- xmlFree(key->name);
+ xmlFree(key->name);
}
if(key->dataList != NULL) {
- xmlSecPtrListDestroy(key->dataList);
+ xmlSecPtrListDestroy(key->dataList);
}
-
+
memset(key, 0, sizeof(xmlSecKey));
}
/**
* xmlSecKeyDestroy:
- * @key: the pointer to key.
+ * @key: the pointer to key.
*
- * Destroys the key created using #xmlSecKeyCreate function.
+ * Destroys the key created using #xmlSecKeyCreate function.
*/
void
xmlSecKeyDestroy(xmlSecKeyPtr key) {
- xmlSecAssert(key != NULL);
+ xmlSecAssert(key != NULL);
xmlSecKeyEmpty(key);
xmlFree(key);
}
-/**
+/**
* xmlSecKeyCopy:
- * @keyDst: the destination key.
- * @keySrc: the source key.
+ * @keyDst: the destination key.
+ * @keySrc: the source key.
*
* Copies key data from @keySrc to @keyDst.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecKeyCopy(xmlSecKeyPtr keyDst, xmlSecKeyPtr keySrc) {
- xmlSecAssert2(keyDst != NULL, -1);
- xmlSecAssert2(keySrc != NULL, -1);
-
+ xmlSecAssert2(keyDst != NULL, -1);
+ xmlSecAssert2(keySrc != NULL, -1);
+
/* empty destination */
xmlSecKeyEmpty(keyDst);
- /* copy everything */
+ /* copy everything */
if(keySrc->name != NULL) {
- keyDst->name = xmlStrdup(keySrc->name);
- if(keyDst->name == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_STRDUP_FAILED,
- "len=%d", xmlStrlen(keySrc->name));
- return(-1);
+ keyDst->name = xmlStrdup(keySrc->name);
+ if(keyDst->name == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_STRDUP_FAILED,
+ "len=%d", xmlStrlen(keySrc->name));
+ return(-1);
}
}
if(keySrc->value != NULL) {
- keyDst->value = xmlSecKeyDataDuplicate(keySrc->value);
- if(keyDst->value == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataDuplicate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ keyDst->value = xmlSecKeyDataDuplicate(keySrc->value);
+ if(keyDst->value == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataDuplicate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
}
-
+
if(keySrc->dataList != NULL) {
- keyDst->dataList = xmlSecPtrListDuplicate(keySrc->dataList);
- if(keyDst->dataList == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListDuplicate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ keyDst->dataList = xmlSecPtrListDuplicate(keySrc->dataList);
+ if(keyDst->dataList == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListDuplicate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
}
-
- keyDst->usage = keySrc->usage;
+
+ keyDst->usage = keySrc->usage;
keyDst->notValidBefore = keySrc->notValidBefore;
keyDst->notValidAfter = keySrc->notValidAfter;
return(0);
@@ -655,50 +655,50 @@ xmlSecKeyCopy(xmlSecKeyPtr keyDst, xmlSecKeyPtr keySrc) {
/**
* xmlSecKeyDuplicate:
- * @key: the pointer to the #xmlSecKey structure.
+ * @key: the pointer to the #xmlSecKey structure.
*
* Creates a duplicate of the given @key.
*
* Returns: the pointer to newly allocated #xmlSecKey structure
* or NULL if an error occurs.
*/
-xmlSecKeyPtr
+xmlSecKeyPtr
xmlSecKeyDuplicate(xmlSecKeyPtr key) {
xmlSecKeyPtr newKey;
int ret;
-
+
xmlSecAssert2(key != NULL, NULL);
-
+
newKey = xmlSecKeyCreate();
if(newKey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
-
+
ret = xmlSecKeyCopy(newKey, key);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyCopy",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDestroy(newKey);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(newKey);
+ return(NULL);
}
-
+
return(newKey);
}
/**
* xmlSecKeyMatch:
- * @key: the pointer to key.
- * @name: the pointer to key name (may be NULL).
- * @keyReq: the pointer to key requirements.
- *
+ * @key: the pointer to key.
+ * @name: the pointer to key name (may be NULL).
+ * @keyReq: the pointer to key requirements.
+ *
* Checks whether the @key matches the given criteria.
*
* Returns: 1 if the key satisfies the given criteria or 0 otherwise.
@@ -707,256 +707,256 @@ int
xmlSecKeyMatch(xmlSecKeyPtr key, const xmlChar *name, xmlSecKeyReqPtr keyReq) {
xmlSecAssert2(xmlSecKeyIsValid(key), -1);
xmlSecAssert2(keyReq != NULL, -1);
-
+
if((name != NULL) && (!xmlStrEqual(xmlSecKeyGetName(key), name))) {
- return(0);
+ return(0);
}
return(xmlSecKeyReqMatchKey(keyReq, key));
}
-/**
+/**
* xmlSecKeyGetType:
- * @key: the pointer to key.
+ * @key: the pointer to key.
*
* Gets @key type.
*
* Returns: key type.
*/
-xmlSecKeyDataType
+xmlSecKeyDataType
xmlSecKeyGetType(xmlSecKeyPtr key) {
xmlSecKeyDataPtr data;
-
+
xmlSecAssert2(key != NULL, xmlSecKeyDataTypeUnknown);
data = xmlSecKeyGetValue(key);
if(data == NULL) {
- return(xmlSecKeyDataTypeUnknown);
+ return(xmlSecKeyDataTypeUnknown);
}
return(xmlSecKeyDataGetType(data));
}
-/**
+/**
* xmlSecKeyGetName:
- * @key: the pointer to key.
+ * @key: the pointer to key.
*
* Gets key name (see also #xmlSecKeySetName function).
*
* Returns: key name.
*/
-const xmlChar*
+const xmlChar*
xmlSecKeyGetName(xmlSecKeyPtr key) {
xmlSecAssert2(key != NULL, NULL);
return(key->name);
}
-/**
+/**
* xmlSecKeySetName:
- * @key: the pointer to key.
- * @name: the new key name.
+ * @key: the pointer to key.
+ * @name: the new key name.
*
* Sets key name (see also #xmlSecKeyGetName function).
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecKeySetName(xmlSecKeyPtr key, const xmlChar* name) {
xmlSecAssert2(key != NULL, -1);
if(key->name != NULL) {
- xmlFree(key->name);
- key->name = NULL;
+ xmlFree(key->name);
+ key->name = NULL;
}
-
+
if(name != NULL) {
- key->name = xmlStrdup(name);
- if(key->name == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_STRDUP_FAILED,
- "len=%d", xmlStrlen(name));
- return(-1);
- }
+ key->name = xmlStrdup(name);
+ if(key->name == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_STRDUP_FAILED,
+ "len=%d", xmlStrlen(name));
+ return(-1);
+ }
}
-
+
return(0);
}
-/**
+/**
* xmlSecKeyGetValue:
- * @key: the pointer to key.
+ * @key: the pointer to key.
*
* Gets key value (see also #xmlSecKeySetValue function).
*
* Returns: key value (crypto material).
*/
-xmlSecKeyDataPtr
+xmlSecKeyDataPtr
xmlSecKeyGetValue(xmlSecKeyPtr key) {
xmlSecAssert2(key != NULL, NULL);
return(key->value);
}
-/**
+/**
* xmlSecKeySetValue:
- * @key: the pointer to key.
- * @value: the new value.
+ * @key: the pointer to key.
+ * @value: the new value.
*
* Sets key value (see also #xmlSecKeyGetValue function).
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecKeySetValue(xmlSecKeyPtr key, xmlSecKeyDataPtr value) {
xmlSecAssert2(key != NULL, -1);
if(key->value != NULL) {
- xmlSecKeyDataDestroy(key->value);
- key->value = NULL;
+ xmlSecKeyDataDestroy(key->value);
+ key->value = NULL;
}
key->value = value;
-
+
return(0);
}
-/**
+/**
* xmlSecKeyGetData:
- * @key: the pointer to key.
- * @dataId: the requested data klass.
+ * @key: the pointer to key.
+ * @dataId: the requested data klass.
*
* Gets key's data.
*
- * Returns: additional data associated with the @key (see also
+ * Returns: additional data associated with the @key (see also
* #xmlSecKeyAdoptData function).
*/
-xmlSecKeyDataPtr
+xmlSecKeyDataPtr
xmlSecKeyGetData(xmlSecKeyPtr key, xmlSecKeyDataId dataId) {
-
+
xmlSecAssert2(key != NULL, NULL);
xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, NULL);
/* special cases */
if(dataId == xmlSecKeyDataValueId) {
- return(key->value);
+ return(key->value);
} else if(key->dataList != NULL) {
- xmlSecKeyDataPtr tmp;
- xmlSecSize pos, size;
-
- size = xmlSecPtrListGetSize(key->dataList);
- for(pos = 0; pos < size; ++pos) {
- tmp = (xmlSecKeyDataPtr)xmlSecPtrListGetItem(key->dataList, pos);
- if((tmp != NULL) && (tmp->id == dataId)) {
- return(tmp);
- }
- }
+ xmlSecKeyDataPtr tmp;
+ xmlSecSize pos, size;
+
+ size = xmlSecPtrListGetSize(key->dataList);
+ for(pos = 0; pos < size; ++pos) {
+ tmp = (xmlSecKeyDataPtr)xmlSecPtrListGetItem(key->dataList, pos);
+ if((tmp != NULL) && (tmp->id == dataId)) {
+ return(tmp);
+ }
+ }
}
return(NULL);
}
/**
* xmlSecKeyEnsureData:
- * @key: the pointer to key.
- * @dataId: the requested data klass.
- *
+ * @key: the pointer to key.
+ * @dataId: the requested data klass.
+ *
* If necessary, creates key data of @dataId klass and adds to @key.
*
* Returns: pointer to key data or NULL if an error occurs.
*/
-xmlSecKeyDataPtr
+xmlSecKeyDataPtr
xmlSecKeyEnsureData(xmlSecKeyPtr key, xmlSecKeyDataId dataId) {
xmlSecKeyDataPtr data;
int ret;
-
+
xmlSecAssert2(key != NULL, NULL);
xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, NULL);
data = xmlSecKeyGetData(key, dataId);
if(data != NULL) {
- return(data);
+ return(data);
}
-
+
data = xmlSecKeyDataCreate(dataId);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "dataId=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "dataId=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)));
+ return(NULL);
}
-
+
ret = xmlSecKeyAdoptData(key, data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyAdoptData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "dataId=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)));
- xmlSecKeyDataDestroy(data);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyAdoptData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "dataId=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)));
+ xmlSecKeyDataDestroy(data);
+ return(NULL);
}
-
+
return(data);
}
/**
* xmlSecKeyAdoptData:
- * @key: the pointer to key.
- * @data: the pointer to key data.
+ * @key: the pointer to key.
+ * @data: the pointer to key data.
*
* Adds @data to the @key. The @data object will be destroyed
* by @key.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecKeyAdoptData(xmlSecKeyPtr key, xmlSecKeyDataPtr data) {
xmlSecKeyDataPtr tmp;
xmlSecSize pos, size;
-
+
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
/* special cases */
if(data->id == xmlSecKeyDataValueId) {
- if(key->value != NULL) {
- xmlSecKeyDataDestroy(key->value);
- }
- key->value = data;
- return(0);
+ if(key->value != NULL) {
+ xmlSecKeyDataDestroy(key->value);
+ }
+ key->value = data;
+ return(0);
}
-
+
if(key->dataList == NULL) {
- key->dataList = xmlSecPtrListCreate(xmlSecKeyDataListId);
- if(key->dataList == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ key->dataList = xmlSecPtrListCreate(xmlSecKeyDataListId);
+ if(key->dataList == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
-
+
size = xmlSecPtrListGetSize(key->dataList);
for(pos = 0; pos < size; ++pos) {
- tmp = (xmlSecKeyDataPtr)xmlSecPtrListGetItem(key->dataList, pos);
- if((tmp != NULL) && (tmp->id == data->id)) {
- return(xmlSecPtrListSet(key->dataList, data, pos));
- }
+ tmp = (xmlSecKeyDataPtr)xmlSecPtrListGetItem(key->dataList, pos);
+ if((tmp != NULL) && (tmp->id == data->id)) {
+ return(xmlSecPtrListSet(key->dataList, data, pos));
+ }
}
-
+
return(xmlSecPtrListAdd(key->dataList, data));
}
-/**
+/**
* xmlSecKeyDebugDump:
- * @key: the pointer to key.
- * @output: the pointer to output FILE.
+ * @key: the pointer to key.
+ * @output: the pointer to output FILE.
*
* Prints the information about the @key to the @output.
*/
@@ -964,43 +964,43 @@ void
xmlSecKeyDebugDump(xmlSecKeyPtr key, FILE *output) {
xmlSecAssert(xmlSecKeyIsValid(key));
xmlSecAssert(output != NULL);
-
+
fprintf(output, "== KEY\n");
- fprintf(output, "=== method: %s\n",
- (key->value->id->dataNodeName != NULL) ?
- (char*)(key->value->id->dataNodeName) : "NULL");
+ fprintf(output, "=== method: %s\n",
+ (key->value->id->dataNodeName != NULL) ?
+ (char*)(key->value->id->dataNodeName) : "NULL");
fprintf(output, "=== key type: ");
if((xmlSecKeyGetType(key) & xmlSecKeyDataTypeSymmetric) != 0) {
- fprintf(output, "Symmetric\n");
+ fprintf(output, "Symmetric\n");
} else if((xmlSecKeyGetType(key) & xmlSecKeyDataTypePrivate) != 0) {
- fprintf(output, "Private\n");
+ fprintf(output, "Private\n");
} else if((xmlSecKeyGetType(key) & xmlSecKeyDataTypePublic) != 0) {
- fprintf(output, "Public\n");
+ fprintf(output, "Public\n");
} else {
- fprintf(output, "Unknown\n");
- }
+ fprintf(output, "Unknown\n");
+ }
if(key->name != NULL) {
- fprintf(output, "=== key name: %s\n", key->name);
+ fprintf(output, "=== key name: %s\n", key->name);
}
fprintf(output, "=== key usage: %d\n", key->usage);
if(key->notValidBefore < key->notValidAfter) {
fprintf(output, "=== key not valid before: %ld\n", (unsigned long)key->notValidBefore);
- fprintf(output, "=== key not valid after: %ld\n", (unsigned long)key->notValidAfter);
+ fprintf(output, "=== key not valid after: %ld\n", (unsigned long)key->notValidAfter);
}
if(key->value != NULL) {
- xmlSecKeyDataDebugDump(key->value, output);
+ xmlSecKeyDataDebugDump(key->value, output);
}
if(key->dataList != NULL) {
- xmlSecPtrListDebugDump(key->dataList, output);
+ xmlSecPtrListDebugDump(key->dataList, output);
}
}
-/**
+/**
* xmlSecKeyDebugXmlDump:
- * @key: the pointer to key.
- * @output: the pointer to output FILE.
+ * @key: the pointer to key.
+ * @output: the pointer to output FILE.
*
* Prints the information about the @key to the @output in XML format.
*/
@@ -1008,23 +1008,23 @@ void
xmlSecKeyDebugXmlDump(xmlSecKeyPtr key, FILE *output) {
xmlSecAssert(xmlSecKeyIsValid(key));
xmlSecAssert(output != NULL);
-
+
fprintf(output, "<KeyInfo>\n");
fprintf(output, "<KeyMethod>");
- xmlSecPrintXmlString(output, key->value->id->dataNodeName);
+ xmlSecPrintXmlString(output, key->value->id->dataNodeName);
fprintf(output, "</KeyMethod>\n");
fprintf(output, "<KeyType>");
if((xmlSecKeyGetType(key) & xmlSecKeyDataTypeSymmetric) != 0) {
- fprintf(output, "Symmetric\n");
+ fprintf(output, "Symmetric\n");
} else if((xmlSecKeyGetType(key) & xmlSecKeyDataTypePrivate) != 0) {
- fprintf(output, "Private\n");
+ fprintf(output, "Private\n");
} else if((xmlSecKeyGetType(key) & xmlSecKeyDataTypePublic) != 0) {
- fprintf(output, "Public\n");
+ fprintf(output, "Public\n");
} else {
- fprintf(output, "Unknown\n");
- }
+ fprintf(output, "Unknown\n");
+ }
fprintf(output, "</KeyType>\n");
fprintf(output, "<KeyName>");
@@ -1033,25 +1033,25 @@ xmlSecKeyDebugXmlDump(xmlSecKeyPtr key, FILE *output) {
if(key->notValidBefore < key->notValidAfter) {
fprintf(output, "<KeyValidity notValidBefore=\"%ld\" notValidAfter=\"%ld\"/>\n",
- (unsigned long)key->notValidBefore,
- (unsigned long)key->notValidAfter);
+ (unsigned long)key->notValidBefore,
+ (unsigned long)key->notValidAfter);
}
if(key->value != NULL) {
- xmlSecKeyDataDebugXmlDump(key->value, output);
+ xmlSecKeyDataDebugXmlDump(key->value, output);
}
if(key->dataList != NULL) {
- xmlSecPtrListDebugXmlDump(key->dataList, output);
+ xmlSecPtrListDebugXmlDump(key->dataList, output);
}
- fprintf(output, "</KeyInfo>\n");
+ fprintf(output, "</KeyInfo>\n");
}
-/**
+/**
* xmlSecKeyGenerate:
- * @dataId: the requested key klass (rsa, dsa, aes, ...).
- * @sizeBits: the new key size (in bits!).
- * @type: the new key type (session, permanent, ...).
+ * @dataId: the requested key klass (rsa, dsa, aes, ...).
+ * @sizeBits: the new key size (in bits!).
+ * @type: the new key type (session, permanent, ...).
*
* Generates new key of requested klass @dataId and @type.
*
@@ -1064,59 +1064,59 @@ xmlSecKeyGenerate(xmlSecKeyDataId dataId, xmlSecSize sizeBits, xmlSecKeyDataType
int ret;
xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, NULL);
-
+
data = xmlSecKeyDataCreate(dataId);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
ret = xmlSecKeyDataGenerate(data, sizeBits, type);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
- "xmlSecKeyDataGenerate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d;type=%d", sizeBits, type);
- xmlSecKeyDataDestroy(data);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeyDataGenerate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d;type=%d", sizeBits, type);
+ xmlSecKeyDataDestroy(data);
+ return(NULL);
}
-
+
key = xmlSecKeyCreate();
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
- "xmlSecKeyCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(data);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(NULL);
}
-
+
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(data);
- xmlSecKeyDestroy(key);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ xmlSecKeyDestroy(key);
+ return(NULL);
}
-
+
return(key);
}
-/**
+/**
* xmlSecKeyGenerateByName:
- * @name: the requested key klass name (rsa, dsa, aes, ...).
- * @sizeBits: the new key size (in bits!).
- * @type: the new key type (session, permanent, ...).
+ * @name: the requested key klass name (rsa, dsa, aes, ...).
+ * @sizeBits: the new key size (in bits!).
+ * @type: the new key type (session, permanent, ...).
*
* Generates new key of requested @klass and @type.
*
@@ -1127,30 +1127,30 @@ xmlSecKeyGenerateByName(const xmlChar* name, xmlSecSize sizeBits, xmlSecKeyDataT
xmlSecKeyDataId dataId;
xmlSecAssert2(name != NULL, NULL);
-
+
dataId = xmlSecKeyDataIdListFindByName(xmlSecKeyDataIdsGet(), name, xmlSecKeyDataUsageAny);
if(dataId == xmlSecKeyDataIdUnknown) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(name),
- XMLSEC_ERRORS_R_KEY_DATA_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(name),
+ XMLSEC_ERRORS_R_KEY_DATA_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
-
+
return(xmlSecKeyGenerate(dataId, sizeBits, type));
}
/**
* xmlSecKeyReadBuffer:
- * @dataId: the key value data klass.
- * @buffer: the buffer that contains the binary data.
+ * @dataId: the key value data klass.
+ * @buffer: the buffer that contains the binary data.
*
* Reads the key value of klass @dataId from a buffer.
*
* Returns: pointer to newly created key or NULL if an error occurs.
*/
-xmlSecKeyPtr
+xmlSecKeyPtr
xmlSecKeyReadBuffer(xmlSecKeyDataId dataId, xmlSecBuffer* buffer) {
xmlSecKeyInfoCtx keyInfoCtx;
xmlSecKeyPtr key;
@@ -1162,96 +1162,96 @@ xmlSecKeyReadBuffer(xmlSecKeyDataId dataId, xmlSecBuffer* buffer) {
/* create key data */
key = xmlSecKeyCreate();
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
- "xmlSecKeyCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
- ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
- "xmlSecKeyInfoCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDestroy(key);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ return(NULL);
}
-
+
keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypeAny;
- ret = xmlSecKeyDataBinRead(dataId, key,
- xmlSecBufferGetData(buffer),
- xmlSecBufferGetSize(buffer),
- &keyInfoCtx);
+ ret = xmlSecKeyDataBinRead(dataId, key,
+ xmlSecBufferGetData(buffer),
+ xmlSecBufferGetSize(buffer),
+ &keyInfoCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
- "xmlSecKeyDataBinRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
- xmlSecKeyDestroy(key);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeyDataBinRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+ xmlSecKeyDestroy(key);
+ return(NULL);
}
xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
-
+
return(key);
}
/**
* xmlSecKeyReadBinaryFile:
- * @dataId: the key value data klass.
- * @filename: the key binary filename.
+ * @dataId: the key value data klass.
+ * @filename: the key binary filename.
*
* Reads the key value of klass @dataId from a binary file @filename.
*
* Returns: pointer to newly created key or NULL if an error occurs.
*/
-xmlSecKeyPtr
+xmlSecKeyPtr
xmlSecKeyReadBinaryFile(xmlSecKeyDataId dataId, const char* filename) {
xmlSecKeyPtr key;
xmlSecBuffer buffer;
int ret;
-
+
xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, NULL);
xmlSecAssert2(filename != NULL, NULL);
/* read file to buffer */
ret = xmlSecBufferInitialize(&buffer, 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
ret = xmlSecBufferReadFile(&buffer, filename);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
- "xmlSecBufferReadFile",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(filename));
- xmlSecBufferFinalize(&buffer);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecBufferReadFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
}
key = xmlSecKeyReadBuffer(dataId, &buffer);
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
- "xmlSecKeyReadBuffer",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(filename));
- xmlSecBufferFinalize(&buffer);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeyReadBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
}
xmlSecBufferFinalize(&buffer);
@@ -1260,15 +1260,15 @@ xmlSecKeyReadBinaryFile(xmlSecKeyDataId dataId, const char* filename) {
/**
* xmlSecKeyReadMemory:
- * @dataId: the key value data klass.
- * @data: the memory containing the key
- * @dataSize: the size of the memory block
+ * @dataId: the key value data klass.
+ * @data: the memory containing the key
+ * @dataSize: the size of the memory block
*
* Reads the key value of klass @dataId from a memory block @data.
*
* Returns: pointer to newly created key or NULL if an error occurs.
*/
-xmlSecKeyPtr
+xmlSecKeyPtr
xmlSecKeyReadMemory(xmlSecKeyDataId dataId, const xmlSecByte* data, xmlSecSize dataSize) {
xmlSecBuffer buffer;
xmlSecKeyPtr key;
@@ -1281,33 +1281,33 @@ xmlSecKeyReadMemory(xmlSecKeyDataId dataId, const xmlSecByte* data, xmlSecSize d
/* read file to buffer */
ret = xmlSecBufferInitialize(&buffer, 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
if (xmlSecBufferAppend(&buffer, data, dataSize) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
- "xmlSecBufferAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBufferFinalize(&buffer);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
}
key = xmlSecKeyReadBuffer(dataId, &buffer);
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
- "xmlSecKeyReadBuffer",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBufferFinalize(&buffer);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeyReadBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
}
xmlSecBufferFinalize(&buffer);
@@ -1316,75 +1316,75 @@ xmlSecKeyReadMemory(xmlSecKeyDataId dataId, const xmlSecByte* data, xmlSecSize d
/**
* xmlSecKeysMngrGetKey:
- * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context.
- *
+ * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context.
+ *
* Reads the <dsig:KeyInfo/> node @keyInfoNode and extracts the key.
*
- * Returns: the pointer to key or NULL if the key is not found or
+ * Returns: the pointer to key or NULL if the key is not found or
* an error occurs.
*/
-xmlSecKeyPtr
+xmlSecKeyPtr
xmlSecKeysMngrGetKey(xmlNodePtr keyInfoNode, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyPtr key;
int ret;
-
+
xmlSecAssert2(keyInfoCtx != NULL, NULL);
-
+
/* first try to read data from <dsig:KeyInfo/> node */
key = xmlSecKeyCreate();
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
if(keyInfoNode != NULL) {
- ret = xmlSecKeyInfoNodeRead(keyInfoNode, key, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyInfoNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(keyInfoNode)));
- xmlSecKeyDestroy(key);
- return(NULL);
- }
-
- if((xmlSecKeyGetValue(key) != NULL) &&
+ ret = xmlSecKeyInfoNodeRead(keyInfoNode, key, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(keyInfoNode)));
+ xmlSecKeyDestroy(key);
+ return(NULL);
+ }
+
+ if((xmlSecKeyGetValue(key) != NULL) &&
(xmlSecKeyMatch(key, NULL, &(keyInfoCtx->keyReq)) != 0)) {
return(key);
}
- }
+ }
xmlSecKeyDestroy(key);
-
+
/* if we have keys manager, try it */
if(keyInfoCtx->keysMngr != NULL) {
- key = xmlSecKeysMngrFindKey(keyInfoCtx->keysMngr, NULL, keyInfoCtx);
- if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrFindKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
- if(xmlSecKeyGetValue(key) != NULL) {
- return(key);
- }
- xmlSecKeyDestroy(key);
+ key = xmlSecKeysMngrFindKey(keyInfoCtx->keysMngr, NULL, keyInfoCtx);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrFindKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ if(xmlSecKeyGetValue(key) != NULL) {
+ return(key);
+ }
+ xmlSecKeyDestroy(key);
}
-
+
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_KEY_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_KEY_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
@@ -1395,20 +1395,20 @@ xmlSecKeysMngrGetKey(xmlNodePtr keyInfoNode, xmlSecKeyInfoCtxPtr keyInfoCtx) {
**********************************************************************/
static xmlSecPtrListKlass xmlSecKeyPtrListKlass = {
BAD_CAST "keys-list",
- (xmlSecPtrDuplicateItemMethod)xmlSecKeyDuplicate, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
- (xmlSecPtrDestroyItemMethod)xmlSecKeyDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
- (xmlSecPtrDebugDumpItemMethod)xmlSecKeyDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ (xmlSecPtrDuplicateItemMethod)xmlSecKeyDuplicate, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ (xmlSecPtrDestroyItemMethod)xmlSecKeyDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecKeyDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
(xmlSecPtrDebugDumpItemMethod)xmlSecKeyDebugXmlDump,/* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
};
/**
- * xmlSecKeyPtrListGetKlass:
+ * xmlSecKeyPtrListGetKlass:
*
* The keys list klass.
*
* Returns: keys list id.
*/
-xmlSecPtrListId
+xmlSecPtrListId
xmlSecKeyPtrListGetKlass(void) {
return(&xmlSecKeyPtrListKlass);
}
diff --git a/src/keysdata.c b/src/keysdata.c
index 1101f7f8..de854ba6 100644
--- a/src/keysdata.c
+++ b/src/keysdata.c
@@ -1,11 +1,11 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* Key data.
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
@@ -13,7 +13,7 @@
#include <stdlib.h>
#include <string.h>
-
+
#include <libxml/tree.h>
#include <xmlsec/xmlsec.h>
@@ -33,11 +33,11 @@
*************************************************************************/
static xmlSecPtrList xmlSecAllKeyDataIds;
-/**
+/**
* xmlSecKeyDataIdsGet:
*
* Gets global registered key data klasses list.
- *
+ *
* Returns: the pointer to list of all registered key data klasses.
*/
xmlSecPtrListPtr
@@ -45,45 +45,45 @@ xmlSecKeyDataIdsGet(void) {
return(&xmlSecAllKeyDataIds);
}
-/**
+/**
* xmlSecKeyDataIdsInit:
*
- * Initializes the key data klasses. This function is called from the
+ * Initializes the key data klasses. This function is called from the
* #xmlSecInit function and the application should not call it directly.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecKeyDataIdsInit(void) {
int ret;
-
+
ret = xmlSecPtrListInitialize(xmlSecKeyDataIdsGet(), xmlSecKeyDataIdListId);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListPtrInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecKeyDataIdListId");
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListPtrInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecKeyDataIdListId");
return(-1);
}
-
+
ret = xmlSecKeyDataIdsRegisterDefault();
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataIdsRegisterDefault",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataIdsRegisterDefault",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
+
return(0);
}
/**
* xmlSecKeyDataIdsShutdown:
- *
- * Shuts down the keys data klasses. This function is called from the
+ *
+ * Shuts down the keys data klasses. This function is called from the
* #xmlSecShutdown function and the application should not call it directly.
*/
void
@@ -91,83 +91,83 @@ xmlSecKeyDataIdsShutdown(void) {
xmlSecPtrListFinalize(xmlSecKeyDataIdsGet());
}
-/**
+/**
* xmlSecKeyDataIdsRegister:
- * @id: the key data klass.
+ * @id: the key data klass.
*
* Registers @id in the global list of key data klasses.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecKeyDataIdsRegister(xmlSecKeyDataId id) {
int ret;
-
+
xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
-
+
ret = xmlSecPtrListAdd(xmlSecKeyDataIdsGet(), (xmlSecPtr)id);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "dataId=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "dataId=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)));
return(-1);
}
-
- return(0);
+
+ return(0);
}
/**
* xmlSecKeyDataIdsRegisterDefault:
*
* Registers default (implemented by XML Security Library)
- * key data klasses: <dsig:KeyName/> element processing klass,
+ * key data klasses: <dsig:KeyName/> element processing klass,
* <dsig:KeyValue/> element processing klass, ...
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecKeyDataIdsRegisterDefault(void) {
if(xmlSecKeyDataIdsRegister(xmlSecKeyDataNameId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecKeyDataNameId");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecKeyDataNameId");
+ return(-1);
}
if(xmlSecKeyDataIdsRegister(xmlSecKeyDataValueId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecKeyDataValueId");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecKeyDataValueId");
+ return(-1);
}
if(xmlSecKeyDataIdsRegister(xmlSecKeyDataRetrievalMethodId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecKeyDataRetrievalMethodId");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecKeyDataRetrievalMethodId");
+ return(-1);
}
#ifndef XMLSEC_NO_XMLENC
if(xmlSecKeyDataIdsRegister(xmlSecKeyDataEncryptedKeyId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecKeyDataEncryptedKeyId");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecKeyDataEncryptedKeyId");
+ return(-1);
}
#endif /* XMLSEC_NO_XMLENC */
-
+
return(0);
}
@@ -178,65 +178,65 @@ xmlSecKeyDataIdsRegisterDefault(void) {
*************************************************************************/
/**
* xmlSecKeyDataCreate:
- * @id: the data id.
+ * @id: the data id.
*
* Allocates and initializes new key data of the specified type @id.
- * Caller is responsible for destroing returend object with
+ * Caller is responsible for destroying returned object with
* #xmlSecKeyDataDestroy function.
*
* Returns: the pointer to newly allocated key data structure
* or NULL if an error occurs.
*/
-xmlSecKeyDataPtr
+xmlSecKeyDataPtr
xmlSecKeyDataCreate(xmlSecKeyDataId id) {
xmlSecKeyDataPtr data;
int ret;
-
+
xmlSecAssert2(id != NULL, NULL);
xmlSecAssert2(id->klassSize >= sizeof(xmlSecKeyDataKlass), NULL);
xmlSecAssert2(id->objSize >= sizeof(xmlSecKeyData), NULL);
xmlSecAssert2(id->name != NULL, NULL);
-
+
/* Allocate a new xmlSecKeyData and fill the fields. */
data = (xmlSecKeyDataPtr)xmlMalloc(id->objSize);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", id->objSize);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", id->objSize);
+ return(NULL);
}
- memset(data, 0, id->objSize);
+ memset(data, 0, id->objSize);
data->id = id;
if(id->initialize != NULL) {
- ret = (id->initialize)(data);
+ ret = (id->initialize)(data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "id->initialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(data);
- return(NULL);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "id->initialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(NULL);
+ }
}
-
+
return(data);
}
/**
* xmlSecKeyDataDuplicate:
- * @data: the pointer to the key data.
+ * @data: the pointer to the key data.
*
- * Creates a duplicate of the given @data. Caller is responsible for
- * destroing returend object with #xmlSecKeyDataDestroy function.
+ * Creates a duplicate of the given @data. Caller is responsible for
+ * destroying returned object with #xmlSecKeyDataDestroy function.
*
* Returns: the pointer to newly allocated key data structure
* or NULL if an error occurs.
*/
-xmlSecKeyDataPtr
+xmlSecKeyDataPtr
xmlSecKeyDataDuplicate(xmlSecKeyDataPtr data) {
xmlSecKeyDataPtr newData;
int ret;
@@ -246,41 +246,41 @@ xmlSecKeyDataDuplicate(xmlSecKeyDataPtr data) {
newData = xmlSecKeyDataCreate(data->id);
if(newData == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
ret = (data->id->duplicate)(newData, data);
if(newData == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "id->duplicate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(newData);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "id->duplicate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(newData);
+ return(NULL);
}
-
+
return(newData);
}
/**
* xmlSecKeyDataDestroy:
- * @data: the pointer to the key data.
+ * @data: the pointer to the key data.
*
- * Destroys the data and frees all allocated memory.
+ * Destroys the data and frees all allocated memory.
*/
void
xmlSecKeyDataDestroy(xmlSecKeyDataPtr data) {
- xmlSecAssert(xmlSecKeyDataIsValid(data));
+ xmlSecAssert(xmlSecKeyDataIsValid(data));
xmlSecAssert(data->id->objSize > 0);
-
- if(data->id->finalize != NULL) {
- (data->id->finalize)(data);
+
+ if(data->id->finalize != NULL) {
+ (data->id->finalize)(data);
}
memset(data, 0, data->id->objSize);
xmlFree(data);
@@ -289,11 +289,11 @@ xmlSecKeyDataDestroy(xmlSecKeyDataPtr data) {
/**
* xmlSecKeyDataXmlRead:
- * @id: the data klass.
- * @key: the destination key.
- * @node: the pointer to an XML node.
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
- *
+ * @id: the data klass.
+ * @key: the destination key.
+ * @node: the pointer to an XML node.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
* Reads the key data of klass @id from XML @node and adds them to @key.
*
* Returns: 0 on success or a negative value otherwise.
@@ -310,11 +310,11 @@ xmlSecKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlS
/**
* xmlSecKeyDataXmlWrite:
- * @id: the data klass.
- * @key: the source key.
- * @node: the pointer to an XML node.
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
- *
+ * @id: the data klass.
+ * @key: the source key.
+ * @node: the pointer to an XML node.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
* Writes the key data of klass @id from @key to an XML @node.
*
* Returns: 0 on success or a negative value otherwise.
@@ -329,22 +329,22 @@ xmlSecKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xml
return((id->xmlWrite)(id, key, node, keyInfoCtx));
}
-/**
+/**
* xmlSecKeyDataBinRead:
- * @id: the data klass.
- * @key: the destination key.
- * @buf: the input binary buffer.
- * @bufSize: the input buffer size.
- * @keyInfoCtx: the <dsig:KeyInfo/> node processing context.
+ * @id: the data klass.
+ * @key: the destination key.
+ * @buf: the input binary buffer.
+ * @bufSize: the input buffer size.
+ * @keyInfoCtx: the <dsig:KeyInfo/> node processing context.
*
* Reads the key data of klass @id from binary buffer @buf to @key.
- *
+ *
* Returns: 0 on success or a negative value if an error occurs.
*/
int
-xmlSecKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- const xmlSecByte* buf, xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+xmlSecKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecAssert2(id != NULL, -1);
xmlSecAssert2(id->binRead != NULL, -1);
xmlSecAssert2(key != NULL, -1);
@@ -353,22 +353,22 @@ xmlSecKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
return((id->binRead)(id, key, buf, bufSize, keyInfoCtx));
}
-/**
+/**
* xmlSecKeyDataBinWrite:
- * @id: the data klass.
- * @key: the source key.
- * @buf: the output binary buffer.
- * @bufSize: the output buffer size.
- * @keyInfoCtx: the <dsig:KeyInfo/> node processing context.
- *
- * Writes the key data of klass @id from the @key to a binary buffer @buf.
- *
+ * @id: the data klass.
+ * @key: the source key.
+ * @buf: the output binary buffer.
+ * @bufSize: the output buffer size.
+ * @keyInfoCtx: the <dsig:KeyInfo/> node processing context.
+ *
+ * Writes the key data of klass @id from the @key to a binary buffer @buf.
+ *
* Returns: 0 on success or a negative value if an error occurs.
*/
int
-xmlSecKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlSecByte** buf, xmlSecSize* bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+xmlSecKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlSecByte** buf, xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecAssert2(id != NULL, -1);
xmlSecAssert2(id->binWrite != NULL, -1);
xmlSecAssert2(key != NULL, -1);
@@ -377,56 +377,56 @@ xmlSecKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
return((id->binWrite)(id, key, buf, bufSize, keyInfoCtx));
}
-/**
+/**
* xmlSecKeyDataGenerate:
- * @data: the pointer to key data.
- * @sizeBits: the desired key data size (in bits).
- * @type: the desired key data type.
+ * @data: the pointer to key data.
+ * @sizeBits: the desired key data size (in bits).
+ * @type: the desired key data type.
*
* Generates new key data of given size and type.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits,
- xmlSecKeyDataType type) {
+xmlSecKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits,
+ xmlSecKeyDataType type) {
int ret;
xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
xmlSecAssert2(data->id->generate != NULL, -1);
-
+
/* write data */
ret = data->id->generate(data, sizeBits, type);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "id->generate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", sizeBits);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "id->generate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", sizeBits);
+ return(-1);
}
- return(0);
+ return(0);
}
-/**
+/**
* xmlSecKeyDataGetType:
- * @data: the pointer to key data.
+ * @data: the pointer to key data.
*
* Gets key data type.
*
* Returns: key data type.
- */
-xmlSecKeyDataType
+ */
+xmlSecKeyDataType
xmlSecKeyDataGetType(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
xmlSecAssert2(data->id->getType != NULL, xmlSecKeyDataTypeUnknown);
-
+
return(data->id->getType(data));
}
-/**
+/**
* xmlSecKeyDataGetSize:
- * @data: the pointer to key data.
+ * @data: the pointer to key data.
*
* Gets key data size.
*
@@ -436,14 +436,14 @@ xmlSecSize
xmlSecKeyDataGetSize(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecKeyDataIsValid(data), 0);
xmlSecAssert2(data->id->getSize != NULL, 0);
-
+
return(data->id->getSize(data));
}
/**
* xmlSecKeyDataGetIdentifier:
- * @data: the pointer to key data.
- *
+ * @data: the pointer to key data.
+ *
* Gets key data identifier string.
*
* Returns: key data id string.
@@ -452,14 +452,14 @@ const xmlChar*
xmlSecKeyDataGetIdentifier(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecKeyDataIsValid(data), NULL);
xmlSecAssert2(data->id->getIdentifier != NULL, NULL);
-
+
return(data->id->getIdentifier(data));
}
-/**
+/**
* xmlSecKeyDataDebugDump:
- * @data: the pointer to key data.
- * @output: the pointer to output FILE.
+ * @data: the pointer to key data.
+ * @output: the pointer to output FILE.
*
* Prints key data debug info.
*/
@@ -468,23 +468,23 @@ xmlSecKeyDataDebugDump(xmlSecKeyDataPtr data, FILE *output) {
xmlSecAssert(xmlSecKeyDataIsValid(data));
xmlSecAssert(data->id->debugDump != NULL);
xmlSecAssert(output != NULL);
-
+
data->id->debugDump(data, output);
}
-/**
+/**
* xmlSecKeyDataDebugXmlDump:
- * @data: the pointer to key data.
- * @output: the pointer to output FILE.
+ * @data: the pointer to key data.
+ * @output: the pointer to output FILE.
*
* Prints key data debug info in XML format.
- */
-void
+ */
+void
xmlSecKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE *output) {
xmlSecAssert(xmlSecKeyDataIsValid(data));
xmlSecAssert(data->id->debugXmlDump != NULL);
xmlSecAssert(output != NULL);
-
+
data->id->debugXmlDump(data, output);
}
@@ -495,53 +495,53 @@ xmlSecKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE *output) {
* key (xmlSecBuffer) is located after xmlSecKeyData structure
*
*************************************************************************/
-/**
+/**
* xmlSecKeyDataBinaryValueInitialize:
- * @data: the pointer to binary key data.
+ * @data: the pointer to binary key data.
*
* Initializes key data.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecKeyDataBinaryValueInitialize(xmlSecKeyDataPtr data) {
xmlSecBufferPtr buffer;
int ret;
-
+
xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecKeyDataBinarySize), -1);
-
+
/* initialize buffer */
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
xmlSecAssert2(buffer != NULL, -1);
-
+
ret = xmlSecBufferInitialize(buffer, 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
- return(0);
+
+ return(0);
}
-/**
+/**
* xmlSecKeyDataBinaryValueDuplicate:
- * @dst: the pointer to destination binary key data.
- * @src: the pointer to source binary key data.
+ * @dst: the pointer to destination binary key data.
+ * @src: the pointer to source binary key data.
*
* Copies binary key data from @src to @dst.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecKeyDataBinaryValueDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
xmlSecBufferPtr buffer;
int ret;
-
+
xmlSecAssert2(xmlSecKeyDataIsValid(dst), -1);
xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecKeyDataBinarySize), -1);
xmlSecAssert2(xmlSecKeyDataIsValid(src), -1);
@@ -549,62 +549,62 @@ xmlSecKeyDataBinaryValueDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
buffer = xmlSecKeyDataBinaryValueGetBuffer(src);
xmlSecAssert2(buffer != NULL, -1);
-
+
/* copy data */
ret = xmlSecKeyDataBinaryValueSetBuffer(dst,
- xmlSecBufferGetData(buffer),
- xmlSecBufferGetSize(buffer));
+ xmlSecBufferGetData(buffer),
+ xmlSecBufferGetSize(buffer));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "xmlSecKeyDataBinaryValueSetBuffer",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecKeyDataBinaryValueSetBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
-/**
+/**
* xmlSecKeyDataBinaryValueFinalize:
- * @data: the pointer to binary key data.
+ * @data: the pointer to binary key data.
*
* Cleans up binary key data.
*/
-void
+void
xmlSecKeyDataBinaryValueFinalize(xmlSecKeyDataPtr data) {
xmlSecBufferPtr buffer;
-
+
xmlSecAssert(xmlSecKeyDataIsValid(data));
xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecKeyDataBinarySize));
-
+
/* initialize buffer */
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
xmlSecAssert(buffer != NULL);
-
- xmlSecBufferFinalize(buffer);
+
+ xmlSecBufferFinalize(buffer);
}
-/**
+/**
* xmlSecKeyDataBinaryValueXmlRead:
- * @id: the data klass.
- * @key: the pointer to destination key.
- * @node: the pointer to an XML node.
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ * @id: the data klass.
+ * @key: the pointer to destination key.
+ * @node: the pointer to an XML node.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
*
* Reads binary key data from @node to the key by base64 decoding the @node content.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
*/
-int
-xmlSecKeyDataBinaryValueXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+int
+xmlSecKeyDataBinaryValueXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlChar* str;
xmlSecSize len;
xmlSecKeyDataPtr data;
int ret;
-
+
xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(node != NULL, -1);
@@ -612,148 +612,148 @@ xmlSecKeyDataBinaryValueXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
str = xmlNodeGetContent(node);
if(str == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* usual trick: decode into the same buffer */
ret = xmlSecBase64Decode(str, (xmlSecByte*)str, xmlStrlen(str));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBase64Decode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(str);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(str);
+ return(-1);
}
len = ret;
/* check do we have a key already */
data = xmlSecKeyGetValue(key);
if(data != NULL) {
- xmlSecBufferPtr buffer;
-
- if(!xmlSecKeyDataCheckId(data, id)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(str);
- return(-1);
- }
-
- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
- if((buffer != NULL) && ((xmlSecSize)xmlSecBufferGetSize(buffer) != len)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
- "cur-data-size=%d;new-data-size=%d",
- xmlSecBufferGetSize(buffer), len);
- xmlFree(str);
- return(-1);
- }
- if((buffer != NULL) && (len > 0) && (memcmp(xmlSecBufferGetData(buffer), str, len) != 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
- "key already has a different value");
- xmlFree(str);
- return(-1);
- }
- if(buffer != NULL) {
- /* we already have exactly the same key */
- xmlFree(str);
- return(0);
- }
-
- /* we have binary key value with empty buffer */
+ xmlSecBufferPtr buffer;
+
+ if(!xmlSecKeyDataCheckId(data, id)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(str);
+ return(-1);
+ }
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ if((buffer != NULL) && ((xmlSecSize)xmlSecBufferGetSize(buffer) != len)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
+ "cur-data-size=%d;new-data-size=%d",
+ xmlSecBufferGetSize(buffer), len);
+ xmlFree(str);
+ return(-1);
+ }
+ if((buffer != NULL) && (len > 0) && (memcmp(xmlSecBufferGetData(buffer), str, len) != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
+ "key already has a different value");
+ xmlFree(str);
+ return(-1);
+ }
+ if(buffer != NULL) {
+ /* we already have exactly the same key */
+ xmlFree(str);
+ return(0);
+ }
+
+ /* we have binary key value with empty buffer */
}
-
+
data = xmlSecKeyDataCreate(id);
if(data == NULL ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(str);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(str);
+ return(-1);
}
-
+
ret = xmlSecKeyDataBinaryValueSetBuffer(data, (xmlSecByte*)str, len);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyDataBinaryValueSetBuffer",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", len);
- xmlSecKeyDataDestroy(data);
- xmlFree(str);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataBinaryValueSetBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", len);
+ xmlSecKeyDataDestroy(data);
+ xmlFree(str);
+ return(-1);
}
xmlFree(str);
if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyReqMatchKeyValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(data);
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyReqMatchKeyValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(0);
}
-
+
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(data);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(-1);
}
return(0);
}
-/**
+/**
* xmlSecKeyDataBinaryValueXmlWrite:
- * @id: the data klass.
- * @key: the pointer to source key.
- * @node: the pointer to an XML node.
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
- *
- * Base64 encodes binary key data of klass @id from the @key and
- * sets to the @node content.
- *
+ * @id: the data klass.
+ * @key: the pointer to source key.
+ * @node: the pointer to an XML node.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Base64 encodes binary key data of klass @id from the @key and
+ * sets to the @node content.
+ *
* Returns: 0 on success or a negative value otherwise.
*/
-int
-xmlSecKeyDataBinaryValueXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+int
+xmlSecKeyDataBinaryValueXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecBufferPtr buffer;
xmlSecKeyDataPtr value;
xmlChar* str;
-
+
xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
if((xmlSecKeyDataTypeSymmetric & keyInfoCtx->keyReq.keyType) == 0) {
- /* we can have only symmetric key */
- return(0);
- }
+ /* we can have only symmetric key */
+ return(0);
+ }
value = xmlSecKeyGetValue(key);
xmlSecAssert2(xmlSecKeyDataIsValid(value), -1);
@@ -762,40 +762,40 @@ xmlSecKeyDataBinaryValueXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
xmlSecAssert2(buffer != NULL, -1);
str = xmlSecBase64Encode(xmlSecBufferGetData(buffer),
- xmlSecBufferGetSize(buffer),
- keyInfoCtx->base64LineSize);
+ xmlSecBufferGetSize(buffer),
+ keyInfoCtx->base64LineSize);
if(str == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBase64Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
xmlNodeSetContent(node, str);
xmlFree(str);
return(0);
}
-/**
+/**
* xmlSecKeyDataBinaryValueBinRead:
- * @id: the data klass.
- * @key: the pointer to destination key.
- * @buf: the source binary buffer.
- * @bufSize: the source binary buffer size.
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ * @id: the data klass.
+ * @key: the pointer to destination key.
+ * @buf: the source binary buffer.
+ * @bufSize: the source binary buffer size.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
*
* Reads binary key data of the klass @id from @buf to the @key.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
*/
-int
-xmlSecKeyDataBinaryValueBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- const xmlSecByte* buf, xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+int
+xmlSecKeyDataBinaryValueBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data;
int ret;
-
+
xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(buf != NULL, -1);
@@ -805,104 +805,104 @@ xmlSecKeyDataBinaryValueBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
/* check do we have a key already */
data = xmlSecKeyGetValue(key);
if(data != NULL) {
- xmlSecBufferPtr buffer;
-
- if(!xmlSecKeyDataCheckId(data, id)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
- if((buffer != NULL) && ((xmlSecSize)xmlSecBufferGetSize(buffer) != bufSize)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
- "cur-data-size=%d;new-data-size=%d",
- xmlSecBufferGetSize(buffer), bufSize);
- return(-1);
- }
- if((buffer != NULL) && (bufSize > 0) && (memcmp(xmlSecBufferGetData(buffer), buf, bufSize) != 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
- "key already has a different value");
- return(-1);
- }
- if(buffer != NULL) {
- /* we already have exactly the same key */
- return(0);
- }
-
- /* we have binary key value with empty buffer */
+ xmlSecBufferPtr buffer;
+
+ if(!xmlSecKeyDataCheckId(data, id)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ if((buffer != NULL) && ((xmlSecSize)xmlSecBufferGetSize(buffer) != bufSize)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
+ "cur-data-size=%d;new-data-size=%d",
+ xmlSecBufferGetSize(buffer), bufSize);
+ return(-1);
+ }
+ if((buffer != NULL) && (bufSize > 0) && (memcmp(xmlSecBufferGetData(buffer), buf, bufSize) != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
+ "key already has a different value");
+ return(-1);
+ }
+ if(buffer != NULL) {
+ /* we already have exactly the same key */
+ return(0);
+ }
+
+ /* we have binary key value with empty buffer */
}
-
+
data = xmlSecKeyDataCreate(id);
if(data == NULL ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
ret = xmlSecKeyDataBinaryValueSetBuffer(data, buf, bufSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyDataBinaryValueSetBuffer",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", bufSize);
- xmlSecKeyDataDestroy(data);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataBinaryValueSetBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", bufSize);
+ xmlSecKeyDataDestroy(data);
+ return(-1);
}
if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyReqMatchKeyValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(data);
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyReqMatchKeyValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(0);
}
-
+
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(data);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(-1);
}
return(0);
}
-/**
+/**
* xmlSecKeyDataBinaryValueBinWrite:
- * @id: the data klass.
- * @key: the pointer to source key.
- * @buf: the destination binary buffer.
- * @bufSize: the destination binary buffer size.
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ * @id: the data klass.
+ * @key: the pointer to source key.
+ * @buf: the destination binary buffer.
+ * @bufSize: the destination binary buffer size.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
*
* Writes binary key data of klass @id from the @key to @buf.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
*/
-int
-xmlSecKeyDataBinaryValueBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlSecByte** buf, xmlSecSize* bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+int
+xmlSecKeyDataBinaryValueBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlSecByte** buf, xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr value;
xmlSecBufferPtr buffer;
@@ -913,9 +913,9 @@ xmlSecKeyDataBinaryValueBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
xmlSecAssert2(keyInfoCtx != NULL, -1);
if((xmlSecKeyDataTypeSymmetric & keyInfoCtx->keyReq.keyType) == 0) {
- /* we can have only symmetric key */
- return(0);
- }
+ /* we can have only symmetric key */
+ return(0);
+ }
value = xmlSecKeyGetValue(key);
xmlSecAssert2(xmlSecKeyDataIsValid(value), -1);
@@ -926,28 +926,28 @@ xmlSecKeyDataBinaryValueBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
(*bufSize) = xmlSecBufferGetSize(buffer);
(*buf) = (xmlSecByte*) xmlMalloc((*bufSize));
if((*buf) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
- memcpy((*buf), xmlSecBufferGetData(buffer), (*bufSize));
+ memcpy((*buf), xmlSecBufferGetData(buffer), (*bufSize));
return(0);
}
-/**
+/**
* xmlSecKeyDataBinaryValueDebugDump:
- * @data: the pointer to binary key data.
- * @output: the pointer to output FILE.
- *
+ * @data: the pointer to binary key data.
+ * @output: the pointer to output FILE.
+ *
* Prints binary key data debug information to @output.
*/
-void
+void
xmlSecKeyDataBinaryValueDebugDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecBufferPtr buffer;
-
+
xmlSecAssert(xmlSecKeyDataIsValid(data));
xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecKeyDataBinarySize));
xmlSecAssert(data->id->dataNodeName != NULL);
@@ -956,19 +956,19 @@ xmlSecKeyDataBinaryValueDebugDump(xmlSecKeyDataPtr data, FILE* output) {
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
xmlSecAssert(buffer != NULL);
- /* print only size, everything else is sensitive */
- fprintf(output, "=== %s: size=%d\n", data->id->dataNodeName,
- xmlSecKeyDataGetSize(data));
+ /* print only size, everything else is sensitive */
+ fprintf(output, "=== %s: size=%d\n", data->id->dataNodeName,
+ xmlSecKeyDataGetSize(data));
}
-/**
+/**
* xmlSecKeyDataBinaryValueDebugXmlDump:
- * @data: the pointer to binary key data.
- * @output: the pointer to output FILE.
- *
+ * @data: the pointer to binary key data.
+ * @output: the pointer to output FILE.
+ *
* Prints binary key data debug information to @output in XML format.
*/
-void
+void
xmlSecKeyDataBinaryValueDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecBufferPtr buffer;
@@ -979,15 +979,15 @@ xmlSecKeyDataBinaryValueDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
xmlSecAssert(buffer != NULL);
-
- /* print only size, everything else is sensitive */
- fprintf(output, "<%s size=\"%d\" />\n", data->id->dataNodeName,
- xmlSecKeyDataGetSize(data));
+
+ /* print only size, everything else is sensitive */
+ fprintf(output, "<%s size=\"%d\" />\n", data->id->dataNodeName,
+ xmlSecKeyDataGetSize(data));
}
-/**
+/**
* xmlSecKeyDataBinaryValueGetSize:
- * @data: the pointer to binary key data.
+ * @data: the pointer to binary key data.
*
* Gets the binary key data size.
*
@@ -1003,19 +1003,19 @@ xmlSecKeyDataBinaryValueGetSize(xmlSecKeyDataPtr data) {
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
xmlSecAssert2(buffer != NULL, 0);
- /* return size in bits */
- return(8 * xmlSecBufferGetSize(buffer));
+ /* return size in bits */
+ return(8 * xmlSecBufferGetSize(buffer));
}
-/**
+/**
* xmlSecKeyDataBinaryValueGetBuffer:
- * @data: the pointer to binary key data.
+ * @data: the pointer to binary key data.
*
* Gets the binary key data buffer.
*
* Returns: pointer to binary key data buffer.
*/
-xmlSecBufferPtr
+xmlSecBufferPtr
xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecKeyDataIsValid(data), NULL);
xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecKeyDataBinarySize), NULL);
@@ -1024,19 +1024,19 @@ xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyDataPtr data) {
return((xmlSecBufferPtr)(((xmlSecByte*)data) + sizeof(xmlSecKeyData)));
}
-/**
+/**
* xmlSecKeyDataBinaryValueSetBuffer:
- * @data: the pointer to binary key data.
- * @buf: the pointer to binary buffer.
- * @bufSize: the binary buffer size.
+ * @data: the pointer to binary key data.
+ * @buf: the pointer to binary buffer.
+ * @bufSize: the binary buffer size.
*
* Sets the value of @data to @buf.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecKeyDataBinaryValueSetBuffer(xmlSecKeyDataPtr data,
- const xmlSecByte* buf, xmlSecSize bufSize) {
+xmlSecKeyDataBinaryValueSetBuffer(xmlSecKeyDataPtr data,
+ const xmlSecByte* buf, xmlSecSize bufSize) {
xmlSecBufferPtr buffer;
xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
@@ -1057,20 +1057,20 @@ xmlSecKeyDataBinaryValueSetBuffer(xmlSecKeyDataPtr data,
**********************************************************************/
static xmlSecPtrListKlass xmlSecKeyDataListKlass = {
BAD_CAST "key-data-list",
- (xmlSecPtrDuplicateItemMethod)xmlSecKeyDataDuplicate, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
- (xmlSecPtrDestroyItemMethod)xmlSecKeyDataDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
- (xmlSecPtrDebugDumpItemMethod)xmlSecKeyDataDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
- (xmlSecPtrDebugDumpItemMethod)xmlSecKeyDataDebugXmlDump, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+ (xmlSecPtrDuplicateItemMethod)xmlSecKeyDataDuplicate, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ (xmlSecPtrDestroyItemMethod)xmlSecKeyDataDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecKeyDataDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecKeyDataDebugXmlDump, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
};
/**
* xmlSecKeyDataListGetKlass:
- *
+ *
* The key data list klass.
*
* Returns: pointer to the key data list klass.
*/
-xmlSecPtrListId
+xmlSecPtrListId
xmlSecKeyDataListGetKlass(void) {
return(&xmlSecKeyDataListKlass);
}
@@ -1083,190 +1083,190 @@ xmlSecKeyDataListGetKlass(void) {
**********************************************************************/
static xmlSecPtrListKlass xmlSecKeyDataIdListKlass = {
BAD_CAST "key-data-ids-list",
- NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
- NULL, /* xmlSecPtrDestroyItemMethod destroyItem; */
- NULL, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
- NULL, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+ NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ NULL, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
};
/**
* xmlSecKeyDataIdListGetKlass:
- *
+ *
* The key data id list klass.
*
* Returns: pointer to the key data id list klass.
*/
-xmlSecPtrListId
+xmlSecPtrListId
xmlSecKeyDataIdListGetKlass(void) {
return(&xmlSecKeyDataIdListKlass);
}
/**
* xmlSecKeyDataIdListFind:
- * @list: the pointer to key data ids list.
- * @dataId: the key data klass.
+ * @list: the pointer to key data ids list.
+ * @dataId: the key data klass.
*
* Lookups @dataId in @list.
*
* Returns: 1 if @dataId is found in the @list, 0 if not and a negative
* value if an error occurs.
*/
-int
+int
xmlSecKeyDataIdListFind(xmlSecPtrListPtr list, xmlSecKeyDataId dataId) {
xmlSecSize i, size;
-
+
xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyDataIdListId), 0);
xmlSecAssert2(dataId != NULL, 0);
-
+
size = xmlSecPtrListGetSize(list);
for(i = 0; i < size; ++i) {
- if((xmlSecKeyDataId)xmlSecPtrListGetItem(list, i) == dataId) {
- return(1);
- }
+ if((xmlSecKeyDataId)xmlSecPtrListGetItem(list, i) == dataId) {
+ return(1);
+ }
}
return(0);
}
-/**
+/**
* xmlSecKeyDataIdListFindByNode:
- * @list: the pointer to key data ids list.
- * @nodeName: the desired key data klass XML node name.
- * @nodeNs: the desired key data klass XML node namespace.
- * @usage: the desired key data usage.
+ * @list: the pointer to key data ids list.
+ * @nodeName: the desired key data klass XML node name.
+ * @nodeNs: the desired key data klass XML node namespace.
+ * @usage: the desired key data usage.
*
- * Lookups data klass in the list with given @nodeName, @nodeNs and
+ * Lookups data klass in the list with given @nodeName, @nodeNs and
* @usage in the @list.
*
* Returns: key data klass is found and NULL otherwise.
- */
-xmlSecKeyDataId
+ */
+xmlSecKeyDataId
xmlSecKeyDataIdListFindByNode(xmlSecPtrListPtr list, const xmlChar* nodeName,
- const xmlChar* nodeNs, xmlSecKeyDataUsage usage) {
+ const xmlChar* nodeNs, xmlSecKeyDataUsage usage) {
xmlSecKeyDataId dataId;
xmlSecSize i, size;
-
+
xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyDataIdListId), xmlSecKeyDataIdUnknown);
xmlSecAssert2(nodeName != NULL, xmlSecKeyDataIdUnknown);
-
+
size = xmlSecPtrListGetSize(list);
for(i = 0; i < size; ++i) {
- dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(list, i);
- xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, xmlSecKeyDataIdUnknown);
-
- if(((usage & dataId->usage) != 0) &&
- xmlStrEqual(nodeName, dataId->dataNodeName) &&
- xmlStrEqual(nodeNs, dataId->dataNodeNs)) {
-
- return(dataId);
- }
+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, xmlSecKeyDataIdUnknown);
+
+ if(((usage & dataId->usage) != 0) &&
+ xmlStrEqual(nodeName, dataId->dataNodeName) &&
+ xmlStrEqual(nodeNs, dataId->dataNodeNs)) {
+
+ return(dataId);
+ }
}
return(xmlSecKeyDataIdUnknown);
}
-/**
+/**
* xmlSecKeyDataIdListFindByHref:
- * @list: the pointer to key data ids list.
- * @href: the desired key data klass href.
- * @usage: the desired key data usage.
+ * @list: the pointer to key data ids list.
+ * @href: the desired key data klass href.
+ * @usage: the desired key data usage.
*
* Lookups data klass in the list with given @href and @usage in @list.
*
* Returns: key data klass is found and NULL otherwise.
- */
-xmlSecKeyDataId
+ */
+xmlSecKeyDataId
xmlSecKeyDataIdListFindByHref(xmlSecPtrListPtr list, const xmlChar* href,
- xmlSecKeyDataUsage usage) {
+ xmlSecKeyDataUsage usage) {
xmlSecKeyDataId dataId;
xmlSecSize i, size;
-
+
xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyDataIdListId), xmlSecKeyDataIdUnknown);
xmlSecAssert2(href != NULL, xmlSecKeyDataIdUnknown);
-
+
size = xmlSecPtrListGetSize(list);
for(i = 0; i < size; ++i) {
- dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(list, i);
- xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, xmlSecKeyDataIdUnknown);
-
- if(((usage & dataId->usage) != 0) && (dataId->href != NULL) &&
- xmlStrEqual(href, dataId->href)) {
-
- return(dataId);
- }
+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, xmlSecKeyDataIdUnknown);
+
+ if(((usage & dataId->usage) != 0) && (dataId->href != NULL) &&
+ xmlStrEqual(href, dataId->href)) {
+
+ return(dataId);
+ }
}
return(xmlSecKeyDataIdUnknown);
}
-/**
+/**
* xmlSecKeyDataIdListFindByName:
- * @list: the pointer to key data ids list.
- * @name: the desired key data klass name.
- * @usage: the desired key data usage.
+ * @list: the pointer to key data ids list.
+ * @name: the desired key data klass name.
+ * @usage: the desired key data usage.
*
* Lookups data klass in the list with given @name and @usage in @list.
*
* Returns: key data klass is found and NULL otherwise.
- */
-xmlSecKeyDataId
-xmlSecKeyDataIdListFindByName(xmlSecPtrListPtr list, const xmlChar* name,
- xmlSecKeyDataUsage usage) {
+ */
+xmlSecKeyDataId
+xmlSecKeyDataIdListFindByName(xmlSecPtrListPtr list, const xmlChar* name,
+ xmlSecKeyDataUsage usage) {
xmlSecKeyDataId dataId;
xmlSecSize i, size;
-
+
xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyDataIdListId), xmlSecKeyDataIdUnknown);
xmlSecAssert2(name != NULL, xmlSecKeyDataIdUnknown);
-
+
size = xmlSecPtrListGetSize(list);
for(i = 0; i < size; ++i) {
- dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(list, i);
- xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, xmlSecKeyDataIdUnknown);
-
- if(((usage & dataId->usage) != 0) && (dataId->name != NULL) &&
- xmlStrEqual(name, BAD_CAST dataId->name)) {
-
- return(dataId);
- }
+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, xmlSecKeyDataIdUnknown);
+
+ if(((usage & dataId->usage) != 0) && (dataId->name != NULL) &&
+ xmlStrEqual(name, BAD_CAST dataId->name)) {
+
+ return(dataId);
+ }
}
return(xmlSecKeyDataIdUnknown);
}
-/**
+/**
* xmlSecKeyDataIdListDebugDump:
- * @list: the pointer to key data ids list.
- * @output: the pointer to output FILE.
- *
+ * @list: the pointer to key data ids list.
+ * @output: the pointer to output FILE.
+ *
* Prints binary key data debug information to @output.
*/
-void
+void
xmlSecKeyDataIdListDebugDump(xmlSecPtrListPtr list, FILE* output) {
xmlSecKeyDataId dataId;
xmlSecSize i, size;
-
+
xmlSecAssert(xmlSecPtrListCheckId(list, xmlSecKeyDataIdListId));
xmlSecAssert(output != NULL);
size = xmlSecPtrListGetSize(list);
for(i = 0; i < size; ++i) {
- dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(list, i);
- xmlSecAssert(dataId != NULL);
- xmlSecAssert(dataId->name != NULL);
-
- if(i > 0) {
- fprintf(output, ",\"%s\"", dataId->name);
- } else {
- fprintf(output, "\"%s\"", dataId->name);
- }
+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert(dataId != NULL);
+ xmlSecAssert(dataId->name != NULL);
+
+ if(i > 0) {
+ fprintf(output, ",\"%s\"", dataId->name);
+ } else {
+ fprintf(output, "\"%s\"", dataId->name);
+ }
}
fprintf(output, "\n");
}
-/**
+/**
* xmlSecKeyDataIdListDebugXmlDump:
- * @list: the pointer to key data ids list.
- * @output: the pointer to output FILE.
- *
+ * @list: the pointer to key data ids list.
+ * @output: the pointer to output FILE.
+ *
* Prints binary key data debug information to @output in XML format.
*/
-void
+void
xmlSecKeyDataIdListDebugXmlDump(xmlSecPtrListPtr list, FILE* output) {
xmlSecKeyDataId dataId;
xmlSecSize i, size;
@@ -1277,11 +1277,11 @@ xmlSecKeyDataIdListDebugXmlDump(xmlSecPtrListPtr list, FILE* output) {
fprintf(output, "<KeyDataIdsList>\n");
size = xmlSecPtrListGetSize(list);
for(i = 0; i < size; ++i) {
- dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(list, i);
- xmlSecAssert(dataId != NULL);
- xmlSecAssert(dataId->name != NULL);
-
- fprintf(output, "<DataId name=\"");
+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert(dataId != NULL);
+ xmlSecAssert(dataId->name != NULL);
+
+ fprintf(output, "<DataId name=\"");
xmlSecPrintXmlString(output, dataId->name);
fprintf(output, "\"/>");
}
@@ -1295,64 +1295,64 @@ xmlSecKeyDataIdListDebugXmlDump(xmlSecPtrListPtr list, FILE* output) {
*************************************************************************/
/**
* xmlSecKeyDataStoreCreate:
- * @id: the store id.
+ * @id: the store id.
*
* Creates new key data store of the specified klass @id. Caller is responsible
- * for freeng returned object with #xmlSecKeyDataStoreDestroy function.
+ * for freeing returned object with #xmlSecKeyDataStoreDestroy function.
*
* Returns: the pointer to newly allocated key data store structure
* or NULL if an error occurs.
*/
-xmlSecKeyDataStorePtr
+xmlSecKeyDataStorePtr
xmlSecKeyDataStoreCreate(xmlSecKeyDataStoreId id) {
xmlSecKeyDataStorePtr store;
int ret;
-
+
xmlSecAssert2(id != NULL, NULL);
xmlSecAssert2(id->objSize > 0, NULL);
-
+
/* Allocate a new xmlSecKeyDataStore and fill the fields. */
store = (xmlSecKeyDataStorePtr)xmlMalloc(id->objSize);
if(store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreKlassGetName(id)),
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", id->objSize);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", id->objSize);
+ return(NULL);
}
- memset(store, 0, id->objSize);
+ memset(store, 0, id->objSize);
store->id = id;
if(id->initialize != NULL) {
- ret = (id->initialize)(store);
+ ret = (id->initialize)(store);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreKlassGetName(id)),
- "id->initialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataStoreDestroy(store);
- return(NULL);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreKlassGetName(id)),
+ "id->initialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataStoreDestroy(store);
+ return(NULL);
+ }
}
-
+
return(store);
}
/**
* xmlSecKeyDataStoreDestroy:
- * @store: the pointer to the key data store..
+ * @store: the pointer to the key data store..
*
* Destroys the key data store created with #xmlSecKeyDataStoreCreate
* function.
*/
void
xmlSecKeyDataStoreDestroy(xmlSecKeyDataStorePtr store) {
- xmlSecAssert(xmlSecKeyDataStoreIsValid(store));
+ xmlSecAssert(xmlSecKeyDataStoreIsValid(store));
xmlSecAssert(store->id->objSize > 0);
-
- if(store->id->finalize != NULL) {
+
+ if(store->id->finalize != NULL) {
(store->id->finalize)(store);
}
memset(store, 0, store->id->objSize);
@@ -1366,20 +1366,20 @@ xmlSecKeyDataStoreDestroy(xmlSecKeyDataStorePtr store) {
**********************************************************************/
static xmlSecPtrListKlass xmlSecKeyDataStorePtrListKlass = {
BAD_CAST "keys-data-store-list",
- NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
- (xmlSecPtrDestroyItemMethod)xmlSecKeyDataStoreDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
- NULL, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
- NULL, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+ NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ (xmlSecPtrDestroyItemMethod)xmlSecKeyDataStoreDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
};
/**
* xmlSecKeyDataStorePtrListGetKlass:
- *
+ *
* Key data stores list.
*
* Returns: key data stores list klass.
*/
-xmlSecPtrListId
+xmlSecPtrListId
xmlSecKeyDataStorePtrListGetKlass(void) {
return(&xmlSecKeyDataStorePtrListKlass);
}
diff --git a/src/keysmngr.c b/src/keysmngr.c
index e93cbb49..31a03e97 100644
--- a/src/keysmngr.c
+++ b/src/keysmngr.c
@@ -1,11 +1,11 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
- * Keys Manager
- *
+ * Keys Manager.
+ *
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -31,49 +31,49 @@
* Keys Manager
*
***************************************************************************/
-/**
+/**
* xmlSecKeysMngrCreate:
- *
- * Creates new keys manager. Caller is responsible for freeing it with
+ *
+ * Creates new keys manager. Caller is responsible for freeing it with
* #xmlSecKeysMngrDestroy function.
- *
- * Returns: the pointer to newly allocated keys manager or NULL if
+ *
+ * Returns: the pointer to newly allocated keys manager or NULL if
* an error occurs.
*/
-xmlSecKeysMngrPtr
+xmlSecKeysMngrPtr
xmlSecKeysMngrCreate(void) {
xmlSecKeysMngrPtr mngr;
int ret;
-
+
/* Allocate a new xmlSecKeysMngr and fill the fields. */
mngr = (xmlSecKeysMngrPtr)xmlMalloc(sizeof(xmlSecKeysMngr));
if(mngr == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "sizeof(xmlSecKeysMngr)=%d",
- sizeof(xmlSecKeysMngr));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecKeysMngr)=%d",
+ sizeof(xmlSecKeysMngr));
+ return(NULL);
}
- memset(mngr, 0, sizeof(xmlSecKeysMngr));
+ memset(mngr, 0, sizeof(xmlSecKeysMngr));
ret = xmlSecPtrListInitialize(&(mngr->storesList), xmlSecKeyDataStorePtrListId);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecKeyDataStorePtrListId");
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecKeyDataStorePtrListId");
+ return(NULL);
}
- return(mngr);
+ return(mngr);
}
-/**
+/**
* xmlSecKeysMngrDestroy:
- * @mngr: the pointer to keys manager.
+ * @mngr: the pointer to keys manager.
*
* Destroys keys manager created with #xmlSecKeysMngrCreate function.
*/
@@ -83,23 +83,23 @@ xmlSecKeysMngrDestroy(xmlSecKeysMngrPtr mngr) {
/* destroy keys store */
if(mngr->keysStore != NULL) {
- xmlSecKeyStoreDestroy(mngr->keysStore);
+ xmlSecKeyStoreDestroy(mngr->keysStore);
}
-
+
/* destroy other data stores */
xmlSecPtrListFinalize(&(mngr->storesList));
- memset(mngr, 0, sizeof(xmlSecKeysMngr));
- xmlFree(mngr);
+ memset(mngr, 0, sizeof(xmlSecKeysMngr));
+ xmlFree(mngr);
}
/**
* xmlSecKeysMngrFindKey:
- * @mngr: the pointer to keys manager.
- * @name: the desired key name.
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context.
+ * @mngr: the pointer to keys manager.
+ * @name: the desired key name.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context.
*
- * Lookups key in the keys manager keys store. The caller is responsible
+ * Lookups key in the keys manager keys store. The caller is responsible
* for destroying the returned key using #xmlSecKeyDestroy method.
*
* Returns: the pointer to a key or NULL if key is not found or an error occurs.
@@ -107,23 +107,23 @@ xmlSecKeysMngrDestroy(xmlSecKeysMngrPtr mngr) {
xmlSecKeyPtr
xmlSecKeysMngrFindKey(xmlSecKeysMngrPtr mngr, const xmlChar* name, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyStorePtr store;
-
+
xmlSecAssert2(mngr != NULL, NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
-
+
store = xmlSecKeysMngrGetKeysStore(mngr);
if(store == NULL) {
- /* no store. is it an error? */
- return(NULL);
+ /* no store. is it an error? */
+ return(NULL);
}
-
+
return(xmlSecKeyStoreFindKey(store, name, keyInfoCtx));
}
/**
* xmlSecKeysMngrAdoptKeysStore:
- * @mngr: the pointer to keys manager.
- * @store: the pointer to keys store.
+ * @mngr: the pointer to keys manager.
+ * @store: the pointer to keys store.
*
* Adopts keys store in the keys manager @mngr.
*
@@ -133,35 +133,35 @@ int
xmlSecKeysMngrAdoptKeysStore(xmlSecKeysMngrPtr mngr, xmlSecKeyStorePtr store) {
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(xmlSecKeyStoreIsValid(store), -1);
-
+
if(mngr->keysStore != NULL) {
- xmlSecKeyStoreDestroy(mngr->keysStore);
+ xmlSecKeyStoreDestroy(mngr->keysStore);
}
mngr->keysStore = store;
-
+
return(0);
}
/**
* xmlSecKeysMngrGetKeysStore:
- * @mngr: the pointer to keys manager.
+ * @mngr: the pointer to keys manager.
*
* Gets the keys store.
*
- * Returns: the keys store in the keys manager @mngr or NULL if
+ * Returns: the keys store in the keys manager @mngr or NULL if
* there is no store or an error occurs.
*/
xmlSecKeyStorePtr
xmlSecKeysMngrGetKeysStore(xmlSecKeysMngrPtr mngr) {
xmlSecAssert2(mngr != NULL, NULL);
-
+
return(mngr->keysStore);
}
/**
* xmlSecKeysMngrAdoptDataStore:
- * @mngr: the pointer to keys manager.
- * @store: the pointer to data store.
+ * @mngr: the pointer to keys manager.
+ * @store: the pointer to data store.
*
* Adopts data store in the keys manager.
*
@@ -171,48 +171,48 @@ int
xmlSecKeysMngrAdoptDataStore(xmlSecKeysMngrPtr mngr, xmlSecKeyDataStorePtr store) {
xmlSecKeyDataStorePtr tmp;
xmlSecSize pos, size;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(xmlSecKeyDataStoreIsValid(store), -1);
size = xmlSecPtrListGetSize(&(mngr->storesList));
for(pos = 0; pos < size; ++pos) {
- tmp = (xmlSecKeyDataStorePtr)xmlSecPtrListGetItem(&(mngr->storesList), pos);
- if((tmp != NULL) && (tmp->id == store->id)) {
- return(xmlSecPtrListSet(&(mngr->storesList), store, pos));
- }
+ tmp = (xmlSecKeyDataStorePtr)xmlSecPtrListGetItem(&(mngr->storesList), pos);
+ if((tmp != NULL) && (tmp->id == store->id)) {
+ return(xmlSecPtrListSet(&(mngr->storesList), store, pos));
+ }
}
-
+
return(xmlSecPtrListAdd(&(mngr->storesList), store));
}
/**
* xmlSecKeysMngrGetDataStore:
- * @mngr: the pointer to keys manager.
- * @id: the desired data store klass.
+ * @mngr: the pointer to keys manager.
+ * @id: the desired data store klass.
*
* Lookups the data store of given klass @id in the keys manager.
*
* Returns: pointer to data store or NULL if it is not found or an error
* occurs.
*/
-xmlSecKeyDataStorePtr
+xmlSecKeyDataStorePtr
xmlSecKeysMngrGetDataStore(xmlSecKeysMngrPtr mngr, xmlSecKeyDataStoreId id) {
xmlSecKeyDataStorePtr tmp;
xmlSecSize pos, size;
-
+
xmlSecAssert2(mngr != NULL, NULL);
xmlSecAssert2(id != xmlSecKeyDataStoreIdUnknown, NULL);
size = xmlSecPtrListGetSize(&(mngr->storesList));
for(pos = 0; pos < size; ++pos) {
- tmp = (xmlSecKeyDataStorePtr)xmlSecPtrListGetItem(&(mngr->storesList), pos);
- if((tmp != NULL) && (tmp->id == id)) {
- return(tmp);
- }
+ tmp = (xmlSecKeyDataStorePtr)xmlSecPtrListGetItem(&(mngr->storesList), pos);
+ if((tmp != NULL) && (tmp->id == id)) {
+ return(tmp);
+ }
}
-
+
return(NULL);
}
@@ -223,62 +223,62 @@ xmlSecKeysMngrGetDataStore(xmlSecKeysMngrPtr mngr, xmlSecKeyDataStoreId id) {
*************************************************************************/
/**
* xmlSecKeyStoreCreate:
- * @id: the key store klass.
+ * @id: the key store klass.
*
* Creates new store of the specified klass @klass. Caller is responsible
* for freeing the returned store by calling #xmlSecKeyStoreDestroy function.
*
* Returns: the pointer to newly allocated keys store or NULL if an error occurs.
*/
-xmlSecKeyStorePtr
+xmlSecKeyStorePtr
xmlSecKeyStoreCreate(xmlSecKeyStoreId id) {
xmlSecKeyStorePtr store;
int ret;
-
+
xmlSecAssert2(id != NULL, NULL);
xmlSecAssert2(id->objSize > 0, NULL);
-
+
/* Allocate a new xmlSecKeyStore and fill the fields. */
store = (xmlSecKeyStorePtr)xmlMalloc(id->objSize);
if(store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreKlassGetName(id)),
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", id->objSize);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", id->objSize);
+ return(NULL);
}
- memset(store, 0, id->objSize);
+ memset(store, 0, id->objSize);
store->id = id;
if(id->initialize != NULL) {
- ret = (id->initialize)(store);
+ ret = (id->initialize)(store);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreKlassGetName(id)),
- "id->initialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyStoreDestroy(store);
- return(NULL);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreKlassGetName(id)),
+ "id->initialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyStoreDestroy(store);
+ return(NULL);
+ }
}
-
+
return(store);
}
/**
* xmlSecKeyStoreDestroy:
- * @store: the pointer to keys store.
+ * @store: the pointer to keys store.
*
* Destroys the store created with #xmlSecKeyStoreCreate function.
*/
void
xmlSecKeyStoreDestroy(xmlSecKeyStorePtr store) {
- xmlSecAssert(xmlSecKeyStoreIsValid(store));
+ xmlSecAssert(xmlSecKeyStoreIsValid(store));
xmlSecAssert(store->id->objSize > 0);
-
- if(store->id->finalize != NULL) {
+
+ if(store->id->finalize != NULL) {
(store->id->finalize)(store);
}
memset(store, 0, store->id->objSize);
@@ -287,18 +287,18 @@ xmlSecKeyStoreDestroy(xmlSecKeyStorePtr store) {
/**
* xmlSecKeyStoreFindKey:
- * @store: the pointer to keys store.
- * @name: the desired key name.
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context.
+ * @store: the pointer to keys store.
+ * @name: the desired key name.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context.
*
- * Lookups key in the store. The caller is responsible for destroying
+ * Lookups key in the store. The caller is responsible for destroying
* the returned key using #xmlSecKeyDestroy method.
*
* Returns: the pointer to a key or NULL if key is not found or an error occurs.
*/
xmlSecKeyPtr
xmlSecKeyStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecAssert2(xmlSecKeyStoreIsValid(store), NULL);
+ xmlSecAssert2(xmlSecKeyStoreIsValid(store), NULL);
xmlSecAssert2(store->id->findKey != NULL, NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
@@ -308,66 +308,66 @@ xmlSecKeyStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, xmlSecKeyInf
/****************************************************************************
*
* Simple Keys Store
- *
+ *
* keys list (xmlSecPtrList) is located after xmlSecKeyStore
*
***************************************************************************/
#define xmlSecSimpleKeysStoreSize \
- (sizeof(xmlSecKeyStore) + sizeof(xmlSecPtrList))
+ (sizeof(xmlSecKeyStore) + sizeof(xmlSecPtrList))
#define xmlSecSimpleKeysStoreGetList(store) \
((xmlSecKeyStoreCheckSize((store), xmlSecSimpleKeysStoreSize)) ? \
- (xmlSecPtrListPtr)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
- (xmlSecPtrListPtr)NULL)
+ (xmlSecPtrListPtr)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
+ (xmlSecPtrListPtr)NULL)
-static int xmlSecSimpleKeysStoreInitialize (xmlSecKeyStorePtr store);
-static void xmlSecSimpleKeysStoreFinalize (xmlSecKeyStorePtr store);
-static xmlSecKeyPtr xmlSecSimpleKeysStoreFindKey (xmlSecKeyStorePtr store,
- const xmlChar* name,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecSimpleKeysStoreInitialize (xmlSecKeyStorePtr store);
+static void xmlSecSimpleKeysStoreFinalize (xmlSecKeyStorePtr store);
+static xmlSecKeyPtr xmlSecSimpleKeysStoreFindKey (xmlSecKeyStorePtr store,
+ const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
static xmlSecKeyStoreKlass xmlSecSimpleKeysStoreKlass = {
sizeof(xmlSecKeyStoreKlass),
xmlSecSimpleKeysStoreSize,
/* data */
- BAD_CAST "simple-keys-store", /* const xmlChar* name; */
-
+ BAD_CAST "simple-keys-store", /* const xmlChar* name; */
+
/* constructors/destructor */
- xmlSecSimpleKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
- xmlSecSimpleKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
- xmlSecSimpleKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
+ xmlSecSimpleKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
+ xmlSecSimpleKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
+ xmlSecSimpleKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecSimpleKeysStoreGetKlass:
- *
+ *
* The simple list based keys store klass.
*
* Returns: simple list based keys store klass.
*/
-xmlSecKeyStoreId
+xmlSecKeyStoreId
xmlSecSimpleKeysStoreGetKlass(void) {
return(&xmlSecSimpleKeysStoreKlass);
}
/**
* xmlSecSimpleKeysStoreAdoptKey:
- * @store: the pointer to simple keys store.
- * @key: the pointer to key.
- *
- * Adds @key to the @store.
+ * @store: the pointer to simple keys store.
+ * @key: the pointer to key.
+ *
+ * Adds @key to the @store.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecSimpleKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
xmlSecPtrListPtr list;
int ret;
-
+
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1);
xmlSecAssert2(key != NULL, -1);
@@ -376,30 +376,30 @@ xmlSecSimpleKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
ret = xmlSecPtrListAdd(list, key);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
-/**
+/**
* xmlSecSimpleKeysStoreLoad:
- * @store: the pointer to simple keys store.
- * @uri: the filename.
- * @keysMngr: the pointer to associated keys manager.
- *
+ * @store: the pointer to simple keys store.
+ * @uri: the filename.
+ * @keysMngr: the pointer to associated keys manager.
+ *
* Reads keys from an XML file.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
int
-xmlSecSimpleKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
- xmlSecKeysMngrPtr keysMngr) {
+xmlSecSimpleKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
+ xmlSecKeysMngrPtr keysMngr) {
xmlDocPtr doc;
xmlNodePtr root;
xmlNodePtr cur;
@@ -408,118 +408,118 @@ xmlSecSimpleKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1);
- xmlSecAssert2(uri != NULL, -1);
+ xmlSecAssert2(uri != NULL, -1);
doc = xmlParseFile(uri);
if(doc == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlParseFile",
- XMLSEC_ERRORS_R_XML_FAILED,
- "uri=%s",
- xmlSecErrorsSafeString(uri));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlParseFile",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "uri=%s",
+ xmlSecErrorsSafeString(uri));
+ return(-1);
}
-
+
root = xmlDocGetRootElement(doc);
if(!xmlSecCheckNodeName(root, BAD_CAST "Keys", xmlSecNs)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(root)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "expected-node=<xmlsec:Keys>");
- xmlFreeDoc(doc);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(root)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected-node=<xmlsec:Keys>");
+ xmlFreeDoc(doc);
+ return(-1);
}
-
+
cur = xmlSecGetNextElementNode(root->children);
- while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) {
- key = xmlSecKeyCreate();
- if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "expected-node=%s",
- xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
- xmlFreeDoc(doc);
- return(-1);
- }
-
- ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecKeyInfoCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDestroy(key);
- xmlFreeDoc(doc);
- return(-1);
- }
-
- keyInfoCtx.mode = xmlSecKeyInfoModeRead;
- keyInfoCtx.keysMngr = keysMngr;
- keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND |
- XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
- keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
- keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypeAny;
- keyInfoCtx.keyReq.keyUsage= xmlSecKeyDataUsageAny;
-
- ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecKeyInfoNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
- xmlSecKeyDestroy(key);
- xmlFreeDoc(doc);
- return(-1);
- }
- xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
-
- if(xmlSecKeyIsValid(key)) {
- ret = xmlSecSimpleKeysStoreAdoptKey(store, key);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecSimpleKeysStoreAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDestroy(key);
- xmlFreeDoc(doc);
- return(-1);
- }
- } else {
- /* we have an unknown key in our file, just ignore it */
- xmlSecKeyDestroy(key);
- }
+ while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) {
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected-node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ keyInfoCtx.mode = xmlSecKeyInfoModeRead;
+ keyInfoCtx.keysMngr = keysMngr;
+ keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND |
+ XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
+ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
+ keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypeAny;
+ keyInfoCtx.keyReq.keyUsage= xmlSecKeyDataUsageAny;
+
+ ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeyInfoNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+ xmlSecKeyDestroy(key);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+
+ if(xmlSecKeyIsValid(key)) {
+ ret = xmlSecSimpleKeysStoreAdoptKey(store, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecSimpleKeysStoreAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+ } else {
+ /* we have an unknown key in our file, just ignore it */
+ xmlSecKeyDestroy(key);
+ }
cur = xmlSecGetNextElementNode(cur->next);
}
-
+
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFreeDoc(doc);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(doc);
+ return(-1);
}
-
+
xmlFreeDoc(doc);
return(0);
}
-/**
+/**
* xmlSecSimpleKeysStoreSave:
- * @store: the pointer to simple keys store.
- * @filename: the filename.
- * @type: the saved keys type (public, private, ...).
- *
+ * @store: the pointer to simple keys store.
+ * @filename: the filename.
+ * @type: the saved keys type (public, private, ...).
+ *
* Writes keys from @store to an XML file.
*
* Returns: 0 on success or a negative value if an error occurs.
@@ -529,7 +529,7 @@ xmlSecSimpleKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecK
xmlSecKeyInfoCtx keyInfoCtx;
xmlSecPtrListPtr list;
xmlSecKeyPtr key;
- xmlSecSize i, keysSize;
+ xmlSecSize i, keysSize;
xmlDocPtr doc;
xmlNodePtr cur;
xmlSecKeyDataPtr data;
@@ -539,7 +539,7 @@ xmlSecSimpleKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecK
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1);
- xmlSecAssert2(filename != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
list = xmlSecSimpleKeysStoreGetList(store);
xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
@@ -547,133 +547,133 @@ xmlSecSimpleKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecK
/* create doc */
doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs);
if(doc == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecCreateTree",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecCreateTree",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
- idsList = xmlSecKeyDataIdsGet();
+
+ idsList = xmlSecKeyDataIdsGet();
xmlSecAssert2(idsList != NULL, -1);
-
+
keysSize = xmlSecPtrListGetSize(list);
idsSize = xmlSecPtrListGetSize(idsList);
for(i = 0; i < keysSize; ++i) {
- key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i);
- xmlSecAssert2(key != NULL, -1);
-
- cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
- if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
- xmlFreeDoc(doc);
- return(-1);
- }
-
- /* special data key name */
- if(xmlSecKeyGetName(key) != NULL) {
- if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeKeyName));
- xmlFreeDoc(doc);
- return(-1);
- }
- }
-
- /* create nodes for other keys data */
- for(j = 0; j < idsSize; ++j) {
- dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j);
- xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1);
-
- if(dataId->dataNodeName == NULL) {
- continue;
- }
-
- data = xmlSecKeyGetData(key, dataId);
- if(data == NULL) {
- continue;
- }
-
- if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(dataId->dataNodeName));
- xmlFreeDoc(doc);
- return(-1);
- }
- }
-
- ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecKeyInfoCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFreeDoc(doc);
- return(-1);
- }
-
- keyInfoCtx.mode = xmlSecKeyInfoModeWrite;
- keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
- keyInfoCtx.keyReq.keyType = type;
- keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny;
-
- /* finally write key in the node */
- ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecKeyInfoNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
- xmlFreeDoc(doc);
- return(-1);
- }
- xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+ key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert2(key != NULL, -1);
+
+ cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ /* special data key name */
+ if(xmlSecKeyGetName(key) != NULL) {
+ if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyName));
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+ }
+
+ /* create nodes for other keys data */
+ for(j = 0; j < idsSize; ++j) {
+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j);
+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1);
+
+ if(dataId->dataNodeName == NULL) {
+ continue;
+ }
+
+ data = xmlSecKeyGetData(key, dataId);
+ if(data == NULL) {
+ continue;
+ }
+
+ if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(dataId->dataNodeName));
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+ }
+
+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ keyInfoCtx.mode = xmlSecKeyInfoModeWrite;
+ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
+ keyInfoCtx.keyReq.keyType = type;
+ keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny;
+
+ /* finally write key in the node */
+ ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeyInfoNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
}
-
+
/* now write result */
ret = xmlSaveFormatFile(filename, doc, 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSaveFormatFile",
- XMLSEC_ERRORS_R_XML_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(filename));
- xmlFreeDoc(doc);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSaveFormatFile",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
xmlFreeDoc(doc);
return(0);
}
-/**
+/**
* xmlSecSimpleKeysStoreGetKeys:
- * @store: the pointer to simple keys store.
- *
+ * @store: the pointer to simple keys store.
+ *
* Gets list of keys from simple keys store.
- *
+ *
* Returns: pointer to the list of keys stored in the keys store or NULL
* if an error occurs.
*/
-xmlSecPtrListPtr
+xmlSecPtrListPtr
xmlSecSimpleKeysStoreGetKeys(xmlSecKeyStorePtr store) {
xmlSecPtrListPtr list;
@@ -694,35 +694,35 @@ xmlSecSimpleKeysStoreInitialize(xmlSecKeyStorePtr store) {
list = xmlSecSimpleKeysStoreGetList(store);
xmlSecAssert2(list != NULL, -1);
-
+
ret = xmlSecPtrListInitialize(list, xmlSecKeyPtrListId);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecPtrListInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecKeyPtrListId");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecKeyPtrListId");
+ return(-1);
}
- return(0);
+ return(0);
}
static void
xmlSecSimpleKeysStoreFinalize(xmlSecKeyStorePtr store) {
xmlSecPtrListPtr list;
-
+
xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId));
-
+
list = xmlSecSimpleKeysStoreGetList(store);
xmlSecAssert(list != NULL);
-
+
xmlSecPtrListFinalize(list);
}
-static xmlSecKeyPtr
-xmlSecSimpleKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+static xmlSecKeyPtr
+xmlSecSimpleKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecPtrListPtr list;
xmlSecKeyPtr key;
xmlSecSize pos, size;
@@ -735,10 +735,10 @@ xmlSecSimpleKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
size = xmlSecPtrListGetSize(list);
for(pos = 0; pos < size; ++pos) {
- key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, pos);
- if((key != NULL) && (xmlSecKeyMatch(key, name, &(keyInfoCtx->keyReq)) == 1)) {
- return(xmlSecKeyDuplicate(key));
- }
+ key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, pos);
+ if((key != NULL) && (xmlSecKeyMatch(key, name, &(keyInfoCtx->keyReq)) == 1)) {
+ return(xmlSecKeyDuplicate(key));
+ }
}
return(NULL);
}
diff --git a/src/kw_aes_des.c b/src/kw_aes_des.c
new file mode 100644
index 00000000..022e720a
--- /dev/null
+++ b/src/kw_aes_des.c
@@ -0,0 +1,493 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Implementation of AES/DES Key Transport algorithm
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/errors.h>
+
+#include "kw_aes_des.h"
+
+#ifndef XMLSEC_NO_DES
+
+static int xmlSecKWDes3BufferReverse (xmlSecByte *buf,
+ xmlSecSize size);
+
+/********************************************************************
+ *
+ * CMS Triple DES Key Wrap
+ *
+ * http://www.w3.org/TR/xmlenc-core/#sec-Alg-SymmetricKeyWrap
+ *
+ * The following algorithm wraps (encrypts) a key (the wrapped key, WK)
+ * under a TRIPLEDES key-encryption-key (KEK) as specified in [CMS-Algorithms]:
+ *
+ * 1. Represent the key being wrapped as an octet sequence. If it is a
+ * TRIPLEDES key, this is 24 octets (192 bits) with odd parity bit as
+ * the bottom bit of each octet.
+ * 2. Compute the CMS key checksum (section 5.6.1) call this CKS.
+ * 3. Let WKCKS = WK || CKS, where || is concatenation.
+ * 4. Generate 8 random octets [RANDOM] and call this IV.
+ * 5. Encrypt WKCKS in CBC mode using KEK as the key and IV as the
+ * initialization vector. Call the results TEMP1.
+ * 6. Left TEMP2 = IV || TEMP1.
+ * 7. Reverse the order of the octets in TEMP2 and call the result TEMP3.
+ * 8. Encrypt TEMP3 in CBC mode using the KEK and an initialization vector
+ * of 0x4adda22c79e82105. The resulting cipher text is the desired result.
+ * It is 40 octets long if a 168 bit key is being wrapped.
+ *
+ * The following algorithm unwraps (decrypts) a key as specified in
+ * [CMS-Algorithms]:
+ *
+ * 1. Check if the length of the cipher text is reasonable given the key type.
+ * It must be 40 bytes for a 168 bit key and either 32, 40, or 48 bytes for
+ * a 128, 192, or 256 bit key. If the length is not supported or inconsistent
+ * with the algorithm for which the key is intended, return error.
+ * 2. Decrypt the cipher text with TRIPLEDES in CBC mode using the KEK and
+ * an initialization vector (IV) of 0x4adda22c79e82105. Call the output TEMP3.
+ * 3. Reverse the order of the octets in TEMP3 and call the result TEMP2.
+ * 4. Decompose TEMP2 into IV, the first 8 octets, and TEMP1, the remaining
+ * octets.
+ * 5. Decrypt TEMP1 using TRIPLEDES in CBC mode using the KEK and the IV found
+ * in the previous step. Call the result WKCKS.
+ * 6. Decompose WKCKS. CKS is the last 8 octets and WK, the wrapped key, are
+ * those octets before the CKS.
+ * 7. Calculate a CMS key checksum (section 5.6.1) over the WK and compare
+ * with the CKS extracted in the above step. If they are not equal, return
+ * error.
+ * 8. WK is the wrapped key, now extracted for use in data decryption.
+ *
+ ********************************************************************/
+static xmlSecByte xmlSecKWDes3Iv[XMLSEC_KW_DES3_IV_LENGTH] = {
+ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
+};
+
+int
+xmlSecKWDes3Encode(xmlSecKWDes3Id kwDes3Id, void *context,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize) {
+ xmlSecByte sha1[XMLSEC_KW_DES3_SHA_DIGEST_LENGTH];
+ xmlSecByte iv[XMLSEC_KW_DES3_IV_LENGTH];
+ xmlSecSize s;
+ int ret;
+
+ xmlSecAssert2(xmlSecKWDes3CheckId(kwDes3Id), -1);
+ xmlSecAssert2(context != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize + XMLSEC_KW_DES3_BLOCK_LENGTH + XMLSEC_KW_DES3_IV_LENGTH, -1);
+
+ /* step 2: calculate sha1 and CMS */
+ ret = kwDes3Id->sha1(context, in, inSize, sha1, sizeof(sha1));
+ if((ret < 0) || (ret != sizeof(sha1))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwDes3Id->sha1",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ /* step 3: construct WKCKS as WK || CKS */
+ memcpy(out, in, inSize);
+ memcpy(out + inSize, sha1, XMLSEC_KW_DES3_BLOCK_LENGTH);
+
+ /* step 4: generate random iv */
+ ret = kwDes3Id->generateRandom(context, iv, sizeof(iv));
+ if((ret < 0) || (ret != sizeof(iv))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwDes3Id->generateRandom",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ /* step 5: first encryption, result is TEMP1 */
+ ret = kwDes3Id->encrypt(context,
+ iv, sizeof(iv),
+ out, inSize + XMLSEC_KW_DES3_BLOCK_LENGTH,
+ out, outSize);
+ if((ret < 0) || ((xmlSecSize)ret != inSize + XMLSEC_KW_DES3_BLOCK_LENGTH)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwDes3Id->encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ /* step 6: construct TEMP2=IV || TEMP1 */
+ memmove(out + XMLSEC_KW_DES3_IV_LENGTH, out, inSize + XMLSEC_KW_DES3_BLOCK_LENGTH);
+ memcpy(out, iv, XMLSEC_KW_DES3_IV_LENGTH);
+ s = inSize + XMLSEC_KW_DES3_BLOCK_LENGTH + XMLSEC_KW_DES3_IV_LENGTH;
+
+ /* step 7: reverse octets order, result is TEMP3 */
+ ret = xmlSecKWDes3BufferReverse(out, s);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKWDes3BufferReverse",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ /* step 8: second encryption with static IV */
+ ret = kwDes3Id->encrypt(context,
+ xmlSecKWDes3Iv, sizeof(xmlSecKWDes3Iv),
+ out, s,
+ out, outSize);
+ if((ret < 0) || ((xmlSecSize)ret != s)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwDes3Id->encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ s = ret;
+ return(s);
+}
+
+int
+xmlSecKWDes3Decode(xmlSecKWDes3Id kwDes3Id, void *context,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize)
+{
+ xmlSecByte sha1[XMLSEC_KW_DES3_SHA_DIGEST_LENGTH];
+ xmlSecSize s;
+ int ret;
+
+ xmlSecAssert2(xmlSecKWDes3CheckId(kwDes3Id), -1);
+ xmlSecAssert2(context != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+
+ /* step 2: first decryption with static IV, result is TEMP3 */
+ ret = kwDes3Id->decrypt(context,
+ xmlSecKWDes3Iv, sizeof(xmlSecKWDes3Iv),
+ in, inSize,
+ out, outSize);
+ if((ret < 0) || (ret < XMLSEC_KW_DES3_IV_LENGTH)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwDes3Id->decrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+ s = ret;
+
+ /* step 3: reverse octets order in TEMP3, result is TEMP2 */
+ ret = xmlSecKWDes3BufferReverse(out, s);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKWDes3BufferReverse",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */
+ ret = kwDes3Id->decrypt(context,
+ out, XMLSEC_KW_DES3_IV_LENGTH,
+ out + XMLSEC_KW_DES3_IV_LENGTH, s - XMLSEC_KW_DES3_IV_LENGTH,
+ out, outSize);
+ if((ret < 0) || (ret < XMLSEC_KW_DES3_BLOCK_LENGTH)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwDes3Id->decrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+ s = ret - XMLSEC_KW_DES3_BLOCK_LENGTH;
+
+ /* steps 6 and 7: calculate SHA1 and validate it */
+ ret = kwDes3Id->sha1(context,
+ out, s,
+ sha1, sizeof(sha1));
+ if((ret < 0) || (ret != sizeof(sha1))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwDes3Id->sha1",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ /* check sha1 */
+ xmlSecAssert2(XMLSEC_KW_DES3_BLOCK_LENGTH <= sizeof(sha1), -1);
+ if(memcmp(sha1, out + s, XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "SHA1 does not match");
+ return(-1);
+ }
+
+ /* done */
+ return(s);
+}
+
+static int
+xmlSecKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size)
+{
+ xmlSecByte * p;
+ xmlSecByte ch;
+
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(size > 0, -1);
+
+ for(p = buf + size - 1; p >= buf; ++buf, --p) {
+ ch = (*p);
+ (*p) = (*buf);
+ (*buf) = ch;
+ }
+ return (0);
+}
+
+#endif /* XMLSEC_NO_DES */
+
+
+
+#ifndef XMLSEC_NO_AES
+/********************************************************************
+ *
+ * KT AES
+ *
+ * http://www.w3.org/TR/xmlenc-core/#sec-Alg-SymmetricKeyWrap:
+ *
+ * Assume that the data to be wrapped consists of N 64-bit data blocks
+ * denoted P(1), P(2), P(3) ... P(N). The result of wrapping will be N+1
+ * 64-bit blocks denoted C(0), C(1), C(2), ... C(N). The key encrypting
+ * key is represented by K. Assume integers i, j, and t and intermediate
+ * 64-bit register A, 128-bit register B, and array of 64-bit quantities
+ * R(1) through R(N).
+ *
+ * "|" represents concatentation so x|y, where x and y and 64-bit quantities,
+ * is the 128-bit quantity with x in the most significant bits and y in the
+ * least significant bits. AES(K)enc(x) is the operation of AES encrypting
+ * the 128-bit quantity x under the key K. AES(K)dec(x) is the corresponding
+ * decryption opteration. XOR(x,y) is the bitwise exclusive or of x and y.
+ * MSB(x) and LSB(y) are the most significant 64 bits and least significant
+ * 64 bits of x and y respectively.
+ *
+ * If N is 1, a single AES operation is performed for wrap or unwrap.
+ * If N>1, then 6*N AES operations are performed for wrap or unwrap.
+ *
+ * The key wrap algorithm is as follows:
+ *
+ * 1. If N is 1:
+ * * B=AES(K)enc(0xA6A6A6A6A6A6A6A6|P(1))
+ * * C(0)=MSB(B)
+ * * C(1)=LSB(B)
+ * If N>1, perform the following steps:
+ * 2. Initialize variables:
+ * * Set A to 0xA6A6A6A6A6A6A6A6
+ * * Fori=1 to N,
+ * R(i)=P(i)
+ * 3. Calculate intermediate values:
+ * * Forj=0 to 5,
+ * o For i=1 to N,
+ * t= i + j*N
+ * B=AES(K)enc(A|R(i))
+ * A=XOR(t,MSB(B))
+ * R(i)=LSB(B)
+ * 4. Output the results:
+ * * Set C(0)=A
+ * * For i=1 to N,
+ * C(i)=R(i)
+ *
+ * The key unwrap algorithm is as follows:
+ *
+ * 1. If N is 1:
+ * * B=AES(K)dec(C(0)|C(1))
+ * * P(1)=LSB(B)
+ * * If MSB(B) is 0xA6A6A6A6A6A6A6A6, return success. Otherwise,
+ * return an integrity check failure error.
+ * If N>1, perform the following steps:
+ * 2. Initialize the variables:
+ * * A=C(0)
+ * * For i=1 to N,
+ * R(i)=C(i)
+ * 3. Calculate intermediate values:
+ * * For j=5 to 0,
+ * o For i=N to 1,
+ * t= i + j*N
+ * B=AES(K)dec(XOR(t,A)|R(i))
+ * A=MSB(B)
+ * R(i)=LSB(B)
+ * 4. Output the results:
+ * * For i=1 to N,
+ * P(i)=R(i)
+ * * If A is 0xA6A6A6A6A6A6A6A6, return success. Otherwise, return
+ * an integrity check failure error.
+ ********************************************************************/
+static const xmlSecByte xmlSecKWAesMagicBlock[XMLSEC_KW_AES_MAGIC_BLOCK_SIZE] = {
+ 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6
+};
+
+int
+xmlSecKWAesEncode(xmlSecKWAesId kwAesId, void *context,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize) {
+ xmlSecByte block[XMLSEC_KW_AES_BLOCK_SIZE];
+ xmlSecByte *p;
+ int N, i, j, t;
+ int ret;
+
+ xmlSecAssert2(kwAesId != NULL, -1);
+ xmlSecAssert2(kwAesId->encrypt != NULL, -1);
+ xmlSecAssert2(kwAesId->decrypt != NULL, -1);
+ xmlSecAssert2(context != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE, -1);
+
+ /* prepend magic block */
+ if(in != out) {
+ memcpy(out + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE, in, inSize);
+ } else {
+ memmove(out + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE, out, inSize);
+ }
+ memcpy(out, xmlSecKWAesMagicBlock, XMLSEC_KW_AES_MAGIC_BLOCK_SIZE);
+
+ N = (inSize / 8);
+ if(N == 1) {
+ ret = kwAesId->encrypt(out, inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE, out, outSize, context);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwAesId->encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+ for(j = 0; j <= 5; ++j) {
+ for(i = 1; i <= N; ++i) {
+ t = i + (j * N);
+ p = out + i * 8;
+
+ memcpy(block, out, 8);
+ memcpy(block + 8, p, 8);
+
+ ret = kwAesId->encrypt(block, sizeof(block), block, sizeof(block), context);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwAesId->encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ block[7] ^= t;
+ memcpy(out, block, 8);
+ memcpy(p, block + 8, 8);
+ }
+ }
+ }
+
+ return(inSize + 8);
+}
+
+int
+xmlSecKWAesDecode(xmlSecKWAesId kwAesId, void *context,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize) {
+ xmlSecByte block[XMLSEC_KW_AES_BLOCK_SIZE];
+ xmlSecByte *p;
+ int N, i, j, t;
+ int ret;
+
+ xmlSecAssert2(kwAesId != NULL, -1);
+ xmlSecAssert2(kwAesId->encrypt != NULL, -1);
+ xmlSecAssert2(kwAesId->decrypt != NULL, -1);
+ xmlSecAssert2(context != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ /* copy input */
+ if(in != out) {
+ memcpy(out, in, inSize);
+ }
+
+ N = (inSize / 8) - 1;
+ if(N == 1) {
+ ret = kwAesId->decrypt(out, inSize, out, outSize, context);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwAesId->decrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+ for(j = 5; j >= 0; --j) {
+ for(i = N; i > 0; --i) {
+ t = i + (j * N);
+ p = out + i * 8;
+
+ memcpy(block, out, 8);
+ memcpy(block + 8, p, 8);
+ block[7] ^= t;
+
+ ret = kwAesId->decrypt(block, sizeof(block), block, sizeof(block), context);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwAesId->decrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ memcpy(out, block, 8);
+ memcpy(p, block + 8, 8);
+ }
+ }
+ }
+ /* do not left data in memory */
+ memset(block, 0, sizeof(block));
+
+ /* check the output */
+ if(memcmp(xmlSecKWAesMagicBlock, out, XMLSEC_KW_AES_MAGIC_BLOCK_SIZE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "bad magic block");
+ return(-1);
+ }
+
+ /* get rid of magic block */
+ memmove(out, out + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE, inSize - XMLSEC_KW_AES_MAGIC_BLOCK_SIZE);
+ return(inSize - XMLSEC_KW_AES_MAGIC_BLOCK_SIZE);
+}
+
+#endif /* XMLSEC_NO_AES */
+
diff --git a/src/kw_aes_des.h b/src/kw_aes_des.h
new file mode 100644
index 00000000..46e85273
--- /dev/null
+++ b/src/kw_aes_des.h
@@ -0,0 +1,148 @@
+/**
+ * XMLSec library
+ *
+ * THIS IS A PRIVATE XMLSEC HEADER FILE
+ * DON'T USE IT IN YOUR APPLICATION
+ *
+ * Implementation of AES/DES Key Transport algorithm
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin, All rights reserved.
+ */
+#ifndef __XMLSEC_KT_AES_DES_H__
+#define __XMLSEC_KT_AES_DES_H__
+
+#ifndef XMLSEC_PRIVATE
+#error "private.h file contains private xmlsec definitions and should not be used outside xmlsec or xmlsec-<crypto> libraries"
+#endif /* XMLSEC_PRIVATE */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#ifndef XMLSEC_NO_DES
+/********************************************************************
+ *
+ * KT DES
+ *
+ ********************************************************************/
+#define XMLSEC_KW_DES3_KEY_LENGTH 24
+#define XMLSEC_KW_DES3_IV_LENGTH 8
+#define XMLSEC_KW_DES3_BLOCK_LENGTH 8
+#define XMLSEC_KW_DES3_SHA_DIGEST_LENGTH 20
+
+
+typedef int (*xmlSecKWDes3Sha1Method) (void * context,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+typedef int (*xmlSecKWDes3GenerateRandomMethod) (void * context,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+typedef int (*xmlSecKWDes3BlockEncryptMethod) (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+typedef int (*xmlSecKWDes3BlockDecryptMethod) (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+
+
+struct _xmlSecKWDes3Klass {
+ /* callbacks */
+ xmlSecKWDes3GenerateRandomMethod generateRandom;
+ xmlSecKWDes3Sha1Method sha1;
+ xmlSecKWDes3BlockEncryptMethod encrypt;
+ xmlSecKWDes3BlockDecryptMethod decrypt;
+
+ /* for the future */
+ void* reserved0;
+ void* reserved1;
+};
+typedef const struct _xmlSecKWDes3Klass xmlSecKWDes3Klass,
+ *xmlSecKWDes3Id;
+
+#define xmlSecKWDes3CheckId(id) \
+ ( \
+ ((id) != NULL) && \
+ ((id)->generateRandom != NULL) && \
+ ((id)->sha1 != NULL) && \
+ ((id)->encrypt != NULL) && \
+ ((id)->decrypt != NULL) \
+ )
+
+XMLSEC_EXPORT int
+xmlSecKWDes3Encode(xmlSecKWDes3Id kwDes3Id, void *context,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize);
+
+XMLSEC_EXPORT int
+xmlSecKWDes3Decode(xmlSecKWDes3Id kwDes3Id, void *context,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize);
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+/********************************************************************
+ *
+ * KT AES
+ *
+ ********************************************************************/
+#define XMLSEC_KW_AES_MAGIC_BLOCK_SIZE 8
+#define XMLSEC_KW_AES_BLOCK_SIZE 16
+#define XMLSEC_KW_AES128_KEY_SIZE 16
+#define XMLSEC_KW_AES192_KEY_SIZE 24
+#define XMLSEC_KW_AES256_KEY_SIZE 32
+
+typedef int (*xmlSecKWAesBlockEncryptMethod) (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+typedef int (*xmlSecKWAesBlockDecryptMethod) (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+
+
+struct _xmlSecKWAesKlass {
+ /* callbacks */
+ xmlSecKWAesBlockEncryptMethod encrypt;
+ xmlSecKWAesBlockDecryptMethod decrypt;
+
+ /* for the future */
+ void* reserved0;
+ void* reserved1;
+};
+typedef const struct _xmlSecKWAesKlass xmlSecKWAesKlass,
+ *xmlSecKWAesId;
+
+XMLSEC_EXPORT int
+xmlSecKWAesEncode(xmlSecKWAesId kwAesId, void *context,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize);
+
+XMLSEC_EXPORT int
+xmlSecKWAesDecode(xmlSecKWAesId kwAesId, void *context,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize);
+
+#endif /* XMLSEC_NO_AES */
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_KT_AES_DES_H__ */
diff --git a/src/list.c b/src/list.c
index a4b6ad54..d1a00533 100644
--- a/src/list.c
+++ b/src/list.c
@@ -1,18 +1,18 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* List of pointers.
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
#include <stdlib.h>
#include <string.h>
-
+
#include <libxml/tree.h>
#include <xmlsec/xmlsec.h>
@@ -20,76 +20,76 @@
#include <xmlsec/errors.h>
-static int xmlSecPtrListEnsureSize (xmlSecPtrListPtr list,
- xmlSecSize size);
-
+static int xmlSecPtrListEnsureSize (xmlSecPtrListPtr list,
+ xmlSecSize size);
+
static xmlSecAllocMode gAllocMode = xmlSecAllocModeDouble;
static xmlSecSize gInitialSize = 64;
-/**
+/**
* xmlSecPtrListSetDefaultAllocMode:
- * @defAllocMode: the new default memory allocation mode.
- * @defInitialSize: the new default minimal initial size.
+ * @defAllocMode: the new default memory allocation mode.
+ * @defInitialSize: the new default minimal initial size.
*
* Sets new default allocation mode and minimal initial list size.
*/
-void
+void
xmlSecPtrListSetDefaultAllocMode(xmlSecAllocMode defAllocMode, xmlSecSize defInitialSize) {
xmlSecAssert(defInitialSize > 0);
-
+
gAllocMode = defAllocMode;
gInitialSize = defInitialSize;
}
/**
* xmlSecPtrListCreate:
- * @id: the list klass.
- *
+ * @id: the list klass.
+ *
* Creates new list object. Caller is responsible for freeing returned list
* by calling #xmlSecPtrListDestroy function.
*
* Returns: pointer to newly allocated list or NULL if an error occurs.
*/
-xmlSecPtrListPtr
+xmlSecPtrListPtr
xmlSecPtrListCreate(xmlSecPtrListId id) {
xmlSecPtrListPtr list;
int ret;
-
+
xmlSecAssert2(id != xmlSecPtrListIdUnknown, NULL);
-
+
/* Allocate a new xmlSecPtrList and fill the fields. */
list = (xmlSecPtrListPtr)xmlMalloc(sizeof(xmlSecPtrList));
if(list == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecPtrListKlassGetName(id)),
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "sizeof(xmlSecPtrList)=%d",
- sizeof(xmlSecPtrList));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecPtrListKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecPtrList)=%d",
+ sizeof(xmlSecPtrList));
+ return(NULL);
}
-
+
ret = xmlSecPtrListInitialize(list, id);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecPtrListKlassGetName(id)),
- "xmlSecPtrListInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(list);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecPtrListKlassGetName(id)),
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(list);
+ return(NULL);
}
-
- return(list);
+
+ return(list);
}
/**
* xmlSecPtrListDestroy:
- * @list: the pointer to list.
+ * @list: the pointer to list.
*
* Destroys @list created with #xmlSecPtrListCreate function.
*/
-void
+void
xmlSecPtrListDestroy(xmlSecPtrListPtr list) {
xmlSecAssert(xmlSecPtrListIsValid(list));
xmlSecPtrListFinalize(list);
@@ -98,30 +98,30 @@ xmlSecPtrListDestroy(xmlSecPtrListPtr list) {
/**
* xmlSecPtrListInitialize:
- * @list: the pointer to list.
- * @id: the list klass.
+ * @list: the pointer to list.
+ * @id: the list klass.
*
- * Initializes the list of given klass. Caller is responsible
+ * Initializes the list of given klass. Caller is responsible
* for cleaning up by calling #xmlSecPtrListFinalize function.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecPtrListInitialize(xmlSecPtrListPtr list, xmlSecPtrListId id) {
xmlSecAssert2(id != xmlSecPtrListIdUnknown, -1);
xmlSecAssert2(list != NULL, -1);
- memset(list, 0, sizeof(xmlSecPtrList));
+ memset(list, 0, sizeof(xmlSecPtrList));
list->id = id;
list->allocMode = gAllocMode;
-
+
return(0);
}
/**
* xmlSecPtrListFinalize:
- * @list: the pointer to list.
- *
+ * @list: the pointer to list.
+ *
* Cleans up the list initialized with #xmlSecPtrListInitialize
* function.
*/
@@ -130,34 +130,34 @@ xmlSecPtrListFinalize(xmlSecPtrListPtr list) {
xmlSecAssert(xmlSecPtrListIsValid(list));
xmlSecPtrListEmpty(list);
- memset(list, 0, sizeof(xmlSecPtrList));
+ memset(list, 0, sizeof(xmlSecPtrList));
}
/**
* xmlSecPtrListEmpty:
- * @list: the pointer to list.
+ * @list: the pointer to list.
*
* Remove all items from @list (if any).
*/
-void
+void
xmlSecPtrListEmpty(xmlSecPtrListPtr list) {
xmlSecAssert(xmlSecPtrListIsValid(list));
if(list->id->destroyItem != NULL) {
- xmlSecSize pos;
-
- for(pos = 0; pos < list->use; ++pos) {
- xmlSecAssert(list->data != NULL);
- if(list->data[pos] != NULL) {
- list->id->destroyItem(list->data[pos]);
- }
- }
+ xmlSecSize pos;
+
+ for(pos = 0; pos < list->use; ++pos) {
+ xmlSecAssert(list->data != NULL);
+ if(list->data[pos] != NULL) {
+ list->id->destroyItem(list->data[pos]);
+ }
+ }
}
if(list->max > 0) {
- xmlSecAssert(list->data != NULL);
+ xmlSecAssert(list->data != NULL);
- memset(list->data, 0, sizeof(xmlSecPtr) * list->use);
- xmlFree(list->data);
+ memset(list->data, 0, sizeof(xmlSecPtr) * list->use);
+ xmlFree(list->data);
}
list->max = list->use = 0;
list->data = NULL;
@@ -165,11 +165,11 @@ xmlSecPtrListEmpty(xmlSecPtrListPtr list) {
/**
* xmlSecPtrListCopy:
- * @dst: the pointer to destination list.
- * @src: the pointer to source list.
+ * @dst: the pointer to destination list.
+ * @src: the pointer to source list.
*
* Copies @src list items to @dst list using #duplicateItem method
- * of the list klass. If #duplicateItem method is NULL then
+ * of the list klass. If #duplicateItem method is NULL then
* we jsut copy pointers to items.
*
* Returns: 0 on success or a negative value if an error occurs.
@@ -178,109 +178,109 @@ int
xmlSecPtrListCopy(xmlSecPtrListPtr dst, xmlSecPtrListPtr src) {
xmlSecSize i;
int ret;
-
+
xmlSecAssert2(xmlSecPtrListIsValid(dst), -1);
xmlSecAssert2(xmlSecPtrListIsValid(src), -1);
xmlSecAssert2(dst->id == src->id, -1);
-
+
/* allocate memory */
ret = xmlSecPtrListEnsureSize(dst, dst->use + src->use);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecPtrListGetName(src)),
- "xmlSecPtrListEnsureSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", src->use);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecPtrListGetName(src)),
+ "xmlSecPtrListEnsureSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", src->use);
+ return(-1);
}
- /* copy one item after another */
+ /* copy one item after another */
for(i = 0; i < src->use; ++i, ++dst->use) {
- xmlSecAssert2(src->data != NULL, -1);
- xmlSecAssert2(dst->data != NULL, -1);
-
- if((dst->id->duplicateItem != NULL) && (src->data[i] != NULL)) {
- dst->data[dst->use] = dst->id->duplicateItem(src->data[i]);
- if(dst->data[dst->use] == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecPtrListGetName(src)),
- "duplicateItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- } else {
- dst->data[dst->use] = src->data[i];
- }
+ xmlSecAssert2(src->data != NULL, -1);
+ xmlSecAssert2(dst->data != NULL, -1);
+
+ if((dst->id->duplicateItem != NULL) && (src->data[i] != NULL)) {
+ dst->data[dst->use] = dst->id->duplicateItem(src->data[i]);
+ if(dst->data[dst->use] == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecPtrListGetName(src)),
+ "duplicateItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+ dst->data[dst->use] = src->data[i];
+ }
}
-
+
return(0);
}
/**
* xmlSecPtrListDuplicate:
- * @list: the pointer to list.
- *
+ * @list: the pointer to list.
+ *
* Creates a new copy of @list and all its items.
*
* Returns: pointer to newly allocated list or NULL if an error occurs.
*/
-xmlSecPtrListPtr
+xmlSecPtrListPtr
xmlSecPtrListDuplicate(xmlSecPtrListPtr list) {
xmlSecPtrListPtr newList;
int ret;
-
+
xmlSecAssert2(xmlSecPtrListIsValid(list), NULL);
-
+
newList = xmlSecPtrListCreate(list->id);
if(newList == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecPtrListGetName(list)),
- "xmlSecPtrListCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecPtrListGetName(list)),
+ "xmlSecPtrListCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
-
+
ret = xmlSecPtrListCopy(newList, list);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecPtrListGetName(list)),
- "xmlSecPtrListCopy",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecPtrListDestroy(newList);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecPtrListGetName(list)),
+ "xmlSecPtrListCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecPtrListDestroy(newList);
+ return(NULL);
}
return(newList);
}
/**
* xmlSecPtrListGetSize:
- * @list: the pointer to list.
+ * @list: the pointer to list.
*
* Gets list size.
- *
+ *
* Returns: the number of itmes in @list.
*/
-xmlSecSize
+xmlSecSize
xmlSecPtrListGetSize(xmlSecPtrListPtr list) {
xmlSecAssert2(xmlSecPtrListIsValid(list), 0);
-
+
return(list->use);
}
/**
* xmlSecPtrListGetItem:
- * @list: the pointer to list.
- * @pos: the item position.
+ * @list: the pointer to list.
+ * @pos: the item position.
*
* Gets item from the list.
*
* Returns: the list item at position @pos or NULL if @pos is greater
* than the number of items in the list or an error occurs.
*/
-xmlSecPtr
+xmlSecPtr
xmlSecPtrListGetItem(xmlSecPtrListPtr list, xmlSecSize pos) {
xmlSecAssert2(xmlSecPtrListIsValid(list), NULL);
xmlSecAssert2(list->data != NULL, NULL);
@@ -291,52 +291,52 @@ xmlSecPtrListGetItem(xmlSecPtrListPtr list, xmlSecSize pos) {
/**
* xmlSecPtrListAdd:
- * @list: the pointer to list.
- * @item: the item.
+ * @list: the pointer to list.
+ * @item: the item.
*
* Adds @item to the end of the @list.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecPtrListAdd(xmlSecPtrListPtr list, xmlSecPtr item) {
int ret;
-
+
xmlSecAssert2(xmlSecPtrListIsValid(list), -1);
-
+
ret = xmlSecPtrListEnsureSize(list, list->use + 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecPtrListGetName(list)),
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", list->use + 1);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecPtrListGetName(list)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", list->use + 1);
+ return(-1);
}
-
+
list->data[list->use++] = item;
return(0);
}
/**
* xmlSecPtrListSet:
- * @list: the pointer to list.
- * @item: the item.
- * @pos: the pos.
+ * @list: the pointer to list.
+ * @item: the item.
+ * @pos: the pos.
*
* Sets the value of list item at position @pos. The old value
* is destroyed.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecPtrListSet(xmlSecPtrListPtr list, xmlSecPtr item, xmlSecSize pos) {
xmlSecAssert2(xmlSecPtrListIsValid(list), -1);
xmlSecAssert2(list->data != NULL, -1);
xmlSecAssert2(pos < list->use, -1);
if((list->id->destroyItem != NULL) && (list->data[pos] != NULL)) {
- list->id->destroyItem(list->data[pos]);
+ list->id->destroyItem(list->data[pos]);
}
list->data[pos] = item;
return(0);
@@ -344,122 +344,148 @@ xmlSecPtrListSet(xmlSecPtrListPtr list, xmlSecPtr item, xmlSecSize pos) {
/**
* xmlSecPtrListRemove:
- * @list: the pointer to list.
- * @pos: the position.
+ * @list: the pointer to list.
+ * @pos: the position.
*
* Destroys list item at the position @pos and sets it value to NULL.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecPtrListRemove(xmlSecPtrListPtr list, xmlSecSize pos) {
xmlSecAssert2(xmlSecPtrListIsValid(list), -1);
xmlSecAssert2(list->data != NULL, -1);
xmlSecAssert2(pos < list->use, -1);
if((list->id->destroyItem != NULL) && (list->data[pos] != NULL)) {
- list->id->destroyItem(list->data[pos]);
+ list->id->destroyItem(list->data[pos]);
}
list->data[pos] = NULL;
if(pos == list->use - 1) {
- --list->use;
+ --list->use;
}
return(0);
}
/**
+ * xmlSecPtrListRemoveAndReturn:
+ * @list: the pointer to list.
+ * @pos: the position.
+ *
+ * Remove the list item at the position @pos and return it back.
+ *
+ * Returns: the pointer to the list item.
+ */
+xmlSecPtr
+xmlSecPtrListRemoveAndReturn(xmlSecPtrListPtr list, xmlSecSize pos) {
+ xmlSecPtr res;
+
+ xmlSecAssert2(xmlSecPtrListIsValid(list), NULL);
+ xmlSecAssert2(list->data != NULL, NULL);
+ xmlSecAssert2(pos < list->use, NULL);
+
+ res = list->data[pos];
+ list->data[pos] = NULL;
+ if(pos == list->use - 1) {
+ --list->use;
+ }
+ return(res);
+}
+
+
+/**
* xmlSecPtrListDebugDump:
- * @list: the pointer to list.
- * @output: the pointer to output FILE.
+ * @list: the pointer to list.
+ * @output: the pointer to output FILE.
*
* Prints debug information about @list to the @output.
*/
-void
+void
xmlSecPtrListDebugDump(xmlSecPtrListPtr list, FILE* output) {
xmlSecAssert(xmlSecPtrListIsValid(list));
xmlSecAssert(output != NULL);
- fprintf(output, "=== list size: %d\n", list->use);
+ fprintf(output, "=== list size: %d\n", list->use);
if(list->id->debugDumpItem != NULL) {
- xmlSecSize pos;
-
- for(pos = 0; pos < list->use; ++pos) {
- xmlSecAssert(list->data != NULL);
- if(list->data[pos] != NULL) {
- list->id->debugDumpItem(list->data[pos], output);
- }
- }
+ xmlSecSize pos;
+
+ for(pos = 0; pos < list->use; ++pos) {
+ xmlSecAssert(list->data != NULL);
+ if(list->data[pos] != NULL) {
+ list->id->debugDumpItem(list->data[pos], output);
+ }
+ }
}
}
/**
* xmlSecPtrListDebugXmlDump:
- * @list: the pointer to list.
- * @output: the pointer to output FILE.
+ * @list: the pointer to list.
+ * @output: the pointer to output FILE.
*
* Prints debug information about @list to the @output in XML format.
*/
-void
+void
xmlSecPtrListDebugXmlDump(xmlSecPtrListPtr list, FILE* output) {
xmlSecAssert(xmlSecPtrListIsValid(list));
xmlSecAssert(output != NULL);
-
- fprintf(output, "<List size=\"%d\">\n", list->use);
+
+ fprintf(output, "<List size=\"%d\">\n", list->use);
if(list->id->debugXmlDumpItem != NULL) {
- xmlSecSize pos;
-
- for(pos = 0; pos < list->use; ++pos) {
- xmlSecAssert(list->data != NULL);
- if(list->data[pos] != NULL) {
- list->id->debugXmlDumpItem(list->data[pos], output);
- }
- }
+ xmlSecSize pos;
+
+ for(pos = 0; pos < list->use; ++pos) {
+ xmlSecAssert(list->data != NULL);
+ if(list->data[pos] != NULL) {
+ list->id->debugXmlDumpItem(list->data[pos], output);
+ }
+ }
}
- fprintf(output, "</List>\n");
+ fprintf(output, "</List>\n");
}
-static int
+static int
xmlSecPtrListEnsureSize(xmlSecPtrListPtr list, xmlSecSize size) {
xmlSecPtr* newData;
xmlSecSize newSize = 0;
xmlSecAssert2(xmlSecPtrListIsValid(list), -1);
-
+
if(size < list->max) {
- return(0);
+ return(0);
}
switch(list->allocMode) {
- case xmlSecAllocModeExact:
- newSize = size + 8;
- break;
- case xmlSecAllocModeDouble:
- newSize = 2 * size + 32;
- break;
+ case xmlSecAllocModeExact:
+ newSize = size + 8;
+ break;
+ case xmlSecAllocModeDouble:
+ newSize = 2 * size + 32;
+ break;
}
-
+
if(newSize < gInitialSize) {
- newSize = gInitialSize;
+ newSize = gInitialSize;
}
-
+
if(list->data != NULL) {
- newData = (xmlSecPtr*)xmlRealloc(list->data, sizeof(xmlSecPtr) * newSize);
+ newData = (xmlSecPtr*)xmlRealloc(list->data, sizeof(xmlSecPtr) * newSize);
} else {
- newData = (xmlSecPtr*)xmlMalloc(sizeof(xmlSecPtr) * newSize);
+ newData = (xmlSecPtr*)xmlMalloc(sizeof(xmlSecPtr) * newSize);
}
if(newData == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecPtrListGetName(list)),
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "sizeof(xmlSecPtr)*%d=%d",
- newSize, sizeof(xmlSecPtr) * newSize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecPtrListGetName(list)),
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecPtr)*%d=%d",
+ newSize, sizeof(xmlSecPtr) * newSize);
+ return(-1);
}
-
+
list->data = newData;
list->max = newSize;
-
+
return(0);
}
@@ -468,40 +494,40 @@ xmlSecPtrListEnsureSize(xmlSecPtrListPtr list, xmlSecSize size) {
* strings list
*
**********************************************************************/
-static xmlSecPtr xmlSecStringListDuplicateItem (xmlSecPtr ptr);
-static void xmlSecStringListDestroyItem (xmlSecPtr ptr);
+static xmlSecPtr xmlSecStringListDuplicateItem (xmlSecPtr ptr);
+static void xmlSecStringListDestroyItem (xmlSecPtr ptr);
static xmlSecPtrListKlass xmlSecStringListKlass = {
BAD_CAST "strings-list",
- xmlSecStringListDuplicateItem, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
- xmlSecStringListDestroyItem, /* xmlSecPtrDestroyItemMethod destroyItem; */
- NULL, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
- NULL, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+ xmlSecStringListDuplicateItem, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ xmlSecStringListDestroyItem, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
};
/**
* xmlSecStringListGetKlass:
- *
+ *
* The strins list class.
*
* Returns: strings list klass.
*/
-xmlSecPtrListId
+xmlSecPtrListId
xmlSecStringListGetKlass(void) {
return(&xmlSecStringListKlass);
}
-static xmlSecPtr
+static xmlSecPtr
xmlSecStringListDuplicateItem(xmlSecPtr ptr) {
xmlSecAssert2(ptr != NULL, NULL);
-
+
return(xmlStrdup((xmlChar*)ptr));
}
-static void
+static void
xmlSecStringListDestroyItem(xmlSecPtr ptr) {
xmlSecAssert(ptr != NULL);
-
+
xmlFree(ptr);
}
diff --git a/src/membuf.c b/src/membuf.c
index 55053253..eb78156c 100644
--- a/src/membuf.c
+++ b/src/membuf.c
@@ -1,18 +1,18 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* Memory buffer transform
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
#include <stdlib.h>
#include <string.h>
-
+
#include <libxml/tree.h>
#include <xmlsec/xmlsec.h>
@@ -28,78 +28,78 @@
/*****************************************************************************
*
* Memory Buffer Transform
- *
+ *
* xmlSecBuffer is located after xmlSecTransform
- *
+ *
****************************************************************************/
#define xmlSecTransformMemBufSize \
- (sizeof(xmlSecTransform) + sizeof(xmlSecBuffer))
+ (sizeof(xmlSecTransform) + sizeof(xmlSecBuffer))
#define xmlSecTransformMemBufGetBuf(transform) \
((xmlSecTransformCheckSize((transform), xmlSecTransformMemBufSize)) ? \
- (xmlSecBufferPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)) : \
- (xmlSecBufferPtr)NULL)
-
-static int xmlSecTransformMemBufInitialize (xmlSecTransformPtr transform);
-static void xmlSecTransformMemBufFinalize (xmlSecTransformPtr transform);
-static int xmlSecTransformMemBufExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
+ (xmlSecBufferPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)) : \
+ (xmlSecBufferPtr)NULL)
+
+static int xmlSecTransformMemBufInitialize (xmlSecTransformPtr transform);
+static void xmlSecTransformMemBufFinalize (xmlSecTransformPtr transform);
+static int xmlSecTransformMemBufExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
static xmlSecTransformKlass xmlSecTransformMemBufKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecTransformMemBufSize, /* xmlSecSize objSize */
-
- xmlSecNameMemBuf, /* const xmlChar* name; */
- NULL, /* const xmlChar* href; */
- 0, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecTransformMemBufInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecTransformMemBufFinalize, /* xmlSecTransformFianlizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecTransformMemBufExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecTransformMemBufSize, /* xmlSecSize objSize */
+
+ xmlSecNameMemBuf, /* const xmlChar* name; */
+ NULL, /* const xmlChar* href; */
+ 0, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecTransformMemBufInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformMemBufFinalize, /* xmlSecTransformFianlizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecTransformMemBufExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecTransformMemBufGetKlass:
- *
+ *
* The memory buffer transorm (used to store the data that go through it).
*
* Returns: memory buffer transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformMemBufGetKlass(void) {
return(&xmlSecTransformMemBufKlass);
}
/**
* xmlSecTransformMemBufGetBuffer:
- * @transform: the pointer to memory buffer transform.
- *
- * Gets the pointer to memory buffer transform buffer.
+ * @transform: the pointer to memory buffer transform.
*
- * Returns: pointer to the transform's #xmlSecBuffer.
+ * Gets the pointer to memory buffer transform buffer.
+ *
+ * Returns: pointer to the transform's #xmlSecBuffer.
*/
xmlSecBufferPtr
xmlSecTransformMemBufGetBuffer(xmlSecTransformPtr transform) {
xmlSecBufferPtr buffer;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformMemBufId), NULL);
-
+
buffer = xmlSecTransformMemBufGetBuf(transform);
xmlSecAssert2(buffer != NULL, NULL);
-
+
return(buffer);
}
@@ -107,7 +107,7 @@ static int
xmlSecTransformMemBufInitialize(xmlSecTransformPtr transform) {
xmlSecBufferPtr buffer;
int ret;
-
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformMemBufId), -1);
buffer = xmlSecTransformMemBufGetBuf(transform);
@@ -115,14 +115,14 @@ xmlSecTransformMemBufInitialize(xmlSecTransformPtr transform) {
ret = xmlSecBufferInitialize(buffer, 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
- return(0);
+ return(0);
}
static void
@@ -133,11 +133,11 @@ xmlSecTransformMemBufFinalize(xmlSecTransformPtr transform) {
buffer = xmlSecTransformMemBufGetBuf(transform);
xmlSecAssert(buffer != NULL);
-
- xmlSecBufferFinalize(xmlSecTransformMemBufGetBuf(transform));
+
+ xmlSecBufferFinalize(xmlSecTransformMemBufGetBuf(transform));
}
-static int
+static int
xmlSecTransformMemBufExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecBufferPtr buffer;
xmlSecBufferPtr in, out;
@@ -149,60 +149,60 @@ xmlSecTransformMemBufExecute(xmlSecTransformPtr transform, int last, xmlSecTrans
buffer = xmlSecTransformMemBufGetBuf(transform);
xmlSecAssert2(buffer != NULL, -1);
-
+
in = &(transform->inBuf);
- out = &(transform->outBuf);
+ out = &(transform->outBuf);
inSize = xmlSecBufferGetSize(in);
if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
+ transform->status = xmlSecTransformStatusWorking;
}
-
- if(transform->status == xmlSecTransformStatusWorking) {
- /* just copy everything from in to our buffer and out */
- ret = xmlSecBufferAppend(buffer, xmlSecBufferGetData(in), inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
-
- ret = xmlSecBufferAppend(out, xmlSecBufferGetData(in), inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
-
- if(last != 0) {
- transform->status = xmlSecTransformStatusFinished;
- }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ /* just copy everything from in to our buffer and out */
+ ret = xmlSecBufferAppend(buffer, xmlSecBufferGetData(in), inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferAppend(out, xmlSecBufferGetData(in), inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ if(last != 0) {
+ transform->status = xmlSecTransformStatusFinished;
+ }
} else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(inSize == 0, -1);
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(inSize == 0, -1);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
return(0);
}
diff --git a/src/mscrypto/Makefile.am b/src/mscrypto/Makefile.am
index 318af513..5cea654b 100644
--- a/src/mscrypto/Makefile.am
+++ b/src/mscrypto/Makefile.am
@@ -20,12 +20,17 @@ libxmlsec1_mscrypto_la_CPPFLAGS = \
$(NULL)
libxmlsec1_mscrypto_la_SOURCES =\
+ globals.h \
+ private.h \
app.c \
certkeys.c \
ciphers.c \
crypto.c \
digests.c \
+ hmac.c \
keysstore.c \
+ kw_aes.c \
+ kw_des.c \
kt_rsa.c \
signatures.c \
symkeys.c \
@@ -33,7 +38,6 @@ libxmlsec1_mscrypto_la_SOURCES =\
x509vfy.c \
csp_calg.h \
csp_oid.h \
- globals.h \
xmlsec-mingw.h \
$(NULL)
@@ -42,10 +46,10 @@ libxmlsec1_mscrypto_la_SOURCES += ../strings.c
endif
libxmlsec1_mscrypto_la_LIBADD = \
- ../libxmlsec1.la \
$(MSCRYPTO_LIBS) \
$(LIBXSLT_LIBS) \
$(LIBXML_LIBS) \
+ ../libxmlsec1.la \
$(NULL)
libxmlsec1_mscrypto_la_DEPENDENCIES = \
diff --git a/src/mscrypto/Makefile.in b/src/mscrypto/Makefile.in
index 61a9b6f3..83c8f03a 100644
--- a/src/mscrypto/Makefile.in
+++ b/src/mscrypto/Makefile.in
@@ -1,9 +1,9 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.3 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
-# Inc.
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -38,10 +38,13 @@ host_triplet = @host@
subdir = src/mscrypto
DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/configure.in
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
@@ -66,13 +69,19 @@ am__nobase_list = $(am__nobase_strip_setup); \
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
am__installdirs = "$(DESTDIR)$(libdir)"
LTLIBRARIES = $(lib_LTLIBRARIES)
am__DEPENDENCIES_1 =
-am__libxmlsec1_mscrypto_la_SOURCES_DIST = app.c certkeys.c ciphers.c \
- crypto.c digests.c keysstore.c kt_rsa.c signatures.c symkeys.c \
- x509.c x509vfy.c csp_calg.h csp_oid.h globals.h xmlsec-mingw.h \
- ../strings.c
+am__libxmlsec1_mscrypto_la_SOURCES_DIST = globals.h private.h app.c \
+ certkeys.c ciphers.c crypto.c digests.c hmac.c keysstore.c \
+ kw_aes.c kw_des.c kt_rsa.c signatures.c symkeys.c x509.c \
+ x509vfy.c csp_calg.h csp_oid.h xmlsec-mingw.h ../strings.c
am__objects_1 =
@SHAREDLIB_HACK_TRUE@am__objects_2 = \
@SHAREDLIB_HACK_TRUE@ libxmlsec1_mscrypto_la-strings.lo
@@ -81,7 +90,10 @@ am_libxmlsec1_mscrypto_la_OBJECTS = libxmlsec1_mscrypto_la-app.lo \
libxmlsec1_mscrypto_la-ciphers.lo \
libxmlsec1_mscrypto_la-crypto.lo \
libxmlsec1_mscrypto_la-digests.lo \
+ libxmlsec1_mscrypto_la-hmac.lo \
libxmlsec1_mscrypto_la-keysstore.lo \
+ libxmlsec1_mscrypto_la-kw_aes.lo \
+ libxmlsec1_mscrypto_la-kw_des.lo \
libxmlsec1_mscrypto_la-kt_rsa.lo \
libxmlsec1_mscrypto_la-signatures.lo \
libxmlsec1_mscrypto_la-symkeys.lo \
@@ -89,22 +101,39 @@ am_libxmlsec1_mscrypto_la_OBJECTS = libxmlsec1_mscrypto_la-app.lo \
libxmlsec1_mscrypto_la-x509vfy.lo $(am__objects_1) \
$(am__objects_2)
libxmlsec1_mscrypto_la_OBJECTS = $(am_libxmlsec1_mscrypto_la_OBJECTS)
-libxmlsec1_mscrypto_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(libxmlsec1_mscrypto_la_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+libxmlsec1_mscrypto_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(libxmlsec1_mscrypto_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
- $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
SOURCES = $(libxmlsec1_mscrypto_la_SOURCES)
DIST_SOURCES = $(am__libxmlsec1_mscrypto_la_SOURCES_DIST)
ETAGS = etags
@@ -112,6 +141,7 @@ CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
@@ -126,6 +156,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -134,6 +165,10 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
GNUTLS_LIBS = @GNUTLS_LIBS@
@@ -164,6 +199,7 @@ LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MAN2HTML = @MAN2HTML@
+MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
@@ -195,8 +231,10 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_ENABLED = @PKG_CONFIG_ENABLED@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
RANLIB = @RANLIB@
RM = @RM@
SED = @SED@
@@ -204,7 +242,6 @@ SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
TAR = @TAR@
-U = @U@
VERSION = @VERSION@
XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
@@ -223,6 +260,8 @@ XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
@@ -232,6 +271,7 @@ XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
XMLSEC_NO_DES = @XMLSEC_NO_DES@
XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
@@ -267,6 +307,7 @@ abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
@@ -299,7 +340,6 @@ libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
-lt_ECHO = @lt_ECHO@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
@@ -335,15 +375,15 @@ libxmlsec1_mscrypto_la_CPPFLAGS = \
$(LIBXML_CFLAGS) \
$(NULL)
-libxmlsec1_mscrypto_la_SOURCES = app.c certkeys.c ciphers.c crypto.c \
- digests.c keysstore.c kt_rsa.c signatures.c symkeys.c x509.c \
- x509vfy.c csp_calg.h csp_oid.h globals.h xmlsec-mingw.h \
- $(NULL) $(am__append_1)
+libxmlsec1_mscrypto_la_SOURCES = globals.h private.h app.c certkeys.c \
+ ciphers.c crypto.c digests.c hmac.c keysstore.c kw_aes.c \
+ kw_des.c kt_rsa.c signatures.c symkeys.c x509.c x509vfy.c \
+ csp_calg.h csp_oid.h xmlsec-mingw.h $(NULL) $(am__append_1)
libxmlsec1_mscrypto_la_LIBADD = \
- ../libxmlsec1.la \
$(MSCRYPTO_LIBS) \
$(LIBXSLT_LIBS) \
$(LIBXML_LIBS) \
+ ../libxmlsec1.la \
$(NULL)
libxmlsec1_mscrypto_la_DEPENDENCIES = \
@@ -420,8 +460,8 @@ clean-libLTLIBRARIES:
echo "rm -f \"$${dir}/so_locations\""; \
rm -f "$${dir}/so_locations"; \
done
-libxmlsec1-mscrypto.la: $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_DEPENDENCIES)
- $(libxmlsec1_mscrypto_la_LINK) -rpath $(libdir) $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_LIBADD) $(LIBS)
+libxmlsec1-mscrypto.la: $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_DEPENDENCIES) $(EXTRA_libxmlsec1_mscrypto_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libxmlsec1_mscrypto_la_LINK) -rpath $(libdir) $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -434,8 +474,11 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-ciphers.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-crypto.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-digests.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-hmac.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-keysstore.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-kt_rsa.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-kw_aes.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-kw_des.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-signatures.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-strings.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-symkeys.Plo@am__quote@
@@ -443,109 +486,130 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-x509vfy.Plo@am__quote@
.c.o:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
.c.obj:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
libxmlsec1_mscrypto_la-app.lo: app.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-app.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-app.Tpo -c -o libxmlsec1_mscrypto_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-app.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-app.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='app.c' object='libxmlsec1_mscrypto_la-app.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-app.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-app.Tpo -c -o libxmlsec1_mscrypto_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-app.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-app.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='app.c' object='libxmlsec1_mscrypto_la-app.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
libxmlsec1_mscrypto_la-certkeys.lo: certkeys.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-certkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Tpo -c -o libxmlsec1_mscrypto_la-certkeys.lo `test -f 'certkeys.c' || echo '$(srcdir)/'`certkeys.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='certkeys.c' object='libxmlsec1_mscrypto_la-certkeys.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-certkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Tpo -c -o libxmlsec1_mscrypto_la-certkeys.lo `test -f 'certkeys.c' || echo '$(srcdir)/'`certkeys.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='certkeys.c' object='libxmlsec1_mscrypto_la-certkeys.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-certkeys.lo `test -f 'certkeys.c' || echo '$(srcdir)/'`certkeys.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-certkeys.lo `test -f 'certkeys.c' || echo '$(srcdir)/'`certkeys.c
libxmlsec1_mscrypto_la-ciphers.lo: ciphers.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-ciphers.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-ciphers.Tpo -c -o libxmlsec1_mscrypto_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-ciphers.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-ciphers.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ciphers.c' object='libxmlsec1_mscrypto_la-ciphers.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-ciphers.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-ciphers.Tpo -c -o libxmlsec1_mscrypto_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-ciphers.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-ciphers.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ciphers.c' object='libxmlsec1_mscrypto_la-ciphers.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
libxmlsec1_mscrypto_la-crypto.lo: crypto.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-crypto.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-crypto.Tpo -c -o libxmlsec1_mscrypto_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-crypto.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-crypto.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto.c' object='libxmlsec1_mscrypto_la-crypto.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-crypto.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-crypto.Tpo -c -o libxmlsec1_mscrypto_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-crypto.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-crypto.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='crypto.c' object='libxmlsec1_mscrypto_la-crypto.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
libxmlsec1_mscrypto_la-digests.lo: digests.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-digests.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-digests.Tpo -c -o libxmlsec1_mscrypto_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-digests.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-digests.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='digests.c' object='libxmlsec1_mscrypto_la-digests.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-digests.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-digests.Tpo -c -o libxmlsec1_mscrypto_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-digests.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-digests.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='digests.c' object='libxmlsec1_mscrypto_la-digests.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
+
+libxmlsec1_mscrypto_la-hmac.lo: hmac.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-hmac.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-hmac.Tpo -c -o libxmlsec1_mscrypto_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-hmac.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-hmac.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hmac.c' object='libxmlsec1_mscrypto_la-hmac.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
libxmlsec1_mscrypto_la-keysstore.lo: keysstore.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-keysstore.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-keysstore.Tpo -c -o libxmlsec1_mscrypto_la-keysstore.lo `test -f 'keysstore.c' || echo '$(srcdir)/'`keysstore.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-keysstore.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-keysstore.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keysstore.c' object='libxmlsec1_mscrypto_la-keysstore.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-keysstore.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-keysstore.Tpo -c -o libxmlsec1_mscrypto_la-keysstore.lo `test -f 'keysstore.c' || echo '$(srcdir)/'`keysstore.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-keysstore.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-keysstore.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='keysstore.c' object='libxmlsec1_mscrypto_la-keysstore.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-keysstore.lo `test -f 'keysstore.c' || echo '$(srcdir)/'`keysstore.c
+
+libxmlsec1_mscrypto_la-kw_aes.lo: kw_aes.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-kw_aes.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-kw_aes.Tpo -c -o libxmlsec1_mscrypto_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-kw_aes.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-kw_aes.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kw_aes.c' object='libxmlsec1_mscrypto_la-kw_aes.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-keysstore.lo `test -f 'keysstore.c' || echo '$(srcdir)/'`keysstore.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
+
+libxmlsec1_mscrypto_la-kw_des.lo: kw_des.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-kw_des.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-kw_des.Tpo -c -o libxmlsec1_mscrypto_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-kw_des.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-kw_des.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kw_des.c' object='libxmlsec1_mscrypto_la-kw_des.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
libxmlsec1_mscrypto_la-kt_rsa.lo: kt_rsa.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-kt_rsa.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-kt_rsa.Tpo -c -o libxmlsec1_mscrypto_la-kt_rsa.lo `test -f 'kt_rsa.c' || echo '$(srcdir)/'`kt_rsa.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-kt_rsa.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-kt_rsa.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kt_rsa.c' object='libxmlsec1_mscrypto_la-kt_rsa.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-kt_rsa.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-kt_rsa.Tpo -c -o libxmlsec1_mscrypto_la-kt_rsa.lo `test -f 'kt_rsa.c' || echo '$(srcdir)/'`kt_rsa.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-kt_rsa.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-kt_rsa.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kt_rsa.c' object='libxmlsec1_mscrypto_la-kt_rsa.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-kt_rsa.lo `test -f 'kt_rsa.c' || echo '$(srcdir)/'`kt_rsa.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-kt_rsa.lo `test -f 'kt_rsa.c' || echo '$(srcdir)/'`kt_rsa.c
libxmlsec1_mscrypto_la-signatures.lo: signatures.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-signatures.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-signatures.Tpo -c -o libxmlsec1_mscrypto_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-signatures.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-signatures.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='signatures.c' object='libxmlsec1_mscrypto_la-signatures.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-signatures.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-signatures.Tpo -c -o libxmlsec1_mscrypto_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-signatures.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-signatures.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='signatures.c' object='libxmlsec1_mscrypto_la-signatures.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
libxmlsec1_mscrypto_la-symkeys.lo: symkeys.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-symkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-symkeys.Tpo -c -o libxmlsec1_mscrypto_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-symkeys.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-symkeys.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='symkeys.c' object='libxmlsec1_mscrypto_la-symkeys.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-symkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-symkeys.Tpo -c -o libxmlsec1_mscrypto_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-symkeys.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-symkeys.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='symkeys.c' object='libxmlsec1_mscrypto_la-symkeys.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
libxmlsec1_mscrypto_la-x509.lo: x509.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-x509.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-x509.Tpo -c -o libxmlsec1_mscrypto_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-x509.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-x509.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='x509.c' object='libxmlsec1_mscrypto_la-x509.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-x509.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-x509.Tpo -c -o libxmlsec1_mscrypto_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-x509.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-x509.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='x509.c' object='libxmlsec1_mscrypto_la-x509.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
libxmlsec1_mscrypto_la-x509vfy.lo: x509vfy.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-x509vfy.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-x509vfy.Tpo -c -o libxmlsec1_mscrypto_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-x509vfy.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-x509vfy.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='x509vfy.c' object='libxmlsec1_mscrypto_la-x509vfy.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-x509vfy.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-x509vfy.Tpo -c -o libxmlsec1_mscrypto_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-x509vfy.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-x509vfy.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='x509vfy.c' object='libxmlsec1_mscrypto_la-x509vfy.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
libxmlsec1_mscrypto_la-strings.lo: ../strings.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-strings.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-strings.Tpo -c -o libxmlsec1_mscrypto_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-strings.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-strings.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='../strings.c' object='libxmlsec1_mscrypto_la-strings.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-strings.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-strings.Tpo -c -o libxmlsec1_mscrypto_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-strings.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-strings.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='../strings.c' object='libxmlsec1_mscrypto_la-strings.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
mostlyclean-libtool:
-rm -f *.lo
@@ -652,10 +716,15 @@ install-am: all-am
installcheck: installcheck-am
install-strip:
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- `test -z '$(STRIP)' || \
- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
mostlyclean-generic:
clean-generic:
diff --git a/src/mscrypto/README b/src/mscrypto/README
index f7d45636..0b3f4b6b 100644
--- a/src/mscrypto/README
+++ b/src/mscrypto/README
@@ -1,28 +1,28 @@
WHAT VERSION OF WINDOWS?
------------------------------------------------------------------------
-The xmlsec-mscrypto lib is developed on a windows XP machine with MS Visual
-Studio (6 and .NET). The MS Crypto API has been evolving a lot with the
+The xmlsec-mscrypto lib is developed on a windows XP machine with MS Visual
+Studio (6 and .NET). The MS Crypto API has been evolving a lot with the
new releases of windows and internet explorer. MS CryptoAPI libraries
-are distributed with ie and with the windows OS. Full functionality will
-only be achieved on windows XP. AES is for example not supported on pre
-XP versions of Windows (workarounds for this are possible, I believe).
-Direct RSA de/encryption, used by xmlsec-mscrypto, is only possible from
-Win 2000 (possibly also with a newer version of ie, with strong encryption
+are distributed with ie and with the windows OS. Full functionality will
+only be achieved on windows XP. AES is for example not supported on pre
+XP versions of Windows (workarounds for this are possible, I believe).
+Direct RSA de/encryption, used by xmlsec-mscrypto, is only possible from
+Win 2000 (possibly also with a newer version of ie, with strong encryption
patch installed). It's very likely more of these issues are lying around, a
nd until it is tested on older windows systems it is uncertain what will work.
-KEYS MANAGER with MS Certificate store support.
+KEYS MANAGER with MS Certificate store support.
------------------------------------------------------------------------
-The default xmlsec-mscrypto keys manager is based upon the simple keys
-store, found in the xmlsec core library. If keys are not found in the
-simple keys store, than MS Certificate store is used to lookup keys.
-The certificate store is only used on a READONLY base, so it is not possible
-to store keys via the keys store into the MS certificate store. There are enough
+The default xmlsec-mscrypto keys manager is based upon the simple keys
+store, found in the xmlsec core library. If keys are not found in the
+simple keys store, than MS Certificate store is used to lookup keys.
+The certificate store is only used on a READONLY base, so it is not possible
+to store keys via the keys store into the MS certificate store. There are enough
other tools that can do that for you.
-When the xmlsec application is started, with the config parameter the name of
+When the xmlsec application is started, with the config parameter the name of
the (system) keystore can be given. That keystore will be used for certificates
and keys lookup. With the keyname now two types of values can be given:
- simple name (called friendly name with MS);
@@ -33,20 +33,7 @@ KNOWN ISSUES.
1) Default keys manager don't use trusted certs in MS Crypto Store
(http://bugzilla.gnome.org/show_bug.cgi?id=123668).
-2) Missing crypto functionality:
- - HMAC (http://bugzilla.gnome.org/show_bug.cgi?id=123670): does not look
- like MS would support it soon.
- - RSA-OAEP (http://bugzilla.gnome.org/show_bug.cgi?id=123671): MS says
- that they will support this in the near future.
- - AES KW (http://bugzilla.gnome.org/show_bug.cgi?id=123672): no native
- support, might be possible to implement on top of AES cipher itself
- - DES KW (http://bugzilla.gnome.org/show_bug.cgi?id=123673): no native
- support, might be possible to implement on top of AES cipher itself
-
-3) Actual AES Crypto provider name is different from the "official" one
-(http://bugzilla.gnome.org/show_bug.cgi?id=123674).
-
-4) The only supported file formats are PKCS#12 and DER certificates
+2) The only supported file formats are PKCS#12 and DER certificates
(http://bugzilla.gnome.org/show_bug.cgi?id=123675).
diff --git a/src/mscrypto/app.c b/src/mscrypto/app.c
index c3a4b0d8..92894d90 100644
--- a/src/mscrypto/app.c
+++ b/src/mscrypto/app.c
@@ -1,10 +1,10 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
- * Copyrigth (C) 2003 Cordys R&D BV, All rights reserved.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
* Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -24,22 +24,20 @@
#include <xmlsec/mscrypto/certkeys.h>
#include <xmlsec/mscrypto/keysstore.h>
#include <xmlsec/mscrypto/x509.h>
+#include "private.h"
-#if defined(__MINGW32__)
-# include "xmlsec-mingw.h"
-#endif
-/* I don't see any other way then to use a global var to get the
- * config info to the mscrypto keysstore :( WK
+/* I don't see any other way then to use a global var to get the
+ * config info to the mscrypto keysstore :( WK
*/
-static char *gXmlSecMSCryptoAppCertStoreName = NULL;
+static LPTSTR gXmlSecMSCryptoAppCertStoreName = NULL;
/**
* xmlSecMSCryptoAppInit:
- * @config: the name of another then the default ms certificate store.
- *
+ * @config: the name of another then the default ms certificate store.
+ *
* General crypto engine initialization. This function is used
- * by XMLSec command line utility and called before
+ * by XMLSec command line utility and called before
* @xmlSecInit function.
*
* Returns: 0 on success or a negative value otherwise.
@@ -48,21 +46,44 @@ int
xmlSecMSCryptoAppInit(const char* config) {
/* initialize MSCrypto crypto engine */
- /* config parameter can contain *another* ms certs store name
+ /* config parameter can contain *another* ms certs store name
* then the default (MY)
*/
if (NULL != config && strlen(config) > 0) {
- if (gXmlSecMSCryptoAppCertStoreName) {
- /* This should not happen, initialize twice */
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "config=%s, config already set",
- xmlSecErrorsSafeString(config));
- return (-1);
- }
- gXmlSecMSCryptoAppCertStoreName = xmlStrdup(config);
+ if (gXmlSecMSCryptoAppCertStoreName != NULL) {
+ /* This should not happen, initialize twice */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "config=%s, config already set",
+ xmlSecErrorsSafeString(config));
+ return (-1);
+ }
+
+#ifdef UNICODE
+ gXmlSecMSCryptoAppCertStoreName = xmlSecMSCryptoConvertLocaleToUnicode(config);
+ if (gXmlSecMSCryptoAppCertStoreName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlSecMSCryptoConvertLocaleToUnicode",
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "config=%s",
+ xmlSecErrorsSafeString(config));
+ return (-1);
+ }
+#else /* UNICODE */
+ gXmlSecMSCryptoAppCertStoreName = xmlStrdup(config);
+ if (gXmlSecMSCryptoAppCertStoreName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlStrdup",
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "config=%s",
+ xmlSecErrorsSafeString(config));
+ return (-1);
+ }
+#endif /* UNICODE */
}
return(0);
@@ -70,9 +91,9 @@ xmlSecMSCryptoAppInit(const char* config) {
/**
* xmlSecMSCryptoAppShutdown:
- *
+ *
* General crypto engine shutdown. This function is used
- * by XMLSec command line utility and called after
+ * by XMLSec command line utility and called after
* @xmlSecShutdown function.
*
* Returns: 0 on success or a negative value otherwise.
@@ -81,8 +102,8 @@ int
xmlSecMSCryptoAppShutdown(void) {
/* shutdown MSCrypto crypto engine */
if (NULL != gXmlSecMSCryptoAppCertStoreName) {
- xmlFree(gXmlSecMSCryptoAppCertStoreName);
- gXmlSecMSCryptoAppCertStoreName = NULL;
+ xmlFree(gXmlSecMSCryptoAppCertStoreName);
+ gXmlSecMSCryptoAppCertStoreName = NULL;
}
return(0);
}
@@ -94,22 +115,22 @@ xmlSecMSCryptoAppShutdown(void) {
*
* Returns: the MS Crypto certs name used by xmlsec-mscrypto.
*/
-const char*
+LPCTSTR
xmlSecMSCryptoAppGetCertStoreName(void) {
return(gXmlSecMSCryptoAppCertStoreName);
}
/*************************************************************************************
- * Keys
+ * Keys
*************************************************************************************/
/**
* xmlSecMSCryptoAppKeyLoad:
- * @filename: the key filename.
- * @format: the key file format.
- * @pwd: the key file password.
- * @pwdCallback: the key password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @filename: the key filename.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key from the a file.
*
@@ -117,24 +138,24 @@ xmlSecMSCryptoAppGetCertStoreName(void) {
*/
xmlSecKeyPtr
xmlSecMSCryptoAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
- const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
+ const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
xmlSecBuffer buffer;
xmlSecKeyPtr key = NULL;
- int ret;
-
+ int ret;
+
xmlSecAssert2(filename != NULL, NULL);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
-
+
switch (format) {
case xmlSecKeyDataFormatPkcs12:
- key = xmlSecMSCryptoAppPkcs12Load(filename, pwd, pwdCallback, pwdCallbackCtx);
+ key = xmlSecMSCryptoAppPkcs12Load(filename, pwd, pwdCallback, pwdCallbackCtx);
if(key == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecMSCryptoAppPkcs12Load",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ return(NULL);
}
break;
case xmlSecKeyDataFormatCertDer:
@@ -145,7 +166,7 @@ xmlSecMSCryptoAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
"xmlSecBufferInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ return(NULL);
}
ret = xmlSecBufferReadFile(&buffer, filename);
@@ -154,26 +175,26 @@ xmlSecMSCryptoAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
NULL,
"xmlSecBufferReadFile",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s",
+ "filename=%s",
xmlSecErrorsSafeString(filename));
- xmlSecBufferFinalize(&buffer);
+ xmlSecBufferFinalize(&buffer);
return (NULL);
}
-
- key = xmlSecMSCryptoAppKeyLoadMemory(xmlSecBufferGetData(&buffer),
- xmlSecBufferGetSize(&buffer), format,
- pwd, pwdCallback, pwdCallbackCtx);
+
+ key = xmlSecMSCryptoAppKeyLoadMemory(xmlSecBufferGetData(&buffer),
+ xmlSecBufferGetSize(&buffer), format,
+ pwd, pwdCallback, pwdCallbackCtx);
if(key == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecMSCryptoAppKeyLoadMemory",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBufferFinalize(&buffer);
- return(NULL);
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
}
- xmlSecBufferFinalize(&buffer);
- break;
+ xmlSecBufferFinalize(&buffer);
+ break;
default:
/* Any other format like PEM keys is currently not supported */
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -181,7 +202,7 @@ xmlSecMSCryptoAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
NULL,
XMLSEC_ERRORS_R_INVALID_FORMAT,
"format=%d", format);
- return(NULL);
+ return(NULL);
}
return(key);
@@ -189,20 +210,20 @@ xmlSecMSCryptoAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
/**
* xmlSecMSCryptoAppKeyLoadMemory:
- * @data: the key binary data.
- * @dataSize: the key data size.
- * @format: the key format.
- * @pwd: the key password.
- * @pwdCallback: the key password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @data: the key binary data.
+ * @dataSize: the key data size.
+ * @format: the key format.
+ * @pwd: the key password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key from the a file.
*
* Returns: pointer to the key or NULL if an error occurs.
*/
-xmlSecKeyPtr
+xmlSecKeyPtr
xmlSecMSCryptoAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlSecKeyDataFormat format,
- const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
+ const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
PCCERT_CONTEXT pCert = NULL;
PCCERT_CONTEXT tmpcert = NULL;
xmlSecKeyDataPtr x509Data = NULL;
@@ -217,91 +238,91 @@ xmlSecMSCryptoAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlS
pCert = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, data, dataSize);
if (NULL == pCert) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertCreateCertificateContext",
- XMLSEC_ERRORS_R_IO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertCreateCertificateContext",
+ XMLSEC_ERRORS_R_IO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id);
if(x509Data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecMSCryptoKeyDataX509Id)));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecMSCryptoKeyDataX509Id)));
+ goto done;
}
tmpcert = CertDuplicateCertificateContext(pCert);
if(tmpcert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertDuplicateCertificateContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
}
ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, tmpcert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoKeyDataX509AdoptKeyCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- CertFreeCertificateContext(tmpcert);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ CertFreeCertificateContext(tmpcert);
+ goto done;
}
tmpcert = NULL;
keyData = xmlSecMSCryptoCertAdopt(pCert, xmlSecKeyDataTypePublic);
if(keyData == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoCertAdopt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoCertAdopt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
- pCert = NULL;
+ pCert = NULL;
key = xmlSecKeyCreate();
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
ret = xmlSecKeySetValue(key, keyData);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
}
keyData = NULL;
ret = xmlSecKeyAdoptData(key, x509Data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyAdoptData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyAdoptData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
}
x509Data = NULL;
@@ -310,21 +331,21 @@ xmlSecMSCryptoAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlS
key = NULL;
done:
if(pCert != NULL) {
- CertFreeCertificateContext(pCert);
+ CertFreeCertificateContext(pCert);
}
if(tmpcert != NULL) {
- CertFreeCertificateContext(tmpcert);
+ CertFreeCertificateContext(tmpcert);
}
if(x509Data != NULL) {
- xmlSecKeyDataDestroy(x509Data);
+ xmlSecKeyDataDestroy(x509Data);
}
if(keyData != NULL) {
xmlSecKeyDataDestroy(keyData);
}
if(key != NULL) {
- xmlSecKeyDestroy(key);
+ xmlSecKeyDestroy(key);
}
- return(res);
+ return(res);
}
@@ -336,94 +357,94 @@ done:
/**
* xmlSecMSCryptoAppKeyCertLoad:
- * @key: the pointer to key.
- * @filename: the certificate filename.
- * @format: the certificate file format.
+ * @key: the pointer to key.
+ * @filename: the certificate filename.
+ * @format: the certificate file format.
*
* Reads the certificate from $@filename and adds it to key.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
*/
-int
-xmlSecMSCryptoAppKeyCertLoad(xmlSecKeyPtr key, const char* filename,
- xmlSecKeyDataFormat format) {
+int
+xmlSecMSCryptoAppKeyCertLoad(xmlSecKeyPtr key, const char* filename,
+ xmlSecKeyDataFormat format) {
xmlSecBuffer buffer;
int ret;
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
-
+
ret = xmlSecBufferInitialize(&buffer, 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ret = xmlSecBufferReadFile(&buffer, filename);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferReadFile",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(filename));
- xmlSecBufferFinalize(&buffer);
- return (-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferReadFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return (-1);
}
-
- ret = xmlSecMSCryptoAppKeyCertLoadMemory(key, xmlSecBufferGetData(&buffer),
- xmlSecBufferGetSize(&buffer), format);
+
+ ret = xmlSecMSCryptoAppKeyCertLoadMemory(key, xmlSecBufferGetData(&buffer),
+ xmlSecBufferGetSize(&buffer), format);
if (ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoAppKeyCertLoadMemory",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBufferFinalize(&buffer);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoAppKeyCertLoadMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buffer);
+ return(-1);
}
-
+
xmlSecBufferFinalize(&buffer);
- return(0);
+ return(0);
}
/**
* xmlSecMSCryptoAppKeyCertLoadMemory:
- * @key: the pointer to key.
- * @data: the binary certificate.
+ * @key: the pointer to key.
+ * @data: the binary certificate.
* @dataSize: size of certificate binary (data)
- * @format: the certificate file format.
+ * @format: the certificate file format.
*
* Reads the certificate from $@data and adds it to key.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
*/
-int
-xmlSecMSCryptoAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSize dataSize,
- xmlSecKeyDataFormat format) {
+int
+xmlSecMSCryptoAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecKeyDataFormat format) {
PCCERT_CONTEXT pCert;
xmlSecKeyDataPtr kdata;
int ret;
-
+
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
kdata = xmlSecKeyEnsureData(key, xmlSecMSCryptoKeyDataX509Id);
if(kdata == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyEnsureData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecMSCryptoKeyDataX509Id)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecMSCryptoKeyDataX509Id)));
+ return(-1);
}
/* For now only DER certificates are supported */
@@ -435,11 +456,11 @@ xmlSecMSCryptoAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xml
if (NULL == pCert) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
- "CertCreateCertificateContext",
+ "CertCreateCertificateContext",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"format=%d", format);
- return(-1);
- }
+ return(-1);
+ }
ret = xmlSecMSCryptoKeyDataX509AdoptCert(kdata, pCert);
if(ret < 0) {
@@ -450,37 +471,37 @@ xmlSecMSCryptoAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xml
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(kdata)));
CertFreeCertificateContext(pCert);
- return(-1);
+ return(-1);
}
- break;
+ break;
default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_FORMAT,
- "format=%d", (int)format);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", (int)format);
+ return(-1);
}
-
- return(0);
+
+ return(0);
}
/**
* xmlSecMSCryptoAppPkcs12Load:
- * @filename: the PKCS12 key filename.
- * @pwd: the PKCS12 file password.
- * @pwdCallback: the password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @filename: the PKCS12 key filename.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key and all associated certificates from the PKCS12 file
*
* Returns: pointer to the key or NULL if an error occurs.
*/
-xmlSecKeyPtr
-xmlSecMSCryptoAppPkcs12Load(const char *filename,
- const char *pwd,
- void* pwdCallback ATTRIBUTE_UNUSED,
- void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+xmlSecKeyPtr
+xmlSecMSCryptoAppPkcs12Load(const char *filename,
+ const char *pwd,
+ void* pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
xmlSecBuffer buffer;
xmlSecKeyPtr key;
int ret;
@@ -490,71 +511,70 @@ xmlSecMSCryptoAppPkcs12Load(const char *filename,
ret = xmlSecBufferInitialize(&buffer, 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
ret = xmlSecBufferReadFile(&buffer, filename);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferReadFile",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(filename));
- xmlSecBufferFinalize(&buffer);
- return (NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferReadFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return (NULL);
}
if(xmlSecBufferGetData(&buffer) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBufferFinalize(&buffer);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
}
- key = xmlSecMSCryptoAppPkcs12LoadMemory(xmlSecBufferGetData(&buffer),
- xmlSecBufferGetSize(&buffer), pwd,
- pwdCallback, pwdCallbackCtx);
+ key = xmlSecMSCryptoAppPkcs12LoadMemory(xmlSecBufferGetData(&buffer),
+ xmlSecBufferGetSize(&buffer), pwd,
+ pwdCallback, pwdCallbackCtx);
if (key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoAppPkcs12LoadMemory",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBufferFinalize(&buffer);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoAppPkcs12LoadMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
}
-
+
xmlSecBufferFinalize(&buffer);
- return(key);
+ return(key);
}
/**
* xmlSecMSCryptoAppPkcs12LoadMemory:
- * @data: the binary PKCS12 key in data.
+ * @data: the binary PKCS12 key in data.
* @dataSize: size of binary pkcs12 data
- * @pwd: the PKCS12 file password.
- * @pwdCallback: the password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key and all associated certificates from the PKCS12 binary
*
* Returns: pointer to the key or NULL if an error occurs.
*/
-xmlSecKeyPtr
+xmlSecKeyPtr
xmlSecMSCryptoAppPkcs12LoadMemory(const xmlSecByte* data,
- xmlSecSize dataSize,
- const char *pwd,
- void* pwdCallback ATTRIBUTE_UNUSED,
- void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
- int ret, len;
+ xmlSecSize dataSize,
+ const char *pwd,
+ void* pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
CRYPT_DATA_BLOB pfx;
HCERTSTORE hCertStore = NULL;
PCCERT_CONTEXT tmpcert = NULL;
@@ -563,6 +583,7 @@ xmlSecMSCryptoAppPkcs12LoadMemory(const xmlSecByte* data,
xmlSecKeyDataPtr x509Data = NULL;
xmlSecKeyDataPtr keyData = NULL;
xmlSecKeyPtr key = NULL;
+ int ret;
xmlSecAssert2(data != NULL, NULL);
xmlSecAssert2(dataSize > 1, NULL);
@@ -573,196 +594,176 @@ xmlSecMSCryptoAppPkcs12LoadMemory(const xmlSecByte* data,
pfx.cbData = dataSize;
if(FALSE == PFXIsPFXBlob(&pfx)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PFXIsPFXBlob",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "size=%ld",
- pfx.cbData);
- goto done;
- }
-
- len = MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, pwd, -1, NULL, 0);
- if(len <= 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "MultiByteToWideChar",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- wcPwd = (WCHAR *)xmlMalloc((len + 1) * sizeof(WCHAR));
- if(wcPwd == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "len=%d", len);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PFXIsPFXBlob",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%ld",
+ pfx.cbData);
+ goto done;
}
- ret = MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, pwd, -1, wcPwd, len);
- if (ret <= 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "MultiByteToWideChar",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ wcPwd = xmlSecMSCryptoConvertLocaleToUnicode(pwd);
+ if (wcPwd == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoConvertLocaleToUnicode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "wcPwd");
+ goto done;
}
if (FALSE == PFXVerifyPassword(&pfx, wcPwd, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PFXVerifyPassword",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PFXVerifyPassword",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
hCertStore = PFXImportCertStore(&pfx, wcPwd, CRYPT_EXPORTABLE);
if (NULL == hCertStore) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PFXImportCertStore",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PFXImportCertStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
-
+
x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id);
if(x509Data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecMSCryptoKeyDataX509Id)));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecMSCryptoKeyDataX509Id)));
+ goto done;
}
while (pCert = CertEnumCertificatesInStore(hCertStore, pCert)) {
- DWORD dwData = 0;
+ DWORD dwData = 0;
DWORD dwDataLen = sizeof(DWORD);
- /* Find the certificate that has the private key */
- if((TRUE == CertGetCertificateContextProperty(pCert, CERT_KEY_SPEC_PROP_ID, &dwData, &dwDataLen)) && (dwData > 0)) {
- tmpcert = CertDuplicateCertificateContext(pCert);
- if(tmpcert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertDuplicateCertificateContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
-
- keyData = xmlSecMSCryptoCertAdopt(tmpcert, xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
- if(keyData == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoCertAdopt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
+ /* Find the certificate that has the private key */
+ if((TRUE == CertGetCertificateContextProperty(pCert, CERT_KEY_SPEC_PROP_ID, &dwData, &dwDataLen)) && (dwData > 0)) {
+ tmpcert = CertDuplicateCertificateContext(pCert);
+ if(tmpcert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+
+ keyData = xmlSecMSCryptoCertAdopt(tmpcert, xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+ if(keyData == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoCertAdopt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
tmpcert = NULL;
-
- tmpcert = CertDuplicateCertificateContext(pCert);
- if(tmpcert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertDuplicateCertificateContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
-
- ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, tmpcert);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoKeyDataX509AdoptKeyCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
- tmpcert = NULL;
- }
-
- /* load certificate in the x509 key data */
- tmpcert = CertDuplicateCertificateContext(pCert);
+
+ tmpcert = CertDuplicateCertificateContext(pCert);
+ if(tmpcert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+
+ ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, tmpcert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ tmpcert = NULL;
+ }
+
+ /* load certificate in the x509 key data */
+ tmpcert = CertDuplicateCertificateContext(pCert);
if(tmpcert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertDuplicateCertificateContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
-
- ret = xmlSecMSCryptoKeyDataX509AdoptCert(x509Data, tmpcert);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
- tmpcert = NULL;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+
+ ret = xmlSecMSCryptoKeyDataX509AdoptCert(x509Data, tmpcert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ tmpcert = NULL;
}
if (keyData == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoAppPkcs12Load",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "private key not found in PKCS12 file");
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoAppPkcs12Load",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "private key not found in PKCS12 file");
+ goto done;
}
key = xmlSecKeyCreate();
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
ret = xmlSecKeySetValue(key, keyData);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- xmlSecKeyDestroy(key);
- key = NULL;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ xmlSecKeyDestroy(key);
+ key = NULL;
+ goto done;
}
keyData = NULL;
ret = xmlSecKeyAdoptData(key, x509Data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyAdoptData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- xmlSecKeyDestroy(key);
- key = NULL;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyAdoptData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ xmlSecKeyDestroy(key);
+ key = NULL;
+ goto done;
}
x509Data = NULL;
@@ -774,88 +775,88 @@ done:
xmlFree(wcPwd);
}
if(x509Data != NULL) {
- xmlSecKeyDataDestroy(x509Data);
+ xmlSecKeyDataDestroy(x509Data);
}
if(keyData != NULL) {
xmlSecKeyDataDestroy(keyData);
}
if(tmpcert != NULL) {
- CertFreeCertificateContext(tmpcert);
+ CertFreeCertificateContext(tmpcert);
}
- return(key);
+ return(key);
}
/**
* xmlSecMSCryptoAppKeysMngrCertLoad:
- * @mngr: the keys manager.
- * @filename: the certificate file.
- * @format: the certificate file format.
- * @type: the flag that indicates is the certificate in @filename
- * trusted or not.
- *
+ * @mngr: the keys manager.
+ * @filename: the certificate file.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate in @filename
+ * trusted or not.
+ *
* Reads cert from @filename and adds to the list of trusted or known
* untrusted certs in @store (not implemented yet).
*
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecMSCryptoAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
- xmlSecKeyDataFormat format,
- xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+xmlSecMSCryptoAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
xmlSecBuffer buffer;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
ret = xmlSecBufferInitialize(&buffer, 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ret = xmlSecBufferReadFile(&buffer, filename);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferReadFile",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(filename));
- xmlSecBufferFinalize(&buffer);
- return (-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferReadFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return (-1);
}
ret = xmlSecMSCryptoAppKeysMngrCertLoadMemory(mngr, xmlSecBufferGetData(&buffer),
xmlSecBufferGetSize(&buffer), format, type);
if (ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoAppKeysMngrCertLoadMemory",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(filename));
- xmlSecBufferFinalize(&buffer);
- return(-1);
+ NULL,
+ "xmlSecMSCryptoAppKeysMngrCertLoadMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(-1);
}
-
+
xmlSecBufferFinalize(&buffer);
- return(ret);
+ return(ret);
}
/**
* xmlSecMSCryptoAppKeysMngrCertLoadMemory:
- * @mngr: the keys manager.
- * @data: the binary certificate.
+ * @mngr: the keys manager.
+ * @data: the binary certificate.
* @dataSize: size of binary certificate (data)
- * @format: the certificate file format.
- * @type: the flag that indicates is the certificate in @filename
- * trusted or not.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate in @filename
+ * trusted or not.
*
* Reads cert from @data and adds to the list of trusted or known
* untrusted certs in @store.
@@ -864,7 +865,7 @@ xmlSecMSCryptoAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
*/
int
xmlSecMSCryptoAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* data,
- xmlSecSize dataSize, xmlSecKeyDataFormat format,
+ xmlSecSize dataSize, xmlSecKeyDataFormat format,
xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
xmlSecKeyDataStorePtr x509Store;
PCCERT_CONTEXT pCert = NULL;
@@ -877,35 +878,35 @@ xmlSecMSCryptoAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte
x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId);
if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetDataStore",
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetDataStore",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"xmlSecMSCryptoX509StoreId");
return(-1);
}
switch (format) {
- case xmlSecKeyDataFormatDer:
- case xmlSecKeyDataFormatCertDer:
- pCert = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- data, dataSize);
- if (NULL == pCert) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertCreateCertificateContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return (-1);
- }
- break;
- default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_FORMAT,
- "format=%d", format);
- return(-1);
+ case xmlSecKeyDataFormatDer:
+ case xmlSecKeyDataFormatCertDer:
+ pCert = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ data, dataSize);
+ if (NULL == pCert) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertCreateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (-1);
+ }
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(-1);
}
xmlSecAssert2(pCert != NULL, -1);
@@ -915,56 +916,56 @@ xmlSecMSCryptoAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte
NULL,
"xmlSecMSCryptoX509StoreAdoptCert",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CertFreeCertificateContext(pCert);
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext(pCert);
return(-1);
}
return(0);
}
-/**
- * xmlSecMSCryptoAppDefaultKeysMngrAdoptKeyStore:
- * @mngr: the keys manager.
+/**
+ * xmlSecMSCryptoAppDefaultKeysMngrAdoptKeyStore:
+ * @mngr: the keys manager.
* @keyStore: the pointer to keys store.
*
* Adds @keyStore to the list of key stores in the keys manager @mngr.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecMSCryptoAppDefaultKeysMngrAdoptKeyStore(xmlSecKeysMngrPtr mngr, HCERTSTORE keyStore)
{
- xmlSecKeyDataStorePtr x509Store ;
+ xmlSecKeyDataStorePtr x509Store ;
- xmlSecAssert2( mngr != NULL, -1 ) ;
- xmlSecAssert2( keyStore != NULL, -1 ) ;
+ xmlSecAssert2( mngr != NULL, -1 ) ;
+ xmlSecAssert2( keyStore != NULL, -1 ) ;
x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId) ;
- if( x509Store == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecKeysMngrGetDataStore" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1) ;
- }
-
- if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
- "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1) ;
- }
-
- return (0) ;
+ if( x509Store == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetDataStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+
+ return (0) ;
}
-/**
- * xmlSecMSCryptoAppDefaultKeysMngrAdoptTrustedStore:
- * @mngr: the keys manager.
+/**
+ * xmlSecMSCryptoAppDefaultKeysMngrAdoptTrustedStore:
+ * @mngr: the keys manager.
* @trustedStore: the pointer to certs store.
*
* Adds @trustedStore to the list of trusted cert stores in the keys manager @mngr.
@@ -974,36 +975,36 @@ xmlSecMSCryptoAppDefaultKeysMngrAdoptKeyStore(xmlSecKeysMngrPtr mngr, HCERTSTORE
int
xmlSecMSCryptoAppDefaultKeysMngrAdoptTrustedStore(xmlSecKeysMngrPtr mngr, HCERTSTORE trustedStore)
{
- xmlSecKeyDataStorePtr x509Store ;
+ xmlSecKeyDataStorePtr x509Store ;
- xmlSecAssert2( mngr != NULL, -1 ) ;
- xmlSecAssert2( trustedStore != NULL, -1 ) ;
+ xmlSecAssert2( mngr != NULL, -1 ) ;
+ xmlSecAssert2( trustedStore != NULL, -1 ) ;
x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
- if( x509Store == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecKeysMngrGetDataStore" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1) ;
- }
-
- if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
- "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1) ;
- }
-
- return(0);
+ if( x509Store == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetDataStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+
+ return(0);
}
-/**
- * xmlSecMSCryptoAppDefaultKeysMngrAdoptUntrustedStore:
- * @mngr: the keys manager.
+/**
+ * xmlSecMSCryptoAppDefaultKeysMngrAdoptUntrustedStore:
+ * @mngr: the keys manager.
* @untrustedStore: the pointer to certs store.
*
* Adds @trustedStore to the list of un-trusted cert stores in the keys manager @mngr.
@@ -1013,222 +1014,222 @@ xmlSecMSCryptoAppDefaultKeysMngrAdoptTrustedStore(xmlSecKeysMngrPtr mngr, HCERTS
int
xmlSecMSCryptoAppDefaultKeysMngrAdoptUntrustedStore(xmlSecKeysMngrPtr mngr, HCERTSTORE untrustedStore)
{
- xmlSecKeyDataStorePtr x509Store ;
+ xmlSecKeyDataStorePtr x509Store ;
- xmlSecAssert2( mngr != NULL, -1 ) ;
- xmlSecAssert2( untrustedStore != NULL, -1 ) ;
+ xmlSecAssert2( mngr != NULL, -1 ) ;
+ xmlSecAssert2( untrustedStore != NULL, -1 ) ;
x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId);
- if( x509Store == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecKeysMngrGetDataStore" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
- "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- return(0) ;
+ if( x509Store == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetDataStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ return(0) ;
}
#endif /* XMLSEC_NO_X509 */
/**
* xmlSecMSCryptoAppDefaultKeysMngrInit:
- * @mngr: the pointer to keys manager.
+ * @mngr: the pointer to keys manager.
*
* Initializes @mngr with simple keys store #xmlSecSimpleKeysStoreId
* and a default MSCrypto crypto key data stores.
*
* Returns: 0 on success or a negative value otherwise.
- */
+ */
int
xmlSecMSCryptoAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) {
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
- /* create MSCrypto keys store if needed */
+ /* create MSCrypto keys store if needed */
if(xmlSecKeysMngrGetKeysStore(mngr) == NULL) {
- xmlSecKeyStorePtr keysStore;
-
- keysStore = xmlSecKeyStoreCreate(xmlSecMSCryptoKeysStoreId);
- if(keysStore == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyStoreCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecMSCryptoKeysStoreId");
- return(-1);
- }
-
- ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrAdoptKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyStoreDestroy(keysStore);
- return(-1);
- }
+ xmlSecKeyStorePtr keysStore;
+
+ keysStore = xmlSecKeyStoreCreate(xmlSecMSCryptoKeysStoreId);
+ if(keysStore == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecMSCryptoKeysStoreId");
+ return(-1);
+ }
+
+ ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrAdoptKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyStoreDestroy(keysStore);
+ return(-1);
+ }
}
- ret = xmlSecMSCryptoKeysMngrInit(mngr);
+ ret = xmlSecMSCryptoKeysMngrInit(mngr);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoKeysMngrInit",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ NULL,
+ "xmlSecMSCryptoKeysMngrInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
mngr->getKey = xmlSecKeysMngrGetKey;
return(0);
}
/**
* xmlSecMSCryptoAppDefaultKeysMngrAdoptKey:
- * @mngr: the pointer to keys manager.
- * @key: the pointer to key.
+ * @mngr: the pointer to keys manager.
+ * @key: the pointer to key.
*
* Adds @key to the keys manager @mngr created with #xmlSecMSCryptoAppDefaultKeysMngrInit
* function.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecMSCryptoAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) {
xmlSecKeyStorePtr store;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(key != NULL, -1);
-
+
store = xmlSecKeysMngrGetKeysStore(mngr);
if(store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
ret = xmlSecMSCryptoKeysStoreAdoptKey(store, key);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoKeysStoreAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoKeysStoreAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
return(0);
}
/**
* xmlSecMSCryptoAppDefaultKeysMngrLoad:
- * @mngr: the pointer to keys manager.
- * @uri: the uri.
+ * @mngr: the pointer to keys manager.
+ * @uri: the uri.
*
- * Loads XML keys file from @uri to the keys manager @mngr created
+ * Loads XML keys file from @uri to the keys manager @mngr created
* with #xmlSecMSCryptoAppDefaultKeysMngrInit function.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecMSCryptoAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) {
xmlSecKeyStorePtr store;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(uri != NULL, -1);
-
+
store = xmlSecKeysMngrGetKeysStore(mngr);
if(store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
ret = xmlSecMSCryptoKeysStoreLoad(store, uri, mngr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoKeysStoreLoad",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "uri=%s", xmlSecErrorsSafeString(uri));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoKeysStoreLoad",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s", xmlSecErrorsSafeString(uri));
+ return(-1);
}
-
+
return(0);
}
/**
* xmlSecMSCryptoAppDefaultKeysMngrSave:
- * @mngr: the pointer to keys manager.
+ * @mngr: the pointer to keys manager.
* @filename: the destination filename.
- * @type: the type of keys to save (public/private/symmetric).
+ * @type: the type of keys to save (public/private/symmetric).
*
* Saves keys from @mngr to XML keys file.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecMSCryptoAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename, xmlSecKeyDataType type) {
xmlSecKeyStorePtr store;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
-
+
store = xmlSecKeysMngrGetKeysStore(mngr);
if(store == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
+
ret = xmlSecMSCryptoKeysStoreSave(store, filename, type);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoKeysStoreSave",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename%s", xmlSecErrorsSafeString(filename));
+ NULL,
+ "xmlSecMSCryptoKeysStoreSave",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename%s", xmlSecErrorsSafeString(filename));
return(-1);
}
-
+
return(0);
}
/**
* xmlSecMSCryptoAppDefaultKeysMngrPrivateKeyLoad:
- * @mngr: the pointer to keys manager.
+ * @mngr: the pointer to keys manager.
* @hKey: the key handle.
- *
+ *
* Adds private key @hKey to the keys manager @mngr.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
+ */
int
xmlSecMSCryptoAppDefaultKeysMngrPrivateKeyLoad(xmlSecKeysMngrPtr mngr, HCRYPTKEY hKey) {
xmlSecAssert2(mngr != NULL, -1);
@@ -1240,14 +1241,14 @@ xmlSecMSCryptoAppDefaultKeysMngrPrivateKeyLoad(xmlSecKeysMngrPtr mngr, HCRYPTKEY
/**
* xmlSecMSCryptoAppDefaultKeysMngrPublicKeyLoad:
- * @mngr: the pointer to keys manager.
+ * @mngr: the pointer to keys manager.
* @hKey: the key handle.
- *
+ *
* Adds public key @hKey to the keys manager @mngr.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecMSCryptoAppDefaultKeysMngrPublicKeyLoad(xmlSecKeysMngrPtr mngr, HCRYPTKEY hKey) {
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(hKey != 0, -1);
@@ -1258,14 +1259,14 @@ xmlSecMSCryptoAppDefaultKeysMngrPublicKeyLoad(xmlSecKeysMngrPtr mngr, HCRYPTKEY
/**
* xmlSecMSCryptoAppDefaultKeysMngrSymKeyLoad:
- * @mngr: the pointer to keys manager.
+ * @mngr: the pointer to keys manager.
* @hKey: the key handle.
- *
+ *
* Adds symmetric key @hKey to the keys manager @mngr.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecMSCryptoAppDefaultKeysMngrSymKeyLoad(xmlSecKeysMngrPtr mngr, HCRYPTKEY hKey) {
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(hKey != 0, -1);
diff --git a/src/mscrypto/certkeys.c b/src/mscrypto/certkeys.c
index 73a6c260..12c2e404 100644
--- a/src/mscrypto/certkeys.c
+++ b/src/mscrypto/certkeys.c
@@ -1,10 +1,10 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
- * Copyrigth (C) 2003 Cordys R&D BV, All rights reserved.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
* Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -30,10 +30,7 @@
#include <xmlsec/mscrypto/certkeys.h>
#include <xmlsec/mscrypto/crypto.h>
#include <xmlsec/mscrypto/x509.h>
-
-#if defined(__MINGW32__)
-# include "xmlsec-mingw.h"
-#endif
+#include "private.h"
// GOST CSP don't support keys duplicating, so we use NT4 analogs for these...
#ifndef XMLSEC_NO_GOST
@@ -42,15 +39,14 @@
#endif
#endif
-#define XMLSEC_CONTAINER_NAME "xmlsec-key-container"
/**************************************************************************
*
* Internal MSCrypto PCCERT_CONTEXT key CTX
*
*************************************************************************/
-typedef struct _xmlSecMSCryptoKeyDataCtx xmlSecMSCryptoKeyDataCtx,
- *xmlSecMSCryptoKeyDataCtxPtr;
+typedef struct _xmlSecMSCryptoKeyDataCtx xmlSecMSCryptoKeyDataCtx,
+ *xmlSecMSCryptoKeyDataCtxPtr;
#ifdef XMLSEC_MSCRYPTO_NT4
/*-
@@ -59,8 +55,8 @@ typedef struct _xmlSecMSCryptoKeyDataCtx xmlSecMSCryptoKeyDataCtx,
* by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0
*/
struct _mscrypt_key {
- HCRYPTKEY hKey ;
- volatile LONG refcnt ;
+ HCRYPTKEY hKey ;
+ volatile LONG refcnt ;
} ;
/*-
@@ -69,9 +65,9 @@ struct _mscrypt_key {
* by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0
*/
struct _mscrypt_prov {
- HCRYPTPROV hProv ;
+ HCRYPTPROV hProv ;
BOOL fCallerFreeProv ;
- volatile LONG refcnt ;
+ volatile LONG refcnt ;
} ;
#endif /* XMLSEC_MSCRYPTO_NT4 */
@@ -84,19 +80,18 @@ struct _mscrypt_prov {
*/
struct _xmlSecMSCryptoKeyDataCtx {
#ifndef XMLSEC_MSCRYPTO_NT4
- HCRYPTPROV hProv;
- BOOL fCallerFreeProv;
- HCRYPTKEY hKey;
+ HCRYPTPROV hProv;
+ BOOL fCallerFreeProv;
+ HCRYPTKEY hKey;
#else /* XMLSEC_MSCRYPTO_NT4 */
- struct _mscrypt_prov* p_prov ;
- struct _mscrypt_key* p_key ;
+ struct _mscrypt_prov* p_prov ;
+ struct _mscrypt_key* p_key ;
#endif /* XMLSEC_MSCRYPTO_NT4 */
- PCCERT_CONTEXT pCert;
- LPCTSTR providerName;
- DWORD providerType;
- DWORD dwKeySpec;
- xmlSecKeyDataType type;
-};
+ PCCERT_CONTEXT pCert;
+ const xmlSecMSCryptoProviderInfo * providers;
+ DWORD dwKeySpec;
+ xmlSecKeyDataType type;
+};
#ifndef XMLSEC_MSCRYPTO_NT4
@@ -107,28 +102,28 @@ static void
xmlSecMSCryptoKeyDataCtxCreateProvider(xmlSecMSCryptoKeyDataCtxPtr ctx) {
xmlSecAssert(ctx != NULL);
- ctx->hProv = 0;
- ctx->fCallerFreeProv = FALSE;
+ ctx->hProv = 0;
+ ctx->fCallerFreeProv = FALSE;
}
static void
xmlSecMSCryptoKeyDataCtxDestroyProvider(xmlSecMSCryptoKeyDataCtxPtr ctx) {
xmlSecAssert(ctx != NULL);
-
+
if ((ctx->hProv != 0) && (ctx->fCallerFreeProv)) {
- CryptReleaseContext(ctx->hProv, 0);
+ CryptReleaseContext(ctx->hProv, 0);
}
- ctx->hProv = 0;
- ctx->fCallerFreeProv = FALSE;
+ ctx->hProv = 0;
+ ctx->fCallerFreeProv = FALSE;
}
static void
xmlSecMSCryptoKeyDataCtxSetProvider(xmlSecMSCryptoKeyDataCtxPtr ctx, HCRYPTPROV hProv, BOOL fCallerFreeProv)
{
xmlSecAssert(ctx != NULL);
-
+
xmlSecMSCryptoKeyDataCtxDestroyProvider(ctx);
- ctx->hProv = hProv;
+ ctx->hProv = hProv;
ctx->fCallerFreeProv = fCallerFreeProv;
}
@@ -141,20 +136,21 @@ xmlSecMSCryptoKeyDataCtxDuplicateProvider(xmlSecMSCryptoKeyDataCtxPtr ctxDst, xm
if(ctxSrc->hProv != 0) {
if(!CryptContextAddRef(ctxSrc->hProv, NULL, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptContextAddRef",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptContextAddRef",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
- ctxDst->hProv = ctxSrc->hProv;
- ctxDst->fCallerFreeProv = TRUE;
+ ctxDst->hProv = ctxSrc->hProv;
+ ctxDst->fCallerFreeProv = TRUE;
}
return(0);
}
+
/******************************** Key *****************************************/
#define xmlSecMSCryptoKeyDataCtxGetKey(ctx) ((ctx)->hKey)
@@ -168,9 +164,9 @@ xmlSecMSCryptoKeyDataCtxCreateKey(xmlSecMSCryptoKeyDataCtxPtr ctx) {
static void
xmlSecMSCryptoKeyDataCtxDestroyKey(xmlSecMSCryptoKeyDataCtxPtr ctx) {
xmlSecAssert(ctx != NULL);
-
+
if (ctx->hKey != 0) {
- CryptDestroyKey(ctx->hKey);
+ CryptDestroyKey(ctx->hKey);
}
ctx->hKey = 0;
}
@@ -190,14 +186,14 @@ xmlSecMSCryptoKeyDataCtxDuplicateKey(xmlSecMSCryptoKeyDataCtxPtr ctxDst, xmlSecM
xmlSecMSCryptoKeyDataCtxDestroyKey(ctxDst);
if (ctxSrc->hKey != 0) {
- if (!CryptDuplicateKey(ctxSrc->hKey, NULL, 0, &(ctxDst->hKey))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptDuplicateKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ if (!CryptDuplicateKey(ctxSrc->hKey, NULL, 0, &(ctxDst->hKey))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptDuplicateKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
return(0);
@@ -212,45 +208,45 @@ static void
xmlSecMSCryptoKeyDataCtxCreateProvider(xmlSecMSCryptoKeyDataCtxPtr ctx) {
xmlSecAssert(ctx != NULL);
- ctx->p_prov = (struct _mscrypt_prov*)xmlMalloc(sizeof(struct _mscrypt_prov));
- if(ctx->p_prov == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE,
- "mscrypt_create_prov" ,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE
- );
- }
+ ctx->p_prov = (struct _mscrypt_prov*)xmlMalloc(sizeof(struct _mscrypt_prov));
+ if(ctx->p_prov == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE,
+ "mscrypt_create_prov" ,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE
+ );
+ }
memset(ctx->p_prov, 0, sizeof(struct _mscrypt_prov));
}
static void
xmlSecMSCryptoKeyDataCtxDestroyProvider(xmlSecMSCryptoKeyDataCtxPtr ctx) {
xmlSecAssert(ctx != NULL);
-
- if(ctx->p_prov != NULL) {
- if(InterlockedDecrement(&(ctx->p_prov->refcnt)) <= 0) {
- if((ctx->p_prov->hProv != 0) && (ctx->p_prov->fCallerFreeProv)) {
- CryptReleaseContext(ctx->p_prov->hProv, 0) ;
- }
+
+ if(ctx->p_prov != NULL) {
+ if(InterlockedDecrement(&(ctx->p_prov->refcnt)) <= 0) {
+ if((ctx->p_prov->hProv != 0) && (ctx->p_prov->fCallerFreeProv)) {
+ CryptReleaseContext(ctx->p_prov->hProv, 0) ;
+ }
memset(ctx->p_prov, 0, sizeof(struct _mscrypt_prov));
- xmlFree(ctx->p_prov) ;
- }
+ xmlFree(ctx->p_prov) ;
+ }
ctx->p_prov = NULL;
- }
+ }
}
static void
xmlSecMSCryptoKeyDataCtxSetProvider(xmlSecMSCryptoKeyDataCtxPtr ctx, HCRYPTPROV hProv, BOOL fCallerFreeProv)
{
xmlSecAssert(ctx != NULL);
-
+
xmlSecMSCryptoKeyDataCtxDestroyProvider(ctx);
if((ctx->p_prov != NULL) && (ctx->p_prov->refcnt == 1)) {
- if((ctx->p_prov->hProv != 0) && (ctx->p_prov->fCallerFreeProv)) {
- CryptReleaseContext(ctx->p_prov->hProv, 0) ;
- }
+ if((ctx->p_prov->hProv != 0) && (ctx->p_prov->fCallerFreeProv)) {
+ CryptReleaseContext(ctx->p_prov->hProv, 0) ;
+ }
memset(ctx->p_prov, 0, sizeof(struct _mscrypt_prov));
} else {
xmlSecMSCryptoKeyDataCtxDestroyProvider(ctx);
@@ -284,32 +280,32 @@ static void
xmlSecMSCryptoKeyDataCtxCreateKey(xmlSecMSCryptoKeyDataCtxPtr ctx) {
xmlSecAssert(ctx != NULL);
- ctx->p_key = (struct _mscrypt_key*)xmlMalloc(sizeof(struct _mscrypt_key));
- if(ctx->p_key == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE,
- "mscrypt_create_key" ,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE
- );
- }
+ ctx->p_key = (struct _mscrypt_key*)xmlMalloc(sizeof(struct _mscrypt_key));
+ if(ctx->p_key == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE,
+ "mscrypt_create_key" ,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE
+ );
+ }
memset(ctx->p_key, 0, sizeof(struct _mscrypt_key));
}
static void
xmlSecMSCryptoKeyDataCtxDestroyKey(xmlSecMSCryptoKeyDataCtxPtr ctx) {
xmlSecAssert(ctx != NULL);
-
- if(ctx->p_key != NULL) {
- if(InterlockedDecrement(&(ctx->p_key->refcnt)) <= 0) {
- if(ctx->p_key->hKey != 0) {
- CryptDestroyKey(ctx->p_key->hKey) ;
- }
+
+ if(ctx->p_key != NULL) {
+ if(InterlockedDecrement(&(ctx->p_key->refcnt)) <= 0) {
+ if(ctx->p_key->hKey != 0) {
+ CryptDestroyKey(ctx->p_key->hKey) ;
+ }
memset(ctx->p_key, 0, sizeof(struct _mscrypt_key));
- xmlFree(ctx->p_key) ;
- }
+ xmlFree(ctx->p_key) ;
+ }
ctx->p_key = NULL;
- }
+ }
}
static void
@@ -317,9 +313,9 @@ xmlSecMSCryptoKeyDataCtxSetKey(xmlSecMSCryptoKeyDataCtxPtr ctx, HCRYPTKEY hKey)
xmlSecAssert(ctx != NULL);
if((ctx->p_key != NULL) && (ctx->p_key->refcnt == 1)) {
- if(ctx->p_key->hKey != 0) {
- CryptDestroyKey(ctx->p_key->hKey) ;
- }
+ if(ctx->p_key->hKey != 0) {
+ CryptDestroyKey(ctx->p_key->hKey) ;
+ }
memset(ctx->p_key, 0, sizeof(struct _mscrypt_key));
} else {
xmlSecMSCryptoKeyDataCtxDestroyKey(ctx);
@@ -358,9 +354,9 @@ xmlSecMSCryptoKeyDataCtxCreateCert(xmlSecMSCryptoKeyDataCtxPtr ctx) {
static void
xmlSecMSCryptoKeyDataCtxDestroyCert(xmlSecMSCryptoKeyDataCtxPtr ctx) {
xmlSecAssert(ctx != NULL);
-
+
if(ctx->pCert != NULL) {
- CertFreeCertificateContext(ctx->pCert);
+ CertFreeCertificateContext(ctx->pCert);
}
ctx->pCert = NULL;
}
@@ -378,18 +374,18 @@ xmlSecMSCryptoKeyDataCtxDuplicateCert(xmlSecMSCryptoKeyDataCtxPtr ctxDst, xmlSec
xmlSecAssert2(ctxDst != NULL, -1);
xmlSecAssert2(ctxSrc != NULL, -1);
- xmlSecMSCryptoKeyDataCtxDestroyCert(ctxDst);
+ xmlSecMSCryptoKeyDataCtxDestroyCert(ctxDst);
if(ctxSrc->pCert != NULL) {
- ctxDst->pCert = xmlSecMSCryptoCertDup(ctxSrc->pCert);
- if(ctxDst->pCert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoPCCDup",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
+ ctxDst->pCert = xmlSecMSCryptoCertDup(ctxSrc->pCert);
+ if(ctxDst->pCert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoPCCDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
return(0);
}
@@ -398,25 +394,25 @@ xmlSecMSCryptoKeyDataCtxDuplicateCert(xmlSecMSCryptoKeyDataCtxPtr ctxDst, xmlSec
* xmlSecMSCryptoKeyDataCtx is located after xmlSecTransform
*
*****************************************************************************/
-#define xmlSecMSCryptoKeyDataSize \
- (sizeof(xmlSecKeyData) + sizeof(xmlSecMSCryptoKeyDataCtx))
+#define xmlSecMSCryptoKeyDataSize \
+ (sizeof(xmlSecKeyData) + sizeof(xmlSecMSCryptoKeyDataCtx))
#define xmlSecMSCryptoKeyDataGetCtx(data) \
((xmlSecMSCryptoKeyDataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData)))
-static int xmlSecMSCryptoKeyDataDuplicate (xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src);
-static void xmlSecMSCryptoKeyDataFinalize (xmlSecKeyDataPtr data);
-static int xmlSecMSCryptoKeyDataGetSize (xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoKeyDataDuplicate (xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src);
+static void xmlSecMSCryptoKeyDataFinalize (xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoKeyDataGetSize (xmlSecKeyDataPtr data);
/**
* xmlSecMSCryptoKeyDataAdoptCert:
- * @data: the pointer to MSCrypto pccert data.
- * @pCert: the pointer to PCCERT key.
+ * @data: the pointer to MSCrypto pccert data.
+ * @pCert: the pointer to PCCERT key.
*
* Sets the value of key data.
*
* Returns: 0 on success or a negative value otherwise.
*/
-static int
+static int
xmlSecMSCryptoKeyDataAdoptCert(xmlSecKeyDataPtr data, PCCERT_CONTEXT pCert, xmlSecKeyDataType type) {
xmlSecMSCryptoKeyDataCtxPtr ctx;
HCRYPTKEY hKey = 0;
@@ -443,43 +439,41 @@ xmlSecMSCryptoKeyDataAdoptCert(xmlSecKeyDataPtr data, PCCERT_CONTEXT pCert, xmlS
HCRYPTPROV hProv = 0;
BOOL fCallerFreeProv = FALSE;
- if (!CryptAcquireCertificatePrivateKey(pCert,
- CRYPT_ACQUIRE_COMPARE_KEY_FLAG,
- NULL,
- &hProv,
- &(ctx->dwKeySpec),
- &fCallerFreeProv)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptAcquireCertificatePrivateKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ if (!CryptAcquireCertificatePrivateKey(pCert,
+ CRYPT_ACQUIRE_COMPARE_KEY_FLAG,
+ NULL,
+ &hProv,
+ &(ctx->dwKeySpec),
+ &fCallerFreeProv)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptAcquireCertificatePrivateKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
xmlSecMSCryptoKeyDataCtxSetProvider(ctx, hProv, fCallerFreeProv);
} else if((type & xmlSecKeyDataTypePublic) != 0){
- HCRYPTPROV hProv = 0;
- if (!CryptAcquireContext(&hProv,
- NULL,
- NULL, /* ctx->providerName, */
- ctx->providerType,
- CRYPT_VERIFYCONTEXT)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptAcquireContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ HCRYPTPROV hProv;
+
+ hProv = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, FALSE);
+ if (hProv == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoFindProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
xmlSecMSCryptoKeyDataCtxSetProvider(ctx, hProv, TRUE);
- ctx->dwKeySpec = 0;
+ ctx->dwKeySpec = 0;
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "Unsupported keytype");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "Unsupported keytype");
+ return(-1);
}
/* CryptImportPublicKeyInfo is only needed when a real key handle
@@ -489,37 +483,37 @@ xmlSecMSCryptoKeyDataAdoptCert(xmlSecKeyDataPtr data, PCCERT_CONTEXT pCert, xmlS
* so no unnessecary calls to CryptImportPublicKeyInfo are being
* made. WK
*/
- if(!CryptImportPublicKeyInfo(xmlSecMSCryptoKeyDataCtxGetProvider(ctx),
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- &(pCert->pCertInfo->SubjectPublicKeyInfo),
- &hKey)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptImportPublicKeyInfo",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ if(!CryptImportPublicKeyInfo(xmlSecMSCryptoKeyDataCtxGetProvider(ctx),
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ &(pCert->pCertInfo->SubjectPublicKeyInfo),
+ &hKey)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptImportPublicKeyInfo",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
xmlSecMSCryptoKeyDataCtxSetKey(ctx, hKey);
xmlSecMSCryptoKeyDataCtxSetCert(ctx, pCert);
return(0);
}
-static int
-xmlSecMSCryptoKeyDataAdoptKey(xmlSecKeyDataPtr data,
- HCRYPTPROV hProv,
- BOOL fCallerFreeProv,
- HCRYPTKEY hKey,
- DWORD dwKeySpec,
- xmlSecKeyDataType type) {
+static int
+xmlSecMSCryptoKeyDataAdoptKey(xmlSecKeyDataPtr data,
+ HCRYPTPROV hProv,
+ BOOL fCallerFreeProv,
+ HCRYPTKEY hKey,
+ DWORD dwKeySpec,
+ xmlSecKeyDataType type) {
xmlSecMSCryptoKeyDataCtxPtr ctx;
xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), -1);
xmlSecAssert2(hKey != 0, -1);
xmlSecAssert2(type & (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate), -1);
-
+
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
@@ -527,20 +521,20 @@ xmlSecMSCryptoKeyDataAdoptKey(xmlSecKeyDataPtr data,
xmlSecMSCryptoKeyDataCtxSetKey(ctx, hKey);
xmlSecMSCryptoKeyDataCtxSetCert(ctx, NULL);
- ctx->dwKeySpec = dwKeySpec;
- ctx->type = type;
+ ctx->dwKeySpec = dwKeySpec;
+ ctx->type = type;
return(0);
}
/**
* xmlSecMSCryptoKeyDataGetKey:
- * @data: the key data to retrieve certificate from.
+ * @data: the key data to retrieve certificate from.
* @type: type of key requested (public/private)
*
- * Native MSCrypto key retrieval from xmlsec keydata. The
+ * Native MSCrypto key retrieval from xmlsec keydata. The
* returned HKEY must not be destroyed by the caller.
- *
+ *
* Returns: HKEY on success or NULL otherwise.
*/
HCRYPTKEY
@@ -552,14 +546,14 @@ xmlSecMSCryptoKeyDataGetKey(xmlSecKeyDataPtr data, xmlSecKeyDataType type) {
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, 0);
-
+
return(xmlSecMSCryptoKeyDataCtxGetKey(ctx));
}
/**
* xmlSecMSCryptoKeyDataGetDecryptKey:
- * @data: the key data pointer
- *
+ * @data: the key data pointer
+ *
* Native MSCrypto decrypt key retrieval from xmlsec keydata. The
* returned HKEY must not be destroyed by the caller.
*
@@ -567,33 +561,33 @@ xmlSecMSCryptoKeyDataGetKey(xmlSecKeyDataPtr data, xmlSecKeyDataType type) {
*/
HCRYPTKEY
xmlSecMSCryptoKeyDataGetDecryptKey(xmlSecKeyDataPtr data) {
- xmlSecMSCryptoKeyDataCtxPtr ctx;
- HCRYPTKEY hKey;
-
- xmlSecAssert2(xmlSecKeyDataIsValid(data), 0);
- xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), 0);
-
- ctx = xmlSecMSCryptoKeyDataGetCtx(data);
- xmlSecAssert2(ctx != NULL, 0);
-
- if( !CryptGetUserKey(xmlSecMSCryptoKeyDataCtxGetProvider(ctx), AT_KEYEXCHANGE, &(hKey))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptGetUserKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(0);
- }
- return (hKey);
+ xmlSecMSCryptoKeyDataCtxPtr ctx;
+ HCRYPTKEY hKey;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), 0);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), 0);
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ if( !CryptGetUserKey(xmlSecMSCryptoKeyDataCtxGetProvider(ctx), AT_KEYEXCHANGE, &(hKey))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetUserKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
+ }
+ return (hKey);
}
/**
* xmlSecMSCryptoKeyDataGetCert:
- * @data: the key data to retrieve certificate from.
- *
- * Native MSCrypto certificate retrieval from xmlsec keydata. The
+ * @data: the key data to retrieve certificate from.
+ *
+ * Native MSCrypto certificate retrieval from xmlsec keydata. The
* returned PCCERT_CONTEXT must not be released by the caller.
- *
+ *
* Returns: PCCERT_CONTEXT on success or NULL otherwise.
*/
PCCERT_CONTEXT
@@ -605,10 +599,18 @@ xmlSecMSCryptoKeyDataGetCert(xmlSecKeyDataPtr data) {
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, 0);
-
+
return(xmlSecMSCryptoKeyDataCtxGetCert(ctx));
}
+/**
+ * xmlSecMSCryptoKeyDataGetMSCryptoProvider:
+ * @data: the key data
+ *
+ * Gets crypto provider handle
+ *
+ * Returns: the crypto provider handler or 0 if there is an error.
+ */
HCRYPTPROV
xmlSecMSCryptoKeyDataGetMSCryptoProvider(xmlSecKeyDataPtr data) {
xmlSecMSCryptoKeyDataCtxPtr ctx;
@@ -622,6 +624,14 @@ xmlSecMSCryptoKeyDataGetMSCryptoProvider(xmlSecKeyDataPtr data) {
return(xmlSecMSCryptoKeyDataCtxGetProvider(ctx));
}
+/**
+ * xmlSecMSCryptoKeyDataGetMSCryptoKeySpec:
+ * @data: the key data
+ *
+ * Gets key spec info.
+ *
+ * Returns: the key spec info from key data
+ */
DWORD
xmlSecMSCryptoKeyDataGetMSCryptoKeySpec(xmlSecKeyDataPtr data) {
xmlSecMSCryptoKeyDataCtxPtr ctx;
@@ -635,7 +645,7 @@ xmlSecMSCryptoKeyDataGetMSCryptoKeySpec(xmlSecKeyDataPtr data) {
return(ctx->dwKeySpec);
}
-static int
+static int
xmlSecMSCryptoKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
xmlSecMSCryptoKeyDataCtxPtr ctxDst;
xmlSecMSCryptoKeyDataCtxPtr ctxSrc;
@@ -652,43 +662,42 @@ xmlSecMSCryptoKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
xmlSecAssert2(ctxSrc != NULL, -1);
if(xmlSecMSCryptoKeyDataCtxDuplicateProvider(ctxDst, ctxSrc) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "xmlSecMSCryptoKeyDataCtxDuplicateProvider",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecMSCryptoKeyDataCtxDuplicateProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
if(xmlSecMSCryptoKeyDataCtxDuplicateKey(ctxDst, ctxSrc) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "xmlSecMSCryptoKeyDataCtxDuplicateKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecMSCryptoKeyDataCtxDuplicateKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
if(xmlSecMSCryptoKeyDataCtxDuplicateCert(ctxDst, ctxSrc) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "xmlSecMSCryptoKeyDataCtxDuplicateCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- ctxDst->dwKeySpec = ctxSrc->dwKeySpec;
- ctxDst->providerName = ctxSrc->providerName;
- ctxDst->providerType = ctxSrc->providerType;
- ctxDst->type = ctxSrc->type;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecMSCryptoKeyDataCtxDuplicateCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ctxDst->dwKeySpec = ctxSrc->dwKeySpec;
+ ctxDst->providers = ctxSrc->providers;
+ ctxDst->type = ctxSrc->type;
return(0);
}
-static void
+static void
xmlSecMSCryptoKeyDataInitialize(xmlSecKeyDataPtr data) {
- xmlSecMSCryptoKeyDataCtxPtr ctx;
+ xmlSecMSCryptoKeyDataCtxPtr ctx;
xmlSecAssert(xmlSecKeyDataIsValid(data));
xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize));
@@ -703,16 +712,16 @@ xmlSecMSCryptoKeyDataInitialize(xmlSecKeyDataPtr data) {
xmlSecMSCryptoKeyDataCtxCreateCert(ctx);
}
-static void
+static void
xmlSecMSCryptoKeyDataFinalize(xmlSecKeyDataPtr data) {
xmlSecMSCryptoKeyDataCtxPtr ctx;
-
+
xmlSecAssert(xmlSecKeyDataIsValid(data));
xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize));
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
xmlSecAssert(ctx != NULL);
-
+
xmlSecMSCryptoKeyDataCtxDestroyKey(ctx);
xmlSecMSCryptoKeyDataCtxDestroyCert(ctx);
xmlSecMSCryptoKeyDataCtxDestroyProvider(ctx);
@@ -720,7 +729,7 @@ xmlSecMSCryptoKeyDataFinalize(xmlSecKeyDataPtr data) {
memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx));
}
-static int
+static int
xmlSecMSCryptoKeyDataGetSize(xmlSecKeyDataPtr data) {
xmlSecMSCryptoKeyDataCtxPtr ctx;
@@ -732,30 +741,30 @@ xmlSecMSCryptoKeyDataGetSize(xmlSecKeyDataPtr data) {
if(xmlSecMSCryptoKeyDataCtxGetCert(ctx) != NULL) {
xmlSecAssert2(xmlSecMSCryptoKeyDataCtxGetCert(ctx)->pCertInfo != NULL, 0);
- return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- &(xmlSecMSCryptoKeyDataCtxGetCert(ctx)->pCertInfo->SubjectPublicKeyInfo)));
+ return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ &(xmlSecMSCryptoKeyDataCtxGetCert(ctx)->pCertInfo->SubjectPublicKeyInfo)));
} else if (xmlSecMSCryptoKeyDataCtxGetKey(ctx) != 0) {
DWORD length = 0;
- DWORD lenlen = sizeof(DWORD);
-
- if (!CryptGetKeyParam(xmlSecMSCryptoKeyDataCtxGetKey(ctx), KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertDuplicateCertificateContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(0);
- }
- return(length);
- }
-
+ DWORD lenlen = sizeof(DWORD);
+
+ if (!CryptGetKeyParam(xmlSecMSCryptoKeyDataCtxGetKey(ctx), KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
+ }
+ return(length);
+ }
+
return (0);
}
-static xmlSecKeyDataType
+static xmlSecKeyDataType
xmlSecMSCryptoKeyDataGetType(xmlSecKeyDataPtr data) {
xmlSecMSCryptoKeyDataCtxPtr ctx;
-
+
xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), xmlSecKeyDataTypeUnknown);
@@ -763,7 +772,7 @@ xmlSecMSCryptoKeyDataGetType(xmlSecKeyDataPtr data) {
xmlSecAssert2(ctx != NULL, xmlSecKeyDataTypeUnknown);
/* We could make a call to CryptFindCertificateKeyProvInfo here, to find out if
- * we *really* have a private key or not. However if the certificate is not
+ * we *really* have a private key or not. However if the certificate is not
* linked to a private key, the call takes an ridiculous amount of time.
* the way it is now is better I think. WK.
*/
@@ -772,11 +781,11 @@ xmlSecMSCryptoKeyDataGetType(xmlSecKeyDataPtr data) {
/**
* xmlSecMSCryptoCertDup:
- * @pCert: the pointer to cert.
- *
+ * @pCert: the pointer to cert.
+ *
* Duplicates the @pCert.
*
- * Returns: pointer to newly created PCCERT_CONTEXT object or
+ * Returns: pointer to newly created PCCERT_CONTEXT object or
* NULL if an error occurs.
*/
PCCERT_CONTEXT xmlSecMSCryptoCertDup(PCCERT_CONTEXT pCert) {
@@ -786,100 +795,100 @@ PCCERT_CONTEXT xmlSecMSCryptoCertDup(PCCERT_CONTEXT pCert) {
ret = CertDuplicateCertificateContext(pCert);
if(ret == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertDuplicateCertificateContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
return(ret);
}
/**
* xmlSecMSCryptoCertAdopt:
- * @pCert: the pointer to cert.
- * @type: the expected key type.
+ * @pCert: the pointer to cert.
+ * @type: the expected key type.
*
* Creates key data value from the cert.
*
* Returns: pointer to newly created xmlsec key or NULL if an error occurs.
*/
-xmlSecKeyDataPtr
+xmlSecKeyDataPtr
xmlSecMSCryptoCertAdopt(PCCERT_CONTEXT pCert, xmlSecKeyDataType type) {
xmlSecKeyDataPtr data = NULL;
int ret;
-
+
xmlSecAssert2(pCert != NULL, NULL);
xmlSecAssert2(pCert->pCertInfo != NULL, NULL);
xmlSecAssert2(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId != NULL, NULL);
#ifndef XMLSEC_NO_RSA
if (!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_RSA_RSA)) {
- data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataRsaId);
- if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecMSCryptoDataRsaId");
- return(NULL);
- }
- }
-#endif /* XMLSEC_NO_RSA */
+ data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataRsaId);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecMSCryptoDataRsaId");
+ return(NULL);
+ }
+ }
+#endif /* XMLSEC_NO_RSA */
#ifndef XMLSEC_NO_DSA
if (!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_X957_DSA /*szOID_DSALG_SIGN*/)) {
- data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataDsaId);
- if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecMSCryptoKeyDataDsaId");
- return(NULL);
- }
- }
-#endif /* XMLSEC_NO_DSA */
+ data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataDsaId);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecMSCryptoKeyDataDsaId");
+ return(NULL);
+ }
+ }
+#endif /* XMLSEC_NO_DSA */
#ifndef XMLSEC_NO_GOST
if (!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_2001_CP) ||
!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_2001) ||
- !strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_94_CP)) {
- data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataGost2001Id);
- if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecMSCryptoKeyDataGost2001Id");
- return(NULL);
- }
- }
-#endif /* XMLSEC_NO_GOST*/
+ !strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_94_CP)) {
+ data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataGost2001Id);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecMSCryptoKeyDataGost2001Id");
+ return(NULL);
+ }
+ }
+#endif /* XMLSEC_NO_GOST*/
if (NULL == data) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_TYPE,
- "PCCERT_CONTEXT key type %s not supported", pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TYPE,
+ "PCCERT_CONTEXT key type %s not supported", pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId);
+ return(NULL);
}
- xmlSecAssert2(data != NULL, NULL);
+ xmlSecAssert2(data != NULL, NULL);
ret = xmlSecMSCryptoKeyDataAdoptCert(data, pCert, type);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoPCCDataAdoptPCC",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(data);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoPCCDataAdoptPCC",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(NULL);
}
return(data);
}
@@ -898,54 +907,54 @@ xmlSecMSCryptoCertAdopt(PCCERT_CONTEXT pCert, xmlSecKeyDataType type) {
* <RSAKeyValue>
* <Modulus>xA7SEU+e0yQH5rm9kbCDN9o3aPIo7HbP7tX6WOocLZAtNfyxSZDU16ksL6W
* jubafOqNEpcwR3RdFsT7bCqnXPBe5ELh5u4VEy19MzxkXRgrMvavzyBpVRgBUwUlV
- * 5foK5hhmbktQhyNdy/6LpQRhDUDsTvK+g9Ucj47es9AQJ3U=
+ * 5foK5hhmbktQhyNdy/6LpQRhDUDsTvK+g9Ucj47es9AQJ3U=
* </Modulus>
* <Exponent>AQAB</Exponent>
* </RSAKeyValue>
*
- * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
* represented in XML as octet strings as defined by the ds:CryptoBinary type.
*
* Schema Definition:
- *
+ *
* <element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
* <complexType name="RSAKeyValueType">
* <sequence>
- * <element name="Modulus" type="ds:CryptoBinary"/>
+ * <element name="Modulus" type="ds:CryptoBinary"/>
* <element name="Exponent" type="ds:CryptoBinary"/>
* </sequence>
* </complexType>
*
* DTD Definition:
- *
- * <!ELEMENT RSAKeyValue (Modulus, Exponent) >
+ *
+ * <!ELEMENT RSAKeyValue (Modulus, Exponent) >
* <!ELEMENT Modulus (#PCDATA) >
* <!ELEMENT Exponent (#PCDATA) >
*
* ============================================================================
- *
+ *
*
*************************************************************************/
static int xmlSecMSCryptoKeyDataRsaInitialize(xmlSecKeyDataPtr data);
static int xmlSecMSCryptoKeyDataRsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src);
-static void xmlSecMSCryptoKeyDataRsaFinalize(xmlSecKeyDataPtr data);
+static void xmlSecMSCryptoKeyDataRsaFinalize(xmlSecKeyDataPtr data);
static int xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
static int xmlSecMSCryptoKeyDataRsaXmlWrite(xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
xmlSecKeyInfoCtxPtr keyInfoCtx);
static int xmlSecMSCryptoKeyDataRsaGenerate(xmlSecKeyDataPtr data,
- xmlSecSize sizeBits,
- xmlSecKeyDataType type);
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
static xmlSecKeyDataType xmlSecMSCryptoKeyDataRsaGetType(xmlSecKeyDataPtr data);
static xmlSecSize xmlSecMSCryptoKeyDataRsaGetSize(xmlSecKeyDataPtr data);
-static void xmlSecMSCryptoKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output);
-static void xmlSecMSCryptoKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output);
+static void xmlSecMSCryptoKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output);
+static void xmlSecMSCryptoKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output);
static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = {
sizeof(xmlSecKeyDataKlass),
@@ -953,54 +962,68 @@ static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = {
/* data */
xmlSecNameRSAKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefRSAKeyValue, /* const xmlChar* href; */
- xmlSecNodeRSAKeyValue, /* const xmlChar* dataNodeName; */
- xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefRSAKeyValue, /* const xmlChar* href; */
+ xmlSecNodeRSAKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- xmlSecMSCryptoKeyDataRsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecMSCryptoKeyDataRsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecMSCryptoKeyDataRsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- xmlSecMSCryptoKeyDataRsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
+ xmlSecMSCryptoKeyDataRsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecMSCryptoKeyDataRsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecMSCryptoKeyDataRsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecMSCryptoKeyDataRsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
/* get info */
- xmlSecMSCryptoKeyDataRsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
- xmlSecMSCryptoKeyDataRsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ xmlSecMSCryptoKeyDataRsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecMSCryptoKeyDataRsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- xmlSecMSCryptoKeyDataRsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecMSCryptoKeyDataRsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- NULL, /* xmlSecKeyDataBinReadMethod binRead; */
- NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ xmlSecMSCryptoKeyDataRsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecMSCryptoKeyDataRsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- xmlSecMSCryptoKeyDataRsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecMSCryptoKeyDataRsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ xmlSecMSCryptoKeyDataRsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecMSCryptoKeyDataRsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/* Ordered list of providers to search for algorithm implementation using
+ * xmlSecMSCryptoFindProvider() function
+ *
+ * MUST END with { NULL, 0 } !!!
+ */
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Rsa[] = {
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV, PROV_RSA_AES},
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE, PROV_RSA_AES },
+ { MS_STRONG_PROV, PROV_RSA_FULL },
+ { MS_ENHANCED_PROV, PROV_RSA_FULL },
+ { MS_DEF_PROV, PROV_RSA_FULL },
+ { NULL, 0 }
+};
+
+/**
* xmlSecMSCryptoKeyDataRsaGetKlass:
*
* The MSCrypto RSA CertKey data klass.
*
* Returns: pointer to MSCrypto RSA key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecMSCryptoKeyDataRsaGetKlass(void) {
return(&xmlSecMSCryptoKeyDataRsaKlass);
}
-static int
+static int
xmlSecMSCryptoKeyDataRsaInitialize(xmlSecKeyDataPtr data) {
xmlSecMSCryptoKeyDataCtxPtr ctx;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataRsaId), xmlSecKeyDataTypeUnknown);
xmlSecMSCryptoKeyDataInitialize(data);
@@ -1008,13 +1031,11 @@ xmlSecMSCryptoKeyDataRsaInitialize(xmlSecKeyDataPtr data) {
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
- ctx->providerName = MS_ENHANCED_PROV;
- ctx->providerType = PROV_RSA_FULL;
-
+ ctx->providers = xmlSecMSCryptoProviderInfo_Rsa;
return(0);
}
-static int
+static int
xmlSecMSCryptoKeyDataRsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecMSCryptoKeyDataRsaId), -1);
xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecMSCryptoKeyDataRsaId), -1);
@@ -1022,16 +1043,16 @@ xmlSecMSCryptoKeyDataRsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
return(xmlSecMSCryptoKeyDataDuplicate(dst, src));
}
-static void
+static void
xmlSecMSCryptoKeyDataRsaFinalize(xmlSecKeyDataPtr data) {
xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataRsaId));
xmlSecMSCryptoKeyDataFinalize(data);
}
-static int
+static int
xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecBn modulus, exponent;
xmlSecBuffer blob;
unsigned int blobBufferLen;
@@ -1049,48 +1070,48 @@ xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
-
+
if(xmlSecKeyGetValue(key) != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA,
- "key already has a value");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+ "key already has a value");
+ return(-1);
}
/* initialize buffers */
ret = xmlSecBnInitialize(&modulus, 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBnInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "modulus");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "modulus");
+ return(-1);
}
ret = xmlSecBnInitialize(&exponent, 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBnInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "exponent");
- xmlSecBnFinalize(&modulus);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "exponent");
+ xmlSecBnFinalize(&modulus);
+ return(-1);
}
ret = xmlSecBufferInitialize(&blob, 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "blob");
- xmlSecBnFinalize(&modulus);
- xmlSecBnFinalize(&exponent);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "blob");
+ xmlSecBnFinalize(&modulus);
+ xmlSecBnFinalize(&exponent);
+ return(-1);
}
/* read xml */
@@ -1098,96 +1119,96 @@ xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
/* first is Modulus node. It is REQUIRED because we do not support Seed and PgenCounter*/
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAModulus, xmlSecDSigNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ goto done;
}
ret = xmlSecBnGetNodeValue(&modulus, cur, xmlSecBnBase64, 1);
if((ret < 0) || (xmlSecBnGetSize(&modulus) == 0)){
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBnGetNodeValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnGetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ goto done;
}
cur = xmlSecGetNextElementNode(cur->next);
-
+
/* next is Exponent node. It is REQUIRED because we do not support Seed and PgenCounter*/
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAExponent, xmlSecDSigNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ goto done;
}
ret = xmlSecBnGetNodeValue(&exponent, cur, xmlSecBnBase64, 1);
if((ret < 0) || (xmlSecBnGetSize(&exponent) == 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBnGetNodeValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnGetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ goto done;
}
cur = xmlSecGetNextElementNode(cur->next);
-
+
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeRSAPrivateExponent, xmlSecNs))) {
/* next is X node. It is REQUIRED for private key but
- * MSCrypto does not support it. We just ignore it */
- cur = xmlSecGetNextElementNode(cur->next);
+ * MSCrypto does not support it. We just ignore it */
+ cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "no nodes expected");
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "no nodes expected");
+ goto done;
}
/* Now try to create the key */
blobBufferLen = sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY) + xmlSecBnGetSize(&modulus);
ret = xmlSecBufferSetSize(&blob, blobBufferLen);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", blobBufferLen);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", blobBufferLen);
+ goto done;
}
/* Set the PUBLICKEYSTRUC */
pubKeyStruc = (PUBLICKEYSTRUC *)xmlSecBufferGetData(&blob);
- pubKeyStruc->bType = PUBLICKEYBLOB;
+ pubKeyStruc->bType = PUBLICKEYBLOB;
pubKeyStruc->bVersion = 0x02;
pubKeyStruc->reserved = 0;
pubKeyStruc->aiKeyAlg = CALG_RSA_KEYX | CALG_RSA_SIGN;
/* Set the public key header */
pubKey = (RSAPUBKEY*) (xmlSecBufferGetData(&blob) + sizeof(PUBLICKEYSTRUC));
- pubKey->magic = 0x31415352; /* == RSA1 public */
- pubKey->bitlen = xmlSecBnGetSize(&modulus) * 8; /* Number of bits in prime modulus */
- pubKey->pubexp = 0;
+ pubKey->magic = 0x31415352; /* == RSA1 public */
+ pubKey->bitlen = xmlSecBnGetSize(&modulus) * 8; /* Number of bits in prime modulus */
+ pubKey->pubexp = 0;
if(sizeof(pubKey->pubexp) < xmlSecBnGetSize(&exponent)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "exponent size=%d",
- xmlSecBnGetSize(&exponent));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "exponent size=%d",
+ xmlSecBnGetSize(&exponent));
+ goto done;
}
xmlSecAssert2(xmlSecBnGetData(&exponent) != NULL, -1);
memcpy(&(pubKey->pubexp), xmlSecBnGetData(&exponent), xmlSecBnGetSize(&exponent));
@@ -1197,66 +1218,56 @@ xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
memcpy(modulusBlob, xmlSecBnGetData(&modulus), xmlSecBnGetSize(&modulus));
/* Now that we have the blob, import */
- if (!CryptAcquireContext(&hProv, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, 0)) {
- if(NTE_BAD_KEYSET == GetLastError()) {
- if(!CryptAcquireContext(&hProv, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "CryptAcquireContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "CryptAcquireContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
+ hProv = xmlSecMSCryptoFindProvider(xmlSecMSCryptoProviderInfo_Rsa, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(hProv == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoFindProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
if (!CryptImportKey(hProv, xmlSecBufferGetData(&blob), xmlSecBufferGetSize(&blob), 0, 0, &hKey)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "CryptImportKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "CryptImportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
data = xmlSecKeyDataCreate(id);
if(data == NULL ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, 0, xmlSecKeyDataTypePublic);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecMSCryptoKeyDataAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
hProv = 0;
hKey = 0;
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(data);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ goto done;
}
data = NULL;
@@ -1265,7 +1276,7 @@ xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
done:
if (hProv == 0) {
- CryptReleaseContext(hProv, 0);
+ CryptReleaseContext(hProv, 0);
}
if (hKey != 0) {
CryptDestroyKey(hKey);
@@ -1280,9 +1291,9 @@ done:
return(res);
}
-static int
+static int
xmlSecMSCryptoKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecMSCryptoKeyDataCtxPtr ctx;
xmlSecBuffer buf;
DWORD dwBlobLen;
@@ -1292,7 +1303,7 @@ xmlSecMSCryptoKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
xmlSecSize modulusLen, exponentLen;
xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(id == xmlSecMSCryptoKeyDataRsaId, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataRsaId), -1);
@@ -1304,144 +1315,144 @@ xmlSecMSCryptoKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
xmlSecAssert2(xmlSecMSCryptoKeyDataCtxGetKey(ctx) != 0, -1);
if (!CryptExportKey(xmlSecMSCryptoKeyDataCtxGetKey(ctx), 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "CryptExportKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecBufferInitialize(&buf, dwBlobLen);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%ld", dwBlobLen);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%ld", dwBlobLen);
+ return(-1);
}
blob = xmlSecBufferGetData(&buf);
if (!CryptExportKey(xmlSecMSCryptoKeyDataCtxGetKey(ctx), 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "CryptExportKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
if (dwBlobLen < sizeof(PUBLICKEYSTRUC)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "blobLen=%ld", dwBlobLen);
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "blobLen=%ld", dwBlobLen);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
/* check PUBLICKEYSTRUC */
pubKeyStruc = (PUBLICKEYSTRUC*)blob;
if(pubKeyStruc->bVersion != 0x02) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptExportKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "pubKeyStruc->bVersion=%d", pubKeyStruc->bVersion);
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "pubKeyStruc->bVersion=%d", pubKeyStruc->bVersion);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
if(pubKeyStruc->bType != PUBLICKEYBLOB) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptExportKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "pubKeyStruc->bType=%d", (int)pubKeyStruc->bType);
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "pubKeyStruc->bType=%d", (int)pubKeyStruc->bType);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
/* check RSAPUBKEY */
- pubKey = (RSAPUBKEY *)(blob + sizeof(PUBLICKEYSTRUC));
+ pubKey = (RSAPUBKEY *)(blob + sizeof(PUBLICKEYSTRUC));
if(pubKey->magic != 0x31415352) { /* RSA public key magic */
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptExportKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "pubKey->magic=0x%08lx", pubKey->magic);
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "pubKey->magic=0x%08lx", pubKey->magic);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
- modulusLen = pubKey->bitlen / 8;
+ modulusLen = pubKey->bitlen / 8;
if (dwBlobLen < sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY) + modulusLen) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "blobLen=%ld; modulusLen=%d", dwBlobLen, modulusLen);
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "blobLen=%ld; modulusLen=%d", dwBlobLen, modulusLen);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
- blob += sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY);
+ blob += sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY);
/* first is Modulus node */
cur = xmlSecAddChild(node, xmlSecNodeRSAModulus, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
ret = xmlSecBnBlobSetNodeValue(blob, modulusLen, cur, xmlSecBnBase64, 1, 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBnBlobSetNodeValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
- xmlSecBufferFinalize(&buf);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnBlobSetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
/* next is Exponent node. */
cur = xmlSecAddChild(node, xmlSecNodeRSAExponent, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
/* Remove leading zero's (from least significant end) */
- blob = (xmlSecByte*)(&(pubKey->pubexp));
+ blob = (xmlSecByte*)(&(pubKey->pubexp));
exponentLen = sizeof(pubKey->pubexp);
while (exponentLen > 0 && blob[exponentLen - 1] == 0) {
- exponentLen--;
+ exponentLen--;
}
ret = xmlSecBnBlobSetNodeValue(blob, exponentLen, cur, xmlSecBnBase64, 1, 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBnBlobSetNodeValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnBlobSetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
/* next is PrivateExponent node: not supported in MSCrypto */
@@ -1450,9 +1461,9 @@ xmlSecMSCryptoKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
return(0);
}
-static int
-xmlSecMSCryptoKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits,
- xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+static int
+xmlSecMSCryptoKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits,
+ xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
xmlSecMSCryptoKeyDataCtxPtr ctx;
HCRYPTPROV hProv = 0;
HCRYPTKEY hKey = 0;
@@ -1469,48 +1480,37 @@ xmlSecMSCryptoKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits,
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
- if (!CryptAcquireContext(&hProv, XMLSEC_CONTAINER_NAME, MS_STRONG_PROV, PROV_RSA_FULL, 0)) {
- if (NTE_BAD_KEYSET == GetLastError()) {
- if(!CryptAcquireContext(&hProv, XMLSEC_CONTAINER_NAME, MS_STRONG_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CryptAcquireContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
-
- return(-1);
- }
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CryptAcquireContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
-
- return(-1);
- }
+ /* get provider */
+ hProv = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(hProv == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoFindProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
dwKeySpec = AT_KEYEXCHANGE | AT_SIGNATURE;
dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE);
if (!CryptGenKey(hProv, CALG_RSA_SIGN, dwSize, &hKey)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CryptGenKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CryptGenKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
- ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec,
- xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate);
+ ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec,
+ xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecMSCryptoKeyDataAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
hProv = 0;
hKey = 0;
@@ -1520,48 +1520,48 @@ xmlSecMSCryptoKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits,
done:
if (hProv != 0) {
- CryptReleaseContext(hProv, 0);
+ CryptReleaseContext(hProv, 0);
}
if (hKey != 0) {
- CryptDestroyKey(hKey);
+ CryptDestroyKey(hKey);
}
return(res);
}
-static xmlSecKeyDataType
+static xmlSecKeyDataType
xmlSecMSCryptoKeyDataRsaGetType(xmlSecKeyDataPtr data) {
return(xmlSecMSCryptoKeyDataGetType(data));
}
-static xmlSecSize
+static xmlSecSize
xmlSecMSCryptoKeyDataRsaGetSize(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataRsaId), 0);
return (xmlSecMSCryptoKeyDataGetSize(data));
}
-static void
+static void
xmlSecMSCryptoKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataRsaId));
xmlSecAssert(output != NULL);
-
- fprintf(output, "=== rsa key: size = %d\n",
- xmlSecMSCryptoKeyDataRsaGetSize(data));
+
+ fprintf(output, "=== rsa key: size = %d\n",
+ xmlSecMSCryptoKeyDataRsaGetSize(data));
}
static void xmlSecMSCryptoKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataRsaId));
xmlSecAssert(output != NULL);
-
- fprintf(output, "<RSAKeyValue size=\"%d\" />\n",
- xmlSecMSCryptoKeyDataRsaGetSize(data));
+
+ fprintf(output, "<RSAKeyValue size=\"%d\" />\n",
+ xmlSecMSCryptoKeyDataRsaGetSize(data));
}
-
+
#endif /* XMLSEC_NO_RSA */
-#ifndef XMLSEC_NO_DSA
+#ifndef XMLSEC_NO_DSA
/**************************************************************************
*
* <dsig:DSAKeyValue> processing
@@ -1569,57 +1569,57 @@ static void xmlSecMSCryptoKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* ou
*
* The DSAKeyValue Element (http://www.w3.org/TR/xmldsig-core/#sec-DSAKeyValue)
*
- * DSA keys and the DSA signature algorithm are specified in [DSS].
+ * DSA keys and the DSA signature algorithm are specified in [DSS].
* DSA public key values can have the following fields:
- *
- * * P - a prime modulus meeting the [DSS] requirements
- * * Q - an integer in the range 2**159 < Q < 2**160 which is a prime
- * divisor of P-1
- * * G - an integer with certain properties with respect to P and Q
- * * Y - G**X mod P (where X is part of the private key and not made
- * public)
- * * J - (P - 1) / Q
- * * seed - a DSA prime generation seed
+ *
+ * * P - a prime modulus meeting the [DSS] requirements
+ * * Q - an integer in the range 2**159 < Q < 2**160 which is a prime
+ * divisor of P-1
+ * * G - an integer with certain properties with respect to P and Q
+ * * Y - G**X mod P (where X is part of the private key and not made
+ * public)
+ * * J - (P - 1) / Q
+ * * seed - a DSA prime generation seed
* * pgenCounter - a DSA prime generation counter
*
- * Parameter J is available for inclusion solely for efficiency as it is
- * calculatable from P and Q. Parameters seed and pgenCounter are used in the
- * DSA prime number generation algorithm specified in [DSS]. As such, they are
- * optional but must either both be present or both be absent. This prime
- * generation algorithm is designed to provide assurance that a weak prime is
- * not being used and it yields a P and Q value. Parameters P, Q, and G can be
- * public and common to a group of users. They might be known from application
- * context. As such, they are optional but P and Q must either both appear or
- * both be absent. If all of P, Q, seed, and pgenCounter are present,
- * implementations are not required to check if they are consistent and are
- * free to use either P and Q or seed and pgenCounter. All parameters are
+ * Parameter J is available for inclusion solely for efficiency as it is
+ * calculatable from P and Q. Parameters seed and pgenCounter are used in the
+ * DSA prime number generation algorithm specified in [DSS]. As such, they are
+ * optional but must either both be present or both be absent. This prime
+ * generation algorithm is designed to provide assurance that a weak prime is
+ * not being used and it yields a P and Q value. Parameters P, Q, and G can be
+ * public and common to a group of users. They might be known from application
+ * context. As such, they are optional but P and Q must either both appear or
+ * both be absent. If all of P, Q, seed, and pgenCounter are present,
+ * implementations are not required to check if they are consistent and are
+ * free to use either P and Q or seed and pgenCounter. All parameters are
* encoded as base64 [MIME] values.
- *
- * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ *
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
* represented in XML as octet strings as defined by the ds:CryptoBinary type.
- *
+ *
* Schema Definition:
- *
- * <element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
- * <complexType name="DSAKeyValueType">
+ *
+ * <element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+ * <complexType name="DSAKeyValueType">
* <sequence>
* <sequence minOccurs="0">
- * <element name="P" type="ds:CryptoBinary"/>
+ * <element name="P" type="ds:CryptoBinary"/>
* <element name="Q" type="ds:CryptoBinary"/>
* </sequence>
- * <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
- * <element name="Y" type="ds:CryptoBinary"/>
+ * <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ * <element name="Y" type="ds:CryptoBinary"/>
* <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
* <sequence minOccurs="0">
- * <element name="Seed" type="ds:CryptoBinary"/>
- * <element name="PgenCounter" type="ds:CryptoBinary"/>
+ * <element name="Seed" type="ds:CryptoBinary"/>
+ * <element name="PgenCounter" type="ds:CryptoBinary"/>
* </sequence>
* </sequence>
* </complexType>
- *
+ *
* DTD Definition:
- *
- * <!ELEMENT DSAKeyValue ((P, Q)?, G?, Y, J?, (Seed, PgenCounter)?) >
+ *
+ * <!ELEMENT DSAKeyValue ((P, Q)?, G?, Y, J?, (Seed, PgenCounter)?) >
* <!ELEMENT P (#PCDATA) >
* <!ELEMENT Q (#PCDATA) >
* <!ELEMENT G (#PCDATA) >
@@ -1629,34 +1629,34 @@ static void xmlSecMSCryptoKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* ou
* <!ELEMENT PgenCounter (#PCDATA) >
*
* ============================================================================
- *
+ *
* To support reading/writing private keys an X element added (before Y).
* todo: The current implementation does not support Seed and PgenCounter!
* by this the P, Q and G are *required*!
*
*************************************************************************/
-static int xmlSecMSCryptoKeyDataDsaInitialize(xmlSecKeyDataPtr data);
-static int xmlSecMSCryptoKeyDataDsaDuplicate(xmlSecKeyDataPtr dst,
- xmlSecKeyDataPtr src);
-static void xmlSecMSCryptoKeyDataDsaFinalize(xmlSecKeyDataPtr data);
-static int xmlSecMSCryptoKeyDataDsaXmlRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecMSCryptoKeyDataDsaGenerate(xmlSecKeyDataPtr data,
- xmlSecSize sizeBits,
- xmlSecKeyDataType type);
+static int xmlSecMSCryptoKeyDataDsaInitialize(xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoKeyDataDsaDuplicate(xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecMSCryptoKeyDataDsaFinalize(xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoKeyDataDsaXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoKeyDataDsaGenerate(xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
static xmlSecKeyDataType xmlSecMSCryptoKeyDataDsaGetType(xmlSecKeyDataPtr data);
-static xmlSecSize xmlSecMSCryptoKeyDataDsaGetSize(xmlSecKeyDataPtr data);
-static void xmlSecMSCryptoKeyDataDsaDebugDump(xmlSecKeyDataPtr data,
- FILE* output);
-static void xmlSecMSCryptoKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data,
- FILE* output);
+static xmlSecSize xmlSecMSCryptoKeyDataDsaGetSize(xmlSecKeyDataPtr data);
+static void xmlSecMSCryptoKeyDataDsaDebugDump(xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecMSCryptoKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data,
+ FILE* output);
static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = {
sizeof(xmlSecKeyDataKlass),
@@ -1664,46 +1664,57 @@ static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = {
/* data */
xmlSecNameDSAKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefDSAKeyValue, /* const xmlChar* href; */
- xmlSecNodeDSAKeyValue, /* const xmlChar* dataNodeName; */
- xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefDSAKeyValue, /* const xmlChar* href; */
+ xmlSecNodeDSAKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- xmlSecMSCryptoKeyDataDsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecMSCryptoKeyDataDsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecMSCryptoKeyDataDsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- xmlSecMSCryptoKeyDataDsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
+ xmlSecMSCryptoKeyDataDsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecMSCryptoKeyDataDsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecMSCryptoKeyDataDsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecMSCryptoKeyDataDsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
/* get info */
- xmlSecMSCryptoKeyDataDsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
- xmlSecMSCryptoKeyDataDsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ xmlSecMSCryptoKeyDataDsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecMSCryptoKeyDataDsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- xmlSecMSCryptoKeyDataDsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecMSCryptoKeyDataDsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- NULL, /* xmlSecKeyDataBinReadMethod binRead; */
- NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ xmlSecMSCryptoKeyDataDsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecMSCryptoKeyDataDsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- xmlSecMSCryptoKeyDataDsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecMSCryptoKeyDataDsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
xmlSecMSCryptoKeyDataDsaDebugXmlDump,/* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
+/* Ordered list of providers to search for algorithm implementation using
+ * xmlSecMSCryptoFindProvider() function
+ *
+ * MUST END with { NULL, 0 } !!!
+ */
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Dss[] = {
+ { MS_DEF_DSS_PROV, PROV_DSS },
+ { NULL, 0 }
+};
+
+
/**
* xmlSecMSCryptoKeyDataDsaGetKlass:
- *
+ *
* The DSA key data klass.
*
* Returns: pointer to DSA key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecMSCryptoKeyDataDsaGetKlass(void) {
return(&xmlSecMSCryptoKeyDataDsaKlass);
}
@@ -1720,9 +1731,7 @@ xmlSecMSCryptoKeyDataDsaInitialize(xmlSecKeyDataPtr data) {
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
- ctx->providerName = MS_DEF_DSS_PROV;
- ctx->providerType = PROV_DSS;
-
+ ctx->providers = xmlSecMSCryptoProviderInfo_Dss;
return(0);
}
@@ -1737,13 +1746,13 @@ xmlSecMSCryptoKeyDataDsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
static void
xmlSecMSCryptoKeyDataDsaFinalize(xmlSecKeyDataPtr data) {
xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataDsaId));
-
+
xmlSecMSCryptoKeyDataFinalize(data);
}
static int
xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data = NULL;
xmlNodePtr cur;
xmlSecBn p, q, g, y;
@@ -1765,73 +1774,73 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
xmlSecAssert2(keyInfoCtx != NULL, -1);
if(xmlSecKeyGetValue(key) != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA,
- "key already has a value");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+ "key already has a value");
+ return(-1);
}
/* initialize buffers */
ret = xmlSecBnInitialize(&p, 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBnInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "p");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "p");
+ return(-1);
}
ret = xmlSecBnInitialize(&q, 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBnInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "q");
- xmlSecBnFinalize(&p);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "q");
+ xmlSecBnFinalize(&p);
+ return(-1);
}
ret = xmlSecBnInitialize(&g, 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBnInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "g");
- xmlSecBnFinalize(&p);
- xmlSecBnFinalize(&q);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "g");
+ xmlSecBnFinalize(&p);
+ xmlSecBnFinalize(&q);
+ return(-1);
}
ret = xmlSecBnInitialize(&y, 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBnInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "y");
- xmlSecBnFinalize(&p);
- xmlSecBnFinalize(&q);
- xmlSecBnFinalize(&g);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "y");
+ xmlSecBnFinalize(&p);
+ xmlSecBnFinalize(&q);
+ xmlSecBnFinalize(&g);
+ return(-1);
}
ret = xmlSecBufferInitialize(&blob, 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "blob");
- xmlSecBnFinalize(&p);
- xmlSecBnFinalize(&q);
- xmlSecBnFinalize(&g);
- xmlSecBnFinalize(&y);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "blob");
+ xmlSecBnFinalize(&p);
+ xmlSecBnFinalize(&q);
+ xmlSecBnFinalize(&g);
+ xmlSecBnFinalize(&y);
+ return(-1);
}
/* read xml */
@@ -1839,150 +1848,150 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
/* first is P node. It is REQUIRED because we do not support Seed and PgenCounter*/
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAP, xmlSecDSigNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAP));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ goto done;
}
ret = xmlSecBnGetNodeValue(&p, cur, xmlSecBnBase64, 1);
if((ret < 0) || (xmlSecBnGetSize(&p) == 0)){
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBnGetNodeValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAP));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnGetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ goto done;
}
cur = xmlSecGetNextElementNode(cur->next);
/* next is Q node. It is REQUIRED because we do not support Seed and PgenCounter*/
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAQ, xmlSecDSigNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAQ));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ goto done;
}
ret = xmlSecBnGetNodeValue(&q, cur, xmlSecBnBase64, 1);
if((ret < 0) || (xmlSecBnGetSize(&q) == 0)){
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBnGetNodeValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAQ));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnGetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ goto done;
}
cur = xmlSecGetNextElementNode(cur->next);
/* next is G node. It is REQUIRED because we do not support Seed and PgenCounter*/
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAG, xmlSecDSigNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAG));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ goto done;
}
ret = xmlSecBnGetNodeValue(&g, cur, xmlSecBnBase64, 1);
if((ret < 0) || (xmlSecBnGetSize(&q) == 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBnGetNodeValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAG));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnGetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ goto done;
}
cur = xmlSecGetNextElementNode(cur->next);
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAX, xmlSecNs))) {
/* next is X node. It is REQUIRED for private key but
- * MSCrypto does not support it, we just ignore it */
+ * MSCrypto does not support it, we just ignore it */
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
}
/* next is Y node. */
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAY, xmlSecDSigNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAY));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ goto done;
}
ret = xmlSecBnGetNodeValue(&y, cur, xmlSecBnBase64, 1);
if((ret < 0) || (xmlSecBnGetSize(&y) == 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBnGetNodeValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnGetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ goto done;
}
cur = xmlSecGetNextElementNode(cur->next);
/* todo: add support for J */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAJ, xmlSecDSigNs))) {
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
}
-
+
/* todo: add support for seed */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSASeed, xmlSecDSigNs))) {
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
}
/* todo: add support for pgencounter */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAPgenCounter, xmlSecDSigNs))) {
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
/* we assume that sizeof(q) < 0x14, sizeof(g) <= sizeof(p) and sizeof(y) <= sizeof(p) */
blobBufferLen = sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY) + 3 * xmlSecBnGetSize(&p) + 0x14 + sizeof(DSSSEED);
ret = xmlSecBufferSetSize(&blob, blobBufferLen);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", blobBufferLen);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", blobBufferLen);
+ goto done;
}
/* Set PUBLICKEYSTRUC */
- pubKeyStruc = (PUBLICKEYSTRUC *)xmlSecBufferGetData(&blob);
- pubKeyStruc->bType = PUBLICKEYBLOB;
+ pubKeyStruc = (PUBLICKEYSTRUC *)xmlSecBufferGetData(&blob);
+ pubKeyStruc->bType = PUBLICKEYBLOB;
pubKeyStruc->bVersion = 0x02;
pubKeyStruc->reserved = 0;
pubKeyStruc->aiKeyAlg = CALG_DSS_SIGN;
/* Set the public key header */
- pubKey = (DSSPUBKEY *) (xmlSecBufferGetData(&blob) + sizeof(PUBLICKEYSTRUC));
- pubKey->magic = 0x31535344; /* == DSS1 pub key */
- pubKey->bitlen = xmlSecBnGetSize(&p) * 8; /* Number of bits in prime modulus */
+ pubKey = (DSSPUBKEY *) (xmlSecBufferGetData(&blob) + sizeof(PUBLICKEYSTRUC));
+ pubKey->magic = 0x31535344; /* == DSS1 pub key */
+ pubKey->bitlen = xmlSecBnGetSize(&p) * 8; /* Number of bits in prime modulus */
/* copy the key data */
- buf = (BYTE*) (xmlSecBufferGetData(&blob) + sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY));
-
+ buf = (BYTE*) (xmlSecBufferGetData(&blob) + sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY));
+
/* set p */
xmlSecAssert2(xmlSecBnGetData(&p) != NULL, -1);
memcpy(buf, xmlSecBnGetData(&p), xmlSecBnGetSize(&p));
@@ -1990,12 +1999,12 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
/* set q */
if(xmlSecBnGetSize(&q) > 0x14) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "q",
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "size=%d > 0x14", xmlSecBnGetSize(&q));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "q",
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size=%d > 0x14", xmlSecBnGetSize(&q));
+ goto done;
}
xmlSecAssert2(xmlSecBnGetData(&q) != NULL, -1);
memcpy(buf, xmlSecBnGetData(&q), xmlSecBnGetSize(&q));
@@ -2003,45 +2012,45 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
/* Pad with zeros */
for(i = xmlSecBnGetSize(&q); i < 0x14; ++i) {
- *(buf++) = 0;
+ *(buf++) = 0;
}
/* set generator */
if(xmlSecBnGetSize(&g) > xmlSecBnGetSize(&p)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "g",
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "size=%d > %d",
- xmlSecBnGetSize(&g),
- xmlSecBnGetSize(&p));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "g",
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size=%d > %d",
+ xmlSecBnGetSize(&g),
+ xmlSecBnGetSize(&p));
+ goto done;
}
xmlSecAssert2(xmlSecBnGetData(&g) != NULL, -1);
memcpy(buf, xmlSecBnGetData(&g), xmlSecBnGetSize(&g));
buf += xmlSecBnGetSize(&g);
/* Pad with zeros */
for(i = xmlSecBnGetSize(&g); i < xmlSecBnGetSize(&p); ++i) {
- *(buf++) = 0;
+ *(buf++) = 0;
}
/* Public key */
if(xmlSecBnGetSize(&y) > xmlSecBnGetSize(&p)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "y",
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "size=%d > %d",
- xmlSecBnGetSize(&y),
- xmlSecBnGetSize(&p));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "y",
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size=%d > %d",
+ xmlSecBnGetSize(&y),
+ xmlSecBnGetSize(&p));
+ goto done;
}
xmlSecAssert2(xmlSecBnGetData(&y) != NULL, -1);
memcpy(buf, xmlSecBnGetData(&y), xmlSecBnGetSize(&y));
buf += xmlSecBnGetSize(&y);
/* Pad with zeros */
for(i = xmlSecBnGetSize(&y); i < xmlSecBnGetSize(&p); ++i) {
- *(buf++) = 0;
+ *(buf++) = 0;
}
/* Set seed to 0xFFFFFFFFF */
@@ -2049,66 +2058,56 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
memset(seed, 0, sizeof(*seed));
seed->counter = 0xFFFFFFFF; /* SEED Counter set to 0xFFFFFFFF will cause seed to be ignored */
- if (!CryptAcquireContext(&hProv, NULL, MS_DEF_DSS_PROV, PROV_DSS, 0)) {
- if (NTE_BAD_KEYSET == GetLastError()) {
- if (!CryptAcquireContext(&hProv, NULL, MS_DEF_DSS_PROV, PROV_DSS, CRYPT_NEWKEYSET)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "CryptAcquireContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "CryptAcquireContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
+ hProv = xmlSecMSCryptoFindProvider(xmlSecMSCryptoProviderInfo_Dss, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(hProv == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoFindProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
/* import the key blob */
if (!CryptImportKey(hProv, xmlSecBufferGetData(&blob), xmlSecBufferGetSize(&blob), 0, 0, &hKey)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "CryptImportKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "CryptImportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
data = xmlSecKeyDataCreate(id);
if(data == NULL ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, 0, xmlSecKeyDataTypePublic);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecMSCryptoKeyDataAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
hProv = 0;
hKey = 0;
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
data = NULL;
@@ -2117,13 +2116,13 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
done:
if (hKey != 0) {
- CryptDestroyKey(hKey);
+ CryptDestroyKey(hKey);
}
if (hProv != 0) {
- CryptReleaseContext(hProv, 0);
+ CryptReleaseContext(hProv, 0);
}
if (data != NULL) {
- xmlSecKeyDataDestroy(data);
+ xmlSecKeyDataDestroy(data);
}
xmlSecBufferFinalize(&blob);
@@ -2135,9 +2134,9 @@ done:
return(res);
}
-static int
+static int
xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecMSCryptoKeyDataCtxPtr ctx;
xmlSecBuffer buf;
DWORD dwBlobLen;
@@ -2148,7 +2147,7 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(id == xmlSecMSCryptoKeyDataDsaId, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataDsaId), -1);
@@ -2158,129 +2157,129 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key));
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(xmlSecMSCryptoKeyDataCtxGetKey(ctx) != 0, -1);
-
+
if (!CryptExportKey(xmlSecMSCryptoKeyDataCtxGetKey(ctx), 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "CryptExportKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ret = xmlSecBufferInitialize(&buf, dwBlobLen);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%ld", dwBlobLen);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%ld", dwBlobLen);
+ return(-1);
}
blob = xmlSecBufferGetData(&buf);
if (!CryptExportKey(xmlSecMSCryptoKeyDataCtxGetKey(ctx), 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "CryptExportKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
if (dwBlobLen < sizeof(PUBLICKEYSTRUC)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "blobLen=%ld", dwBlobLen);
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "blobLen=%ld", dwBlobLen);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
/* check PUBLICKEYSTRUC */
- pubKeyStruc = (PUBLICKEYSTRUC*)blob;
+ pubKeyStruc = (PUBLICKEYSTRUC*)blob;
if(pubKeyStruc->bVersion != 0x02) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptExportKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "pubKeyStruc->bVersion=%d", pubKeyStruc->bVersion);
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "pubKeyStruc->bVersion=%d", pubKeyStruc->bVersion);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
if(pubKeyStruc->bType != PUBLICKEYBLOB) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptExportKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "pubKeyStruc->bType=%d", (int)pubKeyStruc->bType);
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "pubKeyStruc->bType=%d", (int)pubKeyStruc->bType);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
/* check DSSPUBKEY */
- pubKey = (DSSPUBKEY*)(blob + sizeof(PUBLICKEYSTRUC));
+ pubKey = (DSSPUBKEY*)(blob + sizeof(PUBLICKEYSTRUC));
if(pubKey->magic != 0x31535344) { /* DSS key magic */
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptExportKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "pubKey->magic=0x%08lx", pubKey->magic);
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "pubKey->magic=0x%08lx", pubKey->magic);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
- keyLen = pubKey->bitlen / 8;
+ keyLen = pubKey->bitlen / 8;
/* we assume that sizeof(q) < 0x14, sizeof(g) <= sizeof(p) and sizeof(y) <= sizeof(p) */
if (dwBlobLen < sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY) + 3 * keyLen + 0x14 + sizeof(DSSSEED)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "blobLen=%ld; keyLen=%d", dwBlobLen, keyLen);
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "blobLen=%ld; keyLen=%d", dwBlobLen, keyLen);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
- blob += sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY);
+ blob += sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY);
/* first is P node */
cur = xmlSecAddChild(node, xmlSecNodeDSAP, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAP));
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
ret = xmlSecBnBlobSetNodeValue(blob, keyLen, cur, xmlSecBnBase64, 1, 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBnBlobSetNodeValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAP));
- xmlSecBufferFinalize(&buf);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnBlobSetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
blob += keyLen;
/* next is Q node. */
cur = xmlSecAddChild(node, xmlSecNodeDSAQ, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAQ));
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
/* we think that the size of q is 0x14, skip trailing zeros */
@@ -2288,28 +2287,28 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
ret = xmlSecBnBlobSetNodeValue(blob, len, cur, xmlSecBnBase64, 1, 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBnBlobSetNodeValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAQ));
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnBlobSetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
blob += 0x14;
/* next is G node. */
cur = xmlSecAddChild(node, xmlSecNodeDSAG, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAG));
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
/* skip trailing zeros */
@@ -2317,13 +2316,13 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
ret = xmlSecBnBlobSetNodeValue(blob, len, cur, xmlSecBnBase64, 1, 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBnBlobSetNodeValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAG));
- xmlSecBufferFinalize(&buf);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnBlobSetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ xmlSecBufferFinalize(&buf);
return(-1);
}
blob += keyLen;
@@ -2333,14 +2332,14 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
/* next is Y node. */
cur = xmlSecAddChild(node, xmlSecNodeDSAY, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAY));
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
/* skip trailing zeros */
@@ -2348,14 +2347,14 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
ret = xmlSecBnBlobSetNodeValue(blob, len, cur, xmlSecBnBase64, 1, 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecBnBlobSetNodeValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAY));
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnBlobSetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
blob += keyLen;
@@ -2366,7 +2365,7 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
static int
xmlSecMSCryptoKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
xmlSecMSCryptoKeyDataCtxPtr ctx;
- HCRYPTPROV hProv = 0;
+ HCRYPTPROV hProv = 0;
HCRYPTKEY hKey = 0;
DWORD dwKeySpec;
DWORD dwSize;
@@ -2380,46 +2379,36 @@ xmlSecMSCryptoKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xml
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
- if(!CryptAcquireContext(&hProv, XMLSEC_CONTAINER_NAME, ctx->providerName, ctx->providerType, 0)) {
- if (NTE_BAD_KEYSET == GetLastError()) {
- if(!CryptAcquireContext(&hProv, XMLSEC_CONTAINER_NAME, ctx->providerName, ctx->providerType, CRYPT_NEWKEYSET)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CryptAcquireContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CryptAcquireContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ hProv = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(hProv == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoFindProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
dwKeySpec = AT_SIGNATURE;
dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE);
if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CryptGenKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CryptGenKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
- ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec,
- xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate);
+ ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec,
+ xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecMSCryptoKeyDataAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
hProv = 0;
hKey = 0;
@@ -2429,11 +2418,11 @@ xmlSecMSCryptoKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xml
done:
if (hProv != 0) {
- CryptReleaseContext(hProv, 0);
+ CryptReleaseContext(hProv, 0);
}
if (hKey != 0) {
- CryptDestroyKey(hKey);
+ CryptDestroyKey(hKey);
}
return(res);
@@ -2444,29 +2433,29 @@ xmlSecMSCryptoKeyDataDsaGetType(xmlSecKeyDataPtr data) {
return(xmlSecMSCryptoKeyDataGetType(data));
}
-static xmlSecSize
+static xmlSecSize
xmlSecMSCryptoKeyDataDsaGetSize(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataDsaId), 0);
return xmlSecMSCryptoKeyDataGetSize(data);
}
-static void
+static void
xmlSecMSCryptoKeyDataDsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataDsaId));
xmlSecAssert(output != NULL);
-
- fprintf(output, "=== dsa key: size = %d\n",
- xmlSecMSCryptoKeyDataDsaGetSize(data));
+
+ fprintf(output, "=== dsa key: size = %d\n",
+ xmlSecMSCryptoKeyDataDsaGetSize(data));
}
static void
xmlSecMSCryptoKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataDsaId));
xmlSecAssert(output != NULL);
-
- fprintf(output, "<DSAKeyValue size=\"%d\" />\n",
- xmlSecMSCryptoKeyDataDsaGetSize(data));
+
+ fprintf(output, "<DSAKeyValue size=\"%d\" />\n",
+ xmlSecMSCryptoKeyDataDsaGetSize(data));
}
#endif /* XMLSEC_NO_DSA */
@@ -2478,28 +2467,28 @@ xmlSecMSCryptoKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
* GOST2001 xml key representation processing. Contain errors.
*
*************************************************************************/
-static int xmlSecMSCryptoKeyDataGost2001Initialize(xmlSecKeyDataPtr data);
-static int xmlSecMSCryptoKeyDataGost2001Duplicate(xmlSecKeyDataPtr dst,
- xmlSecKeyDataPtr src);
-static void xmlSecMSCryptoKeyDataGost2001Finalize(xmlSecKeyDataPtr data);
-static int xmlSecMSCryptoKeyDataGost2001XmlRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecMSCryptoKeyDataGost2001XmlWrite(xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecMSCryptoKeyDataGost2001Generate(xmlSecKeyDataPtr data,
- xmlSecSize sizeBits,
- xmlSecKeyDataType type);
+static int xmlSecMSCryptoKeyDataGost2001Initialize(xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoKeyDataGost2001Duplicate(xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecMSCryptoKeyDataGost2001Finalize(xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoKeyDataGost2001XmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoKeyDataGost2001XmlWrite(xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoKeyDataGost2001Generate(xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
static xmlSecKeyDataType xmlSecMSCryptoKeyDataGost2001GetType(xmlSecKeyDataPtr data);
-static xmlSecSize xmlSecMSCryptoKeyDataGost2001GetSize(xmlSecKeyDataPtr data);
-static void xmlSecMSCryptoKeyDataGost2001DebugDump(xmlSecKeyDataPtr data,
- FILE* output);
-static void xmlSecMSCryptoKeyDataGost2001DebugXmlDump(xmlSecKeyDataPtr data,
- FILE* output);
+static xmlSecSize xmlSecMSCryptoKeyDataGost2001GetSize(xmlSecKeyDataPtr data);
+static void xmlSecMSCryptoKeyDataGost2001DebugDump(xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecMSCryptoKeyDataGost2001DebugXmlDump(xmlSecKeyDataPtr data,
+ FILE* output);
static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataGost2001Klass = {
sizeof(xmlSecKeyDataKlass),
@@ -2507,46 +2496,57 @@ static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataGost2001Klass = {
/* data */
xmlSecNameGOST2001KeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefGOST2001KeyValue, /* const xmlChar* href; */
- xmlSecNodeGOST2001KeyValue, /* const xmlChar* dataNodeName; */
- xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefGOST2001KeyValue, /* const xmlChar* href; */
+ xmlSecNodeGOST2001KeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- xmlSecMSCryptoKeyDataGost2001Initialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecMSCryptoKeyDataGost2001Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecMSCryptoKeyDataGost2001Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- NULL, /* xmlSecMSCryptoKeyDataGost2001Generate,*/ /* xmlSecKeyDataGenerateMethod generate; */
-
+ xmlSecMSCryptoKeyDataGost2001Initialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecMSCryptoKeyDataGost2001Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecMSCryptoKeyDataGost2001Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecMSCryptoKeyDataGost2001Generate,*/ /* xmlSecKeyDataGenerateMethod generate; */
+
/* get info */
- xmlSecMSCryptoKeyDataGost2001GetType, /* xmlSecKeyDataGetTypeMethod getType; */
- xmlSecMSCryptoKeyDataGost2001GetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ xmlSecMSCryptoKeyDataGost2001GetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecMSCryptoKeyDataGost2001GetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- NULL, /* xmlSecKeyDataBinReadMethod binRead; */
- NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- xmlSecMSCryptoKeyDataGost2001DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecMSCryptoKeyDataGost2001DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
xmlSecMSCryptoKeyDataGost2001DebugXmlDump,/* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/* Ordered list of providers to search for algorithm implementation using
+ * xmlSecMSCryptoFindProvider() function
+ *
+ * MUST END with { NULL, 0 } !!!
+ */
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Gost[] = {
+ { MAGPRO_CSP, PROV_MAGPRO_GOST },
+ { CRYPTOPRO_CSP, PROV_CRYPTOPRO_GOST },
+ { NULL, 0 }
};
/**
* xmlSecMSCryptoKeyDataGost2001GetKlass:
- *
+ *
* The GOST2001 key data klass.
*
* Returns: pointer to GOST2001 key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecMSCryptoKeyDataGost2001GetKlass(void) {
return(&xmlSecMSCryptoKeyDataGost2001Klass);
}
@@ -2555,7 +2555,6 @@ xmlSecMSCryptoKeyDataGost2001GetKlass(void) {
static int
xmlSecMSCryptoKeyDataGost2001Initialize(xmlSecKeyDataPtr data) {
xmlSecMSCryptoKeyDataCtxPtr ctx;
- HCRYPTPROV tmp_ctx = 0;
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id), xmlSecKeyDataTypeUnknown);
@@ -2564,24 +2563,7 @@ xmlSecMSCryptoKeyDataGost2001Initialize(xmlSecKeyDataPtr data) {
ctx = xmlSecMSCryptoKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
- /* GOST Algorithm is provided by several CSP's, so we try to find any installed */
- if (CryptAcquireContext(&tmp_ctx, NULL, NULL, PROV_MAGPRO_GOST, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
- ctx->providerName = "MagPro CSP";
- ctx->providerType = PROV_MAGPRO_GOST;
- } else {
- if (CryptAcquireContext(&tmp_ctx, NULL, NULL, PROV_CRYPTOPRO_GOST, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
- ctx->providerName = "CryptoPro CSP";
- ctx->providerType = PROV_CRYPTOPRO_GOST;
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecMSCryptoKeyDataGost2001Initialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return -1;
- }
- }
- CryptReleaseContext(tmp_ctx, 0);
+ ctx->providers = xmlSecMSCryptoProviderInfo_Gost;
return(0);
}
@@ -2596,7 +2578,7 @@ xmlSecMSCryptoKeyDataGost2001Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr sr
static void
xmlSecMSCryptoKeyDataGost2001Finalize(xmlSecKeyDataPtr data) {
xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id));
-
+
xmlSecMSCryptoKeyDataFinalize(data);
}
@@ -2605,29 +2587,29 @@ xmlSecMSCryptoKeyDataGost2001GetType(xmlSecKeyDataPtr data) {
return(xmlSecMSCryptoKeyDataGetType(data));
}
-static xmlSecSize
+static xmlSecSize
xmlSecMSCryptoKeyDataGost2001GetSize(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id), 0);
return xmlSecMSCryptoKeyDataGetSize(data);
}
-static void
+static void
xmlSecMSCryptoKeyDataGost2001DebugDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id));
xmlSecAssert(output != NULL);
-
- fprintf(output, "=== dsa key: size = %d\n",
- xmlSecMSCryptoKeyDataGost2001GetSize(data));
+
+ fprintf(output, "=== dsa key: size = %d\n",
+ xmlSecMSCryptoKeyDataGost2001GetSize(data));
}
static void
xmlSecMSCryptoKeyDataGost2001DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id));
xmlSecAssert(output != NULL);
-
- fprintf(output, "<GOST2001KeyValue size=\"%d\" />\n",
- xmlSecMSCryptoKeyDataGost2001GetSize(data));
+
+ fprintf(output, "<GOST2001KeyValue size=\"%d\" />\n",
+ xmlSecMSCryptoKeyDataGost2001GetSize(data));
}
#endif /* XMLSEC_NO_GOST*/
diff --git a/src/mscrypto/ciphers.c b/src/mscrypto/ciphers.c
index 59161639..ea2edcd5 100644
--- a/src/mscrypto/ciphers.c
+++ b/src/mscrypto/ciphers.c
@@ -1,10 +1,10 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
- * Copyrigth (C) 2003 Cordys R&D BV, All rights reserved.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
* Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -21,65 +21,49 @@
#include <xmlsec/mscrypto/crypto.h>
-#if defined(__MINGW32__)
-# include "xmlsec-mingw.h"
-#endif
+#include "private.h"
-#ifndef MS_ENH_RSA_AES_PROV_PROTO
-#define MS_ENH_RSA_AES_PROV_PROTO "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)"
-#endif /* MS_ENH_RSA_AES_PROV_PROTO */
-
-static BOOL xmlSecMSCryptoCreatePrivateExponentOneKey (HCRYPTPROV hProv,
- HCRYPTKEY *hPrivateKey);
-static BOOL xmlSecMSCryptoImportPlainSessionBlob (HCRYPTPROV hProv,
- HCRYPTKEY hPrivateKey,
- ALG_ID dwAlgId,
- LPBYTE pbKeyMaterial,
- DWORD dwKeyMaterial,
- HCRYPTKEY *hSessionKey);
/**************************************************************************
*
* Internal MSCrypto Block cipher CTX
*
*****************************************************************************/
-typedef struct _xmlSecMSCryptoBlockCipherCtx xmlSecMSCryptoBlockCipherCtx,
- *xmlSecMSCryptoBlockCipherCtxPtr;
+typedef struct _xmlSecMSCryptoBlockCipherCtx xmlSecMSCryptoBlockCipherCtx,
+ *xmlSecMSCryptoBlockCipherCtxPtr;
struct _xmlSecMSCryptoBlockCipherCtx {
- ALG_ID algorithmIdentifier;
- int mode;
- HCRYPTPROV cryptProvider;
- HCRYPTKEY cryptKey;
- HCRYPTKEY pubPrivKey;
- xmlSecKeyDataId keyId;
- LPCTSTR providerName;
- int providerType;
- int keyInitialized;
- int ctxInitialized;
- xmlSecSize keySize;
+ ALG_ID algorithmIdentifier;
+ const xmlSecMSCryptoProviderInfo * providers;
+ xmlSecKeyDataId keyId;
+ xmlSecSize keySize;
+
+ HCRYPTPROV cryptProvider;
+ HCRYPTKEY pubPrivKey;
+ HCRYPTKEY cryptKey;
+ int ctxInitialized;
};
/* function declarations */
-static int xmlSecMSCryptoBlockCipherCtxUpdate (xmlSecMSCryptoBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx);
+static int xmlSecMSCryptoBlockCipherCtxUpdate (xmlSecMSCryptoBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
-static int
+static int
xmlSecMSCryptoBlockCipherCtxInit(xmlSecMSCryptoBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx) {
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
int blockLen;
int ret;
DWORD dwBlockLen, dwBlockLenLen;
xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->keyInitialized != 0, -1);
+ xmlSecAssert2(ctx->cryptKey != 0, -1);
xmlSecAssert2(ctx->ctxInitialized == 0, -1);
xmlSecAssert2(in != NULL, -1);
xmlSecAssert2(out != NULL, -1);
@@ -88,92 +72,92 @@ xmlSecMSCryptoBlockCipherCtxInit(xmlSecMSCryptoBlockCipherCtxPtr ctx,
/* iv len == block len */
dwBlockLenLen = sizeof(DWORD);
if (!CryptGetKeyParam(ctx->cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptGetKeyParam",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptGetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
blockLen = dwBlockLen / 8;
xmlSecAssert2(blockLen > 0, -1);
if(encrypt) {
- unsigned char* iv;
- size_t outSize;
-
- /* allocate space for IV */
- outSize = xmlSecBufferGetSize(out);
- ret = xmlSecBufferSetSize(out, outSize + blockLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + blockLen);
- return(-1);
- }
- iv = xmlSecBufferGetData(out) + outSize;
-
- /* generate and use random iv */
- if(!CryptGenRandom(ctx->cryptProvider, blockLen, iv)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptGenRandom",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "len=%d", blockLen);
- return(-1);
- }
-
- if(!CryptSetKeyParam(ctx->cryptKey, KP_IV, iv, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptSetKeyParam",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ unsigned char* iv;
+ size_t outSize;
+
+ /* allocate space for IV */
+ outSize = xmlSecBufferGetSize(out);
+ ret = xmlSecBufferSetSize(out, outSize + blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + blockLen);
+ return(-1);
+ }
+ iv = xmlSecBufferGetData(out) + outSize;
+
+ /* generate and use random iv */
+ if(!CryptGenRandom(ctx->cryptProvider, blockLen, iv)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptGenRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "len=%d", blockLen);
+ return(-1);
+ }
+
+ if(!CryptSetKeyParam(ctx->cryptKey, KP_IV, iv, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptSetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
} else {
- /* if we don't have enough data, exit and hope that
- * we'll have iv next time */
- if(xmlSecBufferGetSize(in) < (size_t)blockLen) {
- return(0);
- }
- xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
-
- /* set iv */
- if (!CryptSetKeyParam(ctx->cryptKey, KP_IV, xmlSecBufferGetData(in), 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptSetKeyParam",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* and remove from input */
- ret = xmlSecBufferRemoveHead(in, blockLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", blockLen);
- return(-1);
-
- }
+ /* if we don't have enough data, exit and hope that
+ * we'll have iv next time */
+ if(xmlSecBufferGetSize(in) < (size_t)blockLen) {
+ return(0);
+ }
+ xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
+
+ /* set iv */
+ if (!CryptSetKeyParam(ctx->cryptKey, KP_IV, xmlSecBufferGetData(in), 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptSetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* and remove from input */
+ ret = xmlSecBufferRemoveHead(in, blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", blockLen);
+ return(-1);
+
+ }
}
ctx->ctxInitialized = 1;
- return(0);
+ return(0);
}
-static int
+static int
xmlSecMSCryptoBlockCipherCtxUpdate(xmlSecMSCryptoBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in, xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx) {
+ xmlSecBufferPtr in, xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
size_t inSize, inBlocks, outSize;
int blockLen;
unsigned char* outBuf;
@@ -186,44 +170,44 @@ xmlSecMSCryptoBlockCipherCtxUpdate(xmlSecMSCryptoBlockCipherCtxPtr ctx,
xmlSecAssert2(in != NULL, -1);
xmlSecAssert2(out != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
-
+
dwBlockLenLen = sizeof(DWORD);
if (!CryptGetKeyParam(ctx->cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptSetKeyParam",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptSetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
blockLen = dwBlockLen / 8;
xmlSecAssert2(blockLen > 0, -1);
inSize = xmlSecBufferGetSize(in);
outSize = xmlSecBufferGetSize(out);
-
+
if(inSize < (size_t)blockLen) {
- return(0);
+ return(0);
}
if(encrypt) {
- inBlocks = inSize / ((size_t)blockLen);
+ inBlocks = inSize / ((size_t)blockLen);
} else {
- /* we want to have the last block in the input buffer
- * for padding check */
- inBlocks = (inSize - 1) / ((size_t)blockLen);
+ /* we want to have the last block in the input buffer
+ * for padding check */
+ inBlocks = (inSize - 1) / ((size_t)blockLen);
}
inSize = inBlocks * ((size_t)blockLen);
/* we write out the input size plus may be one block */
ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + inSize + blockLen);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + inSize + blockLen);
+ return(-1);
}
outBuf = xmlSecBufferGetData(out) + outSize;
inBuf = xmlSecBufferGetData(in);
@@ -232,72 +216,72 @@ xmlSecMSCryptoBlockCipherCtxUpdate(xmlSecMSCryptoBlockCipherCtxPtr ctx,
memcpy(outBuf, inBuf, inSize);
dwCLen = inSize;
if(encrypt) {
- if(!CryptEncrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen, inSize + blockLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptEncrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ if(!CryptEncrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen, inSize + blockLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptEncrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
} else {
- if (!CryptDecrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptSetKeyDecrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ if (!CryptDecrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptSetKeyDecrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
/* Check if we really have de/encrypted the numbers of bytes that we requested */
if (dwCLen != inSize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptEn/Decrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%ld", dwCLen);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptEn/Decrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%ld", dwCLen);
+ return(-1);
}
/* set correct output buffer size */
ret = xmlSecBufferSetSize(out, outSize + inSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + inSize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + inSize);
+ return(-1);
}
/* remove the processed block from input */
ret = xmlSecBufferRemoveHead(in, inSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
}
return(0);
}
-static int
+static int
xmlSecMSCryptoBlockCipherCtxFinal(xmlSecMSCryptoBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx) {
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
size_t inSize, outSize;
int blockLen, outLen = 0;
unsigned char* inBuf;
unsigned char* outBuf;
int ret;
DWORD dwBlockLen, dwBlockLenLen, dwCLen;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->ctxInitialized != 0, -1);
xmlSecAssert2(in != NULL, -1);
@@ -306,12 +290,12 @@ xmlSecMSCryptoBlockCipherCtxFinal(xmlSecMSCryptoBlockCipherCtxPtr ctx,
dwBlockLenLen = sizeof(DWORD);
if (!CryptGetKeyParam(ctx->cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptGetKeyParam",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptGetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
blockLen = dwBlockLen / 8;
xmlSecAssert2(blockLen > 0, -1);
@@ -320,129 +304,129 @@ xmlSecMSCryptoBlockCipherCtxFinal(xmlSecMSCryptoBlockCipherCtxPtr ctx,
outSize = xmlSecBufferGetSize(out);
if(encrypt != 0) {
- xmlSecAssert2(inSize < (size_t)blockLen, -1);
-
- /* create padding */
- ret = xmlSecBufferSetMaxSize(in, blockLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", blockLen);
- return(-1);
- }
- inBuf = xmlSecBufferGetData(in);
-
- /* create random padding */
- if((size_t)blockLen > (inSize + 1)) {
- if (!CryptGenRandom(ctx->cryptProvider, blockLen - inSize - 1, inBuf + inSize)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptGenRandom",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
- inBuf[blockLen - 1] = blockLen - inSize;
- inSize = blockLen;
+ xmlSecAssert2(inSize < (size_t)blockLen, -1);
+
+ /* create padding */
+ ret = xmlSecBufferSetMaxSize(in, blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", blockLen);
+ return(-1);
+ }
+ inBuf = xmlSecBufferGetData(in);
+
+ /* create random padding */
+ if((size_t)blockLen > (inSize + 1)) {
+ if (!CryptGenRandom(ctx->cryptProvider, blockLen - inSize - 1, inBuf + inSize)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptGenRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ inBuf[blockLen - 1] = blockLen - inSize;
+ inSize = blockLen;
} else {
- if(inSize != (size_t)blockLen) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "data=%d;block=%d", inSize, blockLen);
- return(-1);
- }
- inBuf = xmlSecBufferGetData(in);
+ if(inSize != (size_t)blockLen) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data=%d;block=%d", inSize, blockLen);
+ return(-1);
+ }
+ inBuf = xmlSecBufferGetData(in);
}
-
+
/* process last block */
ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + 2 * blockLen);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + 2 * blockLen);
+ return(-1);
}
outBuf = xmlSecBufferGetData(out) + outSize;
memcpy(outBuf, inBuf, inSize);
dwCLen = inSize;
if(encrypt) {
- /* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
- * can be skipped. I hope this will work .... */
- if(!CryptEncrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen, inSize + blockLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptEncrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ /* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
+ * can be skipped. I hope this will work .... */
+ if(!CryptEncrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen, inSize + blockLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptEncrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
} else {
- if (!CryptDecrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptDecrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ if (!CryptDecrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptDecrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
/* Check if we really have de/encrypted the numbers of bytes that we requested */
if (dwCLen != inSize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "CryptEn/Decrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%ld", dwCLen);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptEn/Decrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%ld", dwCLen);
+ return(-1);
}
if(encrypt == 0) {
- /* check padding */
- if(inSize < outBuf[blockLen - 1]) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "padding=%d;buffer=%d",
- outBuf[blockLen - 1], inSize);
- return(-1);
- }
- outLen = inSize - outBuf[blockLen - 1];
+ /* check padding */
+ if(inSize < outBuf[blockLen - 1]) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "padding=%d;buffer=%d",
+ outBuf[blockLen - 1], inSize);
+ return(-1);
+ }
+ outLen = inSize - outBuf[blockLen - 1];
} else {
- outLen = inSize;
+ outLen = inSize;
}
/* set correct output buffer size */
ret = xmlSecBufferSetSize(out, outSize + outLen);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + outLen);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
}
/* remove the processed block from input */
ret = xmlSecBufferRemoveHead(in, inSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
}
-
+
return(0);
}
@@ -451,29 +435,52 @@ xmlSecMSCryptoBlockCipherCtxFinal(xmlSecMSCryptoBlockCipherCtxPtr ctx,
* Block Cipher transforms
*
* xmlSecMSCryptoBlockCipherCtx block is located after xmlSecTransform structure
- *
+ *
*****************************************************************************/
-#define xmlSecMSCryptoBlockCipherSize \
+#define xmlSecMSCryptoBlockCipherSize \
(sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoBlockCipherCtx))
#define xmlSecMSCryptoBlockCipherGetCtx(transform) \
((xmlSecMSCryptoBlockCipherCtxPtr)(((unsigned char*)(transform)) + sizeof(xmlSecTransform)))
-static int xmlSecMSCryptoBlockCipherInitialize (xmlSecTransformPtr transform);
-static void xmlSecMSCryptoBlockCipherFinalize (xmlSecTransformPtr transform);
-static int xmlSecMSCryptoBlockCipherSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecMSCryptoBlockCipherSetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecMSCryptoBlockCipherExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecMSCryptoBlockCipherCheckId (xmlSecTransformPtr transform);
-
+static int xmlSecMSCryptoBlockCipherInitialize (xmlSecTransformPtr transform);
+static void xmlSecMSCryptoBlockCipherFinalize (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoBlockCipherSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecMSCryptoBlockCipherSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecMSCryptoBlockCipherExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecMSCryptoBlockCipherCheckId (xmlSecTransformPtr transform);
+
+
+
+/* Ordered list of providers to search for algorithm implementation using
+ * xmlSecMSCryptoFindProvider() function
+ *
+ * MUST END with { NULL, 0 } !!!
+ */
+#ifndef XMLSEC_NO_DES
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Des[] = {
+ { MS_STRONG_PROV, PROV_RSA_FULL },
+ { MS_ENHANCED_PROV, PROV_RSA_FULL },
+ { NULL, 0 }
+};
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Aes[] = {
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV, PROV_RSA_AES},
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE, PROV_RSA_AES },
+ { NULL, 0 }
+};
+#endif /* XMLSEC_NO_AES */
+
static int
xmlSecMSCryptoBlockCipherCheckId(xmlSecTransformPtr transform) {
#ifndef XMLSEC_NO_DES
if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformDes3CbcId)) {
- return(1);
+ return(1);
}
#endif /* XMLSEC_NO_DES */
@@ -489,115 +496,83 @@ xmlSecMSCryptoBlockCipherCheckId(xmlSecTransformPtr transform) {
return(0);
}
-static int
+static int
xmlSecMSCryptoBlockCipherInitialize(xmlSecTransformPtr transform) {
xmlSecMSCryptoBlockCipherCtxPtr ctx;
+ int ret;
xmlSecAssert2(xmlSecMSCryptoBlockCipherCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoBlockCipherSize), -1);
ctx = xmlSecMSCryptoBlockCipherGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
-
+
memset(ctx, 0, sizeof(xmlSecMSCryptoBlockCipherCtx));
#ifndef XMLSEC_NO_DES
if(transform->id == xmlSecMSCryptoTransformDes3CbcId) {
- ctx->algorithmIdentifier = CALG_3DES;
- ctx->keyId = xmlSecMSCryptoKeyDataDesId;
- ctx->providerName = MS_ENHANCED_PROV;
- ctx->providerType = PROV_RSA_FULL;
- ctx->keySize = 24;
- } else
+ ctx->algorithmIdentifier = CALG_3DES;
+ ctx->keyId = xmlSecMSCryptoKeyDataDesId;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Des;
+ ctx->keySize = 24;
+ } else
#endif /* XMLSEC_NO_DES */
#ifndef XMLSEC_NO_AES
if(transform->id == xmlSecMSCryptoTransformAes128CbcId) {
- ctx->algorithmIdentifier = CALG_AES_128;
- ctx->keyId = xmlSecMSCryptoKeyDataAesId;
- ctx->providerName = MS_ENH_RSA_AES_PROV_PROTO;
- ctx->providerType = PROV_RSA_AES;
- ctx->keySize = 16;
+ ctx->algorithmIdentifier = CALG_AES_128;
+ ctx->keyId = xmlSecMSCryptoKeyDataAesId;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
+ ctx->keySize = 16;
} else if(transform->id == xmlSecMSCryptoTransformAes192CbcId) {
- ctx->algorithmIdentifier = CALG_AES_192;
- ctx->keyId = xmlSecMSCryptoKeyDataAesId;
- ctx->providerName = MS_ENH_RSA_AES_PROV_PROTO;
- ctx->providerType = PROV_RSA_AES;
- ctx->keySize = 24;
+ ctx->algorithmIdentifier = CALG_AES_192;
+ ctx->keyId = xmlSecMSCryptoKeyDataAesId;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
+ ctx->keySize = 24;
} else if(transform->id == xmlSecMSCryptoTransformAes256CbcId) {
- ctx->algorithmIdentifier = CALG_AES_256;
- ctx->keyId = xmlSecMSCryptoKeyDataAesId;
- ctx->providerName = MS_ENH_RSA_AES_PROV_PROTO;
- ctx->providerType = PROV_RSA_AES;
- ctx->keySize = 32;
- } else
+ ctx->algorithmIdentifier = CALG_AES_256;
+ ctx->keyId = xmlSecMSCryptoKeyDataAesId;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
+ ctx->keySize = 32;
+ } else
#endif /* XMLSEC_NO_AES */
- if(1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- if(!CryptAcquireContext(&ctx->cryptProvider, NULL /*"xmlSecMSCryptoTempContainer"*/,
- ctx->providerName, ctx->providerType, 0)) {
- DWORD dwError = GetLastError();
- if (dwError == NTE_EXISTS) {
- if (!CryptAcquireContext(&ctx->cryptProvider, "xmlSecMSCryptoTempContainer",
- ctx->providerName, ctx->providerType, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "CryptAcquireContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
-
- return(-1);
- }
- } else if (dwError == NTE_BAD_KEYSET) {
- /* This error can indicate that a newly installed provider
- * does not have a usable key container yet. It needs to be
- * created, and then we have to try again CryptAcquireContext.
- * This is also referenced in
- * http://www.microsoft.com/mind/0697/crypto.asp (inituser)
- */
- if(!CryptAcquireContext(&ctx->cryptProvider, NULL, ctx->providerName,
- ctx->providerType, CRYPT_NEWKEYSET)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "CryptAcquireContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "CryptAcquireContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ctx->cryptProvider = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(ctx->cryptProvider == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoFindProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ return(-1);
}
/* Create dummy key to be able to import plain session keys */
if (!xmlSecMSCryptoCreatePrivateExponentOneKey(ctx->cryptProvider, &(ctx->pubPrivKey))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecMSCryptoCreatePrivateExponentOneKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoCreatePrivateExponentOneKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ return(-1);
}
ctx->ctxInitialized = 0;
return(0);
}
-static void
+static void
xmlSecMSCryptoBlockCipherFinalize(xmlSecTransformPtr transform) {
xmlSecMSCryptoBlockCipherCtxPtr ctx;
@@ -608,21 +583,19 @@ xmlSecMSCryptoBlockCipherFinalize(xmlSecTransformPtr transform) {
xmlSecAssert(ctx != NULL);
if (ctx->cryptKey) {
- CryptDestroyKey(ctx->cryptKey);
+ CryptDestroyKey(ctx->cryptKey);
}
if (ctx->pubPrivKey) {
- CryptDestroyKey(ctx->pubPrivKey);
+ CryptDestroyKey(ctx->pubPrivKey);
}
if (ctx->cryptProvider) {
- CryptReleaseContext(ctx->cryptProvider, 0);
- CryptAcquireContext(&ctx->cryptProvider, "xmlSecMSCryptoTempContainer",
- MS_ENHANCED_PROV, ctx->providerType, CRYPT_DELETEKEYSET);
+ CryptReleaseContext(ctx->cryptProvider, 0);
}
-
+
memset(ctx, 0, sizeof(xmlSecMSCryptoBlockCipherCtx));
}
-static int
+static int
xmlSecMSCryptoBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecMSCryptoBlockCipherCtxPtr ctx;
@@ -635,12 +608,12 @@ xmlSecMSCryptoBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPt
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->cryptProvider != 0, -1);
- keyReq->keyId = ctx->keyId;
- keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ keyReq->keyId = ctx->keyId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
if(transform->operation == xmlSecTransformOperationEncrypt) {
- keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
} else {
- keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
}
keyReq->keyBitsSize = 8 * ctx->keySize;
@@ -660,23 +633,23 @@ xmlSecMSCryptoBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key)
ctx = xmlSecMSCryptoBlockCipherGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->keyInitialized == 0, -1);
+ xmlSecAssert2(ctx->cryptKey == 0, -1);
+ xmlSecAssert2(ctx->pubPrivKey != 0, -1);
xmlSecAssert2(ctx->keyId != NULL, -1);
xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
-
xmlSecAssert2(ctx->keySize > 0, -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
xmlSecAssert2(buffer != NULL, -1);
if(xmlSecBufferGetSize(buffer) < ctx->keySize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
- "keySize=%d;expected=%d",
- xmlSecBufferGetSize(buffer), ctx->keySize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "keySize=%d;expected=%d",
+ xmlSecBufferGetSize(buffer), ctx->keySize);
+ return(-1);
}
bufData = xmlSecBufferGetData(buffer);
@@ -684,35 +657,35 @@ xmlSecMSCryptoBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key)
/* Import this key and get an HCRYPTKEY handle */
if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->cryptProvider,
- ctx->pubPrivKey,
- ctx->algorithmIdentifier,
- bufData,
- ctx->keySize,
- &(ctx->cryptKey))) {
-
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecMSCryptoImportPlainSessionBlob",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ ctx->pubPrivKey,
+ ctx->algorithmIdentifier,
+ bufData,
+ ctx->keySize,
+ TRUE,
+ &(ctx->cryptKey))) {
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoImportPlainSessionBlob",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
- ctx->keyInitialized = 1;
return(0);
}
-static int
+static int
xmlSecMSCryptoBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecMSCryptoBlockCipherCtxPtr ctx;
xmlSecBufferPtr in, out;
int ret;
-
+
xmlSecAssert2(xmlSecMSCryptoBlockCipherCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoBlockCipherSize), -1);
xmlSecAssert2(transformCtx != NULL, -1);
-
+
in = &(transform->inBuf);
out = &(transform->outBuf);
@@ -720,79 +693,79 @@ xmlSecMSCryptoBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecT
xmlSecAssert2(ctx != NULL, -1);
if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
+ transform->status = xmlSecTransformStatusWorking;
}
if(transform->status == xmlSecTransformStatusWorking) {
- if(ctx->ctxInitialized == 0) {
- ret = xmlSecMSCryptoBlockCipherCtxInit(ctx,
- in,
- out,
- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
- xmlSecTransformGetName(transform),
- transformCtx);
-
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecMSCryptoBlockCipherCtxInit",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
- if((ctx->ctxInitialized == 0) && (last != 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "not enough data to initialize transform");
- return(-1);
- }
- if(ctx->ctxInitialized != 0) {
- ret = xmlSecMSCryptoBlockCipherCtxUpdate(ctx, in, out,
- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
- xmlSecTransformGetName(transform), transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecMSCryptoBlockCipherCtxUpdate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
- if(last) {
- ret = xmlSecMSCryptoBlockCipherCtxFinal(ctx, in, out,
- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
- xmlSecTransformGetName(transform), transformCtx);
-
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecMSCryptoBlockCipherCtxFinal",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- transform->status = xmlSecTransformStatusFinished;
- }
+ if(ctx->ctxInitialized == 0) {
+ ret = xmlSecMSCryptoBlockCipherCtxInit(ctx,
+ in,
+ out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform),
+ transformCtx);
+
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoBlockCipherCtxInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ if((ctx->ctxInitialized == 0) && (last != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "not enough data to initialize transform");
+ return(-1);
+ }
+ if(ctx->ctxInitialized != 0) {
+ ret = xmlSecMSCryptoBlockCipherCtxUpdate(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoBlockCipherCtxUpdate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ if(last) {
+ ret = xmlSecMSCryptoBlockCipherCtxFinal(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoBlockCipherCtxFinal",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
} else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
} else if(transform->status == xmlSecTransformStatusNone) {
- /* the only way we can get here is if there is no enough data in the input */
- xmlSecAssert2(last == 0, -1);
+ /* the only way we can get here is if there is no enough data in the input */
+ xmlSecAssert2(last == 0, -1);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
-
+
return(0);
}
@@ -804,117 +777,117 @@ xmlSecMSCryptoBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecT
********************************************************************/
static xmlSecTransformKlass xmlSecMSCryptoAes128CbcKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameAes128Cbc, /* const xmlChar* name; */
- xmlSecHrefAes128Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecMSCryptoBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecMSCryptoBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecMSCryptoBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes128Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes128Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecMSCryptoTransformAes128CbcGetKlass:
- *
+ *
* AES 128 CBC encryption transform klass.
- *
+ *
* Returns: pointer to AES 128 CBC encryption transform.
- */
-xmlSecTransformId
+ */
+xmlSecTransformId
xmlSecMSCryptoTransformAes128CbcGetKlass(void) {
return(&xmlSecMSCryptoAes128CbcKlass);
}
static xmlSecTransformKlass xmlSecMSCryptoAes192CbcKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameAes192Cbc, /* const xmlChar* name; */
- xmlSecHrefAes192Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecMSCryptoBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecMSCryptoBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecMSCryptoBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes192Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes192Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecMSCryptoTransformAes192CbcGetKlass:
- *
+ *
* AES 192 CBC encryption transform klass.
- *
+ *
* Returns: pointer to AES 192 CBC encryption transform.
- */
-xmlSecTransformId
+ */
+xmlSecTransformId
xmlSecMSCryptoTransformAes192CbcGetKlass(void) {
return(&xmlSecMSCryptoAes192CbcKlass);
}
static xmlSecTransformKlass xmlSecMSCryptoAes256CbcKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameAes256Cbc, /* const xmlChar* name; */
- xmlSecHrefAes256Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecMSCryptoBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecMSCryptoBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecMSCryptoBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes256Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes256Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecMSCryptoTransformAes256CbcGetKlass:
- *
+ *
* AES 256 CBC encryption transform klass.
- *
+ *
* Returns: pointer to AES 256 CBC encryption transform.
- */
-xmlSecTransformId
+ */
+xmlSecTransformId
xmlSecMSCryptoTransformAes256CbcGetKlass(void) {
return(&xmlSecMSCryptoAes256CbcKlass);
}
@@ -925,426 +898,40 @@ xmlSecMSCryptoTransformAes256CbcGetKlass(void) {
#ifndef XMLSEC_NO_DES
static xmlSecTransformKlass xmlSecMSCryptoDes3CbcKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* size_t klassSize */
- xmlSecMSCryptoBlockCipherSize, /* size_t objSize */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecMSCryptoBlockCipherSize, /* size_t objSize */
- xmlSecNameDes3Cbc, /* const xmlChar* name; */
- xmlSecHrefDes3Cbc, /* const xmlChar* href; */
+ xmlSecNameDes3Cbc, /* const xmlChar* name; */
+ xmlSecHrefDes3Cbc, /* const xmlChar* href; */
xmlSecTransformUsageEncryptionMethod,/* xmlSecAlgorithmUsage usage; */
xmlSecMSCryptoBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecMSCryptoBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecMSCryptoBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecMSCryptoTransformDes3CbcGetKlass:
*
* Triple DES CBC encryption transform klass.
- *
+ *
* Returns: pointer to Triple DES encryption transform.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecMSCryptoTransformDes3CbcGetKlass(void) {
return(&xmlSecMSCryptoDes3CbcKlass);
}
#endif /* XMLSEC_NO_DES */
-
-/*
- * Low level helper routines for importing plain text keys in MS HKEY handle,
- * since MSCrypto API does not support import of plain text (session) keys
- * just like that.
- * These functions are based upon MS kb article: 228786
- *
- * aleksey: also check "Base Provider Key BLOBs" article for priv key blob format
- **/
-static BOOL
-xmlSecMSCryptoCreatePrivateExponentOneKey(HCRYPTPROV hProv, HCRYPTKEY *hPrivateKey)
-{
- HCRYPTKEY hKey = 0;
- LPBYTE keyBlob = NULL;
- DWORD keyBlobLen;
- PUBLICKEYSTRUC* pubKeyStruc;
- RSAPUBKEY* rsaPubKey;
- DWORD bitLen;
- BYTE *ptr;
- int n;
- BOOL res = FALSE;
-
- xmlSecAssert2(hProv != 0, FALSE);
- xmlSecAssert2(hPrivateKey != NULL, FALSE);
-
- /* just in case */
- *hPrivateKey = 0;
-
- /* Generate the private key */
- if(!CryptGenKey(hProv, AT_KEYEXCHANGE, CRYPT_EXPORTABLE, &hKey)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptGenKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- /* Export the private key, we'll convert it to a private exponent of one key */
- if(!CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, NULL, &keyBlobLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptExportKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- keyBlob = (LPBYTE)xmlMalloc(sizeof(BYTE) * keyBlobLen);
- if(keyBlob == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- if(!CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, keyBlob, &keyBlobLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptExportKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- CryptDestroyKey(hKey);
- hKey = 0;
-
- /* Get the bit length of the key */
- if(keyBlobLen < sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptExportKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "len=%ld", keyBlobLen);
- goto done;
- }
- pubKeyStruc = (PUBLICKEYSTRUC*)keyBlob;
- if(pubKeyStruc->bVersion != 0x02) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptExportKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "pubKeyStruc->bVersion=%d", pubKeyStruc->bVersion);
- goto done;
- }
- if(pubKeyStruc->bType != PRIVATEKEYBLOB) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptExportKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "pubKeyStruc->bType=%d", (int)pubKeyStruc->bType);
- goto done;
- }
-
- /* aleksey: don't ask me why it is RSAPUBKEY, just don't ask */
- rsaPubKey = (RSAPUBKEY*)(keyBlob + sizeof(PUBLICKEYSTRUC));
-
- /* check that we have RSA private key */
- if(rsaPubKey->magic != 0x32415352) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptExportKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "rsaPubKey->magic=0x%08lx", rsaPubKey->magic);
- goto done;
- }
- bitLen = rsaPubKey->bitlen;
-
- /* Modify the Exponent in Key BLOB format Key BLOB format is documented in SDK */
- rsaPubKey->pubexp = 1;
-
- /* Private-key BLOBs, type PRIVATEKEYBLOB, are used to store private keys outside a CSP.
- * Base provider private-key BLOBs have the following format:
- *
- * PUBLICKEYSTRUC publickeystruc ;
- * RSAPUBKEY rsapubkey;
- * BYTE modulus[rsapubkey.bitlen/8]; 1/8
- * BYTE prime1[rsapubkey.bitlen/16]; 1/16
- * BYTE prime2[rsapubkey.bitlen/16]; 1/16
- * BYTE exponent1[rsapubkey.bitlen/16]; 1/16
- * BYTE exponent2[rsapubkey.bitlen/16]; 1/16
- * BYTE coefficient[rsapubkey.bitlen/16]; 1/16
- * BYTE privateExponent[rsapubkey.bitlen/8]; 1/8
- */
- if(keyBlobLen < sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY) + bitLen / 2 + bitLen / 16) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptExportKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "len=%ld", keyBlobLen);
- goto done;
- }
- ptr = (BYTE*)(keyBlob + sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY));
-
- /* Skip modulus, prime1, prime2 */
- ptr += bitLen / 8;
- ptr += bitLen / 16;
- ptr += bitLen / 16;
-
- /* Convert exponent1 to 1 */
- for (n = 0; n < (bitLen / 16); n++) {
- if (n == 0) ptr[n] = 1;
- else ptr[n] = 0;
- }
- ptr += bitLen / 16;
-
- /* Convert exponent2 to 1 */
- for (n = 0; n < (bitLen / 16); n++) {
- if (n == 0) ptr[n] = 1;
- else ptr[n] = 0;
- }
- ptr += bitLen / 16;
-
- /* Skip coefficient */
- ptr += bitLen / 16;
-
- /* Convert privateExponent to 1 */
- for (n = 0; n < (bitLen / 16); n++) {
- if (n == 0) ptr[n] = 1;
- else ptr[n] = 0;
- }
-
- /* Import the exponent-of-one private key. */
- if (!CryptImportKey(hProv, keyBlob, keyBlobLen, 0, 0, &hKey)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptImportKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- (*hPrivateKey) = hKey;
- hKey = 0;
- res = TRUE;
-
-done:
- if(keyBlob != NULL) {
- xmlFree(keyBlob);
- }
- if (hKey != 0) {
- CryptDestroyKey(hKey);
- }
-
- return res;
-}
-
-static BOOL
-xmlSecMSCryptoImportPlainSessionBlob(HCRYPTPROV hProv, HCRYPTKEY hPrivateKey,
- ALG_ID dwAlgId, LPBYTE pbKeyMaterial,
- DWORD dwKeyMaterial, HCRYPTKEY *hSessionKey) {
- ALG_ID dwPrivKeyAlg;
- LPBYTE keyBlob = NULL;
- DWORD keyBlobLen, rndBlobSize, dwSize, n;
- PUBLICKEYSTRUC* pubKeyStruc;
- ALG_ID* algId;
- DWORD dwPublicKeySize;
- DWORD dwProvSessionKeySize;
- LPBYTE pbPtr;
- DWORD dwFlags;
- PROV_ENUMALGS_EX ProvEnum;
- HCRYPTKEY hTempKey = 0;
- BOOL fFound;
- BOOL res = FALSE;
-
- xmlSecAssert2(hProv != 0, FALSE);
- xmlSecAssert2(hPrivateKey != 0, FALSE);
- xmlSecAssert2(pbKeyMaterial != NULL, FALSE);
- xmlSecAssert2(dwKeyMaterial > 0, FALSE);
- xmlSecAssert2(hSessionKey != NULL, FALSE);
-
- /* Double check to see if this provider supports this algorithm and key size */
- fFound = FALSE;
- dwFlags = CRYPT_FIRST;
- dwSize = sizeof(ProvEnum);
- while(CryptGetProvParam(hProv, PP_ENUMALGS_EX, (LPBYTE)&ProvEnum, &dwSize, dwFlags)) {
- if (ProvEnum.aiAlgid == dwAlgId) {
- fFound = TRUE;
- break;
- }
- dwSize = sizeof(ProvEnum);
- dwFlags = 0;
- }
- if(!fFound) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptGetProvParam",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "algId=%d is not supported", dwAlgId);
- goto done;
- }
-
- /* We have to get the key size(including padding) from an HCRYPTKEY handle.
- * PP_ENUMALGS_EX contains the key size without the padding so we can't use it.
- */
- if(!CryptGenKey(hProv, dwAlgId, 0, &hTempKey)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptGenKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "algId=%d", dwAlgId);
- goto done;
- }
-
- dwSize = sizeof(DWORD);
- if(!CryptGetKeyParam(hTempKey, KP_KEYLEN, (LPBYTE)&dwProvSessionKeySize, &dwSize, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptGetKeyParam(KP_KEYLEN)",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "algId=%d", dwAlgId);
- goto done;
- }
- CryptDestroyKey(hTempKey);
- hTempKey = 0;
-
- /* Our key is too big, leave */
- if ((dwKeyMaterial * 8) > dwProvSessionKeySize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "dwKeyMaterial=%ld;dwProvSessionKeySize=%ld",
- dwKeyMaterial, dwProvSessionKeySize);
- goto done;
- }
-
- /* Get private key's algorithm */
- dwSize = sizeof(ALG_ID);
- if(!CryptGetKeyParam(hPrivateKey, KP_ALGID, (LPBYTE)&dwPrivKeyAlg, &dwSize, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptGetKeyParam(KP_ALGID)",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "algId=%d", dwAlgId);
- goto done;
- }
-
- /* Get private key's length in bits */
- dwSize = sizeof(DWORD);
- if(!CryptGetKeyParam(hPrivateKey, KP_KEYLEN, (LPBYTE)&dwPublicKeySize, &dwSize, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptGetKeyParam(KP_KEYLEN)",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "algId=%d", dwAlgId);
- goto done;
- }
-
- /* 3 is for the first reserved byte after the key material and the 2 reserved bytes at the end. */
- if(dwPublicKeySize / 8 < dwKeyMaterial + 3) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "dwKeyMaterial=%ld;dwPublicKeySize=%ld",
- dwKeyMaterial, dwPublicKeySize);
- goto done;
- }
- rndBlobSize = dwPublicKeySize / 8 - (dwKeyMaterial + 3);
-
- /* Simple key BLOBs, type SIMPLEBLOB, are used to store and transport session keys outside a CSP.
- * Base provider simple-key BLOBs are always encrypted with a key exchange public key. The pbData
- * member of the SIMPLEBLOB is a sequence of bytes in the following format:
- *
- * PUBLICKEYSTRUC publickeystruc ;
- * ALG_ID algid;
- * BYTE encryptedkey[rsapubkey.bitlen/8];
- */
-
- /* calculate Simple blob's length */
- keyBlobLen = sizeof(PUBLICKEYSTRUC) + sizeof(ALG_ID) + (dwPublicKeySize / 8);
-
- /* allocate simple blob buffer */
- keyBlob = (LPBYTE)xmlMalloc(sizeof(BYTE) * keyBlobLen);
- if(keyBlob == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- memset(keyBlob, 0, keyBlobLen);
-
- /* initialize PUBLICKEYSTRUC */
- pubKeyStruc = (PUBLICKEYSTRUC*)(keyBlob);
- pubKeyStruc->bType = SIMPLEBLOB;
- pubKeyStruc->bVersion = 0x02;
- pubKeyStruc->reserved = 0;
- pubKeyStruc->aiKeyAlg = dwAlgId;
-
- /* Copy private key algorithm to buffer */
- algId = (ALG_ID*)(keyBlob + sizeof(PUBLICKEYSTRUC));
- (*algId) = dwPrivKeyAlg;
-
- /* Place the key material in reverse order */
- pbPtr = (BYTE*)(keyBlob + sizeof(PUBLICKEYSTRUC) + sizeof(ALG_ID));
- for (n = 0; n < dwKeyMaterial; n++) {
- pbPtr[n] = pbKeyMaterial[dwKeyMaterial - n - 1];
- }
- pbPtr += dwKeyMaterial;
-
- /* skip reserved byte */
- pbPtr += 1;
-
- /* Generate random data for the rest of the buffer */
- if((rndBlobSize > 0) && !CryptGenRandom(hProv, rndBlobSize, pbPtr)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptGenRandom",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "rndBlobSize=%ld", rndBlobSize);
- goto done;
- }
- /* aleksey: why are we doing this? */
- for (n = 0; n < rndBlobSize; n++) {
- if (pbPtr[n] == 0) pbPtr[n] = 1;
- }
-
- /* set magic number at the end */
- keyBlob[keyBlobLen - 2] = 2;
-
- if(!CryptImportKey(hProv, keyBlob , keyBlobLen, hPrivateKey, CRYPT_EXPORTABLE, hSessionKey)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptImportKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "algId=%d", dwAlgId);
- goto done;
- }
-
- /* success */
- res = TRUE;
-
-done:
- if(hTempKey != 0) {
- CryptDestroyKey(hTempKey);
- }
- if(keyBlob != NULL) {
- xmlFree(keyBlob);
- }
- return(res);
-}
-
diff --git a/src/mscrypto/crypto.c b/src/mscrypto/crypto.c
index d60d3c60..82ab101d 100644
--- a/src/mscrypto/crypto.c
+++ b/src/mscrypto/crypto.c
@@ -1,12 +1,12 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
- * Copyrigth (C) 2003 Cordys R&D BV, All rights reserved.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
* Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com>
- * Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru).
+ * Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru).
*/
#include "globals.h"
@@ -23,11 +23,40 @@
#include <xmlsec/mscrypto/app.h>
#include <xmlsec/mscrypto/crypto.h>
#include <xmlsec/mscrypto/x509.h>
+#include "private.h"
#if defined(__MINGW32__)
-# include "xmlsec-mingw.h"
+/* NOTE mingw.org project don't define any xxx_s function and may
+ * be never will define them.
+ *
+ * In this file is save to use non _s function as into destination
+ * buffer program code copy empty string and the size of source buffer
+ * (XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE=4096) is enough for any
+ * encoding. Also program code don't check result of _s functions.
+ */
+
+static int
+strcpy_s(char *dest, size_t n, const char *src) {
+ strcpy(dest, src);
+ return(0);
+}
+
+static int
+wcscpy_s(wchar_t *dest, size_t n, const wchar_t *src) {
+ wcscpy(dest, src);
+ return(0);
+}
+#endif
+
+#define XMLSEC_CONTAINER_NAME_A "xmlsec-key-container"
+#define XMLSEC_CONTAINER_NAME_W L"xmlsec-key-container"
+#ifdef UNICODE
+#define XMLSEC_CONTAINER_NAME XMLSEC_CONTAINER_NAME_W
+#else
+#define XMLSEC_CONTAINER_NAME XMLSEC_CONTAINER_NAME_A
#endif
+
static xmlSecCryptoDLFunctionsPtr gXmlSecMSCryptoFunctions = NULL;
/**
@@ -40,131 +69,216 @@ static xmlSecCryptoDLFunctionsPtr gXmlSecMSCryptoFunctions = NULL;
xmlSecCryptoDLFunctionsPtr
xmlSecCryptoGetFunctions_mscrypto(void) {
static xmlSecCryptoDLFunctions functions;
-
+
if(gXmlSecMSCryptoFunctions != NULL) {
- return(gXmlSecMSCryptoFunctions);
+ return(gXmlSecMSCryptoFunctions);
}
memset(&functions, 0, sizeof(functions));
gXmlSecMSCryptoFunctions = &functions;
- /**
+ /********************************************************************
+ *
* Crypto Init/shutdown
- */
- gXmlSecMSCryptoFunctions->cryptoInit = xmlSecMSCryptoInit;
- gXmlSecMSCryptoFunctions->cryptoShutdown = xmlSecMSCryptoShutdown;
- gXmlSecMSCryptoFunctions->cryptoKeysMngrInit = xmlSecMSCryptoKeysMngrInit;
-
- /**
+ *
+ ********************************************************************/
+ gXmlSecMSCryptoFunctions->cryptoInit = xmlSecMSCryptoInit;
+ gXmlSecMSCryptoFunctions->cryptoShutdown = xmlSecMSCryptoShutdown;
+ gXmlSecMSCryptoFunctions->cryptoKeysMngrInit = xmlSecMSCryptoKeysMngrInit;
+
+ /********************************************************************
+ *
* Key data ids
- */
-#ifndef XMLSEC_NO_DES
- gXmlSecMSCryptoFunctions->keyDataDesGetKlass = xmlSecMSCryptoKeyDataDesGetKlass;
+ *
+ ********************************************************************/
+#ifndef XMLSEC_NO_DES
+ gXmlSecMSCryptoFunctions->keyDataDesGetKlass = xmlSecMSCryptoKeyDataDesGetKlass;
#endif /* XMLSEC_NO_DES */
-#ifndef XMLSEC_NO_AES
- gXmlSecMSCryptoFunctions->keyDataAesGetKlass = xmlSecMSCryptoKeyDataAesGetKlass;
+#ifndef XMLSEC_NO_AES
+ gXmlSecMSCryptoFunctions->keyDataAesGetKlass = xmlSecMSCryptoKeyDataAesGetKlass;
#endif /* XMLSEC_NO_AES */
#ifndef XMLSEC_NO_RSA
- gXmlSecMSCryptoFunctions->keyDataRsaGetKlass = xmlSecMSCryptoKeyDataRsaGetKlass;
+ gXmlSecMSCryptoFunctions->keyDataRsaGetKlass = xmlSecMSCryptoKeyDataRsaGetKlass;
#endif /* XMLSEC_NO_RSA */
+#ifndef XMLSEC_NO_HMAC
+ gXmlSecMSCryptoFunctions->keyDataHmacGetKlass = xmlSecMSCryptoKeyDataHmacGetKlass;
+#endif /* XMLSEC_NO_HMAC */
+
#ifndef XMLSEC_NO_DSA
- gXmlSecMSCryptoFunctions->keyDataDsaGetKlass = xmlSecMSCryptoKeyDataDsaGetKlass;
+ gXmlSecMSCryptoFunctions->keyDataDsaGetKlass = xmlSecMSCryptoKeyDataDsaGetKlass;
#endif /* XMLSEC_NO_DSA */
#ifndef XMLSEC_NO_GOST
- gXmlSecMSCryptoFunctions->keyDataGost2001GetKlass = xmlSecMSCryptoKeyDataGost2001GetKlass;
+ gXmlSecMSCryptoFunctions->keyDataGost2001GetKlass = xmlSecMSCryptoKeyDataGost2001GetKlass;
#endif /* XMLSEC_NO_GOST*/
#ifndef XMLSEC_NO_X509
- gXmlSecMSCryptoFunctions->keyDataX509GetKlass = xmlSecMSCryptoKeyDataX509GetKlass;
- gXmlSecMSCryptoFunctions->keyDataRawX509CertGetKlass = xmlSecMSCryptoKeyDataRawX509CertGetKlass;
+ gXmlSecMSCryptoFunctions->keyDataX509GetKlass = xmlSecMSCryptoKeyDataX509GetKlass;
+ gXmlSecMSCryptoFunctions->keyDataRawX509CertGetKlass = xmlSecMSCryptoKeyDataRawX509CertGetKlass;
#endif /* XMLSEC_NO_X509 */
- /**
+ /********************************************************************
+ *
* Key data store ids
- */
+ *
+ ********************************************************************/
#ifndef XMLSEC_NO_X509
- gXmlSecMSCryptoFunctions->x509StoreGetKlass = xmlSecMSCryptoX509StoreGetKlass;
+ gXmlSecMSCryptoFunctions->x509StoreGetKlass = xmlSecMSCryptoX509StoreGetKlass;
#endif /* XMLSEC_NO_X509 */
- /**
+ /********************************************************************
+ *
* Crypto transforms ids
- */
-#ifndef XMLSEC_NO_AES
- gXmlSecMSCryptoFunctions->transformAes128CbcGetKlass = xmlSecMSCryptoTransformAes128CbcGetKlass;
- gXmlSecMSCryptoFunctions->transformAes192CbcGetKlass = xmlSecMSCryptoTransformAes192CbcGetKlass;
- gXmlSecMSCryptoFunctions->transformAes256CbcGetKlass = xmlSecMSCryptoTransformAes256CbcGetKlass;
+ *
+ ********************************************************************/
+
+ /******************************* AES ********************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecMSCryptoFunctions->transformAes128CbcGetKlass = xmlSecMSCryptoTransformAes128CbcGetKlass;
+ gXmlSecMSCryptoFunctions->transformAes192CbcGetKlass = xmlSecMSCryptoTransformAes192CbcGetKlass;
+ gXmlSecMSCryptoFunctions->transformAes256CbcGetKlass = xmlSecMSCryptoTransformAes256CbcGetKlass;
+ gXmlSecMSCryptoFunctions->transformKWAes128GetKlass = xmlSecMSCryptoTransformKWAes128GetKlass;
+ gXmlSecMSCryptoFunctions->transformKWAes192GetKlass = xmlSecMSCryptoTransformKWAes192GetKlass;
+ gXmlSecMSCryptoFunctions->transformKWAes256GetKlass = xmlSecMSCryptoTransformKWAes256GetKlass;
#endif /* XMLSEC_NO_AES */
-#ifndef XMLSEC_NO_DES
- gXmlSecMSCryptoFunctions->transformDes3CbcGetKlass = xmlSecMSCryptoTransformDes3CbcGetKlass;
+ /******************************* DES ********************************/
+#ifndef XMLSEC_NO_DES
+ gXmlSecMSCryptoFunctions->transformDes3CbcGetKlass = xmlSecMSCryptoTransformDes3CbcGetKlass;
+ gXmlSecMSCryptoFunctions->transformKWDes3GetKlass = xmlSecMSCryptoTransformKWDes3GetKlass;
#endif /* XMLSEC_NO_DES */
-#ifndef XMLSEC_NO_RSA
- gXmlSecMSCryptoFunctions->transformRsaSha1GetKlass = xmlSecMSCryptoTransformRsaSha1GetKlass;
- gXmlSecMSCryptoFunctions->transformRsaPkcs1GetKlass = xmlSecMSCryptoTransformRsaPkcs1GetKlass;
-#endif /* XMLSEC_NO_RSA */
-
+ /******************************* DSA ********************************/
#ifndef XMLSEC_NO_DSA
- gXmlSecMSCryptoFunctions->transformDsaSha1GetKlass = xmlSecMSCryptoTransformDsaSha1GetKlass;
+ gXmlSecMSCryptoFunctions->transformDsaSha1GetKlass = xmlSecMSCryptoTransformDsaSha1GetKlass;
#endif /* XMLSEC_NO_DSA */
+ /******************************* GOST ********************************/
#ifndef XMLSEC_NO_GOST
- gXmlSecMSCryptoFunctions->transformGost2001GostR3411_94GetKlass = xmlSecMSCryptoTransformGost2001GostR3411_94GetKlass;
+ gXmlSecMSCryptoFunctions->transformGost2001GostR3411_94GetKlass = xmlSecMSCryptoTransformGost2001GostR3411_94GetKlass;
#endif /* XMLSEC_NO_GOST */
-#ifndef XMLSEC_NO_SHA1
- gXmlSecMSCryptoFunctions->transformSha1GetKlass = xmlSecMSCryptoTransformSha1GetKlass;
+#ifndef XMLSEC_NO_GOST
+ gXmlSecMSCryptoFunctions->transformGostR3411_94GetKlass = xmlSecMSCryptoTransformGostR3411_94GetKlass;
+#endif /* XMLSEC_NO_GOST */
+
+ /******************************* HMAC ********************************/
+#ifndef XMLSEC_NO_HMAC
+
+#ifndef XMLSEC_NO_MD5
+ gXmlSecMSCryptoFunctions->transformHmacMd5GetKlass = xmlSecMSCryptoTransformHmacMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecMSCryptoFunctions->transformHmacSha1GetKlass = xmlSecMSCryptoTransformHmacSha1GetKlass;
#endif /* XMLSEC_NO_SHA1 */
-#ifndef XMLSEC_NO_GOST
- gXmlSecMSCryptoFunctions->transformGostR3411_94GetKlass = xmlSecMSCryptoTransformGostR3411_94GetKlass;
-#endif /* XMLSEC_NO_GOST */
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecMSCryptoFunctions->transformHmacSha256GetKlass = xmlSecMSCryptoTransformHmacSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecMSCryptoFunctions->transformHmacSha384GetKlass = xmlSecMSCryptoTransformHmacSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecMSCryptoFunctions->transformHmacSha512GetKlass = xmlSecMSCryptoTransformHmacSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_HMAC */
+
+ /******************************* MD5 ********************************/
+#ifndef XMLSEC_NO_MD5
+ gXmlSecMSCryptoFunctions->transformMd5GetKlass = xmlSecMSCryptoTransformMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+ /******************************* RSA ********************************/
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ gXmlSecMSCryptoFunctions->transformRsaMd5GetKlass = xmlSecMSCryptoTransformRsaMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
- /**
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecMSCryptoFunctions->transformRsaSha1GetKlass = xmlSecMSCryptoTransformRsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecMSCryptoFunctions->transformRsaSha256GetKlass = xmlSecMSCryptoTransformRsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecMSCryptoFunctions->transformRsaSha384GetKlass = xmlSecMSCryptoTransformRsaSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecMSCryptoFunctions->transformRsaSha512GetKlass = xmlSecMSCryptoTransformRsaSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+ gXmlSecMSCryptoFunctions->transformRsaPkcs1GetKlass = xmlSecMSCryptoTransformRsaPkcs1GetKlass;
+ gXmlSecMSCryptoFunctions->transformRsaOaepGetKlass = xmlSecMSCryptoTransformRsaOaepGetKlass;
+#endif /* XMLSEC_NO_RSA */
+
+ /******************************* SHA ********************************/
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecMSCryptoFunctions->transformSha1GetKlass = xmlSecMSCryptoTransformSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecMSCryptoFunctions->transformSha256GetKlass = xmlSecMSCryptoTransformSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecMSCryptoFunctions->transformSha384GetKlass = xmlSecMSCryptoTransformSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecMSCryptoFunctions->transformSha512GetKlass = xmlSecMSCryptoTransformSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+ /********************************************************************
+ *
* High level routines form xmlsec command line utility
- */
- gXmlSecMSCryptoFunctions->cryptoAppInit = xmlSecMSCryptoAppInit;
- gXmlSecMSCryptoFunctions->cryptoAppShutdown = xmlSecMSCryptoAppShutdown;
- gXmlSecMSCryptoFunctions->cryptoAppDefaultKeysMngrInit = xmlSecMSCryptoAppDefaultKeysMngrInit;
- gXmlSecMSCryptoFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecMSCryptoAppDefaultKeysMngrAdoptKey;
- gXmlSecMSCryptoFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecMSCryptoAppDefaultKeysMngrLoad;
- gXmlSecMSCryptoFunctions->cryptoAppDefaultKeysMngrSave = xmlSecMSCryptoAppDefaultKeysMngrSave;
+ *
+ ********************************************************************/
+ gXmlSecMSCryptoFunctions->cryptoAppInit = xmlSecMSCryptoAppInit;
+ gXmlSecMSCryptoFunctions->cryptoAppShutdown = xmlSecMSCryptoAppShutdown;
+ gXmlSecMSCryptoFunctions->cryptoAppDefaultKeysMngrInit = xmlSecMSCryptoAppDefaultKeysMngrInit;
+ gXmlSecMSCryptoFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecMSCryptoAppDefaultKeysMngrAdoptKey;
+ gXmlSecMSCryptoFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecMSCryptoAppDefaultKeysMngrLoad;
+ gXmlSecMSCryptoFunctions->cryptoAppDefaultKeysMngrSave = xmlSecMSCryptoAppDefaultKeysMngrSave;
#ifndef XMLSEC_NO_X509
- gXmlSecMSCryptoFunctions->cryptoAppKeysMngrCertLoad = xmlSecMSCryptoAppKeysMngrCertLoad;
- gXmlSecMSCryptoFunctions->cryptoAppKeysMngrCertLoadMemory = xmlSecMSCryptoAppKeysMngrCertLoadMemory;
- gXmlSecMSCryptoFunctions->cryptoAppPkcs12Load = xmlSecMSCryptoAppPkcs12Load;
- gXmlSecMSCryptoFunctions->cryptoAppPkcs12LoadMemory = xmlSecMSCryptoAppPkcs12LoadMemory;
- gXmlSecMSCryptoFunctions->cryptoAppKeyCertLoad = xmlSecMSCryptoAppKeyCertLoad;
- gXmlSecMSCryptoFunctions->cryptoAppKeyCertLoadMemory = xmlSecMSCryptoAppKeyCertLoadMemory;
+ gXmlSecMSCryptoFunctions->cryptoAppKeysMngrCertLoad = xmlSecMSCryptoAppKeysMngrCertLoad;
+ gXmlSecMSCryptoFunctions->cryptoAppKeysMngrCertLoadMemory = xmlSecMSCryptoAppKeysMngrCertLoadMemory;
+ gXmlSecMSCryptoFunctions->cryptoAppPkcs12Load = xmlSecMSCryptoAppPkcs12Load;
+ gXmlSecMSCryptoFunctions->cryptoAppPkcs12LoadMemory = xmlSecMSCryptoAppPkcs12LoadMemory;
+ gXmlSecMSCryptoFunctions->cryptoAppKeyCertLoad = xmlSecMSCryptoAppKeyCertLoad;
+ gXmlSecMSCryptoFunctions->cryptoAppKeyCertLoadMemory = xmlSecMSCryptoAppKeyCertLoadMemory;
#endif /* XMLSEC_NO_X509 */
- gXmlSecMSCryptoFunctions->cryptoAppKeyLoad = xmlSecMSCryptoAppKeyLoad;
- gXmlSecMSCryptoFunctions->cryptoAppKeyLoadMemory = xmlSecMSCryptoAppKeyLoadMemory;
- gXmlSecMSCryptoFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecMSCryptoAppGetDefaultPwdCallback();
+ gXmlSecMSCryptoFunctions->cryptoAppKeyLoad = xmlSecMSCryptoAppKeyLoad;
+ gXmlSecMSCryptoFunctions->cryptoAppKeyLoadMemory = xmlSecMSCryptoAppKeyLoadMemory;
+ gXmlSecMSCryptoFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecMSCryptoAppGetDefaultPwdCallback();
return(gXmlSecMSCryptoFunctions);
}
/**
* xmlSecMSCryptoInit:
- *
- * XMLSec library specific crypto engine initialization.
+ *
+ * XMLSec library specific crypto engine initialization.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecMSCryptoInit (void) {
/* Check loaded xmlsec library version */
if(xmlSecCheckVersionExact() != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecCheckVersionExact",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCheckVersionExact",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* set default errors callback for xmlsec to us */
@@ -172,24 +286,24 @@ xmlSecMSCryptoInit (void) {
/* register our klasses */
if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_mscrypto()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
/**
* xmlSecMSCryptoShutdown:
- *
- * XMLSec library specific crypto engine shutdown.
+ *
+ * XMLSec library specific crypto engine shutdown.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecMSCryptoShutdown(void) {
/* TODO: if necessary, do additional shutdown here */
return(0);
@@ -197,16 +311,16 @@ xmlSecMSCryptoShutdown(void) {
/**
* xmlSecMSCryptoKeysMngrInit:
- * @mngr: the pointer to keys manager.
+ * @mngr: the pointer to keys manager.
*
* Adds MSCrypto specific key data stores in keys manager.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecMSCryptoKeysMngrInit(xmlSecKeysMngrPtr mngr) {
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
#ifndef XMLSEC_NO_X509
@@ -241,10 +355,16 @@ xmlSecMSCryptoKeysMngrInit(xmlSecKeysMngrPtr mngr) {
}
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Random[] = {
+ { MS_STRONG_PROV, PROV_RSA_FULL },
+ { MS_ENHANCED_PROV, PROV_RSA_FULL },
+ { NULL, 0 }
+};
+
/**
* xmlSecMSCryptoGenerateRandom:
- * @buffer: the destination buffer.
- * @size: the numer of bytes to generate.
+ * @buffer: the destination buffer.
+ * @size: the numer of bytes to generate.
*
* Generates @size random bytes and puts result in @buffer
* (not implemented yet).
@@ -252,136 +372,518 @@ xmlSecMSCryptoKeysMngrInit(xmlSecKeysMngrPtr mngr) {
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecMSCryptoGenerateRandom(xmlSecBufferPtr buffer, size_t size) {
+xmlSecMSCryptoGenerateRandom(xmlSecBufferPtr buffer, size_t size) {
HCRYPTPROV hProv = 0;
int ret;
-
+
xmlSecAssert2(buffer != NULL, -1);
xmlSecAssert2(size > 0, -1);
ret = xmlSecBufferSetSize(buffer, size);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", size);
- return(-1);
- }
-
- if (FALSE == CryptAcquireContext(&hProv, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptAcquireContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return(-1);
+ }
+
+ hProv = xmlSecMSCryptoFindProvider(xmlSecMSCryptoProviderInfo_Random, NULL, CRYPT_VERIFYCONTEXT, FALSE);
+ if (0 == hProv) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoFindProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
if (FALSE == CryptGenRandom(hProv, (DWORD)size, xmlSecBufferGetData(buffer))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptGenRandom",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CryptReleaseContext(hProv,0);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGenRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CryptReleaseContext(hProv,0);
+ return(-1);
}
CryptReleaseContext(hProv, 0);
return(0);
}
+#define XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE 4096
+
/**
* xmlSecMSCryptoErrorsDefaultCallback:
- * @file: the error location file name (__FILE__ macro).
- * @line: the error location line number (__LINE__ macro).
- * @func: the error location function name (__FUNCTION__ macro).
- * @errorObject: the error specific error object
- * @errorSubject: the error specific error subject.
- * @reason: the error code.
- * @msg: the additional error message.
+ * @file: the error location file name (__FILE__ macro).
+ * @line: the error location line number (__LINE__ macro).
+ * @func: the error location function name (__FUNCTION__ macro).
+ * @errorObject: the error specific error object
+ * @errorSubject: the error specific error subject.
+ * @reason: the error code.
+ * @msg: the additional error message.
*
* The default errors reporting callback function.
*/
-void
+void
xmlSecMSCryptoErrorsDefaultCallback(const char* file, int line, const char* func,
- const char* errorObject, const char* errorSubject,
- int reason, const char* msg) {
+ const char* errorObject, const char* errorSubject,
+ int reason, const char* msg) {
DWORD dwError;
- LPVOID lpMsgBuf;
- xmlChar buf[500];
+ TCHAR errorT[XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE];
+ WCHAR errorW[XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE];
+ CHAR errorUTF8[XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE];
+ xmlChar buf[XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE];
+ DWORD rc;
+ int ret;
dwError = GetLastError();
- FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER |
- FORMAT_MESSAGE_FROM_SYSTEM |
- FORMAT_MESSAGE_IGNORE_INSERTS,
- NULL,
- dwError,
- MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), /* Default language */
- (LPTSTR) &lpMsgBuf,
- 0,
- NULL);
+ rc = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM,
+ NULL,
+ dwError,
+ MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), /* Default language */
+ errorT,
+ XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE,
+ NULL);
+
+#ifdef UNICODE
+ if(rc <= 0) {
+ wcscpy_s(errorT, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, L"");
+ }
+ ret = WideCharToMultiByte(CP_UTF8, 0, errorT, -1, errorUTF8, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, NULL, NULL);
+ if(ret <= 0) {
+ strcpy_s(errorUTF8, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, "");
+ }
+#else /* UNICODE */
+ if(rc <= 0) {
+ strcpy_s(errorT, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, "");
+ }
+ ret = MultiByteToWideChar(CP_ACP, 0, errorT, -1, errorW, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE);
+ if(ret <= 0) {
+ wcscpy_s(errorW, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, L"");
+ }
+ ret = WideCharToMultiByte(CP_UTF8, 0, errorW, -1, errorUTF8, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, NULL, NULL);
+ if(ret <= 0) {
+ strcpy_s(errorUTF8, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, "");
+ }
+#endif /* UNICODE */
+
if((msg != NULL) && ((*msg) != '\0')) {
- xmlSecStrPrintf(buf, sizeof(buf), BAD_CAST "%s;last error=%d (0x%08x);last error msg=%s", msg, dwError, dwError, (LPTSTR)lpMsgBuf);
+ xmlSecStrPrintf(buf, sizeof(buf), BAD_CAST "%s;last error=%d (0x%08x);last error msg=%s", msg, dwError, dwError, errorUTF8);
} else {
- xmlSecStrPrintf(buf, sizeof(buf), BAD_CAST "last error=%d (0x%08x);last error msg=%s", dwError, dwError, (LPTSTR)lpMsgBuf);
+ xmlSecStrPrintf(buf, sizeof(buf), BAD_CAST "last error=%d (0x%08x);last error msg=%s", dwError, dwError, errorUTF8);
}
- xmlSecErrorsDefaultCallback(file, line, func,
- errorObject, errorSubject,
- reason, (char*)buf);
+ xmlSecErrorsDefaultCallback(file, line, func,
+ errorObject, errorSubject,
+ reason, (char*)buf);
+}
- LocalFree(lpMsgBuf);
+/**
+ * xmlSecMSCryptoConvertUtf8ToUnicode:
+ * @str: the string to convert.
+ *
+ * Converts input string from UTF8 to Unicode.
+ *
+ * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.
+ */
+LPWSTR
+xmlSecMSCryptoConvertUtf8ToUnicode(const xmlChar* str) {
+ LPWSTR res = NULL;
+ int len;
+ int ret;
+
+ xmlSecAssert2(str != NULL, NULL);
+
+ /* call MultiByteToWideChar first to get the buffer size */
+ ret = MultiByteToWideChar(CP_UTF8, 0, str, -1, NULL, 0);
+ if(ret <= 0) {
+ return(NULL);
+ }
+ len = ret + 1;
+
+ /* allocate buffer */
+ res = (LPWSTR)xmlMalloc(sizeof(WCHAR) * len);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", sizeof(WCHAR) * len);
+ return(NULL);
+ }
+
+ /* convert */
+ ret = MultiByteToWideChar(CP_UTF8, 0, str, -1, res, len);
+ if(ret <= 0) {
+ xmlFree(res);
+ return(NULL);
+ }
+
+ /* done */
+ return(res);
}
/**
- * xmlSecMSCryptoCertStrToName:
- * @dwCertEncodingType: the encoding used.
- * @pszX500: the string to convert.
- * @dwStrType: the string type.
- * @len: the result len.
+ * xmlSecMSCryptoConvertUnicodeToUtf8:
+ * @str: the string to convert.
*
- * Converts input string to name by calling @CertStrToName function.
+ * Converts input string from Unicode to UTF8.
*
- * Returns: a pointer to newly allocated string or NULL if an error occurs.
+ * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.
*/
-BYTE*
-xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPCTSTR pszX500, DWORD dwStrType, DWORD* len) {
- BYTE* str = NULL;
- LPCTSTR ppszError = NULL;
-
- xmlSecAssert2(pszX500 != NULL, NULL);
- xmlSecAssert2(len != NULL, NULL);
-
- if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType,
- NULL, NULL, len, &ppszError)) {
- /* this might not be an error, string might just not exist */
- DWORD dw = GetLastError();
- return(NULL);
- }
-
- str = (BYTE *)xmlMalloc((*len) + 1);
- if(str == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "len=%ld", (*len));
- return(NULL);
- }
- memset(str, 0, (*len) + 1);
-
- if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType,
- NULL, str, len, NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertStrToName",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(str);
- return(NULL);
- }
-
- return(str);
+xmlChar*
+xmlSecMSCryptoConvertUnicodeToUtf8(LPCWSTR str) {
+ xmlChar * res = NULL;
+ int len;
+ int ret;
+
+ xmlSecAssert2(str != NULL, NULL);
+
+ /* call WideCharToMultiByte first to get the buffer size */
+ ret = WideCharToMultiByte(CP_UTF8, 0, str, -1, NULL, 0, NULL, NULL);
+ if(ret <= 0) {
+ return(NULL);
+ }
+ len = ret + 1;
+
+ /* allocate buffer */
+ res = (xmlChar*)xmlMalloc(sizeof(xmlChar) * len);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", sizeof(xmlChar) * len);
+ return(NULL);
+ }
+
+ /* convert */
+ ret = WideCharToMultiByte(CP_UTF8, 0, str, -1, res, len, NULL, NULL);
+ if(ret <= 0) {
+ xmlFree(res);
+ return(NULL);
+ }
+
+ /* done */
+ return(res);
+}
+
+/**
+ * xmlSecMSCryptoConvertLocaleToUnicode:
+ * @str: the string to convert.
+ *
+ * Converts input string from current system locale to Unicode.
+ *
+ * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.
+ */
+LPWSTR
+xmlSecMSCryptoConvertLocaleToUnicode(const char* str) {
+ LPWSTR res = NULL;
+ int len;
+ int ret;
+
+ xmlSecAssert2(str != NULL, NULL);
+
+ /* call MultiByteToWideChar first to get the buffer size */
+ ret = MultiByteToWideChar(CP_ACP, 0, str, -1, NULL, 0);
+ if(ret <= 0) {
+ return(NULL);
+ }
+ len = ret;
+
+ /* allocate buffer */
+ res = (LPWSTR)xmlMalloc(sizeof(WCHAR) * len);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ /* convert */
+ ret = MultiByteToWideChar(CP_ACP, 0, str, -1, res, len);
+ if(ret <= 0) {
+ xmlFree(res);
+ return(NULL);
+ }
+
+ /* done */
+ return(res);
+}
+
+/**
+ * xmlSecMSCryptoConvertLocaleToUtf8:
+ * @str: the string to convert.
+ *
+ * Converts input string from locale to UTF8.
+ *
+ * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.
+ */
+xmlChar*
+xmlSecMSCryptoConvertLocaleToUtf8(const char * str) {
+ LPWSTR strW = NULL;
+ xmlChar * res = NULL;
+ int len;
+ int ret;
+
+ xmlSecAssert2(str != NULL, NULL);
+
+ strW = xmlSecMSCryptoConvertLocaleToUnicode(str);
+ if(strW == NULL) {
+ return(NULL);
+ }
+
+ /* call WideCharToMultiByte first to get the buffer size */
+ ret = WideCharToMultiByte(CP_ACP, 0, strW, -1, NULL, 0, NULL, NULL);
+ if(ret <= 0) {
+ xmlFree(strW);
+ return(NULL);
+ }
+ len = ret + 1;
+
+ /* allocate buffer */
+ res = (xmlChar*)xmlMalloc(sizeof(xmlChar) * len);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", sizeof(xmlChar) * len);
+ xmlFree(strW);
+ return(NULL);
+ }
+
+ /* convert */
+ ret = WideCharToMultiByte(CP_ACP, 0, strW, -1, res, len, NULL, NULL);
+ if(ret <= 0) {
+ xmlFree(strW);
+ xmlFree(res);
+ return(NULL);
+ }
+
+ /* done */
+ xmlFree(strW);
+ return(res);
+}
+
+/**
+ * xmlSecMSCryptoConvertUtf8ToLocale:
+ * @str: the string to convert.
+ *
+ * Converts input string from UTF8 to locale.
+ *
+ * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.
+ */
+char *
+xmlSecMSCryptoConvertUtf8ToLocale(const xmlChar* str) {
+ LPWSTR strW = NULL;
+ char * res = NULL;
+ int len;
+ int ret;
+
+ xmlSecAssert2(str != NULL, NULL);
+
+ strW = xmlSecMSCryptoConvertUtf8ToUnicode(str);
+ if(strW == NULL) {
+ return(NULL);
+ }
+
+ /* call WideCharToMultiByte first to get the buffer size */
+ ret = WideCharToMultiByte(CP_ACP, 0, strW, -1, NULL, 0, NULL, NULL);
+ if(ret <= 0) {
+ xmlFree(strW);
+ return(NULL);
+ }
+ len = ret + 1;
+
+ /* allocate buffer */
+ res = (char*)xmlMalloc(sizeof(char) * len);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", sizeof(xmlChar) * len);
+ xmlFree(strW);
+ return(NULL);
+ }
+
+ /* convert */
+ ret = WideCharToMultiByte(CP_ACP, 0, strW, -1, res, len, NULL, NULL);
+ if(ret <= 0) {
+ xmlFree(strW);
+ xmlFree(res);
+ return(NULL);
+ }
+
+ /* done */
+ xmlFree(strW);
+ return(res);
+}
+
+/**
+ * xmlSecMSCryptoConvertTstrToUtf8:
+ * @str: the string to convert.
+ *
+ * Converts input string from TSTR (locale or Unicode) to UTF8.
+ *
+ * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.
+ */
+xmlChar*
+xmlSecMSCryptoConvertTstrToUtf8(LPCTSTR str) {
+#ifdef UNICODE
+ return xmlSecMSCryptoConvertUnicodeToUtf8(str);
+#else /* UNICODE */
+ return xmlSecMSCryptoConvertLocaleToUtf8(str);
+#endif /* UNICODE */
+}
+
+/**
+ * xmlSecMSCryptoConvertUtf8ToTstr:
+ * @str: the string to convert.
+ *
+ * Converts input string from UTF8 to TSTR (locale or Unicode).
+ *
+ * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.
+ */
+LPTSTR
+xmlSecMSCryptoConvertUtf8ToTstr(const xmlChar* str) {
+#ifdef UNICODE
+ return xmlSecMSCryptoConvertUtf8ToUnicode(str);
+#else /* UNICODE */
+ return xmlSecMSCryptoConvertUtf8ToLocale(str);
+#endif /* UNICODE */
+}
+
+/********************************************************************
+ *
+ * Crypto Providers
+ *
+ ********************************************************************/
+/**
+ * xmlSecMSCryptoFindProvider:
+ * @providers: the pointer to list of providers, last provider should have NULL for name.
+ * @pszContainer: the container name for CryptAcquireContext call
+ * @dwFlags: the flags for CryptAcquireContext call
+ * @bUseXmlSecContainer: the flag to indicate whether we should try to use XmlSec container if default fails
+ *
+ * Finds the first provider from the list
+ *
+ * Returns: provider handle on success or NULL for error.
+ */
+HCRYPTPROV
+xmlSecMSCryptoFindProvider(const xmlSecMSCryptoProviderInfo * providers,
+ LPCTSTR pszContainer,
+ DWORD dwFlags,
+ BOOL bUseXmlSecContainer)
+{
+ HCRYPTPROV res = 0;
+ DWORD dwLastError;
+ BOOL ret;
+ int ii;
+
+ xmlSecAssert2(providers != NULL, 0);
+
+ for(ii = 0; (res == 0) && (providers[ii].providerName != NULL) && (providers[ii].providerType != 0); ++ii) {
+ /* first try */
+ ret = CryptAcquireContext(&res,
+ pszContainer,
+ providers[ii].providerName,
+ providers[ii].providerType,
+ dwFlags);
+ if((ret == TRUE) && (res != 0)) {
+ return (res);
+ }
+
+ /* check errors */
+ dwLastError = GetLastError();
+ switch(dwLastError) {
+ case NTE_BAD_KEYSET:
+ /* This error can indicate that a newly installed provider
+ * does not have a usable key container yet. It needs to be
+ * created, and then we have to try again CryptAcquireContext.
+ * This is also referenced in
+ * http://www.microsoft.com/mind/0697/crypto.asp (inituser)
+ */
+ ret = CryptAcquireContext(&res,
+ pszContainer,
+ providers[ii].providerName,
+ providers[ii].providerType,
+ CRYPT_NEWKEYSET | dwFlags);
+ if((ret == TRUE) && (res != 0)) {
+ return (res);
+ }
+ break;
+
+ case NTE_EXISTS:
+ /* If we can, try our container */
+ if(bUseXmlSecContainer == TRUE) {
+ ret = CryptAcquireContext(&res,
+ XMLSEC_CONTAINER_NAME,
+ providers[ii].providerName,
+ providers[ii].providerType,
+ CRYPT_NEWKEYSET | dwFlags);
+ if((ret == TRUE) && (res != 0)) {
+ /* ALEKSEY TODO - NEED TO DELETE ALL THE TEMP CONTEXTS ON SHUTDOWN
+
+ CryptAcquireContext(&tmp, XMLSEC_CONTAINER_NAME,
+ providers[ii].providerName,
+ providers[ii].providerType,
+ CRYPT_DELETEKEYSET);
+
+ */
+ return (res);
+ }
+ }
+ break;
+
+ default:
+ /* ignore */
+ break;
+ }
+ }
+
+ return (0);
+}
+
+
+/********************************************************************
+ *
+ * Utils
+ *
+ ********************************************************************/
+int
+ConvertEndian(const xmlSecByte * src, xmlSecByte * dst, xmlSecSize size) {
+ xmlSecByte * p;
+
+ xmlSecAssert2(src != NULL, -1);
+ xmlSecAssert2(dst != NULL, -1);
+ xmlSecAssert2(size > 0, -1);
+
+ for(p = dst + size - 1; p >= dst; ++src, --p) {
+ (*p) = (*src);
+ }
+
+ return (0);
+}
+
+int
+ConvertEndianInPlace(xmlSecByte * buf, xmlSecSize size) {
+ xmlSecByte * p;
+ xmlSecByte ch;
+
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(size > 0, -1);
+
+ for(p = buf + size - 1; p >= buf; ++buf, --p) {
+ ch = (*p);
+ (*p) = (*buf);
+ (*buf) = ch;
+ }
+ return (0);
}
diff --git a/src/mscrypto/csp_calg.h b/src/mscrypto/csp_calg.h
index 139b722a..984fe347 100644
--- a/src/mscrypto/csp_calg.h
+++ b/src/mscrypto/csp_calg.h
@@ -1,10 +1,10 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
- * Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru).
+ *
+ * Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru).
* All rights reserved.
*/
#ifndef CRYPTOCOM_CSP_CALG_H
@@ -12,27 +12,27 @@
#define ALG_TYPE_GR3410 (7 << 9)
-#define ALG_SID_MAGPRO_R3410_94 64
-#define ALG_SID_MAGPRO_R3410_94_EPHEM 65
-#define ALG_SID_MAGPRO_R3410_2001 66
-#define ALG_SID_MAGPRO_R3410_2001_EPHEM 67
-#define ALG_SID_MAGPRO_28147_89 68
-#define ALG_SID_GR3411 30
-#define ALG_SID_G28147 30
-
-#define ALG_SID_GR3410 30
-#define ALG_SID_DH_EX_SF 30
-#define ALG_SID_DH_EX_EPHEM 31
-#define ALG_SID_PRO_AGREEDKEY_DH 33
-#define ALG_SID_PRO_SIMMETRYKEY 34
-#define ALG_SID_GR3410EL 35
-#define ALG_SID_DH_EL_SF 36
-#define ALG_SID_DH_EL_EPHEM 37
-
-/*! \defgroup CALG_MAGPRO CALG_MAGPRO
+#define ALG_SID_MAGPRO_R3410_94 64
+#define ALG_SID_MAGPRO_R3410_94_EPHEM 65
+#define ALG_SID_MAGPRO_R3410_2001 66
+#define ALG_SID_MAGPRO_R3410_2001_EPHEM 67
+#define ALG_SID_MAGPRO_28147_89 68
+#define ALG_SID_GR3411 30
+#define ALG_SID_G28147 30
+
+#define ALG_SID_GR3410 30
+#define ALG_SID_DH_EX_SF 30
+#define ALG_SID_DH_EX_EPHEM 31
+#define ALG_SID_PRO_AGREEDKEY_DH 33
+#define ALG_SID_PRO_SIMMETRYKEY 34
+#define ALG_SID_GR3410EL 35
+#define ALG_SID_DH_EL_SF 36
+#define ALG_SID_DH_EL_EPHEM 37
+
+/*! \defgroup CALG_MAGPRO CALG_MAGPRO
* \brief The description of CALG_MAGPRO
*
- * @{
+ * @{
*/
@@ -54,38 +54,51 @@
#define CALG_MAGPRO_ENCR_28147_89 (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_G28147)
-#define CALG_GR3410 (ALG_CLASS_SIGNATURE | ALG_TYPE_GR3410 | ALG_SID_GR3410)
+#define CALG_GR3410 (ALG_CLASS_SIGNATURE | ALG_TYPE_GR3410 | ALG_SID_GR3410)
-#define CALG_GR3410EL (ALG_CLASS_SIGNATURE | ALG_TYPE_GR3410 | ALG_SID_GR3410EL)
+#define CALG_GR3410EL (ALG_CLASS_SIGNATURE | ALG_TYPE_GR3410 | ALG_SID_GR3410EL)
-#define CALG_DH_EX_SF (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_EX_SF)
+#define CALG_DH_EX_SF (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_EX_SF)
-#define CALG_DH_EX_EPHEM (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_EX_EPHEM)
+#define CALG_DH_EX_EPHEM (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_EX_EPHEM)
-#define CALG_DH_EL_SF (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_EL_SF)
+#define CALG_DH_EL_SF (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_EL_SF)
-#define CALG_DH_EL_EPHEM (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_EL_EPHEM)
+#define CALG_DH_EL_EPHEM (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_EL_EPHEM)
/*! @} */
-/*! \defgroup PROV_TYPE PROV_TYPE
+/*! \defgroup PROV_TYPE PROV_TYPE
* \brief The description of PROV_MAGPRO_GOST
*
- * @{
+ * @{
*/
-
-#define PROV_MAGPRO_GOST 501
-
-#define PROV_CRYPTOPRO_GOST 75
+#define PROV_MAGPRO_GOST 501
+#define MAGPRO_CSP_A "MagPro CSP"
+#define MAGPRO_CSP_W L"MagPro CSP"
+#ifdef UNICODE
+#define MAGPRO_CSP MAGPRO_CSP_W
+#else
+#define MAGPRO_CSP MAGPRO_CSP_A
+#endif
+
+#define PROV_CRYPTOPRO_GOST 75
+#define CRYPTOPRO_CSP_A "CryptoPro CSP"
+#define CRYPTOPRO_CSP_W L"CryptoPro CSP"
+#ifdef UNICODE
+#define CRYPTOPRO_CSP CRYPTOPRO_CSP_W
+#else
+#define CRYPTOPRO_CSP CRYPTOPRO_CSP_A
+#endif
/*! @} */
-/*! \defgroup PP_MAGPRO PP_MAGPRO
+/*! \defgroup PP_MAGPRO PP_MAGPRO
*
- * @{
+ * @{
*/
-#define PP_RNGTYPE 201
-#define PP_RNGSHARED 202
-#define PP_SETUP_UI 203
+#define PP_RNGTYPE 201
+#define PP_RNGSHARED 202
+#define PP_SETUP_UI 203
/*! @} */
diff --git a/src/mscrypto/csp_oid.h b/src/mscrypto/csp_oid.h
index d3cd19e8..e5636741 100644
--- a/src/mscrypto/csp_oid.h
+++ b/src/mscrypto/csp_oid.h
@@ -1,20 +1,20 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
- * Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru).
+ *
+ * Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru).
* All rights reserved.
*/
#ifndef CRYPTOCOM_OIDS_csp_H
#define CRYPTOCOM_OIDS_csp_H
/* Autogenerated from master.oid by oid2h.tcl */
-/*! \defgroup szOID_MAGPRO szOID_MAGPRO
+/*! \defgroup szOID_MAGPRO szOID_MAGPRO
* \brief The OIDs supported by MagPro CSP
*
- * @{
+ * @{
*/
/*! GOST 34.10-94 Diffie-Hellman algorithm Cryptocom LTD */
@@ -79,34 +79,34 @@
#define szOID_MAGPRO_PARAM_PK_CC_94 "1.2.643.2.2.32.2"
-#define szOID_CP_PARAM_R3411_94_DEF "1.2.643.2.2.30.1"
-#define szOID_CP_PARAM_R3411_94_1 "1.2.643.2.2.30.2"
-#define szOID_CP_PARAM_R3411_94_2 "1.2.643.2.2.30.3"
-#define szOID_CP_PARAM_R3411_94_3 "1.2.643.2.2.30.4"
+#define szOID_CP_PARAM_R3411_94_DEF "1.2.643.2.2.30.1"
+#define szOID_CP_PARAM_R3411_94_1 "1.2.643.2.2.30.2"
+#define szOID_CP_PARAM_R3411_94_2 "1.2.643.2.2.30.3"
+#define szOID_CP_PARAM_R3411_94_3 "1.2.643.2.2.30.4"
-#define szOID_CP_PARAM_28147_89_DEF "1.2.643.2.2.31.1"
-#define szOID_CP_PARAM_28147_89_1 "1.2.643.2.2.31.2"
-#define szOID_CP_PARAM_28147_89_2 "1.2.643.2.2.31.3"
-#define szOID_CP_PARAM_28147_89_3 "1.2.643.2.2.31.4"
-#define szOID_CP_PARAM_28147_89_4 "1.2.643.2.2.31.5"
-#define szOID_CP_PARAM_28147_89_5 "1.2.643.2.2.31.6"
-#define szOID_CP_PARAM_28147_89_6 "1.2.643.2.2.31.7"
+#define szOID_CP_PARAM_28147_89_DEF "1.2.643.2.2.31.1"
+#define szOID_CP_PARAM_28147_89_1 "1.2.643.2.2.31.2"
+#define szOID_CP_PARAM_28147_89_2 "1.2.643.2.2.31.3"
+#define szOID_CP_PARAM_28147_89_3 "1.2.643.2.2.31.4"
+#define szOID_CP_PARAM_28147_89_4 "1.2.643.2.2.31.5"
+#define szOID_CP_PARAM_28147_89_5 "1.2.643.2.2.31.6"
+#define szOID_CP_PARAM_28147_89_6 "1.2.643.2.2.31.7"
/* OID for Signature 1024*/
-#define szOID_CP_PARAM_PK_R3410_94_DEF "1.2.643.2.2.32.2" /*VerbaO*/
-#define szOID_CP_PARAM_PK_R3410_94_S1 "1.2.643.2.2.32.3"
-#define szOID_CP_PARAM_PK_R3410_94_S2 "1.2.643.2.2.32.4"
-#define szOID_CP_PARAM_PK_R3410_94_S3 "1.2.643.2.2.32.5"
+#define szOID_CP_PARAM_PK_R3410_94_DEF "1.2.643.2.2.32.2" /*VerbaO*/
+#define szOID_CP_PARAM_PK_R3410_94_S1 "1.2.643.2.2.32.3"
+#define szOID_CP_PARAM_PK_R3410_94_S2 "1.2.643.2.2.32.4"
+#define szOID_CP_PARAM_PK_R3410_94_S3 "1.2.643.2.2.32.5"
/* OID for DH 1024*/
-#define szOID_CP_PARAM_PK_R3410_94_E1 "1.2.643.2.2.33.1"
-#define szOID_CP_PARAM_PK_R3410_94_E2 "1.2.643.2.2.33.2"
-#define szOID_CP_PARAM_PK_R3410_94_E3 "1.2.643.2.2.33.3"
-
-#define szOID_CP_PARAM_PK_R3410_2001_DEF "1.2.643.2.2.35.1"
-#define szOID_CP_PARAM_PK_R3410_2001_S0 "1.2.643.2.2.35.2"
-#define szOID_CP_PARAM_PK_R3410_2001_S1 "1.2.643.2.2.35.3"
-#define szOID_CP_PARAM_PK_R3410_2001_E0 "1.2.643.2.2.36.0"
-#define szOID_CP_PARAM_PK_R3410_2001_E1 "1.2.643.2.2.36.1"
+#define szOID_CP_PARAM_PK_R3410_94_E1 "1.2.643.2.2.33.1"
+#define szOID_CP_PARAM_PK_R3410_94_E2 "1.2.643.2.2.33.2"
+#define szOID_CP_PARAM_PK_R3410_94_E3 "1.2.643.2.2.33.3"
+
+#define szOID_CP_PARAM_PK_R3410_2001_DEF "1.2.643.2.2.35.1"
+#define szOID_CP_PARAM_PK_R3410_2001_S0 "1.2.643.2.2.35.2"
+#define szOID_CP_PARAM_PK_R3410_2001_S1 "1.2.643.2.2.35.3"
+#define szOID_CP_PARAM_PK_R3410_2001_E0 "1.2.643.2.2.36.0"
+#define szOID_CP_PARAM_PK_R3410_2001_E1 "1.2.643.2.2.36.1"
/*! @} */
diff --git a/src/mscrypto/digests.c b/src/mscrypto/digests.c
index 19acc658..9394afdc 100644
--- a/src/mscrypto/digests.c
+++ b/src/mscrypto/digests.c
@@ -1,11 +1,11 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
- * Copyrigth (C) 2003 Cordys R&D BV, All rights reserved.
- * Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru).
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ * Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru).
*/
#include "globals.h"
@@ -22,17 +22,19 @@
#include <xmlsec/errors.h>
#include <xmlsec/mscrypto/crypto.h>
+#include "private.h"
#define MSCRYPTO_MAX_HASH_SIZE 256
-typedef struct _xmlSecMSCryptoDigestCtx xmlSecMSCryptoDigestCtx, *xmlSecMSCryptoDigestCtxPtr;
+typedef struct _xmlSecMSCryptoDigestCtx xmlSecMSCryptoDigestCtx, *xmlSecMSCryptoDigestCtxPtr;
struct _xmlSecMSCryptoDigestCtx {
- HCRYPTPROV provider;
- ALG_ID alg_id;
- HCRYPTHASH mscHash;
+ HCRYPTPROV provider;
+ ALG_ID alg_id;
+ const xmlSecMSCryptoProviderInfo * providers;
+ HCRYPTHASH mscHash;
unsigned char dgst[MSCRYPTO_MAX_HASH_SIZE];
- size_t dgstSize; /* dgst size in bytes */
-};
+ size_t dgstSize; /* dgst size in bytes */
+};
/******************************************************************************
*
@@ -41,42 +43,102 @@ struct _xmlSecMSCryptoDigestCtx {
* xmlSecMSCryptoDigestCtx is located after xmlSecTransform
*
*****************************************************************************/
-#define xmlSecMSCryptoDigestSize \
- (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoDigestCtx))
+#define xmlSecMSCryptoDigestSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoDigestCtx))
#define xmlSecMSCryptoDigestGetCtx(transform) \
((xmlSecMSCryptoDigestCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-static int xmlSecMSCryptoDigestInitialize (xmlSecTransformPtr transform);
-static void xmlSecMSCryptoDigestFinalize (xmlSecTransformPtr transform);
-static int xmlSecMSCryptoDigestVerify (xmlSecTransformPtr transform,
- const xmlSecByte* data,
- xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecMSCryptoDigestExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecMSCryptoDigestCheckId (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoDigestInitialize (xmlSecTransformPtr transform);
+static void xmlSecMSCryptoDigestFinalize (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoDigestVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecMSCryptoDigestExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecMSCryptoDigestCheckId (xmlSecTransformPtr transform);
+
+
+/* Ordered list of providers to search for algorithm implementation using
+ * xmlSecMSCryptoFindProvider() function
+ *
+ * MUST END with { NULL, 0 } !!!
+ */
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Sha1[] = {
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV, PROV_RSA_AES},
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE, PROV_RSA_AES },
+ { MS_STRONG_PROV, PROV_RSA_FULL },
+ { MS_ENHANCED_PROV, PROV_RSA_FULL },
+ { MS_DEF_PROV, PROV_RSA_FULL },
+ { NULL, 0 }
+};
+
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Sha2[] = {
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV, PROV_RSA_AES},
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE, PROV_RSA_AES },
+ { NULL, 0 }
+};
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Md5[] = {
+ { MS_STRONG_PROV, PROV_RSA_FULL },
+ { MS_ENHANCED_PROV, PROV_RSA_FULL },
+ { MS_DEF_PROV, PROV_RSA_FULL },
+ { NULL, 0 }
+};
-static int
+#ifndef XMLSEC_NO_GOST
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Gost[] = {
+ { MAGPRO_CSP, PROV_MAGPRO_GOST },
+ { CRYPTOPRO_CSP, PROV_CRYPTOPRO_GOST },
+ { NULL, 0 }
+};
+#endif /*ndef XMLSEC_NO_GOST*/
+
+static int
xmlSecMSCryptoDigestCheckId(xmlSecTransformPtr transform) {
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformMd5Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_MD5 */
+
#ifndef XMLSEC_NO_SHA1
if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha1Id)) {
- return(1);
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha256Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha384Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha512Id)) {
+ return(1);
}
-#endif /* XMLSEC_NO_SHA1 */
-
+#endif /* XMLSEC_NO_SHA512 */
+
#ifndef XMLSEC_NO_GOST
if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGostR3411_94Id)) {
- return(1);
+ return(1);
}
-#endif /* XMLSEC_NO_GOST*/
-
+#endif /* XMLSEC_NO_GOST*/
+
return(0);
}
-static int
+static int
xmlSecMSCryptoDigestInitialize(xmlSecTransformPtr transform) {
xmlSecMSCryptoDigestCtxPtr ctx;
@@ -89,50 +151,65 @@ xmlSecMSCryptoDigestInitialize(xmlSecTransformPtr transform) {
/* initialize context */
memset(ctx, 0, sizeof(xmlSecMSCryptoDigestCtx));
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformMd5Id)) {
+ ctx->alg_id = CALG_MD5;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Md5;
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
#ifndef XMLSEC_NO_SHA1
if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha1Id)) {
- ctx->alg_id = CALG_SHA;
- } else
-#endif /* XMLSEC_NO_SHA1 */
+ ctx->alg_id = CALG_SHA1;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Sha1;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha256Id)) {
+ ctx->alg_id = CALG_SHA_256;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Sha2;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha384Id)) {
+ ctx->alg_id = CALG_SHA_384;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Sha2;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha512Id)) {
+ ctx->alg_id = CALG_SHA_512;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Sha2;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
#ifndef XMLSEC_NO_GOST
if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGostR3411_94Id)) {
- ctx->alg_id = CALG_MAGPRO_HASH_R3411_94;
-
- /* TODO: Check what provider is best suited here.... */
- if (!CryptAcquireContext(&ctx->provider, NULL, 0, PROV_MAGPRO_GOST, CRYPT_VERIFYCONTEXT)) {
- if (!CryptAcquireContext(&ctx->provider, NULL, 0, PROV_CRYPTOPRO_GOST, CRYPT_VERIFYCONTEXT)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
- return(0);
- } else
-#endif /* XMLSEC_NO_GOST*/
+ ctx->alg_id = CALG_MAGPRO_HASH_R3411_94;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Gost;
+ } else
+#endif /* XMLSEC_NO_GOST*/
{
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
- /* TODO: Check what provider is best suited here.... */
- if (!CryptAcquireContext(&ctx->provider, NULL, MS_STRONG_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
- if (!CryptAcquireContext(&ctx->provider, NULL, MS_ENHANCED_PROV,PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ ctx->provider = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(ctx->provider == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoFindProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
@@ -150,18 +227,20 @@ static void xmlSecMSCryptoDigestFinalize(xmlSecTransformPtr transform) {
if(ctx->mscHash != 0) {
CryptDestroyHash(ctx->mscHash);
}
- CryptReleaseContext(ctx->provider, 0);
+ if(ctx->provider != 0) {
+ CryptReleaseContext(ctx->provider, 0);
+ }
memset(ctx, 0, sizeof(xmlSecMSCryptoDigestCtx));
}
-static int
-xmlSecMSCryptoDigestVerify(xmlSecTransformPtr transform,
- const xmlSecByte* data,
- xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx) {
+static int
+xmlSecMSCryptoDigestVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
xmlSecMSCryptoDigestCtxPtr ctx;
-
+
xmlSecAssert2(xmlSecMSCryptoDigestCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoDigestSize), -1);
xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
@@ -174,38 +253,38 @@ xmlSecMSCryptoDigestVerify(xmlSecTransformPtr transform,
xmlSecAssert2(ctx->dgstSize > 0, -1);
if(dataSize != ctx->dgstSize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "data_size=%d;dgst_size=%d",
- dataSize, ctx->dgstSize);
- transform->status = xmlSecTransformStatusFail;
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "data_size=%d;dgst_size=%d",
+ dataSize, ctx->dgstSize);
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
}
if(memcmp(ctx->dgst, data, ctx->dgstSize) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "data and digest do not match");
- transform->status = xmlSecTransformStatusFail;
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data and digest do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
}
-
+
transform->status = xmlSecTransformStatusOk;
return(0);
}
-static int
-xmlSecMSCryptoDigestExecute(xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx) {
+static int
+xmlSecMSCryptoDigestExecute(xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx) {
xmlSecMSCryptoDigestCtxPtr ctx;
xmlSecBufferPtr in, out;
int ret;
-
+
xmlSecAssert2(xmlSecMSCryptoDigestCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoDigestSize), -1);
@@ -219,110 +298,154 @@ xmlSecMSCryptoDigestExecute(xmlSecTransformPtr transform,
ctx = xmlSecMSCryptoDigestGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
-
+
if(transform->status == xmlSecTransformStatusNone) {
- ret = CryptCreateHash(ctx->provider,
- ctx->alg_id,
- 0,
- 0,
- &(ctx->mscHash));
-
- if((ret == 0) || (ctx->mscHash == 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "CryptHashData",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- transform->status = xmlSecTransformStatusWorking;
+ ret = CryptCreateHash(ctx->provider,
+ ctx->alg_id,
+ 0,
+ 0,
+ &(ctx->mscHash));
+
+ if((ret == 0) || (ctx->mscHash == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "CryptCreateHash",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusWorking;
}
-
+
if (transform->status == xmlSecTransformStatusWorking) {
- xmlSecSize inSize;
-
- inSize = xmlSecBufferGetSize(in);
- if(inSize > 0) {
- ret = CryptHashData(ctx->mscHash,
- xmlSecBufferGetData(in),
- inSize,
- 0);
-
- if(ret == 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "CryptHashData",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "size=%d", inSize);
- return(-1);
- }
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
- }
- if(last) {
- /* TODO: make a MSCrypto compatible assert here */
- /* xmlSecAssert2((xmlSecSize)EVP_MD_size(ctx->digest) <= sizeof(ctx->dgst), -1); */
- DWORD retLen;
- retLen = MSCRYPTO_MAX_HASH_SIZE;
-
- ret = CryptGetHashParam(ctx->mscHash,
- HP_HASHVAL,
- ctx->dgst,
- &retLen,
- 0);
-
- if (ret == 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "CryptGetHashParam",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
-
- ctx->dgstSize = (size_t)retLen;
-
- xmlSecAssert2(ctx->dgstSize > 0, -1);
-
- /* copy result to output */
- if(transform->operation == xmlSecTransformOperationSign) {
- ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", ctx->dgstSize);
- return(-1);
- }
- }
- transform->status = xmlSecTransformStatusFinished;
- }
+ xmlSecSize inSize;
+
+ inSize = xmlSecBufferGetSize(in);
+ if(inSize > 0) {
+ ret = CryptHashData(ctx->mscHash,
+ xmlSecBufferGetData(in),
+ inSize,
+ 0);
+
+ if(ret == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "CryptHashData",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+ if(last) {
+ /* TODO: make a MSCrypto compatible assert here */
+ /* xmlSecAssert2((xmlSecSize)EVP_MD_size(ctx->digest) <= sizeof(ctx->dgst), -1); */
+ DWORD retLen;
+ retLen = MSCRYPTO_MAX_HASH_SIZE;
+
+ ret = CryptGetHashParam(ctx->mscHash,
+ HP_HASHVAL,
+ ctx->dgst,
+ &retLen,
+ 0);
+
+ if (ret == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "CryptGetHashParam(HP_HASHVAL)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", MSCRYPTO_MAX_HASH_SIZE);
+ return(-1);
+ }
+
+ ctx->dgstSize = (size_t)retLen;
+
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+
+ /* copy result to output */
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", ctx->dgstSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
} else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
-
+
return(0);
}
+#ifndef XMLSEC_NO_MD5
+/******************************************************************************
+ *
+ * MD5
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecMSCryptoDigestSize, /* size_t objSize */
+
+ xmlSecNameMd5, /* const xmlChar* name; */
+ xmlSecHrefMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+ xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformMd5GetKlass:
+ *
+ * SHA-1 digest transform klass.
+ *
+ * Returns: pointer to SHA-1 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformMd5GetKlass(void) {
+ return(&xmlSecMSCryptoMd5Klass);
+}
+#endif /* XMLSEC_NO_MD5 */
+
#ifndef XMLSEC_NO_SHA1
/******************************************************************************
*
@@ -331,42 +454,174 @@ xmlSecMSCryptoDigestExecute(xmlSecTransformPtr transform,
*****************************************************************************/
static xmlSecTransformKlass xmlSecMSCryptoSha1Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* size_t klassSize */
- xmlSecMSCryptoDigestSize, /* size_t objSize */
-
- xmlSecNameSha1, /* const xmlChar* name; */
- xmlSecHrefSha1, /* const xmlChar* href; */
- xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
- xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecMSCryptoDigestSize, /* size_t objSize */
+
+ xmlSecNameSha1, /* const xmlChar* name; */
+ xmlSecHrefSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+ xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecMSCryptoTransformSha1GetKlass:
*
* SHA-1 digest transform klass.
*
* Returns: pointer to SHA-1 digest transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecMSCryptoTransformSha1GetKlass(void) {
return(&xmlSecMSCryptoSha1Klass);
}
#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+/******************************************************************************
+ *
+ * SHA256
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecMSCryptoDigestSize, /* size_t objSize */
+
+ xmlSecNameSha256, /* const xmlChar* name; */
+ xmlSecHrefSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+ xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformSha256GetKlass:
+ *
+ * SHA-256 digest transform klass.
+ *
+ * Returns: pointer to SHA-256 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformSha256GetKlass(void) {
+ return(&xmlSecMSCryptoSha256Klass);
+}
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/******************************************************************************
+ *
+ * SHA384
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecMSCryptoDigestSize, /* size_t objSize */
+
+ xmlSecNameSha384, /* const xmlChar* name; */
+ xmlSecHrefSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+ xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformSha384GetKlass:
+ *
+ * SHA-384 digest transform klass.
+ *
+ * Returns: pointer to SHA-384 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformSha384GetKlass(void) {
+ return(&xmlSecMSCryptoSha384Klass);
+}
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/******************************************************************************
+ *
+ * SHA512
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecMSCryptoDigestSize, /* size_t objSize */
+
+ xmlSecNameSha512, /* const xmlChar* name; */
+ xmlSecHrefSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+ xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformSha512GetKlass:
+ *
+ * SHA-512 digest transform klass.
+ *
+ * Returns: pointer to SHA-512 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformSha512GetKlass(void) {
+ return(&xmlSecMSCryptoSha512Klass);
+}
+#endif /* XMLSEC_NO_SHA512 */
+
#ifndef XMLSEC_NO_GOST
/******************************************************************************
*
@@ -375,37 +630,37 @@ xmlSecMSCryptoTransformSha1GetKlass(void) {
*****************************************************************************/
static xmlSecTransformKlass xmlSecMSCryptoGostR3411_94Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* size_t klassSize */
- xmlSecMSCryptoDigestSize, /* size_t objSize */
-
- xmlSecNameGostR3411_94, /* const xmlChar* name; */
- xmlSecHrefGostR3411_94, /* const xmlChar* href; */
- xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
- xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecMSCryptoDigestSize, /* size_t objSize */
+
+ xmlSecNameGostR3411_94, /* const xmlChar* name; */
+ xmlSecHrefGostR3411_94, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+ xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecMSCryptoTransformGostR3411_94GetKlass:
*
* GOSTR3411_94 digest transform klass.
*
* Returns: pointer to GOSTR3411_94 digest transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecMSCryptoTransformGostR3411_94GetKlass(void) {
return(&xmlSecMSCryptoGostR3411_94Klass);
}
diff --git a/src/mscrypto/globals.h b/src/mscrypto/globals.h
index b58931d5..2b88d5dd 100644
--- a/src/mscrypto/globals.h
+++ b/src/mscrypto/globals.h
@@ -1,18 +1,19 @@
/*
* XML Security Library
*
- * globals.h: internal header only used during the compilation
+ * THIS IS A PRIVATE XMLSEC HEADER FILE
+ * DON'T USE IT IN YOUR APPLICATION
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
- * Copyrigth (C) 2003 Cordys R&D BV, All rights reserved.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
*/
#ifndef __XMLSEC_GLOBALS_H__
#define __XMLSEC_GLOBALS_H__
/**
- * Use autoconf defines if present.
+ * Use autoconf defines if present.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -21,4 +22,18 @@
#define IN_XMLSEC_CRYPTO
#define XMLSEC_PRIVATE
+/* OpenSSL 0.9.6 and 0.9.7 do not have SHA 224/256/384/512 */
+#if defined(XMLSEC_OPENSSL_096) || defined(XMLSEC_OPENSSL_097)
+#define XMLSEC_NO_SHA224 1
+#define XMLSEC_NO_SHA256 1
+#define XMLSEC_NO_SHA384 1
+#define XMLSEC_NO_SHA512 1
+#endif /* defined(XMLSEC_OPENSSL_096) || defined(XMLSEC_OPENSSL_097) */
+
+/* OpenSSL 0.9.6 does not have AES */
+#if defined(XMLSEC_OPENSSL_096)
+#define XMLSEC_NO_AES 1
+#endif /* XMLSEC_OPENSSL_096 */
+
+
#endif /* ! __XMLSEC_GLOBALS_H__ */
diff --git a/src/mscrypto/hmac.c b/src/mscrypto/hmac.c
new file mode 100644
index 00000000..e8709838
--- /dev/null
+++ b/src/mscrypto/hmac.c
@@ -0,0 +1,963 @@
+/**
+ *
+ * XMLSec library
+ *
+ * HMAC Algorithm support (http://www.w3.org/TR/xmldsig-core/#sec-HMAC):
+ * The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits
+ * as a parameter; if the parameter is not specified then all the bits of the
+ * hash are output. An example of an HMAC SignatureMethod element:
+ * <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
+ * <HMACOutputLength>128</HMACOutputLength>
+ * </SignatureMethod>
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef XMLSEC_NO_HMAC
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <windows.h>
+#include <wincrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/mscrypto/crypto.h>
+#include "private.h"
+
+/* sizes in bits */
+#define XMLSEC_MSCRYPTO_MIN_HMAC_SIZE 80
+#define XMLSEC_MSCRYPTO_MAX_HMAC_SIZE 256
+
+/**************************************************************************
+ *
+ * Configuration
+ *
+ *****************************************************************************/
+static int g_xmlsec_mscrypto_hmac_min_length = XMLSEC_MSCRYPTO_MIN_HMAC_SIZE;
+
+/**
+ * xmlSecMSCryptoHmacGetMinOutputLength:
+ *
+ * Gets the value of min HMAC length.
+ *
+ * Returns: the min HMAC output length
+ */
+int xmlSecMSCryptoHmacGetMinOutputLength(void)
+{
+ return g_xmlsec_mscrypto_hmac_min_length;
+}
+
+/**
+ * xmlSecMSCryptoHmacSetMinOutputLength:
+ * @min_length: the new min length
+ *
+ * Sets the min HMAC output length
+ */
+void xmlSecMSCryptoHmacSetMinOutputLength(int min_length)
+{
+ g_xmlsec_mscrypto_hmac_min_length = min_length;
+}
+
+/******************************************************************************
+ *
+ * Internal MSCrypto HMAC CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecMSCryptoHmacCtx xmlSecMSCryptoHmacCtx, *xmlSecMSCryptoHmacCtxPtr;
+struct _xmlSecMSCryptoHmacCtx {
+ HCRYPTPROV provider;
+ HCRYPTKEY cryptKey;
+ HCRYPTKEY pubPrivKey;
+ ALG_ID alg_id;
+ const xmlSecMSCryptoProviderInfo * providers;
+ HCRYPTHASH mscHash;
+ unsigned char dgst[XMLSEC_MSCRYPTO_MAX_HMAC_SIZE];
+ size_t dgstSize; /* dgst size in bytes */
+ int ctxInitialized;
+};
+
+/******************************************************************************
+ *
+ * HMAC transforms
+ *
+ * xmlSecMSCryptoHmacCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecMSCryptoHmacGetCtx(transform) \
+ ((xmlSecMSCryptoHmacCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+#define xmlSecMSCryptoHmacSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoHmacCtx))
+
+static int xmlSecMSCryptoHmacCheckId (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoHmacInitialize (xmlSecTransformPtr transform);
+static void xmlSecMSCryptoHmacFinalize (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoHmacNodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecMSCryptoHmacSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecMSCryptoHmacSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecMSCryptoHmacVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecMSCryptoHmacExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+/* Ordered list of providers to search for algorithm implementation using
+ * xmlSecMSCryptoFindProvider() function
+ *
+ * MUST END with { NULL, 0 } !!!
+ */
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Hmac[] = {
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV, PROV_RSA_AES},
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE, PROV_RSA_AES },
+ { MS_STRONG_PROV, PROV_RSA_FULL },
+ { MS_ENHANCED_PROV, PROV_RSA_FULL },
+ { MS_DEF_PROV, PROV_RSA_FULL },
+ { NULL, 0 }
+};
+
+static int
+xmlSecMSCryptoHmacCheckId(xmlSecTransformPtr transform) {
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformHmacSha1Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformHmacSha256Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformHmacSha384Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformHmacSha512Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformHmacMd5Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+ /* not found */
+ {
+ return(0);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecMSCryptoHmacInitialize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoHmacCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecMSCryptoHmacCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoHmacSize), -1);
+
+ ctx = xmlSecMSCryptoHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* initialize context */
+ memset(ctx, 0, sizeof(xmlSecMSCryptoHmacCtx));
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformHmacSha1Id)) {
+ ctx->alg_id = CALG_SHA1;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Hmac;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformHmacSha256Id)) {
+ ctx->alg_id = CALG_SHA_256;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Hmac;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformHmacSha384Id)) {
+ ctx->alg_id = CALG_SHA_384;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Hmac;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformHmacSha512Id)) {
+ ctx->alg_id = CALG_SHA_512;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Hmac;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformHmacMd5Id)) {
+ ctx->alg_id = CALG_MD5;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Hmac;
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+ /* not found */
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ctx->provider = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(ctx->provider == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoFindProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* Create dummy key to be able to import plain session keys */
+ if (!xmlSecMSCryptoCreatePrivateExponentOneKey(ctx->provider, &(ctx->pubPrivKey))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoCreatePrivateExponentOneKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecMSCryptoHmacFinalize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoHmacCtxPtr ctx;
+
+ xmlSecAssert(xmlSecMSCryptoHmacCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoHmacSize));
+
+ ctx = xmlSecMSCryptoHmacGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->mscHash != 0) {
+ CryptDestroyHash(ctx->mscHash);
+ }
+ if (ctx->cryptKey) {
+ CryptDestroyKey(ctx->cryptKey);
+ }
+ if (ctx->pubPrivKey) {
+ CryptDestroyKey(ctx->pubPrivKey);
+ }
+ if(ctx->provider != 0) {
+ CryptReleaseContext(ctx->provider, 0);
+ }
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoHmacCtx));
+}
+
+static int
+xmlSecMSCryptoHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoHmacCtxPtr ctx;
+ xmlNodePtr cur;
+
+ xmlSecAssert2(xmlSecMSCryptoHmacCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoHmacSize), -1);
+ xmlSecAssert2(node!= NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecMSCryptoHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ cur = xmlSecGetNextElementNode(node->children);
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
+ xmlChar *content;
+
+ content = xmlNodeGetContent(cur);
+ if(content != NULL) {
+ ctx->dgstSize = atoi((char*)content);
+ xmlFree(content);
+ }
+
+ /* Ensure that HMAC length is greater than min specified.
+ Otherwise, an attacker can set this length to 0 or very
+ small value
+ */
+ if((int)ctx->dgstSize < xmlSecMSCryptoHmacGetMinOutputLength()) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "HMAC output length is too small");
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecMSCryptoHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecAssert2(xmlSecMSCryptoHmacCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoHmacSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ keyReq->keyId = xmlSecMSCryptoKeyDataHmacId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationSign) {
+ keyReq->keyUsage = xmlSecKeyUsageSign;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageVerify;
+ }
+
+ return(0);
+}
+
+static int
+xmlSecMSCryptoHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecMSCryptoHmacCtxPtr ctx;
+ xmlSecKeyDataPtr value;
+ xmlSecBufferPtr buffer;
+ HMAC_INFO hmacInfo;
+ int ret;
+
+ xmlSecAssert2(xmlSecMSCryptoHmacCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoHmacSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ ctx = xmlSecMSCryptoHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->ctxInitialized == 0, -1);
+ xmlSecAssert2(ctx->provider != 0, -1);
+ xmlSecAssert2(ctx->pubPrivKey != 0, -1);
+ xmlSecAssert2(ctx->cryptKey == 0, -1);
+ xmlSecAssert2(ctx->mscHash == 0, -1);
+
+ value = xmlSecKeyGetValue(key);
+ xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecMSCryptoKeyDataHmacId), -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ if(xmlSecBufferGetSize(buffer) == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "keySize=0");
+ return(-1);
+ }
+
+ xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
+
+ /* Import this key and get an HCRYPTKEY handle.
+ *
+ * HACK!!! HACK!!! HACK!!!
+ *
+ * Using CALG_RC2 instead of CALG_HMAC for the key algorithm so we don't want to check key length
+ */
+ if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->provider,
+ ctx->pubPrivKey,
+ CALG_RC2,
+ xmlSecBufferGetData(buffer),
+ xmlSecBufferGetSize(buffer),
+ FALSE,
+ &(ctx->cryptKey)
+ ) || (ctx->cryptKey == 0)) {
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoImportPlainSessionBlob",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* create hash */
+ ret = CryptCreateHash(ctx->provider,
+ CALG_HMAC,
+ ctx->cryptKey,
+ 0,
+ &(ctx->mscHash));
+ if((ret == 0) || (ctx->mscHash == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "CryptCreateHash",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* set parameters */
+ memset(&hmacInfo, 0, sizeof(hmacInfo));
+ hmacInfo.HashAlgid = ctx->alg_id;
+ ret = CryptSetHashParam(ctx->mscHash, HP_HMAC_INFO, (BYTE*)&hmacInfo, 0);
+ if(ret == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "CryptSetHashParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* done */
+ ctx->ctxInitialized = 1;
+ return(0);
+}
+
+static int
+xmlSecMSCryptoHmacVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ static xmlSecByte last_byte_masks[] =
+ { 0xFF, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
+
+ xmlSecMSCryptoHmacCtxPtr ctx;
+ xmlSecByte mask;
+
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoHmacSize), -1);
+ xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+ xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecMSCryptoHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+
+ /* compare the digest size in bytes */
+ if(dataSize != ((ctx->dgstSize + 7) / 8)){
+ /* NO COMMIT */
+ xmlChar* a;
+ mask = last_byte_masks[ctx->dgstSize % 8];
+ ctx->dgst[dataSize - 1] &= mask;
+ a = xmlSecBase64Encode(ctx->dgst, (ctx->dgstSize + 7) / 8, -1);
+ fprintf(stderr, "%s\n", a);
+ xmlFree(a);
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "data=%d;dgst=%d",
+ dataSize, ((ctx->dgstSize + 7) / 8));
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ /* we check the last byte separatelly */
+ xmlSecAssert2(dataSize > 0, -1);
+ mask = last_byte_masks[ctx->dgstSize % 8];
+ if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "data and digest do not match (last byte)");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ /* now check the rest of the digest */
+ if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "data and digest do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ transform->status = xmlSecTransformStatusOk;
+ return(0);
+}
+
+static int
+xmlSecMSCryptoHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoHmacCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoHmacSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ ctx = xmlSecMSCryptoHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ /* we should be already initialized when we set key */
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ xmlSecSize inSize;
+
+ inSize = xmlSecBufferGetSize(in);
+ if(inSize > 0) {
+ ret = CryptHashData(ctx->mscHash,
+ xmlSecBufferGetData(in),
+ inSize,
+ 0);
+
+ if(ret == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "CryptHashData",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+
+ if(last) {
+ /* TODO: make a MSCrypto compatible assert here */
+ /* xmlSecAssert2((xmlSecSize)EVP_MD_size(ctx->digest) <= sizeof(ctx->dgst), -1); */
+ DWORD retLen;
+ retLen = XMLSEC_MSCRYPTO_MAX_HMAC_SIZE;
+
+ ret = CryptGetHashParam(ctx->mscHash,
+ HP_HASHVAL,
+ ctx->dgst,
+ &retLen,
+ 0);
+
+ if (ret == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "CryptGetHashParam",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ xmlSecAssert2(retLen > 0, -1);
+
+ /* check/set the result digest size */
+ if(ctx->dgstSize == 0) {
+ ctx->dgstSize = retLen * 8; /* no dgst size specified, use all we have */
+ } else if(ctx->dgstSize <= 8 * retLen) {
+ retLen = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "result-bits=%d;required-bits=%d",
+ 8 * retLen, ctx->dgstSize);
+ return(-1);
+ }
+
+ /* copy result to output */
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = xmlSecBufferAppend(out, ctx->dgst, retLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", ctx->dgstSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_MD5
+/******************************************************************************
+ *
+ * HMAC MD5
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoHmacMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacMd5, /* const xmlChar* name; */
+ xmlSecHrefHmacMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecMSCryptoHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformHmacMd5GetKlass:
+ *
+ * The HMAC-MD5 transform klass.
+ *
+ * Returns: the HMAC-MD5 transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformHmacMd5GetKlass(void) {
+ return(&xmlSecMSCryptoHmacMd5Klass);
+}
+
+#endif /* XMLSEC_NO_MD5 */
+
+
+#ifndef XMLSEC_NO_RIPEMD160
+/******************************************************************************
+ *
+ * HMAC RIPEMD160
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoHmacRipemd160Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacRipemd160, /* const xmlChar* name; */
+ xmlSecHrefHmacRipemd160, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecMSCryptoHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformHmacRipemd160GetKlass:
+ *
+ * The HMAC-RIPEMD160 transform klass.
+ *
+ * Returns: the HMAC-RIPEMD160 transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformHmacRipemd160GetKlass(void) {
+ return(&xmlSecMSCryptoHmacRipemd160Klass);
+}
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+/******************************************************************************
+ *
+ * HMAC SHA1
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoHmacSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha1, /* const xmlChar* name; */
+ xmlSecHrefHmacSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecMSCryptoHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformHmacSha1GetKlass:
+ *
+ * The HMAC-SHA1 transform klass.
+ *
+ * Returns: the HMAC-SHA1 transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformHmacSha1GetKlass(void) {
+ return(&xmlSecMSCryptoHmacSha1Klass);
+}
+
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+/******************************************************************************
+ *
+ * HMAC SHA224
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoHmacSha224Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha224, /* const xmlChar* name; */
+ xmlSecHrefHmacSha224, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecMSCryptoHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformHmacSha224GetKlass:
+ *
+ * The HMAC-SHA224 transform klass.
+ *
+ * Returns: the HMAC-SHA224 transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformHmacSha224GetKlass(void) {
+ return(&xmlSecMSCryptoHmacSha224Klass);
+}
+
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+/******************************************************************************
+ *
+ * HMAC SHA256
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoHmacSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha256, /* const xmlChar* name; */
+ xmlSecHrefHmacSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecMSCryptoHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformHmacSha256GetKlass:
+ *
+ * The HMAC-SHA256 transform klass.
+ *
+ * Returns: the HMAC-SHA256 transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformHmacSha256GetKlass(void) {
+ return(&xmlSecMSCryptoHmacSha256Klass);
+}
+
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/******************************************************************************
+ *
+ * HMAC SHA384
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoHmacSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha384, /* const xmlChar* name; */
+ xmlSecHrefHmacSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecMSCryptoHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformHmacSha384GetKlass:
+ *
+ * The HMAC-SHA384 transform klass.
+ *
+ * Returns: the HMAC-SHA384 transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformHmacSha384GetKlass(void) {
+ return(&xmlSecMSCryptoHmacSha384Klass);
+}
+
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/******************************************************************************
+ *
+ * HMAC SHA512
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoHmacSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha512, /* const xmlChar* name; */
+ xmlSecHrefHmacSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecMSCryptoHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformHmacSha512GetKlass:
+ *
+ * The HMAC-SHA512 transform klass.
+ *
+ * Returns: the HMAC-SHA512 transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformHmacSha512GetKlass(void) {
+ return(&xmlSecMSCryptoHmacSha512Klass);
+}
+
+#endif /* XMLSEC_NO_SHA512 */
+
+
+#endif /* XMLSEC_NO_HMAC */
+
diff --git a/src/mscrypto/keysstore.c b/src/mscrypto/keysstore.c
index 6e2401b4..33f0cd27 100644
--- a/src/mscrypto/keysstore.c
+++ b/src/mscrypto/keysstore.c
@@ -1,18 +1,18 @@
-/**
+/**
* XMLSec library
- *
+ *
* MSCrypto keys store that uses Simple Keys Store under the hood. Uses the
- * MS Certificate store as a backing store for the finding keys, but the
+ * MS Certificate store as a backing store for the finding keys, but the
* MS Certificate store not written to by the keys store.
* So, if store->findkey is done and the key is not found in the simple
* keys store, the MS Certificate store is looked up.
- * Thus, the MS Certificate store can be used to pre-load keys and becomes
+ * Thus, the MS Certificate store can be used to pre-load keys and becomes
* an alternate source of keys for xmlsec
- *
+ *
* This is free software; see Copyright file in the source
* distribution for precise wording.
- *
- * Copyrigth (C) 2003 Cordys R&D BV, All rights reserved.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
* Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -23,7 +23,7 @@
#include <windows.h>
#include <wincrypt.h>
-#include <libxml/tree.h>
+#include <libxml/tree.h>
#include <xmlsec/xmlsec.h>
#include <xmlsec/buffer.h>
@@ -38,73 +38,76 @@
#include <xmlsec/mscrypto/keysstore.h>
#include <xmlsec/mscrypto/x509.h>
#include <xmlsec/mscrypto/certkeys.h>
+#include "private.h"
-#if defined(__MINGW32__)
-# include "xmlsec-mingw.h"
-#endif
-
-#define XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME "MY"
+#define XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME_A "MY"
+#define XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME_W L"MY"
+#ifdef UNICODE
+#define XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME_W
+#else /* UNICODE */
+#define XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME_A
+#endif /* UNICODE */
/****************************************************************************
*
* MSCrypto Keys Store. Uses Simple Keys Store under the hood
- *
+ *
* Simple Keys Store ptr is located after xmlSecKeyStore
*
***************************************************************************/
#define xmlSecMSCryptoKeysStoreSize \
- (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
+ (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
#define xmlSecMSCryptoKeysStoreGetSS(store) \
((xmlSecKeyStoreCheckSize((store), xmlSecMSCryptoKeysStoreSize)) ? \
(xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
(xmlSecKeyStorePtr*)NULL)
-static int xmlSecMSCryptoKeysStoreInitialize (xmlSecKeyStorePtr store);
-static void xmlSecMSCryptoKeysStoreFinalize (xmlSecKeyStorePtr store);
-static xmlSecKeyPtr xmlSecMSCryptoKeysStoreFindKey (xmlSecKeyStorePtr store,
- const xmlChar* name,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoKeysStoreInitialize (xmlSecKeyStorePtr store);
+static void xmlSecMSCryptoKeysStoreFinalize (xmlSecKeyStorePtr store);
+static xmlSecKeyPtr xmlSecMSCryptoKeysStoreFindKey (xmlSecKeyStorePtr store,
+ const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
static xmlSecKeyStoreKlass xmlSecMSCryptoKeysStoreKlass = {
sizeof(xmlSecKeyStoreKlass),
xmlSecMSCryptoKeysStoreSize,
/* data */
- BAD_CAST "MSCrypto-keys-store", /* const xmlChar* name; */
-
+ BAD_CAST "MSCrypto-keys-store", /* const xmlChar* name; */
+
/* constructors/destructor */
- xmlSecMSCryptoKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
- xmlSecMSCryptoKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
- xmlSecMSCryptoKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
+ xmlSecMSCryptoKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
+ xmlSecMSCryptoKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
+ xmlSecMSCryptoKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecMSCryptoKeysStoreGetKlass:
- *
+ *
* The MSCrypto list based keys store klass.
*
* Returns: MSCrypto list based keys store klass.
*/
-xmlSecKeyStoreId
+xmlSecKeyStoreId
xmlSecMSCryptoKeysStoreGetKlass(void) {
return(&xmlSecMSCryptoKeysStoreKlass);
}
/**
* xmlSecMSCryptoKeysStoreAdoptKey:
- * @store: the pointer to MSCrypto keys store.
- * @key: the pointer to key.
- *
- * Adds @key to the @store.
+ * @store: the pointer to MSCrypto keys store.
+ * @key: the pointer to key.
+ *
+ * Adds @key to the @store.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecMSCryptoKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
xmlSecKeyStorePtr *ss;
@@ -112,25 +115,25 @@ xmlSecMSCryptoKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
xmlSecAssert2((key != NULL), -1);
ss = xmlSecMSCryptoKeysStoreGetSS(store);
- xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
+ xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
+ (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
}
-/**
+/**
* xmlSecMSCryptoKeysStoreLoad:
- * @store: the pointer to MSCrypto keys store.
- * @uri: the filename.
- * @keysMngr: the pointer to associated keys manager.
- *
+ * @store: the pointer to MSCrypto keys store.
+ * @uri: the filename.
+ * @keysMngr: the pointer to associated keys manager.
+ *
* Reads keys from an XML file.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
int
-xmlSecMSCryptoKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
- xmlSecKeysMngrPtr keysMngr) {
+xmlSecMSCryptoKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
+ xmlSecKeysMngrPtr keysMngr) {
xmlDocPtr doc;
xmlNodePtr root;
xmlNodePtr cur;
@@ -139,117 +142,117 @@ xmlSecMSCryptoKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), -1);
- xmlSecAssert2((uri != NULL), -1);
+ xmlSecAssert2((uri != NULL), -1);
doc = xmlParseFile(uri);
if(doc == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlParseFile",
- XMLSEC_ERRORS_R_XML_FAILED,
- "uri=%s",
- xmlSecErrorsSafeString(uri));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlParseFile",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "uri=%s",
+ xmlSecErrorsSafeString(uri));
+ return(-1);
}
-
+
root = xmlDocGetRootElement(doc);
if(!xmlSecCheckNodeName(root, BAD_CAST "Keys", xmlSecNs)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(root)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "expected-node=<xmlsec:Keys>");
- xmlFreeDoc(doc);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(root)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected-node=<xmlsec:Keys>");
+ xmlFreeDoc(doc);
+ return(-1);
}
-
+
cur = xmlSecGetNextElementNode(root->children);
- while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) {
- key = xmlSecKeyCreate();
- if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "expected-node=%s",
- xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
- xmlFreeDoc(doc);
- return(-1);
- }
-
- ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecKeyInfoCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDestroy(key);
- xmlFreeDoc(doc);
- return(-1);
- }
-
- keyInfoCtx.mode = xmlSecKeyInfoModeRead;
- keyInfoCtx.keysMngr = keysMngr;
- keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND |
- XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
- keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
- keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypeAny;
- keyInfoCtx.keyReq.keyUsage= xmlSecKeyDataUsageAny;
-
- ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecKeyInfoNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
- xmlSecKeyDestroy(key);
- xmlFreeDoc(doc);
- return(-1);
- }
- xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
-
- if(xmlSecKeyIsValid(key)) {
- ret = xmlSecMSCryptoKeysStoreAdoptKey(store, key);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecMSCryptoKeysStoreAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDestroy(key);
- xmlFreeDoc(doc);
- return(-1);
- }
- } else {
- /* we have an unknown key in our file, just ignore it */
- xmlSecKeyDestroy(key);
- }
+ while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) {
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected-node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ keyInfoCtx.mode = xmlSecKeyInfoModeRead;
+ keyInfoCtx.keysMngr = keysMngr;
+ keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND |
+ XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
+ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
+ keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypeAny;
+ keyInfoCtx.keyReq.keyUsage= xmlSecKeyDataUsageAny;
+
+ ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeyInfoNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+ xmlSecKeyDestroy(key);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+
+ if(xmlSecKeyIsValid(key)) {
+ ret = xmlSecMSCryptoKeysStoreAdoptKey(store, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecMSCryptoKeysStoreAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+ } else {
+ /* we have an unknown key in our file, just ignore it */
+ xmlSecKeyDestroy(key);
+ }
cur = xmlSecGetNextElementNode(cur->next);
}
-
+
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFreeDoc(doc);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(doc);
+ return(-1);
}
-
+
xmlFreeDoc(doc);
return(0);
}
-/**
+/**
* xmlSecMSCryptoKeysStoreSave:
- * @store: the pointer to MSCrypto keys store.
- * @filename: the filename.
- * @type: the saved keys type (public, private, ...).
- *
+ * @store: the pointer to MSCrypto keys store.
+ * @filename: the filename.
+ * @type: the saved keys type (public, private, ...).
+ *
* Writes keys from @store to an XML file.
*
* Returns: 0 on success or a negative value if an error occurs.
@@ -259,11 +262,11 @@ xmlSecMSCryptoKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSe
xmlSecKeyStorePtr *ss;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), -1);
- xmlSecAssert2((filename != NULL), -1);
-
+ xmlSecAssert2((filename != NULL), -1);
+
ss = xmlSecMSCryptoKeysStoreGetSS(store);
- xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
+ xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
+ (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
return (xmlSecSimpleKeysStoreSave(*ss, filename, type));
}
@@ -279,35 +282,36 @@ xmlSecMSCryptoKeysStoreInitialize(xmlSecKeyStorePtr store) {
*ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
if(*ss == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecKeyStoreCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecSimpleKeysStoreId");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeyStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecSimpleKeysStoreId");
+ return(-1);
}
- return(0);
+ return(0);
}
static void
xmlSecMSCryptoKeysStoreFinalize(xmlSecKeyStorePtr store) {
xmlSecKeyStorePtr *ss;
-
+
xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId));
-
+
ss = xmlSecMSCryptoKeysStoreGetSS(store);
xmlSecAssert((ss != NULL) && (*ss != NULL));
-
+
xmlSecKeyStoreDestroy(*ss);
}
static PCCERT_CONTEXT
-xmlSecMSCryptoKeysStoreFindCert(xmlSecKeyStorePtr store, const xmlChar* name,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
- const char* storeName;
+xmlSecMSCryptoKeysStoreFindCert(xmlSecKeyStorePtr store, const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ LPCTSTR storeName;
HCERTSTORE hStoreHandle = NULL;
PCCERT_CONTEXT pCertContext = NULL;
+ LPTSTR wcName = NULL;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), NULL);
xmlSecAssert2(name != NULL, NULL);
@@ -315,183 +319,121 @@ xmlSecMSCryptoKeysStoreFindCert(xmlSecKeyStorePtr store, const xmlChar* name,
storeName = xmlSecMSCryptoAppGetCertStoreName();
if(storeName == NULL) {
- storeName = XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME;
+ storeName = XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME;
}
hStoreHandle = CertOpenSystemStore(0, storeName);
if (NULL == hStoreHandle) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertOpenSystemStore",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "storeName=%s",
- xmlSecErrorsSafeString(storeName));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertOpenSystemStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "storeName=%s",
+ xmlSecErrorsSafeString(storeName));
+ return(NULL);
}
- /* first attempt: search by cert id == name */
- if(pCertContext == NULL) {
- size_t len = xmlStrlen(name) + 1;
- wchar_t * lpCertID;
-
- /* aleksey todo: shouldn't we call MultiByteToWideChar first to get the buffer size? */
- lpCertID = (wchar_t *)xmlMalloc(sizeof(wchar_t) * len);
- if(lpCertID == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CertCloseStore(hStoreHandle, 0);
- return(NULL);
- }
- MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, name, -1, lpCertID, len);
-
- pCertContext = CertFindCertificateInStore(
- hStoreHandle,
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- 0,
- CERT_FIND_SUBJECT_STR,
- lpCertID,
- NULL);
- xmlFree(lpCertID);
+ /* convert name to unicode */
+ wcName = xmlSecMSCryptoConvertUtf8ToTstr(name);
+ if(wcName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecMSCryptoConvertUtf8ToUnicode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "wcName");
+ CertCloseStore(hStoreHandle, 0);
+ return(NULL);
}
- /* We don't give up easily, now try to fetch the cert with a full blown
- * subject dn
- */
- if (NULL == pCertContext) {
- BYTE* bdata;
- DWORD len;
-
- bdata = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- name,
- CERT_OID_NAME_STR,
- &len);
- if(bdata != NULL) {
- CERT_NAME_BLOB cnb;
-
- cnb.cbData = len;
- cnb.pbData = bdata;
-
- pCertContext = CertFindCertificateInStore(hStoreHandle,
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- 0,
- CERT_FIND_SUBJECT_NAME,
- &cnb,
- NULL);
- xmlFree(bdata);
- }
+ /* first attempt: try to find the cert with a full blown subject dn */
+ if(NULL == pCertContext) {
+ pCertContext = xmlSecMSCryptoX509FindCertBySubject(
+ hStoreHandle,
+ wcName,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING);
}
-
- /* We don't give up easily, now try to fetch the cert with a full blown
- * subject dn, and try with a reversed dn
+
+ /*
+ * Try ro find certificate with name="Friendly Name"
*/
if (NULL == pCertContext) {
- BYTE* bdata;
- DWORD len;
-
- bdata = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- name,
- CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
- &len);
- if(bdata != NULL) {
- CERT_NAME_BLOB cnb;
-
- cnb.cbData = len;
- cnb.pbData = bdata;
-
- pCertContext = CertFindCertificateInStore(hStoreHandle,
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- 0,
- CERT_FIND_SUBJECT_NAME,
- &cnb,
- NULL);
- xmlFree(bdata);
- }
+ DWORD dwPropSize;
+ PBYTE pbFriendlyName;
+ PCCERT_CONTEXT pCertCtxIter = NULL;
+
+
+ while (pCertCtxIter = CertEnumCertificatesInStore(hStoreHandle, pCertCtxIter)) {
+ if (TRUE != CertGetCertificateContextProperty(pCertCtxIter,
+ CERT_FRIENDLY_NAME_PROP_ID,
+ NULL,
+ &dwPropSize)) {
+ continue;
+ }
+
+ pbFriendlyName = xmlMalloc(dwPropSize);
+ if(pbFriendlyName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(wcName);
+ CertCloseStore(hStoreHandle, 0);
+ return(NULL);
+ }
+
+ if (TRUE != CertGetCertificateContextProperty(pCertCtxIter,
+ CERT_FRIENDLY_NAME_PROP_ID,
+ pbFriendlyName,
+ &dwPropSize)) {
+ xmlFree(pbFriendlyName);
+ continue;
+ }
+
+ /* Compare FriendlyName to name */
+ if (!lstrcmp(wcName, (LPCTSTR)pbFriendlyName)) {
+ pCertContext = pCertCtxIter;
+ xmlFree(pbFriendlyName);
+ break;
+ }
+ xmlFree(pbFriendlyName);
+ }
}
- /*
- * Try ro find certificate with name="Friendly Name"
+ /* We don't give up easily, now try to find cert with part of the name
*/
if (NULL == pCertContext) {
- DWORD dwPropSize;
- PBYTE pbFriendlyName;
- PCCERT_CONTEXT pCertCtxIter = NULL;
- size_t len = xmlStrlen(name) + 1;
- wchar_t * lpFName;
-
- lpFName = (wchar_t *)xmlMalloc(sizeof(wchar_t) * len);
- if(lpFName == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CertCloseStore(hStoreHandle, 0);
- return(NULL);
- }
- MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, name, -1, lpFName, len);
-
- while (pCertCtxIter = CertEnumCertificatesInStore(hStoreHandle, pCertCtxIter)) {
- if (TRUE != CertGetCertificateContextProperty(pCertCtxIter,
- CERT_FRIENDLY_NAME_PROP_ID,
- NULL,
- &dwPropSize)) {
- continue;
- }
-
- pbFriendlyName = xmlMalloc(dwPropSize);
- if(pbFriendlyName == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(lpFName);
- CertCloseStore(hStoreHandle, 0);
- return(NULL);
- }
- if (TRUE != CertGetCertificateContextProperty(pCertCtxIter,
- CERT_FRIENDLY_NAME_PROP_ID,
- pbFriendlyName,
- &dwPropSize)) {
- xmlFree(pbFriendlyName);
- continue;
- }
-
- /* Compare FriendlyName to name */
- if (!wcscmp(lpFName, (const wchar_t *)pbFriendlyName)) {
- pCertContext = pCertCtxIter;
- xmlFree(pbFriendlyName);
- break;
- }
- xmlFree(pbFriendlyName);
- }
-
- xmlFree(lpFName);
+ pCertContext = CertFindCertificateInStore(
+ hStoreHandle,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ 0,
+ CERT_FIND_SUBJECT_STR,
+ wcName,
+ NULL);
}
- /* We could do the following here:
+
+ /* We could do the following here:
* It would be nice if we could locate the cert with issuer name and
* serial number, the given keyname can be something like this:
* 'serial=1234567;issuer=CN=ikke, C=NL'
* to be implemented by the first person who reads this, and thinks it's
* a good idea :) WK
- */
+ */
/* OK, I give up, I'm gone :( */
-
- /* aleksey todo: is it a right idea to close store if we have a handle to
+
+ /* aleksey todo: is it a right idea to close store if we have a handle to
* a cert in this store? */
+ xmlFree(wcName);
CertCloseStore(hStoreHandle, 0);
return(pCertContext);
}
-static xmlSecKeyPtr
-xmlSecMSCryptoKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+static xmlSecKeyPtr
+xmlSecMSCryptoKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyStorePtr* ss;
xmlSecKeyPtr key = NULL;
xmlSecKeyReqPtr keyReq = NULL;
@@ -511,167 +453,167 @@ xmlSecMSCryptoKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
/* first try to find key in the simple keys store */
key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
if (key != NULL) {
- return (key);
+ return (key);
}
/* Next try to find the key in the MS Certificate store, and construct an xmlSecKey.
* we must have a name to lookup keys in the certificate store.
*/
if (name == NULL) {
- goto done;
+ goto done;
}
- /* what type of key are we looking for?
+ /* what type of key are we looking for?
* WK: For now, we'll look only for public/private keys using the
- * name as a cert nickname. Then the name is regarded as the subject
+ * name as a cert nickname. Then the name is regarded as the subject
* dn of the certificate to be searched for.
*/
keyReq = &(keyInfoCtx->keyReq);
if (keyReq->keyType & (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
- pCertContext = xmlSecMSCryptoKeysStoreFindCert(store, name, keyInfoCtx);
- if(pCertContext == NULL) {
- goto done;
- }
-
- /* set cert in x509 data */
- x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id);
- if(x509Data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
-
- pCertContext2 = CertDuplicateCertificateContext(pCertContext);
- if (NULL == pCertContext2) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertDuplicateCertificateContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
-
- ret = xmlSecMSCryptoKeyDataX509AdoptCert(x509Data, pCertContext2);
- if (ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
- pCertContext2 = NULL;
-
- pCertContext2 = CertDuplicateCertificateContext(pCertContext);
- if (NULL == pCertContext2) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertDuplicateCertificateContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
-
- ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, pCertContext2);
- if (ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoKeyDataX509AdoptKeyCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
- pCertContext2 = NULL;
-
- /* set cert in key data */
- data = xmlSecMSCryptoCertAdopt(pCertContext, keyReq->keyType);
- if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoCertAdopt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- pCertContext = NULL;
-
- /* create key and add key data and x509 data to it */
- key = xmlSecKeyCreate();
- if (key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- ret = xmlSecKeySetValue(key, data);
- if (ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
- goto done;
- }
- data = NULL;
-
- ret = xmlSecKeyAdoptData(key, x509Data);
- if (ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyAdoptData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
- x509Data = NULL;
-
- /* Set the name of the key to the given name */
- ret = xmlSecKeySetName(key, name);
- if (ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecKeySetName",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
+ pCertContext = xmlSecMSCryptoKeysStoreFindCert(store, name, keyInfoCtx);
+ if(pCertContext == NULL) {
+ goto done;
+ }
+
+ /* set cert in x509 data */
+ x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id);
+ if(x509Data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+
+ pCertContext2 = CertDuplicateCertificateContext(pCertContext);
+ if (NULL == pCertContext2) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+
+ ret = xmlSecMSCryptoKeyDataX509AdoptCert(x509Data, pCertContext2);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ pCertContext2 = NULL;
+
+ pCertContext2 = CertDuplicateCertificateContext(pCertContext);
+ if (NULL == pCertContext2) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+
+ ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, pCertContext2);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ pCertContext2 = NULL;
+
+ /* set cert in key data */
+ data = xmlSecMSCryptoCertAdopt(pCertContext, keyReq->keyType);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoCertAdopt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ pCertContext = NULL;
+
+ /* create key and add key data and x509 data to it */
+ key = xmlSecKeyCreate();
+ if (key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecKeySetValue(key, data);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
+ goto done;
+ }
+ data = NULL;
+
+ ret = xmlSecKeyAdoptData(key, x509Data);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyAdoptData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ x509Data = NULL;
+
+ /* Set the name of the key to the given name */
+ ret = xmlSecKeySetName(key, name);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeySetName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
/* now that we have a key, make sure it is valid and let the simple
- * store adopt it */
- if (xmlSecKeyIsValid(key)) {
- res = key;
- key = NULL;
- }
+ * store adopt it */
+ if (xmlSecKeyIsValid(key)) {
+ res = key;
+ key = NULL;
+ }
}
done:
if (NULL != pCertContext) {
- CertFreeCertificateContext(pCertContext);
+ CertFreeCertificateContext(pCertContext);
}
if (NULL != pCertContext2) {
- CertFreeCertificateContext(pCertContext2);
+ CertFreeCertificateContext(pCertContext2);
}
if (data != NULL) {
- xmlSecKeyDataDestroy(data);
+ xmlSecKeyDataDestroy(data);
}
if (x509Data != NULL) {
- xmlSecKeyDataDestroy(x509Data);
+ xmlSecKeyDataDestroy(x509Data);
}
if (key != NULL) {
- xmlSecKeyDestroy(key);
+ xmlSecKeyDestroy(key);
}
return (res);
diff --git a/src/mscrypto/kt_rsa.c b/src/mscrypto/kt_rsa.c
index ec86ac53..9b4908fa 100644
--- a/src/mscrypto/kt_rsa.c
+++ b/src/mscrypto/kt_rsa.c
@@ -1,13 +1,13 @@
-/**
+/**
*
* XMLSec library
- *
+ *
* RSA Algorithms support
- *
+ *
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
- * Copyrigth (C) 2003 Cordys R&D BV, All rights reserved.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
*/
#include "globals.h"
@@ -29,212 +29,229 @@
#include <xmlsec/mscrypto/crypto.h>
#include <xmlsec/mscrypto/certkeys.h>
+#include "private.h"
/**************************************************************************
*
* Internal MSCRYPTO RSA PKCS1 CTX
*
*************************************************************************/
-typedef struct _xmlSecMSCryptoRsaPkcs1Ctx xmlSecMSCryptoRsaPkcs1Ctx,
- *xmlSecMSCryptoRsaPkcs1CtxPtr;
-struct _xmlSecMSCryptoRsaPkcs1Ctx {
- xmlSecKeyDataPtr data;
- DWORD typeFlags;
-};
+typedef struct _xmlSecMSCryptoRsaPkcs1OaepCtx xmlSecMSCryptoRsaPkcs1OaepCtx,
+ *xmlSecMSCryptoRsaPkcs1OaepCtxPtr;
+struct _xmlSecMSCryptoRsaPkcs1OaepCtx {
+ DWORD dwFlags;
+ xmlSecKeyDataPtr data;
+ xmlSecBuffer oaepParams;
+};
/*********************************************************************
*
* RSA PKCS1 key transport transform
*
- * xmlSecMSCryptoRsaPkcs1Ctx is located after xmlSecTransform
+ * xmlSecMSCryptoRsaPkcs1OaepCtx is located after xmlSecTransform
*
********************************************************************/
-#define xmlSecMSCryptoRsaPkcs1Size \
- (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoRsaPkcs1Ctx))
-#define xmlSecMSCryptoRsaPkcs1GetCtx(transform) \
- ((xmlSecMSCryptoRsaPkcs1CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-
-static int xmlSecMSCryptoRsaPkcs1Initialize (xmlSecTransformPtr transform);
-static void xmlSecMSCryptoRsaPkcs1Finalize (xmlSecTransformPtr transform);
-static int xmlSecMSCryptoRsaPkcs1SetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecMSCryptoRsaPkcs1SetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecMSCryptoRsaPkcs1Execute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecMSCryptoRsaPkcs1Process (xmlSecTransformPtr transform,
- xmlSecTransformCtxPtr transformCtx);
-
-static xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoRsaPkcs1Size, /* xmlSecSize objSize */
-
- xmlSecNameRsaPkcs1, /* const xmlChar* name; */
- xmlSecHrefRsaPkcs1, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecMSCryptoRsaPkcs1Initialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecMSCryptoRsaPkcs1Finalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecMSCryptoRsaPkcs1SetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecMSCryptoRsaPkcs1SetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecMSCryptoRsaPkcs1Execute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
+#define xmlSecMSCryptoRsaPkcs1OaepCtx \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoRsaPkcs1OaepCtx))
+#define xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform) \
+ ((xmlSecMSCryptoRsaPkcs1OaepCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecMSCryptoRsaPkcs1OaepCheckId (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoRsaPkcs1OaepInitialize (xmlSecTransformPtr transform);
+static void xmlSecMSCryptoRsaPkcs1OaepFinalize (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoRsaPkcs1OaepSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecMSCryptoRsaPkcs1OaepSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecMSCryptoRsaPkcs1OaepExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecMSCryptoRsaPkcs1OaepProcess (xmlSecTransformPtr transform,
+ xmlSecTransformCtxPtr transformCtx);
+
+
+static int
+xmlSecMSCryptoRsaPkcs1OaepCheckId(xmlSecTransformPtr transform) {
+
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id)) {
+ return(1);
+ } else
+
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaOaepId)) {
+ return(1);
+ } else
+
+ /* not found */
+ {
+ return(0);
+ }
-/**
- * xmlSecMSCryptoTransformRsaPkcs1GetKlass:
- *
- * The RSA-PKCS1 key transport transform klass.
- *
- * Returns: RSA-PKCS1 key transport transform klass.
- */
-xmlSecTransformId
-xmlSecMSCryptoTransformRsaPkcs1GetKlass(void) {
- return(&xmlSecMSCryptoRsaPkcs1Klass);
+ /* just in case */
+ return(0);
}
-static int
-xmlSecMSCryptoRsaPkcs1Initialize(xmlSecTransformPtr transform) {
- xmlSecMSCryptoRsaPkcs1CtxPtr ctx;
-
- xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size), -1);
+static int
+xmlSecMSCryptoRsaPkcs1OaepInitialize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1);
- ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform);
+ ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
-
- memset(ctx, 0, sizeof(xmlSecMSCryptoRsaPkcs1Ctx));
+
+ /* initialize */
+ memset(ctx, 0, sizeof(xmlSecMSCryptoRsaPkcs1OaepCtx));
+
+ ret = xmlSecBufferInitialize(&(ctx->oaepParams), 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id)) {
+ ctx->dwFlags = 0;
+ } else
+
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaOaepId)) {
+ ctx->dwFlags = CRYPT_OAEP;
+ } else
+
+ /* not found */
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* done */
return(0);
}
-static void
-xmlSecMSCryptoRsaPkcs1Finalize(xmlSecTransformPtr transform) {
- xmlSecMSCryptoRsaPkcs1CtxPtr ctx;
+static void
+xmlSecMSCryptoRsaPkcs1OaepFinalize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx;
- xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id));
- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size));
+ xmlSecAssert(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx));
- ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform);
+ ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform);
xmlSecAssert(ctx != NULL);
-
+
if (ctx->data != NULL) {
- xmlSecKeyDataDestroy(ctx->data);
- ctx->data = NULL;
+ xmlSecKeyDataDestroy(ctx->data);
+ ctx->data = NULL;
}
- memset(ctx, 0, sizeof(xmlSecMSCryptoRsaPkcs1Ctx));
+ xmlSecBufferFinalize(&(ctx->oaepParams));
+ memset(ctx, 0, sizeof(xmlSecMSCryptoRsaPkcs1OaepCtx));
}
-static int
-xmlSecMSCryptoRsaPkcs1SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
- xmlSecMSCryptoRsaPkcs1CtxPtr ctx;
+static int
+xmlSecMSCryptoRsaPkcs1OaepSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx;
- xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id), -1);
+ xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1);
xmlSecAssert2(keyReq != NULL, -1);
- ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform);
+ ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
- keyReq->keyId = xmlSecMSCryptoKeyDataRsaId;
+ keyReq->keyId = xmlSecMSCryptoKeyDataRsaId;
if(transform->operation == xmlSecTransformOperationEncrypt) {
keyReq->keyType = xmlSecKeyDataTypePublic;
- keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
} else {
keyReq->keyType = xmlSecKeyDataTypePrivate;
- keyReq->keyUsage = xmlSecKeyUsageDecrypt;
- }
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
return(0);
}
-static int
-xmlSecMSCryptoRsaPkcs1SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
- xmlSecMSCryptoRsaPkcs1CtxPtr ctx;
-
- xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id), -1);
+static int
+xmlSecMSCryptoRsaPkcs1OaepSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataRsaId), -1);
- ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform);
+ ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->data == NULL, -1);
ctx->data = xmlSecKeyDataDuplicate(xmlSecKeyGetValue(key));
if(ctx->data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecKeyDataDuplicate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKeyDataDuplicate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
-static int
-xmlSecMSCryptoRsaPkcs1Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecMSCryptoRsaPkcs1CtxPtr ctx;
+static int
+xmlSecMSCryptoRsaPkcs1OaepExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx;
int ret;
- xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id), -1);
+ xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1);
xmlSecAssert2(transformCtx != NULL, -1);
- ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform);
+ ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
if(transform->status == xmlSecTransformStatusNone) {
transform->status = xmlSecTransformStatusWorking;
- }
-
+ }
+
if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
- /* just do nothing */
+ /* just do nothing */
} else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
- ret = xmlSecMSCryptoRsaPkcs1Process(transform, transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecMSCryptoRsaPkcs1Process",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- transform->status = xmlSecTransformStatusFinished;
+ ret = xmlSecMSCryptoRsaPkcs1OaepProcess(transform, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoRsaPkcs1OaepProcess",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished;
} else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
return(-1);
}
return(0);
}
-static int
-xmlSecMSCryptoRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPtr transformCtx) {
- xmlSecMSCryptoRsaPkcs1CtxPtr ctx;
+static int
+xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx;
xmlSecBufferPtr in, out;
xmlSecSize inSize, outSize;
xmlSecSize keySize;
@@ -243,29 +260,29 @@ xmlSecMSCryptoRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPt
DWORD dwInLen;
DWORD dwBufLen;
DWORD dwOutLen;
- BYTE * outBuf;
- BYTE * inBuf;
+ xmlSecByte * outBuf;
+ xmlSecByte * inBuf;
int i;
- xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id), -1);
+ xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1);
xmlSecAssert2(transformCtx != NULL, -1);
- ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform);
+ ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->data != NULL, -1);
-
+
keySize = xmlSecKeyDataGetSize(ctx->data) / 8;
xmlSecAssert2(keySize > 0, -1);
-
+
in = &(transform->inBuf);
out = &(transform->outBuf);
-
+
inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
+ outSize = xmlSecBufferGetSize(out);
xmlSecAssert2(outSize == 0, -1);
-
+
/* the encoded size is equal to the keys size so we could not
* process more than that */
if((transform->operation == xmlSecTransformOperationEncrypt) && (inSize >= keySize)) {
@@ -283,11 +300,11 @@ xmlSecMSCryptoRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPt
"%d when expected %d", inSize, keySize);
return(-1);
}
-
- outSize = keySize;
+
+ outSize = keySize;
ret = xmlSecBufferSetMaxSize(out, outSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferSetMaxSize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
@@ -296,42 +313,64 @@ xmlSecMSCryptoRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPt
}
if(transform->operation == xmlSecTransformOperationEncrypt) {
- BYTE ch;
-
- if(inSize > outSize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "inSize=%d;outSize=%d",
- inSize, outSize);
- return(-1);
- }
-
- ret = xmlSecBufferSetData(out, xmlSecBufferGetData(in), inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
+ if(inSize > outSize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "inSize=%d;outSize=%d",
+ inSize, outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetData(out, xmlSecBufferGetData(in), inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
dwInLen = inSize;
dwBufLen = outSize;
- if (0 == (hKey = xmlSecMSCryptoKeyDataGetKey(ctx->data, xmlSecKeyDataTypePublic))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
+ if (0 == (hKey = xmlSecMSCryptoKeyDataGetKey(ctx->data, xmlSecKeyDataTypePublic))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecMSCryptoKeyDataGetKey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return (-1);
- }
-
- outBuf = xmlSecBufferGetData(out);
- xmlSecAssert2(outBuf != NULL, -1);
- if (!CryptEncrypt(hKey, 0, TRUE, 0, outBuf, &dwInLen, dwBufLen)) {
+ }
+
+ outBuf = xmlSecBufferGetData(out);
+ xmlSecAssert2(outBuf != NULL, -1);
+
+ /* set OAEP parameter for the key
+ *
+ * aleksey: I don't understand how this would work in multi-threaded
+ * environment or when key can be re-used multiple times
+ */
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaOaepId) && xmlSecBufferGetSize(&(ctx->oaepParams)) > 0) {
+ CRYPT_DATA_BLOB oaepParams;
+
+ memset(&oaepParams, 0, sizeof(oaepParams));
+ oaepParams.pbData = xmlSecBufferGetData(&(ctx->oaepParams));
+ oaepParams.cbData = xmlSecBufferGetSize(&(ctx->oaepParams));
+
+ if (!CryptSetKeyParam(hKey, KP_OAEP_PARAMS, (const BYTE*)&oaepParams, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptSetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (-1);
+ }
+ }
+
+ /* encrypt */
+ if (!CryptEncrypt(hKey, 0, TRUE, ctx->dwFlags, outBuf, &dwInLen, dwBufLen)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"CryptEncrypt",
@@ -340,39 +379,54 @@ xmlSecMSCryptoRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPt
return (-1);
}
- /* The output of CryptEncrypt is in little-endian format, so we have to convert to
- * big-endian first.
- */
- for(i = 0; i < outSize / 2; i++) {
- ch = outBuf[i];
- outBuf[i] = outBuf[outSize - (i + 1)];
- outBuf[outSize - (i + 1)] = ch;
- }
+ /* The output of CryptEncrypt is in little-endian format, so we have to convert to
+ * big-endian first.
+ */
+ ConvertEndianInPlace(outBuf, outSize);
} else {
- dwOutLen = inSize;
-
- /* The input of CryptDecrypt is expected to be little-endian,
- * so we have to convert from big-endian to little endian.
- */
- inBuf = xmlSecBufferGetData(in);
- outBuf = xmlSecBufferGetData(out);
-
- xmlSecAssert2(inBuf != 0, -1);
- xmlSecAssert2(outBuf != 0, -1);
- for (i = 0; i < inSize; i++) {
- outBuf[i] = inBuf[inSize - (i + 1)];
- }
-
- if (0 == (hKey = xmlSecMSCryptoKeyDataGetDecryptKey(ctx->data))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
+ dwOutLen = inSize;
+
+ /* The input of CryptDecrypt is expected to be little-endian,
+ * so we have to convert from big-endian to little endian.
+ */
+ inBuf = xmlSecBufferGetData(in);
+ outBuf = xmlSecBufferGetData(out);
+ ConvertEndian(inBuf, outBuf, inSize);
+
+ if (0 == (hKey = xmlSecMSCryptoKeyDataGetDecryptKey(ctx->data))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecMSCryptoKeyDataGetKey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return (-1);
- }
- if (!CryptDecrypt(hKey, 0, TRUE, 0, outBuf, &dwOutLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
+ }
+
+ /* set OAEP parameter for the key
+ *
+ * aleksey: I don't understand how this would work in multi-threaded
+ * environment or when key can be re-used multiple times
+ */
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaOaepId) && xmlSecBufferGetSize(&(ctx->oaepParams)) > 0) {
+ CRYPT_DATA_BLOB oaepParams;
+
+ memset(&oaepParams, 0, sizeof(oaepParams));
+ oaepParams.pbData = xmlSecBufferGetData(&(ctx->oaepParams));
+ oaepParams.cbData = xmlSecBufferGetSize(&(ctx->oaepParams));
+
+ if (!CryptSetKeyParam(hKey, KP_OAEP_PARAMS, (const BYTE*)&oaepParams, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptSetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (-1);
+ }
+ }
+
+ /* decrypt */
+ if (!CryptDecrypt(hKey, 0, TRUE, ctx->dwFlags, outBuf, &dwOutLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"CryptDecrypt",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
@@ -385,9 +439,9 @@ xmlSecMSCryptoRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPt
ret = xmlSecBufferSetSize(out, outSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetSize",
+ "xmlSecBufferSetSize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"size=%d", outSize);
return(-1);
@@ -395,7 +449,7 @@ xmlSecMSCryptoRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPt
ret = xmlSecBufferRemoveHead(in, inSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferRemoveHead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
@@ -406,5 +460,172 @@ xmlSecMSCryptoRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPt
return(0);
}
+
+/**********************************************************************
+ *
+ * RSA/PKCS1 transform
+ *
+ **********************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoRsaPkcs1OaepCtx, /* xmlSecSize objSize */
+
+ xmlSecNameRsaPkcs1, /* const xmlChar* name; */
+ xmlSecHrefRsaPkcs1, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoRsaPkcs1OaepInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoRsaPkcs1OaepFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoRsaPkcs1OaepSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoRsaPkcs1OaepSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoRsaPkcs1OaepExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+
+/**
+ * xmlSecMSCryptoTransformRsaPkcs1GetKlass:
+ *
+ * The RSA-PKCS1 key transport transform klass.
+ *
+ * Returns: RSA-PKCS1 key transport transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformRsaPkcs1GetKlass(void) {
+ return(&xmlSecMSCryptoRsaPkcs1Klass);
+}
+
+
+
+/**********************************************************************
+ *
+ * RSA/OAEP transform
+ *
+ **********************************************************************/
+static int xmlSecMSCryptoRsaOaepNodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+
+static xmlSecTransformKlass xmlSecMSCryptoRsaOaepKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoRsaPkcs1OaepCtx, /* xmlSecSize objSize */
+
+ xmlSecNameRsaOaep, /* const xmlChar* name; */
+ xmlSecHrefRsaOaep, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoRsaPkcs1OaepInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoRsaPkcs1OaepFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecMSCryptoRsaOaepNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoRsaPkcs1OaepSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoRsaPkcs1OaepSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoRsaPkcs1OaepExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+
+/**
+ * xmlSecMSCryptoTransformRsaOaepGetKlass:
+ *
+ * The RSA-OAEP key transport transform klass.
+ *
+ * Returns: RSA-OAEP key transport transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformRsaOaepGetKlass(void) {
+ return(&xmlSecMSCryptoRsaOaepKlass);
+}
+
+static int
+xmlSecMSCryptoRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->oaepParams)) == 0, -1);
+
+ cur = xmlSecGetNextElementNode(node->children);
+ while(cur != NULL) {
+ if(xmlSecCheckNodeName(cur, xmlSecNodeRsaOAEPparams, xmlSecEncNs)) {
+ ret = xmlSecBufferBase64NodeContentRead(&(ctx->oaepParams), cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferBase64NodeContentRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs)) {
+ xmlChar* algorithm;
+
+ /* Algorithm attribute is required */
+ algorithm = xmlGetProp(cur, xmlSecAttrAlgorithm);
+ if(algorithm == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+
+ /* for now we support only sha1 */
+ if(xmlStrcmp(algorithm, xmlSecHrefSha1) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(algorithm),
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ "digest algorithm is not supported for rsa/oaep");
+ xmlFree(algorithm);
+ return(-1);
+ }
+ xmlFree(algorithm);
+ } else {
+ /* not found */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* next node */
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ return(0);
+}
+
#endif /* XMLSEC_NO_RSA */
diff --git a/src/mscrypto/kw_aes.c b/src/mscrypto/kw_aes.c
new file mode 100644
index 00000000..14e96d5a
--- /dev/null
+++ b/src/mscrypto/kw_aes.c
@@ -0,0 +1,662 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ * Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <windows.h>
+#include <wincrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/mscrypto/crypto.h>
+
+#include "../kw_aes_des.h"
+#include "private.h"
+
+
+#ifndef XMLSEC_NO_AES
+
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ *********************************************************************/
+static int xmlSecMSCryptoKWAesBlockEncrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * cb_ctx);
+static int xmlSecMSCryptoKWAesBlockDecrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * cb_ctx);
+
+/* klass for KW AES operation */
+static xmlSecKWAesKlass xmlSecMSCryptoKWAesKlass = {
+ /* callbacks */
+ xmlSecMSCryptoKWAesBlockEncrypt, /* xmlSecKWAesBlockEncryptMethod encrypt; */
+ xmlSecMSCryptoKWAesBlockDecrypt, /* xmlSecKWAesBlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL /* void* reserved1; */
+};
+
+/**************************************************************************
+ *
+ * Internal MSCrypto KW AES cipher CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecMSCryptoKWAesCtx xmlSecMSCryptoKWAesCtx,
+ *xmlSecMSCryptoKWAesCtxPtr;
+struct _xmlSecMSCryptoKWAesCtx {
+ ALG_ID algorithmIdentifier;
+ const xmlSecMSCryptoProviderInfo * providers;
+ xmlSecKeyDataId keyId;
+ xmlSecSize keySize;
+
+ HCRYPTPROV cryptProvider;
+ HCRYPTKEY pubPrivKey;
+ xmlSecBuffer keyBuffer;
+};
+
+/******************************************************************************
+ *
+ * KW AES transforms
+ *
+ * xmlSecMSCryptoKWAesCtx block is located after xmlSecTransform structure
+ *
+ *****************************************************************************/
+#define xmlSecMSCryptoKWAesSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoKWAesCtx))
+#define xmlSecMSCryptoKWAesGetCtx(transform) \
+ ((xmlSecMSCryptoKWAesCtxPtr)(((unsigned char*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecMSCryptoKWAesInitialize (xmlSecTransformPtr transform);
+static void xmlSecMSCryptoKWAesFinalize (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoKWAesSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecMSCryptoKWAesSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecMSCryptoKWAesExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecMSCryptoKWAesCheckId (xmlSecTransformPtr transform);
+
+
+
+
+/* Ordered list of providers to search for algorithm implementation using
+ * xmlSecMSCryptoFindProvider() function
+ *
+ * MUST END with { NULL, 0 } !!!
+ */
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Aes[] = {
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV, PROV_RSA_AES},
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE, PROV_RSA_AES },
+ { NULL, 0 }
+};
+
+static int
+xmlSecMSCryptoKWAesCheckId(xmlSecTransformPtr transform) {
+
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWAes128Id) ||
+ xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWAes192Id) ||
+ xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWAes256Id)) {
+
+ return(1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecMSCryptoKWAesInitialize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoKWAesCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecMSCryptoKWAesCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWAesSize), -1);
+
+ ctx = xmlSecMSCryptoKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoKWAesCtx));
+
+ if(transform->id == xmlSecMSCryptoTransformKWAes128Id) {
+ ctx->algorithmIdentifier = CALG_AES_128;
+ ctx->keyId = xmlSecMSCryptoKeyDataAesId;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
+ ctx->keySize = XMLSEC_KW_AES128_KEY_SIZE;
+ } else if(transform->id == xmlSecMSCryptoTransformKWAes192Id) {
+ ctx->algorithmIdentifier = CALG_AES_192;
+ ctx->keyId = xmlSecMSCryptoKeyDataAesId;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
+ ctx->keySize = XMLSEC_KW_AES192_KEY_SIZE;
+ } else if(transform->id == xmlSecMSCryptoTransformKWAes256Id) {
+ ctx->algorithmIdentifier = CALG_AES_256;
+ ctx->keyId = xmlSecMSCryptoKeyDataAesId;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
+ ctx->keySize = XMLSEC_KW_AES256_KEY_SIZE;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferInitialize(&ctx->keyBuffer, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* find provider */
+ ctx->cryptProvider = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(ctx->cryptProvider == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoFindProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ return(-1);
+ }
+
+ /* Create dummy key to be able to import plain session keys */
+ if (!xmlSecMSCryptoCreatePrivateExponentOneKey(ctx->cryptProvider, &(ctx->pubPrivKey))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoCreatePrivateExponentOneKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecMSCryptoKWAesFinalize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoKWAesCtxPtr ctx;
+
+ xmlSecAssert(xmlSecMSCryptoKWAesCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWAesSize));
+
+ ctx = xmlSecMSCryptoKWAesGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if (ctx->pubPrivKey) {
+ CryptDestroyKey(ctx->pubPrivKey);
+ }
+ if (ctx->cryptProvider) {
+ CryptReleaseContext(ctx->cryptProvider, 0);
+ }
+
+ xmlSecBufferFinalize(&ctx->keyBuffer);
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoKWAesCtx));
+}
+
+static int
+xmlSecMSCryptoKWAesSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecMSCryptoKWAesCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecMSCryptoKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWAesSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecMSCryptoKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cryptProvider != 0, -1);
+
+ keyReq->keyId = ctx->keyId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
+
+ keyReq->keyBitsSize = 8 * ctx->keySize;
+ return(0);
+}
+
+
+
+static int
+xmlSecMSCryptoKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecMSCryptoKWAesCtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ xmlSecSize keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecMSCryptoKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWAesSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataAesId), -1);
+
+ ctx = xmlSecMSCryptoKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(buffer);
+ if(keySize < ctx->keySize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key=%d;expected=%d",
+ keySize, ctx->keySize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer),
+ xmlSecBufferGetData(buffer),
+ ctx->keySize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "expected-size=%d",
+ ctx->keySize);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecMSCryptoKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoKWAesCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize;
+ int ret;
+
+ xmlSecAssert2(xmlSecMSCryptoKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWAesSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecMSCryptoKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+ /* just do nothing */
+ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ if((inSize % 8) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size=%d(not 8 bytes aligned)", inSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* the encoded key might be 8 bytes longer plus 8 bytes just in case */
+ outSize = inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE +
+ XMLSEC_KW_AES_BLOCK_SIZE;
+ } else {
+ outSize = inSize + XMLSEC_KW_AES_BLOCK_SIZE;
+ }
+
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ ret = xmlSecKWAesEncode(&xmlSecMSCryptoKWAesKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWAesEncode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+ } else {
+ ret = xmlSecKWAesDecode(&xmlSecMSCryptoKWAesKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWAesEncode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "inSize%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ return(0);
+}
+
+
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ ********************************************************************/
+static int
+xmlSecMSCryptoKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ xmlSecMSCryptoKWAesCtxPtr ctx = (xmlSecMSCryptoKWAesCtxPtr)context;
+ HCRYPTKEY cryptKey = 0;
+ DWORD dwCLen;
+
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= XMLSEC_KW_AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->pubPrivKey != 0, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&ctx->keyBuffer) == ctx->keySize, -1);
+
+ /* Import this key and get an HCRYPTKEY handle, we do it again and again
+ to ensure we don't go into CBC mode */
+ if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->cryptProvider,
+ ctx->pubPrivKey,
+ ctx->algorithmIdentifier,
+ xmlSecBufferGetData(&ctx->keyBuffer),
+ xmlSecBufferGetSize(&ctx->keyBuffer),
+ TRUE,
+ &cryptKey)) {
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoImportPlainSessionBlob",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecAssert2(cryptKey != 0, -1);
+
+ /* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
+ * can be skipped. I hope this will work .... */
+ if(out != in) {
+ memcpy(out, in, inSize);
+ }
+ dwCLen = inSize;
+ if(!CryptEncrypt(cryptKey, 0, FALSE, 0, out, &dwCLen, outSize)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptEncrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* cleanup */
+ CryptDestroyKey(cryptKey);
+ return(dwCLen);
+}
+
+static int
+xmlSecMSCryptoKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ xmlSecMSCryptoKWAesCtxPtr ctx = (xmlSecMSCryptoKWAesCtxPtr)context;
+ HCRYPTKEY cryptKey = 0;
+ DWORD dwCLen;
+
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= XMLSEC_KW_AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->pubPrivKey != 0, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&ctx->keyBuffer) == ctx->keySize, -1);
+
+ /* Import this key and get an HCRYPTKEY handle, we do it again and again
+ to ensure we don't go into CBC mode */
+ if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->cryptProvider,
+ ctx->pubPrivKey,
+ ctx->algorithmIdentifier,
+ xmlSecBufferGetData(&ctx->keyBuffer),
+ xmlSecBufferGetSize(&ctx->keyBuffer),
+ TRUE,
+ &cryptKey)) {
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoImportPlainSessionBlob",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecAssert2(cryptKey != 0, -1);
+
+ /* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
+ * can be skipped. I hope this will work .... */
+ if(out != in) {
+ memcpy(out, in, inSize);
+ }
+ dwCLen = inSize;
+ if(!CryptDecrypt(cryptKey, 0, FALSE, 0, out, &dwCLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptEncrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* cleanup */
+ CryptDestroyKey(cryptKey);
+ return(dwCLen);
+}
+
+/*********************************************************************
+ *
+ * AES KW cipher transforms
+ *
+ ********************************************************************/
+
+/*
+ * The AES-128 kew wrapper transform klass.
+ */
+static xmlSecTransformKlass xmlSecMSCryptoKWAes128Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes128, /* const xmlChar* name; */
+ xmlSecHrefKWAes128, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformKWAes128GetKlass:
+ *
+ * The AES-128 kew wrapper transform klass.
+ *
+ * Returns: AES-128 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformKWAes128GetKlass(void) {
+ return(&xmlSecMSCryptoKWAes128Klass);
+}
+
+
+/*
+ * The AES-192 kew wrapper transform klass.
+ */
+static xmlSecTransformKlass xmlSecMSCryptoKWAes192Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes192, /* const xmlChar* name; */
+ xmlSecHrefKWAes192, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformKWAes192GetKlass:
+ *
+ * The AES-192 kew wrapper transform klass.
+ *
+ * Returns: AES-192 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformKWAes192GetKlass(void) {
+ return(&xmlSecMSCryptoKWAes192Klass);
+}
+
+/*
+ * The AES-256 kew wrapper transform klass.
+ */
+static xmlSecTransformKlass xmlSecMSCryptoKWAes256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes256, /* const xmlChar* name; */
+ xmlSecHrefKWAes256, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformKWAes256GetKlass:
+ *
+ * The AES-256 kew wrapper transform klass.
+ *
+ * Returns: AES-256 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformKWAes256GetKlass(void) {
+ return(&xmlSecMSCryptoKWAes256Klass);
+}
+
+#endif /* XMLSEC_NO_AES */
diff --git a/src/mscrypto/kw_des.c b/src/mscrypto/kw_des.c
new file mode 100644
index 00000000..6ef356d4
--- /dev/null
+++ b/src/mscrypto/kw_des.c
@@ -0,0 +1,730 @@
+/**
+ *
+ * XMLSec library
+ *
+ * DES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef XMLSEC_NO_DES
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <windows.h>
+#include <wincrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/mscrypto/crypto.h>
+
+#include "../kw_aes_des.h"
+#include "private.h"
+
+
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int xmlSecMSCryptoKWDes3GenerateRandom (void * context,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecMSCryptoKWDes3Sha1 (void * context,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecMSCryptoKWDes3BlockEncrypt (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecMSCryptoKWDes3BlockDecrypt (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+
+static xmlSecKWDes3Klass xmlSecMSCryptoKWDes3ImplKlass = {
+ /* callbacks */
+ xmlSecMSCryptoKWDes3GenerateRandom, /* xmlSecKWDes3GenerateRandomMethod generateRandom; */
+ xmlSecMSCryptoKWDes3Sha1, /* xmlSecKWDes3Sha1Method sha1; */
+ xmlSecMSCryptoKWDes3BlockEncrypt, /* xmlSecKWDes3BlockEncryptMethod encrypt; */
+ xmlSecMSCryptoKWDes3BlockDecrypt, /* xmlSecKWDes3BlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/*********************************************************************
+ *
+ * Triple DES Key Wrap transform
+ *
+ * key (xmlSecBuffer) is located after xmlSecTransform structure
+ *
+ ********************************************************************/
+typedef struct _xmlSecMSCryptoKWDes3Ctx xmlSecMSCryptoKWDes3Ctx,
+ *xmlSecMSCryptoKWDes3CtxPtr;
+struct _xmlSecMSCryptoKWDes3Ctx {
+ ALG_ID desAlgorithmIdentifier;
+ const xmlSecMSCryptoProviderInfo * desProviders;
+ ALG_ID sha1AlgorithmIdentifier;
+ const xmlSecMSCryptoProviderInfo * sha1Providers;
+ xmlSecKeyDataId keyId;
+ xmlSecSize keySize;
+
+ HCRYPTPROV desCryptProvider;
+ HCRYPTPROV sha1CryptProvider;
+ HCRYPTKEY pubPrivKey;
+ xmlSecBuffer keyBuffer;
+};
+#define xmlSecMSCryptoKWDes3Size \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoKWDes3Ctx))
+#define xmlSecMSCryptoKWDes3GetCtx(transform) \
+ ((xmlSecMSCryptoKWDes3CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecMSCryptoKWDes3Initialize (xmlSecTransformPtr transform);
+static void xmlSecMSCryptoKWDes3Finalize (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoKWDes3SetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecMSCryptoKWDes3SetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecMSCryptoKWDes3Execute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static xmlSecTransformKlass xmlSecMSCryptoKWDes3Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoKWDes3Size, /* xmlSecSize objSize */
+
+ xmlSecNameKWDes3, /* const xmlChar* name; */
+ xmlSecHrefKWDes3, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoKWDes3Initialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoKWDes3Finalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoKWDes3SetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoKWDes3SetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoKWDes3Execute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformKWDes3GetKlass:
+ *
+ * The Triple DES key wrapper transform klass.
+ *
+ * Returns: Triple DES key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformKWDes3GetKlass(void) {
+ return(&xmlSecMSCryptoKWDes3Klass);
+}
+
+/* Ordered list of providers to search for algorithm implementation using
+ * xmlSecMSCryptoFindProvider() function
+ *
+ * MUST END with { NULL, 0 } !!!
+ */
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Des[] = {
+ { MS_STRONG_PROV, PROV_RSA_FULL },
+ { MS_ENHANCED_PROV, PROV_RSA_FULL },
+ { NULL, 0 }
+};
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Sha1[] = {
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV, PROV_RSA_AES},
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE, PROV_RSA_AES },
+ { MS_STRONG_PROV, PROV_RSA_FULL },
+ { MS_ENHANCED_PROV, PROV_RSA_FULL },
+ { MS_DEF_PROV, PROV_RSA_FULL },
+ { NULL, 0 }
+};
+
+
+static int
+xmlSecMSCryptoKWDes3Initialize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size), -1);
+
+ ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoKWDes3Ctx));
+
+ if(transform->id == xmlSecMSCryptoTransformKWDes3Id) {
+ ctx->desAlgorithmIdentifier = CALG_3DES;
+ ctx->desProviders = xmlSecMSCryptoProviderInfo_Des;
+ ctx->sha1AlgorithmIdentifier = CALG_SHA1;
+ ctx->sha1Providers = xmlSecMSCryptoProviderInfo_Sha1;
+ ctx->keyId = xmlSecMSCryptoKeyDataDesId;
+ ctx->keySize = XMLSEC_KW_DES3_KEY_LENGTH;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* find providers */
+ ctx->desCryptProvider = xmlSecMSCryptoFindProvider(ctx->desProviders, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(ctx->desCryptProvider == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoFindProvider(des)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ return(-1);
+ }
+
+ ctx->sha1CryptProvider = xmlSecMSCryptoFindProvider(ctx->sha1Providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(ctx->sha1CryptProvider == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoFindProvider(sha1)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ return(-1);
+ }
+
+ /* Create dummy key to be able to import plain session keys */
+ if (!xmlSecMSCryptoCreatePrivateExponentOneKey(ctx->desCryptProvider, &(ctx->pubPrivKey))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoCreatePrivateExponentOneKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecMSCryptoKWDes3Finalize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx;
+
+ xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size));
+
+ ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if (ctx->pubPrivKey) {
+ CryptDestroyKey(ctx->pubPrivKey);
+ }
+ if (ctx->desCryptProvider) {
+ CryptReleaseContext(ctx->desCryptProvider, 0);
+ }
+ if (ctx->sha1CryptProvider) {
+ CryptReleaseContext(ctx->sha1CryptProvider, 0);
+ }
+
+ xmlSecBufferFinalize(&ctx->keyBuffer);
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoKWDes3Ctx));
+}
+
+static int
+xmlSecMSCryptoKWDes3SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecMSCryptoKeyDataDesId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage= xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage= xmlSecKeyUsageDecrypt;
+ }
+ keyReq->keyBitsSize = 8 * XMLSEC_KW_DES3_KEY_LENGTH;
+ return(0);
+}
+
+static int
+xmlSecMSCryptoKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ xmlSecSize keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataDesId), -1);
+
+ ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(buffer);
+ if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key length %d is not enough (%d expected)",
+ keySize, XMLSEC_KW_DES3_KEY_LENGTH);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", XMLSEC_KW_DES3_KEY_LENGTH);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecMSCryptoKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize, keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+ xmlSecAssert2(keySize == XMLSEC_KW_DES3_KEY_LENGTH, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+ /* just do nothing */
+ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "%d bytes - not %d bytes aligned",
+ inSize, XMLSEC_KW_DES3_BLOCK_LENGTH);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* the encoded key might be 16 bytes longer plus one block just in case */
+ outSize = inSize + XMLSEC_KW_DES3_IV_LENGTH +
+ XMLSEC_KW_DES3_BLOCK_LENGTH +
+ XMLSEC_KW_DES3_BLOCK_LENGTH;
+ } else {
+ /* just in case, add a block */
+ outSize = inSize + XMLSEC_KW_DES3_BLOCK_LENGTH;
+ }
+
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ ret = xmlSecKWDes3Encode(&xmlSecMSCryptoKWDes3ImplKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWDes3Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "key=%d,in=%d,out=%d",
+ keySize, inSize, outSize);
+ return(-1);
+ }
+ outSize = ret;
+ } else {
+ ret = xmlSecKWDes3Decode(&xmlSecMSCryptoKWDes3ImplKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWDes3Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "key=%d,in=%d,out=%d",
+ keySize, inSize, outSize);
+ return(-1);
+ }
+ outSize = ret;
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ return(0);
+}
+
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int
+xmlSecMSCryptoKWDes3Sha1(void * context,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx = (xmlSecMSCryptoKWDes3CtxPtr)context;
+ HCRYPTHASH mscHash = 0;
+ DWORD retLen;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->sha1CryptProvider != 0, -1);
+ xmlSecAssert2(ctx->sha1AlgorithmIdentifier != 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize > 0, -1);
+
+ /* create */
+ ret = CryptCreateHash(ctx->sha1CryptProvider,
+ ctx->sha1AlgorithmIdentifier,
+ 0,
+ 0,
+ &mscHash);
+ if((ret == 0) || (mscHash == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptCreateHash",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* hash */
+ ret = CryptHashData(mscHash,
+ in,
+ inSize,
+ 0);
+ if(ret == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptHashData",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", inSize);
+ CryptDestroyHash(mscHash);
+ return(-1);
+ }
+
+ /* get results */
+ retLen = outSize;
+ ret = CryptGetHashParam(mscHash,
+ HP_HASHVAL,
+ out,
+ &retLen,
+ 0);
+ if (ret == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetHashParam(HP_HASHVAL)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ CryptDestroyHash(mscHash);
+ return(-1);
+ }
+
+ /* done */
+ CryptDestroyHash(mscHash);
+ return(retLen);
+}
+
+static int
+xmlSecMSCryptoKWDes3GenerateRandom(void * context,
+ xmlSecByte * out, xmlSecSize outSize)
+{
+ xmlSecMSCryptoKWDes3CtxPtr ctx = (xmlSecMSCryptoKWDes3CtxPtr)context;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->desCryptProvider != 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize > 0, -1);
+
+ if(!CryptGenRandom(ctx->desCryptProvider, outSize, out)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGenRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "len=%d", outSize);
+ return(-1);
+ }
+
+ return((int)outSize);
+}
+
+static int
+xmlSecMSCryptoKWDes3BlockEncrypt(void * context,
+ const xmlSecByte * iv, xmlSecSize ivSize,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx = (xmlSecMSCryptoKWDes3CtxPtr)context;
+ DWORD dwBlockLen, dwBlockLenLen, dwCLen;
+ HCRYPTKEY cryptKey = 0;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ /* Import this key and get an HCRYPTKEY handle, we do it again and again
+ to ensure we don't go into CBC mode */
+ if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->desCryptProvider,
+ ctx->pubPrivKey,
+ ctx->desAlgorithmIdentifier,
+ xmlSecBufferGetData(&ctx->keyBuffer),
+ xmlSecBufferGetSize(&ctx->keyBuffer),
+ TRUE,
+ &cryptKey)) {
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoImportPlainSessionBlob",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecAssert2(cryptKey != 0, -1);
+
+ /* iv len == block len */
+ dwBlockLenLen = sizeof(DWORD);
+ if (!CryptGetKeyParam(cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* set IV */
+ if((ivSize < dwBlockLen / 8) || (!CryptSetKeyParam(cryptKey, KP_IV, iv, 0))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptSetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ivSize=%d, dwBlockLen=%d",
+ ivSize, dwBlockLen / 8);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
+ * can be skipped. I hope this will work .... */
+ if(out != in) {
+ memcpy(out, in, inSize);
+ }
+ dwCLen = inSize;
+ if(!CryptEncrypt(cryptKey, 0, FALSE, 0, out, &dwCLen, outSize)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptEncrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* cleanup */
+ CryptDestroyKey(cryptKey);
+ return(dwCLen);
+}
+
+static int
+xmlSecMSCryptoKWDes3BlockDecrypt(void * context,
+ const xmlSecByte * iv, xmlSecSize ivSize,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx = (xmlSecMSCryptoKWDes3CtxPtr)context;
+ DWORD dwBlockLen, dwBlockLenLen, dwCLen;
+ HCRYPTKEY cryptKey = 0;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ /* Import this key and get an HCRYPTKEY handle, we do it again and again
+ to ensure we don't go into CBC mode */
+ if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->desCryptProvider,
+ ctx->pubPrivKey,
+ ctx->desAlgorithmIdentifier,
+ xmlSecBufferGetData(&ctx->keyBuffer),
+ xmlSecBufferGetSize(&ctx->keyBuffer),
+ TRUE,
+ &cryptKey)) {
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoImportPlainSessionBlob",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecAssert2(cryptKey != 0, -1);
+
+ /* iv len == block len */
+ dwBlockLenLen = sizeof(DWORD);
+ if (!CryptGetKeyParam(cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* set IV */
+ if((ivSize < dwBlockLen / 8) || (!CryptSetKeyParam(cryptKey, KP_IV, iv, 0))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptSetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ivSize=%d, dwBlockLen=%d",
+ ivSize, dwBlockLen / 8);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
+ * can be skipped. I hope this will work .... */
+ if(out != in) {
+ memcpy(out, in, inSize);
+ }
+ dwCLen = inSize;
+ if(!CryptDecrypt(cryptKey, 0, FALSE, 0, out, &dwCLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptEncrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* cleanup */
+ CryptDestroyKey(cryptKey);
+ return(dwCLen);
+}
+
+
+#endif /* XMLSEC_NO_DES */
+
diff --git a/src/mscrypto/mingw-crypt32.def b/src/mscrypto/mingw-crypt32.def
index 0857d558..4ba99b2f 100644
--- a/src/mscrypto/mingw-crypt32.def
+++ b/src/mscrypto/mingw-crypt32.def
@@ -19,11 +19,15 @@ IMPORTS
CertGetCertificateChain@32 = crypt32.CertGetCertificateChain
CertGetCertificateContextProperty@16 = crypt32.CertGetCertificateContextProperty
CertGetNameStringA@24 = crypt32.CertGetNameStringA
+ CertGetNameStringW@24 = crypt32.CertGetNameStringW
CertGetPublicKeyLength@8 = crypt32.CertGetPublicKeyLength
CertNameToStrA@20 = crypt32.CertNameToStrA
+ CertNameToStrW@20 = crypt32.CertNameToStrW
CertOpenStore@20 = crypt32.CertOpenStore
CertOpenSystemStoreA@8 = crypt32.CertOpenSystemStoreA
+ CertOpenSystemStoreW@8 = crypt32.CertOpenSystemStoreW
CertStrToNameA@28 = crypt32.CertStrToNameA
+ CertStrToNameW@28 = crypt32.CertStrToNameW
CertVerifySubjectCertificateContext@12 = crypt32.CertVerifySubjectCertificateContext
CryptAcquireCertificatePrivateKey@24 = crypt32.CryptAcquireCertificatePrivateKey
CryptImportPublicKeyInfo@16 = crypt32.CryptImportPublicKeyInfo
diff --git a/src/mscrypto/private.h b/src/mscrypto/private.h
new file mode 100644
index 00000000..11479bff
--- /dev/null
+++ b/src/mscrypto/private.h
@@ -0,0 +1,130 @@
+/**
+ * XMLSec library
+ *
+ * THIS IS A PRIVATE XMLSEC HEADER FILE
+ * DON'T USE IT IN YOUR APPLICATION
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin, All rights reserved.
+ */
+#ifndef __XMLSEC_MSCRYPTO_PRIVATE_H__
+#define __XMLSEC_MSCRYPTO_PRIVATE_H__
+
+#ifndef XMLSEC_PRIVATE
+#error "private.h file contains private xmlsec definitions and should not be used outside xmlsec or xmlsec-<crypto> libraries"
+#endif /* XMLSEC_PRIVATE */
+
+#if defined(__MINGW32__)
+# include "xmlsec-mingw.h"
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+/********************************************************************
+ *
+ * Utils
+ *
+ ********************************************************************/
+int ConvertEndian (const xmlSecByte * src,
+ xmlSecByte * dst,
+ xmlSecSize size);
+int ConvertEndianInPlace (xmlSecByte * buf,
+ xmlSecSize size);
+
+/********************************************************************
+ *
+ * Crypto Providers
+ *
+ ********************************************************************/
+
+/* We need to redefine both to ensure that we can pick the right one at runtime (instead of compile time) */
+#define XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE_A "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)"
+#define XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE_W L"Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)"
+#ifdef UNICODE
+#define XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE_W
+#else
+#define XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE_A
+#endif
+
+#define XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_A "Microsoft Enhanced RSA and AES Cryptographic Provider"
+#define XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_W L"Microsoft Enhanced RSA and AES Cryptographic Provider"
+#ifdef UNICODE
+#define XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_W
+#else
+#define XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_A
+#endif
+
+/**
+ * xmlSecMSCryptoProviderInfo:
+ *
+ * Contains information for looking up provider from MS Crypto.
+ */
+typedef struct _xmlSecMSCryptoProviderInfo {
+ LPCTSTR providerName;
+ DWORD providerType;
+} xmlSecMSCryptoProviderInfo;
+
+HCRYPTPROV xmlSecMSCryptoFindProvider (const xmlSecMSCryptoProviderInfo * providers,
+ LPCTSTR pszContainer,
+ DWORD dwFlags,
+ BOOL bUseXmlSecContainer);
+
+
+/******************************************************************************
+ *
+ * SymKey Util functions
+ *
+ * Low level helper routines for importing plain text keys in MS HKEY handle,
+ * since MSCrypto API does not support import of plain text (session) keys
+ * just like that. These functions are based upon MS kb article #228786
+ * and "Base Provider Key BLOBs" article for priv key blob format.
+ *
+ ******************************************************************************/
+BOOL xmlSecMSCryptoCreatePrivateExponentOneKey (HCRYPTPROV hProv,
+ HCRYPTKEY *hPrivateKey);
+
+BOOL xmlSecMSCryptoImportPlainSessionBlob (HCRYPTPROV hProv,
+ HCRYPTKEY hPrivateKey,
+ ALG_ID dwAlgId,
+ LPBYTE pbKeyMaterial,
+ DWORD dwKeyMaterial,
+ BOOL bCheckKeyLength,
+ HCRYPTKEY *hSessionKey);
+
+/******************************************************************************
+ *
+ * X509 Util functions
+ *
+ ******************************************************************************/
+#ifndef XMLSEC_NO_X509
+PCCERT_CONTEXT xmlSecMSCryptoX509FindCertBySubject (HCERTSTORE store,
+ const LPTSTR wcSubject,
+ DWORD dwCertEncodingType);
+
+PCCERT_CONTEXT xmlSecMSCryptoX509StoreFindCert (xmlSecKeyDataStorePtr store,
+ xmlChar *subjectName,
+ xmlChar *issuerName,
+ xmlChar *issuerSerial,
+ xmlChar *ski,
+ xmlSecKeyInfoCtx* keyInfoCtx);
+
+xmlChar * xmlSecMSCryptoX509GetNameString (PCCERT_CONTEXT pCertContext,
+ DWORD dwType,
+ DWORD dwFlags,
+ void *pvTypePara);
+
+PCCERT_CONTEXT xmlSecMSCryptoX509StoreVerify (xmlSecKeyDataStorePtr store,
+ HCERTSTORE certs,
+ xmlSecKeyInfoCtx* keyInfoCtx);
+
+#endif /* XMLSEC_NO_X509 */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_MSCRYPTO_PRIVATE_H__ */
diff --git a/src/mscrypto/signatures.c b/src/mscrypto/signatures.c
index a567db7d..2c51f09a 100644
--- a/src/mscrypto/signatures.c
+++ b/src/mscrypto/signatures.c
@@ -1,12 +1,12 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
- * Copyrigth (C) 2003 Cordys R&D BV, All rights reserved.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
* Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com>
- * Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru).
+ * Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru).
*/
#include "globals.h"
@@ -27,29 +27,23 @@
#include <xmlsec/mscrypto/symbols.h>
#include <xmlsec/mscrypto/certkeys.h>
#include <xmlsec/mscrypto/x509.h>
+#include "private.h"
-/*FIXME: include header files*/
-extern HCRYPTPROV xmlSecMSCryptoKeyDataGetMSCryptoProvider(xmlSecKeyDataPtr data);
-extern DWORD xmlSecMSCryptoKeyDataGetMSCryptoKeySpec(xmlSecKeyDataPtr data);
-
-#if defined(__MINGW32__)
-# include "xmlsec-mingw.h"
-#endif
/**************************************************************************
*
* Internal MSCrypto signatures ctx
*
*****************************************************************************/
-typedef struct _xmlSecMSCryptoSignatureCtx xmlSecMSCryptoSignatureCtx,
- *xmlSecMSCryptoSignatureCtxPtr;
+typedef struct _xmlSecMSCryptoSignatureCtx xmlSecMSCryptoSignatureCtx,
+ *xmlSecMSCryptoSignatureCtxPtr;
struct _xmlSecMSCryptoSignatureCtx {
- xmlSecKeyDataPtr data;
- ALG_ID alg_id;
- HCRYPTHASH mscHash;
- ALG_ID digestAlgId;
- xmlSecKeyDataId keyId;
-};
+ xmlSecKeyDataPtr data;
+ ALG_ID alg_id;
+ HCRYPTHASH mscHash;
+ ALG_ID digestAlgId;
+ xmlSecKeyDataId keyId;
+};
/******************************************************************************
*
@@ -58,46 +52,80 @@ struct _xmlSecMSCryptoSignatureCtx {
* xmlSecMSCryptoSignatureCtx is located after xmlSecTransform
*
*****************************************************************************/
-#define xmlSecMSCryptoSignatureSize \
+#define xmlSecMSCryptoSignatureSize \
(sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoSignatureCtx))
#define xmlSecMSCryptoSignatureGetCtx(transform) \
((xmlSecMSCryptoSignatureCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-static int xmlSecMSCryptoSignatureCheckId (xmlSecTransformPtr transform);
-static int xmlSecMSCryptoSignatureInitialize (xmlSecTransformPtr transform);
-static void xmlSecMSCryptoSignatureFinalize (xmlSecTransformPtr transform);
-static int xmlSecMSCryptoSignatureSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecMSCryptoSignatureSetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecMSCryptoSignatureVerify (xmlSecTransformPtr transform,
- const xmlSecByte* data,
- xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecMSCryptoSignatureExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
+static int xmlSecMSCryptoSignatureCheckId (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoSignatureInitialize (xmlSecTransformPtr transform);
+static void xmlSecMSCryptoSignatureFinalize (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoSignatureSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecMSCryptoSignatureSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecMSCryptoSignatureVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecMSCryptoSignatureExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
static int xmlSecMSCryptoSignatureCheckId(xmlSecTransformPtr transform) {
#ifndef XMLSEC_NO_DSA
if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformDsaSha1Id)) {
- return(1);
+ return(1);
}
#endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaMd5Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha1Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha384Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha512Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
#ifndef XMLSEC_NO_GOST
if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2001GostR3411_94Id)) {
- return(1);
- }
+ return(1);
+ } else
#endif /* XMLSEC_NO_GOST*/
-#ifndef XMLSEC_NO_RSA
- if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha1Id)) {
- return(1);
+
+ /* not found */
+ {
+ return(0);
}
-#endif /* XMLSEC_NO_RSA */
return(0);
}
@@ -111,36 +139,70 @@ static int xmlSecMSCryptoSignatureInitialize(xmlSecTransformPtr transform) {
ctx = xmlSecMSCryptoSignatureGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
- memset(ctx, 0, sizeof(xmlSecMSCryptoSignatureCtx));
+ memset(ctx, 0, sizeof(xmlSecMSCryptoSignatureCtx));
+
+
+#ifndef XMLSEC_NO_DSA
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformDsaSha1Id)) {
+ ctx->digestAlgId = CALG_SHA1;
+ ctx->keyId = xmlSecMSCryptoKeyDataDsaId;
+ } else
+#endif /* XMLSEC_NO_DSA */
#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaMd5Id)) {
+ ctx->digestAlgId = CALG_MD5;
+ ctx->keyId = xmlSecMSCryptoKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha1Id)) {
- ctx->digestAlgId = CALG_SHA1;
- ctx->keyId = xmlSecMSCryptoKeyDataRsaId;
- } else
+ ctx->digestAlgId = CALG_SHA1;
+ ctx->keyId = xmlSecMSCryptoKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) {
+ ctx->digestAlgId = CALG_SHA_256;
+ ctx->keyId = xmlSecMSCryptoKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha384Id)) {
+ ctx->digestAlgId = CALG_SHA_384;
+ ctx->keyId = xmlSecMSCryptoKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha512Id)) {
+ ctx->digestAlgId = CALG_SHA_512;
+ ctx->keyId = xmlSecMSCryptoKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
#endif /* XMLSEC_NO_RSA */
#ifndef XMLSEC_NO_GOST
if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2001GostR3411_94Id)) {
- ctx->digestAlgId = CALG_MAGPRO_HASH_R3411_94;
- ctx->keyId = xmlSecMSCryptoKeyDataGost2001Id;
- } else
+ ctx->digestAlgId = CALG_MAGPRO_HASH_R3411_94;
+ ctx->keyId = xmlSecMSCryptoKeyDataGost2001Id;
+ } else
#endif /* XMLSEC_NO_GOST*/
-#ifndef XMLSEC_NO_DSA
- if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformDsaSha1Id)) {
- ctx->digestAlgId = CALG_SHA1;
- ctx->keyId = xmlSecMSCryptoKeyDataDsaId;
- } else
-#endif /* XMLSEC_NO_DSA */
-
- if(1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ /* not found */
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
@@ -156,15 +218,15 @@ static void xmlSecMSCryptoSignatureFinalize(xmlSecTransformPtr transform) {
xmlSecAssert(ctx != NULL);
if (ctx->mscHash) {
- CryptDestroyHash(ctx->mscHash);
+ CryptDestroyHash(ctx->mscHash);
}
if (ctx->data != NULL) {
- xmlSecKeyDataDestroy(ctx->data);
- ctx->data = NULL;
+ xmlSecKeyDataDestroy(ctx->data);
+ ctx->data = NULL;
}
- memset(ctx, 0, sizeof(xmlSecMSCryptoSignatureCtx));
+ memset(ctx, 0, sizeof(xmlSecMSCryptoSignatureCtx));
}
static int xmlSecMSCryptoSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
@@ -187,12 +249,12 @@ static int xmlSecMSCryptoSignatureSetKey(xmlSecTransformPtr transform, xmlSecKey
ctx->data = xmlSecKeyDataDuplicate(value);
if(ctx->data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecKeyDataDuplicate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKeyDataDuplicate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
@@ -212,27 +274,26 @@ static int xmlSecMSCryptoSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSe
keyReq->keyId = ctx->keyId;
if(transform->operation == xmlSecTransformOperationSign) {
- keyReq->keyType = xmlSecKeyDataTypePrivate;
- keyReq->keyUsage = xmlSecKeyUsageSign;
+ keyReq->keyType = xmlSecKeyDataTypePrivate;
+ keyReq->keyUsage = xmlSecKeyUsageSign;
} else {
- keyReq->keyType = xmlSecKeyDataTypePublic;
- keyReq->keyUsage = xmlSecKeyUsageVerify;
+ keyReq->keyType = xmlSecKeyDataTypePublic;
+ keyReq->keyUsage = xmlSecKeyUsageVerify;
}
return(0);
}
-
-static int xmlSecMSCryptoSignatureVerify(xmlSecTransformPtr transform,
- const xmlSecByte* data,
- xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx) {
+static int xmlSecMSCryptoSignatureVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
xmlSecMSCryptoSignatureCtxPtr ctx;
xmlSecBuffer tmp;
+ xmlSecByte *tmpBuf;
HCRYPTKEY hKey;
DWORD dwError;
- BYTE *tmpBuf, *j, *k, *l, *m;
int ret;
-
+
xmlSecAssert2(xmlSecMSCryptoSignatureCheckId(transform), -1);
xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoSignatureSize), -1);
@@ -246,94 +307,120 @@ static int xmlSecMSCryptoSignatureVerify(xmlSecTransformPtr transform,
ret = xmlSecBufferInitialize(&tmp, dataSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "dataSize=%d", dataSize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "dataSize=%d", dataSize);
+ return(-1);
}
-
+
tmpBuf = xmlSecBufferGetData(&tmp);
xmlSecAssert2(tmpBuf != NULL, -1);
-
+
/* Reverse the sig - Windows stores integers as octet streams in little endian
* order. The I2OSP algorithm used by XMLDSig to store integers is big endian */
- if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformDsaSha1Id)) {
- j = (BYTE *)data;
- k = (BYTE *)data + 20;
- l = tmpBuf + 19;
- m = tmpBuf + 39;
- while (l >= tmpBuf) {
- *l-- = *j++;
- *m-- = *k++;
- }
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaMd5Id)) {
+ ConvertEndian(data, tmpBuf, dataSize);
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha1Id)) {
+ ConvertEndian(data, tmpBuf, dataSize);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) {
+ ConvertEndian(data, tmpBuf, dataSize);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha384Id)) {
+ ConvertEndian(data, tmpBuf, dataSize);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha512Id)) {
+ ConvertEndian(data, tmpBuf, dataSize);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+#ifndef XMLSEC_NO_DSA
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformDsaSha1Id) && (dataSize == 40)) {
+ ConvertEndian(data, tmpBuf, 20);
+ ConvertEndian(data + 20, tmpBuf + 20, 20);
+ } else
+#endif /*endif XMLSEC_NO_DSA */
+
#ifndef XMLSEC_NO_GOST
- } else if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2001GostR3411_94Id)) {
- j = (BYTE *)data;
- l = tmpBuf + dataSize - 1;
- while (l >= tmpBuf) {
- *l-- = *j++;
- }
-#endif /*ndef XMLSEC_NO_GOST*/
- } else if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha1Id)) {
- j = (BYTE *)data;
- l = tmpBuf + dataSize - 1;
- while (l >= tmpBuf) {
- *l-- = *j++;
- }
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "Invalid algo");
- xmlSecBufferFinalize(&tmp);
- return(-1);
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2001GostR3411_94Id)) {
+ ConvertEndian(data, tmpBuf, dataSize);
+ } else
+#endif /* XMLSEC_NO_GOST*/
+
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "Invalid algo");
+ xmlSecBufferFinalize(&tmp);
+ return(-1);
}
hKey = xmlSecMSCryptoKeyDataGetKey(ctx->data, xmlSecKeyDataTypePublic);
if (hKey == 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecMSCryptoKeyDataGetKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBufferFinalize(&tmp);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoKeyDataGetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&tmp);
+ return(-1);
}
if (!CryptVerifySignature(ctx->mscHash,
- tmpBuf,
- dataSize,
- hKey,
- NULL,
- 0)) {
- dwError = GetLastError();
- if (NTE_BAD_SIGNATURE == dwError) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "CryptVerifySignature",
- XMLSEC_ERRORS_R_DATA_NOT_MATCH,
- "signature do not match");
- transform->status = xmlSecTransformStatusFail;
- xmlSecBufferFinalize(&tmp);
- return(0);
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "CryptVerifySignature",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBufferFinalize(&tmp);
- return (-1);
- }
+ tmpBuf,
+ dataSize,
+ hKey,
+ NULL,
+ 0)) {
+ dwError = GetLastError();
+ if (NTE_BAD_SIGNATURE == dwError) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "CryptVerifySignature",
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "signature do not match");
+ transform->status = xmlSecTransformStatusFail;
+ xmlSecBufferFinalize(&tmp);
+ return(0);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "CryptVerifySignature",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&tmp);
+ return (-1);
+ }
}
xmlSecBufferFinalize(&tmp);
transform->status = xmlSecTransformStatusOk;
return(0);
}
-static int
+
+
+static int
xmlSecMSCryptoSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecMSCryptoSignatureCtxPtr ctx;
HCRYPTPROV hProv;
@@ -342,7 +429,7 @@ xmlSecMSCryptoSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTra
xmlSecSize inSize, outSize;
int ret;
DWORD dwSigLen;
- BYTE *tmpBuf, *outBuf, *i, *j, *m, *n;
+ BYTE *tmpBuf, *outBuf;
xmlSecAssert2(xmlSecMSCryptoSignatureCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
@@ -355,163 +442,186 @@ xmlSecMSCryptoSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTra
in = &(transform->inBuf);
out = &(transform->outBuf);
inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
+ outSize = xmlSecBufferGetSize(out);
ctx = xmlSecMSCryptoSignatureGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->digestAlgId != 0, -1);
if(transform->status == xmlSecTransformStatusNone) {
- xmlSecAssert2(outSize == 0, -1);
-
- if (0 == (hProv = xmlSecMSCryptoKeyDataGetMSCryptoProvider(ctx->data))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecMSCryptoKeyDataGetMSCryptoProvider",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return (-1);
- }
- if (!CryptCreateHash(hProv, ctx->digestAlgId, 0, 0, &(ctx->mscHash))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptCreateHash",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- transform->status = xmlSecTransformStatusWorking;
+ xmlSecAssert2(outSize == 0, -1);
+
+ if (0 == (hProv = xmlSecMSCryptoKeyDataGetMSCryptoProvider(ctx->data))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoKeyDataGetMSCryptoProvider",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (-1);
+ }
+
+ if (!CryptCreateHash(hProv, ctx->digestAlgId, 0, 0, &(ctx->mscHash))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptCreateHash",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusWorking;
}
-
+
if((transform->status == xmlSecTransformStatusWorking) && (inSize > 0)) {
- xmlSecAssert2(outSize == 0, -1);
-
- if (!CryptHashData(ctx->mscHash, xmlSecBufferGetData(in), inSize, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptHashData",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecAssert2(outSize == 0, -1);
+
+ if (!CryptHashData(ctx->mscHash, xmlSecBufferGetData(in), inSize, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptHashData",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
- xmlSecBuffer tmp;
-
- xmlSecAssert2(outSize == 0, -1);
-
- if(transform->operation == xmlSecTransformOperationSign) {
- dwKeySpec = xmlSecMSCryptoKeyDataGetMSCryptoKeySpec(ctx->data);
- if (!CryptSignHash(ctx->mscHash, dwKeySpec, NULL, 0, NULL, &dwSigLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptSignHash",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- outSize = (xmlSecSize)dwSigLen;
-
- ret = xmlSecBufferInitialize(&tmp, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- return(-1);
- }
- tmpBuf = xmlSecBufferGetData(&tmp);
- xmlSecAssert2(tmpBuf != NULL, -1);
-
- if (!CryptSignHash(ctx->mscHash, dwKeySpec, NULL, 0, tmpBuf, &dwSigLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CryptSignHash",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBufferFinalize(&tmp);
- return(-1);
- }
- outSize = (xmlSecSize)dwSigLen;
-
- ret = xmlSecBufferSetSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- xmlSecBufferFinalize(&tmp);
- return(-1);
- }
- outBuf = xmlSecBufferGetData(out);
- xmlSecAssert2(outBuf != NULL, -1);
-
- /* Now encode into a signature block,
- * convert signature value to big endian */
- if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformDsaSha1Id)) {
- i = tmpBuf;
- j = tmpBuf + 20;
- m = outBuf + 19;
- n = outBuf + 39;
- while (m >= outBuf) {
- *m-- = *i++;
- *n-- = *j++;
- }
+ xmlSecBuffer tmp;
+
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->operation == xmlSecTransformOperationSign) {
+ dwKeySpec = xmlSecMSCryptoKeyDataGetMSCryptoKeySpec(ctx->data);
+ if (!CryptSignHash(ctx->mscHash, dwKeySpec, NULL, 0, NULL, &dwSigLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptSignHash",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = (xmlSecSize)dwSigLen;
+
+ ret = xmlSecBufferInitialize(&tmp, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+ tmpBuf = xmlSecBufferGetData(&tmp);
+ xmlSecAssert2(tmpBuf != NULL, -1);
+
+ if (!CryptSignHash(ctx->mscHash, dwKeySpec, NULL, 0, tmpBuf, &dwSigLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptSignHash",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&tmp);
+ return(-1);
+ }
+ outSize = (xmlSecSize)dwSigLen;
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ xmlSecBufferFinalize(&tmp);
+ return(-1);
+ }
+ outBuf = xmlSecBufferGetData(out);
+ xmlSecAssert2(outBuf != NULL, -1);
+
+ /* Reverse the sig - Windows stores integers as octet streams in little endian
+ * order. The I2OSP algorithm used by XMLDSig to store integers is big endian */
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaMd5Id)) {
+ ConvertEndian(tmpBuf, outBuf, outSize);
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha1Id)) {
+ ConvertEndian(tmpBuf, outBuf, outSize);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) {
+ ConvertEndian(tmpBuf, outBuf, outSize);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha384Id)) {
+ ConvertEndian(tmpBuf, outBuf, outSize);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha512Id)) {
+ ConvertEndian(tmpBuf, outBuf, outSize);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA*/
+
+#ifndef XMLSEC_NO_DSA
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformDsaSha1Id) && (outSize == 40)) {
+ ConvertEndian(tmpBuf, outBuf, 20);
+ ConvertEndian(tmpBuf + 20, outBuf + 20, 20);
+ } else
+#endif /* XMLSEC_NO_DSA*/
+
#ifndef XMLSEC_NO_GOST
- } else if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2001GostR3411_94Id)) {
- i = tmpBuf;
- j = outBuf + dwSigLen - 1;
-
- while (j >= outBuf) {
- *j-- = *i++;
- }
-#endif /*ndef XMLSEC_NO_GOST*/
- } else if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha1Id)) {
- i = tmpBuf;
- j = outBuf + dwSigLen - 1;
-
- while (j >= outBuf) {
- *j-- = *i++;
- }
- } else {
- /* We shouldn't get at this place */
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "Invalid algo");
- xmlSecBufferFinalize(&tmp);
- return(-1);
- }
- xmlSecBufferFinalize(&tmp);
- }
- transform->status = xmlSecTransformStatusFinished;
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2001GostR3411_94Id)) {
+ ConvertEndian(tmpBuf, outBuf, outSize);
+ } else
+#endif /* XMLSEC_NO_GOST*/
+
+ {
+ /* We shouldn't get at this place */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "Invalid algo");
+ xmlSecBufferFinalize(&tmp);
+ return(-1);
+ }
+ xmlSecBufferFinalize(&tmp);
+ }
+ transform->status = xmlSecTransformStatusFinished;
}
-
+
if((transform->status == xmlSecTransformStatusWorking) || (transform->status == xmlSecTransformStatusFinished)) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
return(0);
@@ -519,6 +629,54 @@ xmlSecMSCryptoSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTra
#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+/****************************************************************************
+ *
+ * RSA-MD5 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoRsaMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaMd5, /* const xmlChar* name; */
+ xmlSecHrefRsaMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformRsaMd5GetKlass:
+ *
+ * The RSA-MD5 signature transform klass.
+ *
+ * Returns: RSA-MD5 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformRsaMd5GetKlass(void) {
+ return(&xmlSecMSCryptoRsaMd5Klass);
+}
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
/****************************************************************************
*
* RSA-SHA1 signature transform
@@ -526,42 +684,181 @@ xmlSecMSCryptoSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTra
***************************************************************************/
static xmlSecTransformKlass xmlSecMSCryptoRsaSha1Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
-
- xmlSecNameRsaSha1, /* const xmlChar* name; */
- xmlSecHrefRsaSha1, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha1, /* const xmlChar* name; */
+ xmlSecHrefRsaSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecMSCryptoTransformRsaSha1GetKlass:
- *
+ *
* The RSA-SHA1 signature transform klass.
*
* Returns: RSA-SHA1 signature transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecMSCryptoTransformRsaSha1GetKlass(void) {
return(&xmlSecMSCryptoRsaSha1Klass);
}
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/****************************************************************************
+ *
+ * RSA-SHA256 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoRsaSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha256, /* const xmlChar* name; */
+ xmlSecHrefRsaSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformRsaSha256GetKlass:
+ *
+ * The RSA-SHA256 signature transform klass.
+ *
+ * Returns: RSA-SHA256 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformRsaSha256GetKlass(void) {
+ return(&xmlSecMSCryptoRsaSha256Klass);
+}
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/****************************************************************************
+ *
+ * RSA-SHA384 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoRsaSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha384, /* const xmlChar* name; */
+ xmlSecHrefRsaSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformRsaSha384GetKlass:
+ *
+ * The RSA-SHA384 signature transform klass.
+ *
+ * Returns: RSA-SHA384 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformRsaSha384GetKlass(void) {
+ return(&xmlSecMSCryptoRsaSha384Klass);
+}
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/****************************************************************************
+ *
+ * RSA-SHA2512 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoRsaSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha512, /* const xmlChar* name; */
+ xmlSecHrefRsaSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformRsaSha512GetKlass:
+ *
+ * The RSA-SHA512 signature transform klass.
+ *
+ * Returns: RSA-SHA512 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformRsaSha512GetKlass(void) {
+ return(&xmlSecMSCryptoRsaSha512Klass);
+}
+#endif /* XMLSEC_NO_SHA512 */
#endif /* XMLSEC_NO_RSA */
@@ -574,39 +871,39 @@ xmlSecMSCryptoTransformRsaSha1GetKlass(void) {
static xmlSecTransformKlass xmlSecMSCryptoDsaSha1Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
-
- xmlSecNameDsaSha1, /* const xmlChar* name; */
- xmlSecHrefDsaSha1, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameDsaSha1, /* const xmlChar* name; */
+ xmlSecHrefDsaSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecMSCryptoTransformDsaSha1GetKlass:
- *
+ *
* The DSA-SHA1 signature transform klass.
*
* Returns: DSA-SHA1 signature transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecMSCryptoTransformDsaSha1GetKlass(void) {
return(&xmlSecMSCryptoDsaSha1Klass);
}
@@ -622,39 +919,39 @@ xmlSecMSCryptoTransformDsaSha1GetKlass(void) {
static xmlSecTransformKlass xmlSecMSCryptoGost2001GostR3411_94Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
-
- xmlSecNameGost2001GostR3411_94, /* const xmlChar* name; */
- xmlSecHrefGost2001GostR3411_94, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameGost2001GostR3411_94, /* const xmlChar* name; */
+ xmlSecHrefGost2001GostR3411_94, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecMSCryptoTransformGost2001GostR3411_94GetKlass:
- *
+ *
* The GOST2001-GOSTR3411_94 signature transform klass.
*
* Returns: GOST2001-GOSTR3411_94 signature transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecMSCryptoTransformGost2001GostR3411_94GetKlass(void) {
return(&xmlSecMSCryptoGost2001GostR3411_94Klass);
}
diff --git a/src/mscrypto/symkeys.c b/src/mscrypto/symkeys.c
index 371c52de..658a6d49 100644
--- a/src/mscrypto/symkeys.c
+++ b/src/mscrypto/symkeys.c
@@ -1,13 +1,13 @@
-/**
+/**
*
* XMLSec library
- *
+ *
* DES Algorithm support
- *
+ *
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
- * Copyrigth (C) 2003 Cordys R&D BV, All rights reserved.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
*/
#include "globals.h"
@@ -26,45 +26,578 @@
#include <xmlsec/errors.h>
#include <xmlsec/mscrypto/crypto.h>
+#include "private.h"
/*****************************************************************************
- *
+ *
* Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
*
****************************************************************************/
-static int xmlSecMSCryptoSymKeyDataInitialize (xmlSecKeyDataPtr data);
-static int xmlSecMSCryptoSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
- xmlSecKeyDataPtr src);
-static void xmlSecMSCryptoSymKeyDataFinalize (xmlSecKeyDataPtr data);
-static int xmlSecMSCryptoSymKeyDataXmlRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecMSCryptoSymKeyDataXmlWrite (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecMSCryptoSymKeyDataBinRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- const unsigned char* buf,
- size_t bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecMSCryptoSymKeyDataBinWrite (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- unsigned char** buf,
- size_t* bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecMSCryptoSymKeyDataGenerate (xmlSecKeyDataPtr data,
- size_t sizeBits,
- xmlSecKeyDataType type);
+static int xmlSecMSCryptoSymKeyDataInitialize (xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecMSCryptoSymKeyDataFinalize (xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoSymKeyDataXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoSymKeyDataXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoSymKeyDataBinRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ const unsigned char* buf,
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoSymKeyDataBinWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ unsigned char** buf,
+ xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoSymKeyDataGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
static xmlSecKeyDataType xmlSecMSCryptoSymKeyDataGetType(xmlSecKeyDataPtr data);
-static size_t xmlSecMSCryptoSymKeyDataGetSize (xmlSecKeyDataPtr data);
-static void xmlSecMSCryptoSymKeyDataDebugDump (xmlSecKeyDataPtr data,
- FILE* output);
-static void xmlSecMSCryptoSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
- FILE* output);
-static int xmlSecMSCryptoSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
+static xmlSecSize xmlSecMSCryptoSymKeyDataGetSize (xmlSecKeyDataPtr data);
+static void xmlSecMSCryptoSymKeyDataDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecMSCryptoSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static int xmlSecMSCryptoSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
+
+/*
+ * GENERIC HELPER FUNCTIONS
+ */
+
+#define xmlSecMSCryptoSymKeyDataCheckId(data) \
+ (xmlSecKeyDataIsValid((data)) && \
+ xmlSecMSCryptoSymKeyDataKlassCheck((data)->id))
+
+static int
+xmlSecMSCryptoSymKeyDataInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecMSCryptoSymKeyDataCheckId(data), -1);
+
+ return(xmlSecKeyDataBinaryValueInitialize(data));
+}
+
+static int
+xmlSecMSCryptoSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecMSCryptoSymKeyDataCheckId(dst), -1);
+ xmlSecAssert2(xmlSecMSCryptoSymKeyDataCheckId(src), -1);
+ xmlSecAssert2(dst->id == src->id, -1);
+
+ return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
+}
+
+static void
+xmlSecMSCryptoSymKeyDataFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecMSCryptoSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueFinalize(data);
+}
+
+static int
+xmlSecMSCryptoSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecMSCryptoSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
+}
+
+static int
+xmlSecMSCryptoSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecMSCryptoSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
+}
+
+static int
+xmlSecMSCryptoSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ const unsigned char* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecMSCryptoSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
+}
+
+static int
+xmlSecMSCryptoSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ unsigned char** buf, xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecMSCryptoSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
+}
+
+static int
+xmlSecMSCryptoSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecMSCryptoSymKeyDataCheckId(data), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecMSCryptoGenerateRandom(buffer, (sizeBits + 7) / 8));
+}
+
+static xmlSecKeyDataType
+xmlSecMSCryptoSymKeyDataGetType(xmlSecKeyDataPtr data) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecMSCryptoSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
+
+ return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
+}
+
+static xmlSecSize
+xmlSecMSCryptoSymKeyDataGetSize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecMSCryptoSymKeyDataCheckId(data), 0);
+
+ return(xmlSecKeyDataBinaryValueGetSize(data));
+}
+
+static void
+xmlSecMSCryptoSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecMSCryptoSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueDebugDump(data, output);
+}
+
+static void
+xmlSecMSCryptoSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecMSCryptoSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
+}
+
+static int
+xmlSecMSCryptoSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
+
+#ifndef XMLSEC_NO_DES
+ if(klass == xmlSecMSCryptoKeyDataDesId) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(klass == xmlSecMSCryptoKeyDataAesId) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_HMAC
+ if(klass == xmlSecMSCryptoKeyDataHmacId) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_HMAC */
+
+ {
+ return(0);
+ }
+
+ return(0);
+}
+
+
+/******************************************************************************
+ *
+ * Utils
+ *
+ * Low level helper routines for importing plain text keys in MS HKEY handle,
+ * since MSCrypto API does not support import of plain text (session) keys
+ * just like that. These functions are based upon MS kb article #228786
+ * and "Base Provider Key BLOBs" article for priv key blob format.
+ *
+ ******************************************************************************/
+BOOL
+xmlSecMSCryptoCreatePrivateExponentOneKey(HCRYPTPROV hProv, HCRYPTKEY *hPrivateKey)
+{
+ HCRYPTKEY hKey = 0;
+ LPBYTE keyBlob = NULL;
+ DWORD keyBlobLen;
+ PUBLICKEYSTRUC* pubKeyStruc;
+ RSAPUBKEY* rsaPubKey;
+ DWORD bitLen;
+ BYTE *ptr;
+ int n;
+ BOOL res = FALSE;
+
+ xmlSecAssert2(hProv != 0, FALSE);
+ xmlSecAssert2(hPrivateKey != NULL, FALSE);
+
+ /* just in case */
+ *hPrivateKey = 0;
+
+ /* Generate the private key */
+ if(!CryptGenKey(hProv, AT_KEYEXCHANGE, CRYPT_EXPORTABLE, &hKey)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGenKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* Export the private key, we'll convert it to a private exponent of one key */
+ if(!CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, NULL, &keyBlobLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ keyBlob = (LPBYTE)xmlMalloc(sizeof(BYTE) * keyBlobLen);
+ if(keyBlob == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ if(!CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, keyBlob, &keyBlobLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ CryptDestroyKey(hKey);
+ hKey = 0;
+
+ /* Get the bit length of the key */
+ if(keyBlobLen < sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "len=%ld", keyBlobLen);
+ goto done;
+ }
+ pubKeyStruc = (PUBLICKEYSTRUC*)keyBlob;
+ if(pubKeyStruc->bVersion != 0x02) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "pubKeyStruc->bVersion=%d", pubKeyStruc->bVersion);
+ goto done;
+ }
+ if(pubKeyStruc->bType != PRIVATEKEYBLOB) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "pubKeyStruc->bType=%d", (int)pubKeyStruc->bType);
+ goto done;
+ }
+
+ /* aleksey: don't ask me why it is RSAPUBKEY, just don't ask */
+ rsaPubKey = (RSAPUBKEY*)(keyBlob + sizeof(PUBLICKEYSTRUC));
+
+ /* check that we have RSA private key */
+ if(rsaPubKey->magic != 0x32415352) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "rsaPubKey->magic=0x%08lx", rsaPubKey->magic);
+ goto done;
+ }
+ bitLen = rsaPubKey->bitlen;
+
+ /* Modify the Exponent in Key BLOB format Key BLOB format is documented in SDK */
+ rsaPubKey->pubexp = 1;
+
+ /* Private-key BLOBs, type PRIVATEKEYBLOB, are used to store private keys outside a CSP.
+ * Base provider private-key BLOBs have the following format:
+ *
+ * PUBLICKEYSTRUC publickeystruc ;
+ * RSAPUBKEY rsapubkey;
+ * BYTE modulus[rsapubkey.bitlen/8]; 1/8
+ * BYTE prime1[rsapubkey.bitlen/16]; 1/16
+ * BYTE prime2[rsapubkey.bitlen/16]; 1/16
+ * BYTE exponent1[rsapubkey.bitlen/16]; 1/16
+ * BYTE exponent2[rsapubkey.bitlen/16]; 1/16
+ * BYTE coefficient[rsapubkey.bitlen/16]; 1/16
+ * BYTE privateExponent[rsapubkey.bitlen/8]; 1/8
+ */
+ if(keyBlobLen < sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY) + bitLen / 2 + bitLen / 16) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "len=%ld", keyBlobLen);
+ goto done;
+ }
+ ptr = (BYTE*)(keyBlob + sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY));
+
+ /* Skip modulus, prime1, prime2 */
+ ptr += bitLen / 8;
+ ptr += bitLen / 16;
+ ptr += bitLen / 16;
+
+ /* Convert exponent1 to 1 */
+ for (n = 0; n < (bitLen / 16); n++) {
+ if (n == 0) ptr[n] = 1;
+ else ptr[n] = 0;
+ }
+ ptr += bitLen / 16;
+
+ /* Convert exponent2 to 1 */
+ for (n = 0; n < (bitLen / 16); n++) {
+ if (n == 0) ptr[n] = 1;
+ else ptr[n] = 0;
+ }
+ ptr += bitLen / 16;
+
+ /* Skip coefficient */
+ ptr += bitLen / 16;
+
+ /* Convert privateExponent to 1 */
+ for (n = 0; n < (bitLen / 16); n++) {
+ if (n == 0) ptr[n] = 1;
+ else ptr[n] = 0;
+ }
+
+ /* Import the exponent-of-one private key. */
+ if (!CryptImportKey(hProv, keyBlob, keyBlobLen, 0, 0, &hKey)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptImportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ (*hPrivateKey) = hKey;
+ hKey = 0;
+ res = TRUE;
+
+done:
+ if(keyBlob != NULL) {
+ xmlFree(keyBlob);
+ }
+ if (hKey != 0) {
+ CryptDestroyKey(hKey);
+ }
+
+ return res;
+}
+
+BOOL
+xmlSecMSCryptoImportPlainSessionBlob(HCRYPTPROV hProv, HCRYPTKEY hPrivateKey,
+ ALG_ID dwAlgId, LPBYTE pbKeyMaterial,
+ DWORD dwKeyMaterial, BOOL bCheckKeyLength,
+ HCRYPTKEY *hSessionKey) {
+ ALG_ID dwPrivKeyAlg;
+ LPBYTE keyBlob = NULL;
+ DWORD keyBlobLen, rndBlobSize, dwSize, n;
+ PUBLICKEYSTRUC* pubKeyStruc;
+ ALG_ID* algId;
+ DWORD dwPublicKeySize;
+ DWORD dwProvSessionKeySize = 0;
+ LPBYTE pbPtr;
+ DWORD dwFlags;
+ PROV_ENUMALGS_EX ProvEnum;
+ HCRYPTKEY hTempKey = 0;
+ BOOL fFound;
+ BOOL res = FALSE;
+
+ xmlSecAssert2(hProv != 0, FALSE);
+ xmlSecAssert2(hPrivateKey != 0, FALSE);
+ xmlSecAssert2(pbKeyMaterial != NULL, FALSE);
+ xmlSecAssert2(dwKeyMaterial > 0, FALSE);
+ xmlSecAssert2(hSessionKey != NULL, FALSE);
+
+ /* Double check to see if this provider supports this algorithm and key size */
+ fFound = FALSE;
+ dwFlags = CRYPT_FIRST;
+ dwSize = sizeof(ProvEnum);
+ while(CryptGetProvParam(hProv, PP_ENUMALGS_EX, (LPBYTE)&ProvEnum, &dwSize, dwFlags)) {
+ if (ProvEnum.aiAlgid == dwAlgId) {
+ fFound = TRUE;
+ break;
+ }
+ dwSize = sizeof(ProvEnum);
+ dwFlags = 0;
+ }
+ if(!fFound) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetProvParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "algId=%d is not supported", dwAlgId);
+ goto done;
+ }
+
+ if(bCheckKeyLength) {
+ /* We have to get the key size(including padding) from an HCRYPTKEY handle.
+ * PP_ENUMALGS_EX contains the key size without the padding so we can't use it.
+ */
+ if(!CryptGenKey(hProv, dwAlgId, 0, &hTempKey)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGenKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "algId=%d", dwAlgId);
+ goto done;
+ }
+
+ dwSize = sizeof(DWORD);
+ if(!CryptGetKeyParam(hTempKey, KP_KEYLEN, (LPBYTE)&dwProvSessionKeySize, &dwSize, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetKeyParam(KP_KEYLEN)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "algId=%d", dwAlgId);
+ goto done;
+ }
+ CryptDestroyKey(hTempKey);
+ hTempKey = 0;
+
+ /* yell if key is too big */
+ if ((dwKeyMaterial * 8) > dwProvSessionKeySize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "dwKeyMaterial=%ld;dwProvSessionKeySize=%ld",
+ dwKeyMaterial, dwProvSessionKeySize);
+ goto done;
+ }
+ } else {
+ dwProvSessionKeySize = dwKeyMaterial * 8;
+ }
+
+ /* Get private key's algorithm */
+ dwSize = sizeof(ALG_ID);
+ if(!CryptGetKeyParam(hPrivateKey, KP_ALGID, (LPBYTE)&dwPrivKeyAlg, &dwSize, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetKeyParam(KP_ALGID)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "algId=%d", dwAlgId);
+ goto done;
+ }
+
+ /* Get private key's length in bits */
+ dwSize = sizeof(DWORD);
+ if(!CryptGetKeyParam(hPrivateKey, KP_KEYLEN, (LPBYTE)&dwPublicKeySize, &dwSize, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetKeyParam(KP_KEYLEN)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "algId=%d", dwAlgId);
+ goto done;
+ }
+
+ /* 3 is for the first reserved byte after the key material and the 2 reserved bytes at the end. */
+ if(dwPublicKeySize / 8 < dwKeyMaterial + 3) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "dwKeyMaterial=%ld;dwPublicKeySize=%ld",
+ dwKeyMaterial, dwPublicKeySize);
+ goto done;
+ }
+ rndBlobSize = dwPublicKeySize / 8 - (dwKeyMaterial + 3);
+
+ /* Simple key BLOBs, type SIMPLEBLOB, are used to store and transport session keys outside a CSP.
+ * Base provider simple-key BLOBs are always encrypted with a key exchange public key. The pbData
+ * member of the SIMPLEBLOB is a sequence of bytes in the following format:
+ *
+ * PUBLICKEYSTRUC publickeystruc ;
+ * ALG_ID algid;
+ * BYTE encryptedkey[rsapubkey.bitlen/8];
+ */
+
+ /* calculate Simple blob's length */
+ keyBlobLen = sizeof(PUBLICKEYSTRUC) + sizeof(ALG_ID) + (dwPublicKeySize / 8);
+
+ /* allocate simple blob buffer */
+ keyBlob = (LPBYTE)xmlMalloc(sizeof(BYTE) * keyBlobLen);
+ if(keyBlob == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ memset(keyBlob, 0, keyBlobLen);
+
+ /* initialize PUBLICKEYSTRUC */
+ pubKeyStruc = (PUBLICKEYSTRUC*)(keyBlob);
+ pubKeyStruc->bType = SIMPLEBLOB;
+ pubKeyStruc->bVersion = 0x02;
+ pubKeyStruc->reserved = 0;
+ pubKeyStruc->aiKeyAlg = dwAlgId;
+
+ /* Copy private key algorithm to buffer */
+ algId = (ALG_ID*)(keyBlob + sizeof(PUBLICKEYSTRUC));
+ (*algId) = dwPrivKeyAlg;
+
+ /* Place the key material in reverse order */
+ pbPtr = (BYTE*)(keyBlob + sizeof(PUBLICKEYSTRUC) + sizeof(ALG_ID));
+ for (n = 0; n < dwKeyMaterial; n++) {
+ pbPtr[n] = pbKeyMaterial[dwKeyMaterial - n - 1];
+ }
+ pbPtr += dwKeyMaterial;
+
+ /* skip reserved byte */
+ pbPtr += 1;
+
+ /* Generate random data for the rest of the buffer */
+ if((rndBlobSize > 0) && !CryptGenRandom(hProv, rndBlobSize, pbPtr)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGenRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "rndBlobSize=%ld", rndBlobSize);
+ goto done;
+ }
+ /* aleksey: why are we doing this? */
+ for (n = 0; n < rndBlobSize; n++) {
+ if (pbPtr[n] == 0) pbPtr[n] = 1;
+ }
+
+ /* set magic number at the end */
+ keyBlob[keyBlobLen - 2] = 2;
+
+ if(!CryptImportKey(hProv, keyBlob , keyBlobLen, hPrivateKey, CRYPT_EXPORTABLE, hSessionKey)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptImportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "algId=%d", dwAlgId);
+ goto done;
+ }
+
+ /* success */
+ res = TRUE;
+
+done:
+ if(hTempKey != 0) {
+ CryptDestroyKey(hTempKey);
+ }
+ if(keyBlob != NULL) {
+ xmlFree(keyBlob);
+ }
+ return(res);
+}
#ifndef XMLSEC_NO_AES
/**************************************************************************
@@ -78,55 +611,55 @@ static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataAesKlass = {
/* data */
xmlSecNameAESKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefAESKeyValue, /* const xmlChar* href; */
- xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
- xmlSecNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefAESKeyValue, /* const xmlChar* href; */
+ xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- xmlSecMSCryptoSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecMSCryptoSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecMSCryptoSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- xmlSecMSCryptoSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
+ xmlSecMSCryptoSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecMSCryptoSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecMSCryptoSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecMSCryptoSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
/* get info */
- xmlSecMSCryptoSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
- xmlSecMSCryptoSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ xmlSecMSCryptoSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecMSCryptoSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- xmlSecMSCryptoSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecMSCryptoSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- xmlSecMSCryptoSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
- xmlSecMSCryptoSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ xmlSecMSCryptoSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecMSCryptoSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecMSCryptoSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecMSCryptoSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- xmlSecMSCryptoSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecMSCryptoSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ xmlSecMSCryptoSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecMSCryptoSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecMSCryptoKeyDataAesGetKlass:
- *
+ *
* The AES key data klass.
*
* Returns: AES key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecMSCryptoKeyDataAesGetKlass(void) {
return(&xmlSecMSCryptoKeyDataAesKlass);
}
/**
* xmlSecMSCryptoKeyDataAesSet:
- * @data: the pointer to AES key data.
- * @buf: the pointer to key value.
- * @bufSize: the key value size (in bytes).
+ * @data: the pointer to AES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
*
* Sets the value of AES key data.
*
@@ -135,14 +668,14 @@ xmlSecMSCryptoKeyDataAesGetKlass(void) {
int
xmlSecMSCryptoKeyDataAesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
xmlSecBufferPtr buffer;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataAesId), -1);
xmlSecAssert2(buf != NULL, -1);
xmlSecAssert2(bufSize > 0, -1);
-
+
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
xmlSecAssert2(buffer != NULL, -1);
-
+
return(xmlSecBufferSetData(buffer, buf, bufSize));
}
#endif /* XMLSEC_NO_AES */
@@ -159,175 +692,133 @@ static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDesKlass = {
/* data */
xmlSecNameDESKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefDESKeyValue, /* const xmlChar* href; */
- xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
- xmlSecNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefDESKeyValue, /* const xmlChar* href; */
+ xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- xmlSecMSCryptoSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecMSCryptoSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecMSCryptoSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- xmlSecMSCryptoSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
+ xmlSecMSCryptoSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecMSCryptoSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecMSCryptoSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecMSCryptoSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
/* get info */
- xmlSecMSCryptoSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
- xmlSecMSCryptoSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ xmlSecMSCryptoSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecMSCryptoSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- xmlSecMSCryptoSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecMSCryptoSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- xmlSecMSCryptoSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
- xmlSecMSCryptoSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ xmlSecMSCryptoSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecMSCryptoSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecMSCryptoSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecMSCryptoSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- xmlSecMSCryptoSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecMSCryptoSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ xmlSecMSCryptoSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecMSCryptoSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecMSCryptoKeyDataDesGetKlass:
- *
+ *
* The DES key data klass.
*
* Returns: DES key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecMSCryptoKeyDataDesGetKlass(void) {
return(&xmlSecMSCryptoKeyDataDesKlass);
}
#endif /* XMLSEC_NO_DES */
-/*
- * GENERIC HELPER FUNCTIONS
- */
-
-#define xmlSecMSCryptoSymKeyDataCheckId(data) \
- (xmlSecKeyDataIsValid((data)) && \
- xmlSecMSCryptoSymKeyDataKlassCheck((data)->id))
+#ifndef XMLSEC_NO_HMAC
+/**************************************************************************
+ *
+ * <xmlsec:HMACKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataHmacKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
-static int
-xmlSecMSCryptoSymKeyDataInitialize(xmlSecKeyDataPtr data) {
- xmlSecAssert2(xmlSecMSCryptoSymKeyDataCheckId(data), -1);
-
- return(xmlSecKeyDataBinaryValueInitialize(data));
-}
+ /* data */
+ xmlSecNameHMACKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
+ xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
-static int
-xmlSecMSCryptoSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
- xmlSecAssert2(xmlSecMSCryptoSymKeyDataCheckId(dst), -1);
- xmlSecAssert2(xmlSecMSCryptoSymKeyDataCheckId(src), -1);
- xmlSecAssert2(dst->id == src->id, -1);
-
- return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
-}
+ /* constructors/destructor */
+ xmlSecMSCryptoSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecMSCryptoSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecMSCryptoSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecMSCryptoSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-static void
-xmlSecMSCryptoSymKeyDataFinalize(xmlSecKeyDataPtr data) {
- xmlSecAssert(xmlSecMSCryptoSymKeyDataCheckId(data));
-
- xmlSecKeyDataBinaryValueFinalize(data);
-}
+ /* get info */
+ xmlSecMSCryptoSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecMSCryptoSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
-static int
-xmlSecMSCryptoSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecAssert2(xmlSecMSCryptoSymKeyDataKlassCheck(id), -1);
-
- return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
-}
+ /* read/write */
+ xmlSecMSCryptoSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecMSCryptoSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecMSCryptoSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecMSCryptoSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
-static int
-xmlSecMSCryptoSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecAssert2(xmlSecMSCryptoSymKeyDataKlassCheck(id), -1);
-
- return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
-}
+ /* debug */
+ xmlSecMSCryptoSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecMSCryptoSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
-static int
-xmlSecMSCryptoSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- const unsigned char* buf, size_t bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecAssert2(xmlSecMSCryptoSymKeyDataKlassCheck(id), -1);
-
- return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
-}
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
-static int
-xmlSecMSCryptoSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- unsigned char** buf, size_t* bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecAssert2(xmlSecMSCryptoSymKeyDataKlassCheck(id), -1);
-
- return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
+/**
+ * xmlSecMSCryptoKeyDataHmacGetKlass:
+ *
+ * The HMAC key data klass.
+ *
+ * Returns: HMAC key data klass.
+ */
+xmlSecKeyDataId
+xmlSecMSCryptoKeyDataHmacGetKlass(void) {
+ return(&xmlSecMSCryptoKeyDataHmacKlass);
}
-static int
-xmlSecMSCryptoSymKeyDataGenerate(xmlSecKeyDataPtr data, size_t sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+/**
+ * xmlSecMSCryptoKeyDataHmacSet:
+ * @data: the pointer to HMAC key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of HMAC key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecMSCryptoKeyDataHmacSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
xmlSecBufferPtr buffer;
- xmlSecAssert2(xmlSecMSCryptoSymKeyDataCheckId(data), -1);
- xmlSecAssert2(sizeBits > 0, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataHmacId), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
xmlSecAssert2(buffer != NULL, -1);
-
- return(xmlSecMSCryptoGenerateRandom(buffer, (sizeBits + 7) / 8));
-}
-
-static xmlSecKeyDataType
-xmlSecMSCryptoSymKeyDataGetType(xmlSecKeyDataPtr data) {
- xmlSecBufferPtr buffer;
-
- xmlSecAssert2(xmlSecMSCryptoSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
- xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
-
- return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
-}
-
-static size_t
-xmlSecMSCryptoSymKeyDataGetSize(xmlSecKeyDataPtr data) {
- xmlSecAssert2(xmlSecMSCryptoSymKeyDataCheckId(data), 0);
-
- return(xmlSecKeyDataBinaryValueGetSize(data));
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
}
-static void
-xmlSecMSCryptoSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
- xmlSecAssert(xmlSecMSCryptoSymKeyDataCheckId(data));
-
- xmlSecKeyDataBinaryValueDebugDump(data, output);
-}
-static void
-xmlSecMSCryptoSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
- xmlSecAssert(xmlSecMSCryptoSymKeyDataCheckId(data));
-
- xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
-}
+#endif /* XMLSEC_NO_HMAC */
-static int
-xmlSecMSCryptoSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
-#ifndef XMLSEC_NO_DES
- if(klass == xmlSecMSCryptoKeyDataDesId) {
- return(1);
- }
-#endif /* XMLSEC_NO_DES */
-#ifndef XMLSEC_NO_AES
- if(klass == xmlSecMSCryptoKeyDataAesId) {
- return(1);
- }
-#endif /* XMLSEC_NO_AES */
- return(0);
-}
diff --git a/src/mscrypto/x509.c b/src/mscrypto/x509.c
index e065590e..5ae025f6 100644
--- a/src/mscrypto/x509.c
+++ b/src/mscrypto/x509.c
@@ -1,4 +1,4 @@
-/**
+/**
* XMLSec library
*
* X509 support
@@ -6,8 +6,8 @@
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
- * Copyrigth (C) 2003 Cordys R&D BV, All rights reserved.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
* Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com>
*/
@@ -40,10 +40,7 @@
#include <xmlsec/mscrypto/crypto.h>
#include <xmlsec/mscrypto/x509.h>
#include <xmlsec/mscrypto/certkeys.h>
-
-#if defined(__MINGW32__)
-# include "xmlsec-mingw.h"
-#endif
+#include "private.h"
/*************************************************************************
@@ -51,73 +48,73 @@
* X509 utility functions
*
************************************************************************/
-static int xmlSecMSCryptoX509DataNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecMSCryptoX509CertificateNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecMSCryptoX509CertificateNodeWrite (PCCERT_CONTEXT cert,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecMSCryptoX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecMSCryptoX509SubjectNameNodeWrite (PCCERT_CONTEXT cert,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecMSCryptoX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecMSCryptoX509IssuerSerialNodeWrite (PCCERT_CONTEXT cert,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecMSCryptoX509SKINodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecMSCryptoX509SKINodeWrite (PCCERT_CONTEXT cert,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecMSCryptoX509CRLNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecMSCryptoX509CRLNodeWrite (PCCRL_CONTEXT crl,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecMSCryptoKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
- xmlSecKeyPtr key,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-
-static PCCERT_CONTEXT xmlSecMSCryptoX509CertDerRead (const xmlSecByte* buf,
- xmlSecSize size);
-static PCCERT_CONTEXT xmlSecMSCryptoX509CertBase64DerRead (xmlChar* buf);
-static xmlChar* xmlSecMSCryptoX509CertBase64DerWrite (PCCERT_CONTEXT cert,
- int base64LineWrap);
-static PCCRL_CONTEXT xmlSecMSCryptoX509CrlDerRead (xmlSecByte* buf,
- xmlSecSize size,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static PCCRL_CONTEXT xmlSecMSCryptoX509CrlBase64DerRead (xmlChar* buf,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static xmlChar* xmlSecMSCryptoX509CrlBase64DerWrite (PCCRL_CONTEXT crl,
- int base64LineWrap);
-static xmlChar* xmlSecMSCryptoX509NameWrite(PCERT_NAME_BLOB nm);
-static int xmlSecMSCryptoASN1IntegerWrite (xmlNodePtr node,
- PCRYPT_INTEGER_BLOB num);
-static xmlChar* xmlSecMSCryptoX509SKIWrite (PCCERT_CONTEXT cert);
-static void xmlSecMSCryptoX509CertDebugDump (PCCERT_CONTEXT cert,
- FILE* output);
-static void xmlSecMSCryptoX509CertDebugXmlDump (PCCERT_CONTEXT cert,
- FILE* output);
-static int xmlSecMSCryptoX509CertGetTime (FILETIME t,
- time_t* res);
+static int xmlSecMSCryptoX509DataNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoX509CertificateNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoX509CertificateNodeWrite (PCCERT_CONTEXT cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoX509SubjectNameNodeWrite (PCCERT_CONTEXT cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoX509IssuerSerialNodeWrite (PCCERT_CONTEXT cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoX509SKINodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoX509SKINodeWrite (PCCERT_CONTEXT cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoX509CRLNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoX509CRLNodeWrite (PCCRL_CONTEXT crl,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
+ xmlSecKeyPtr key,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+static PCCERT_CONTEXT xmlSecMSCryptoX509CertDerRead (const xmlSecByte* buf,
+ xmlSecSize size);
+static PCCERT_CONTEXT xmlSecMSCryptoX509CertBase64DerRead (xmlChar* buf);
+static xmlChar* xmlSecMSCryptoX509CertBase64DerWrite (PCCERT_CONTEXT cert,
+ int base64LineWrap);
+static PCCRL_CONTEXT xmlSecMSCryptoX509CrlDerRead (xmlSecByte* buf,
+ xmlSecSize size,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static PCCRL_CONTEXT xmlSecMSCryptoX509CrlBase64DerRead (xmlChar* buf,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static xmlChar* xmlSecMSCryptoX509CrlBase64DerWrite (PCCRL_CONTEXT crl,
+ int base64LineWrap);
+static xmlChar* xmlSecMSCryptoX509NameWrite(PCERT_NAME_BLOB nm);
+static int xmlSecMSCryptoASN1IntegerWrite (xmlNodePtr node,
+ PCRYPT_INTEGER_BLOB num);
+static xmlChar* xmlSecMSCryptoX509SKIWrite (PCCERT_CONTEXT cert);
+static void xmlSecMSCryptoX509CertDebugDump (PCCERT_CONTEXT cert,
+ FILE* output);
+static void xmlSecMSCryptoX509CertDebugXmlDump (PCCERT_CONTEXT cert,
+ FILE* output);
+static int xmlSecMSCryptoX509CertGetTime (FILETIME t,
+ time_t* res);
/*************************************************************************
*
* Internal MSCrypto X509 data CTX
*
************************************************************************/
-typedef struct _xmlSecMSCryptoX509DataCtx xmlSecMSCryptoX509DataCtx,
- *xmlSecMSCryptoX509DataCtxPtr;
+typedef struct _xmlSecMSCryptoX509DataCtx xmlSecMSCryptoX509DataCtx,
+ *xmlSecMSCryptoX509DataCtxPtr;
struct _xmlSecMSCryptoX509DataCtx {
PCCERT_CONTEXT keyCert;
@@ -134,52 +131,52 @@ struct _xmlSecMSCryptoX509DataCtx {
*
* The X509Data Element (http://www.w3.org/TR/xmldsig-core/#sec-X509Data)
*
- * An X509Data element within KeyInfo contains one or more identifiers of keys
- * or X509 certificates (or certificates' identifiers or a revocation list).
+ * An X509Data element within KeyInfo contains one or more identifiers of keys
+ * or X509 certificates (or certificates' identifiers or a revocation list).
* The content of X509Data is:
*
* 1. At least one element, from the following set of element types; any of these may appear together or more than once iff (if and only if) each instance describes or is related to the same certificate:
* 2.
- * * The X509IssuerSerial element, which contains an X.509 issuer
- * distinguished name/serial number pair that SHOULD be compliant
- * with RFC2253 [LDAP-DN],
- * * The X509SubjectName element, which contains an X.509 subject
- * distinguished name that SHOULD be compliant with RFC2253 [LDAP-DN],
- * * The X509SKI element, which contains the base64 encoded plain (i.e.
- * non-DER-encoded) value of a X509 V.3 SubjectKeyIdentifier extension.
- * * The X509Certificate element, which contains a base64-encoded [X509v3]
- * certificate, and
- * * Elements from an external namespace which accompanies/complements any
- * of the elements above.
- * * The X509CRL element, which contains a base64-encoded certificate
- * revocation list (CRL) [X509v3].
+ * * The X509IssuerSerial element, which contains an X.509 issuer
+ * distinguished name/serial number pair that SHOULD be compliant
+ * with RFC2253 [LDAP-DN],
+ * * The X509SubjectName element, which contains an X.509 subject
+ * distinguished name that SHOULD be compliant with RFC2253 [LDAP-DN],
+ * * The X509SKI element, which contains the base64 encoded plain (i.e.
+ * non-DER-encoded) value of a X509 V.3 SubjectKeyIdentifier extension.
+ * * The X509Certificate element, which contains a base64-encoded [X509v3]
+ * certificate, and
+ * * Elements from an external namespace which accompanies/complements any
+ * of the elements above.
+ * * The X509CRL element, which contains a base64-encoded certificate
+ * revocation list (CRL) [X509v3].
*
- * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear
+ * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear
* MUST refer to the certificate or certificates containing the validation key.
- * All such elements that refer to a particular individual certificate MUST be
- * grouped inside a single X509Data element and if the certificate to which
+ * All such elements that refer to a particular individual certificate MUST be
+ * grouped inside a single X509Data element and if the certificate to which
* they refer appears, it MUST also be in that X509Data element.
*
- * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that relate to
- * the same key but different certificates MUST be grouped within a single
+ * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that relate to
+ * the same key but different certificates MUST be grouped within a single
* KeyInfo but MAY occur in multiple X509Data elements.
*
- * All certificates appearing in an X509Data element MUST relate to the
- * validation key by either containing it or being part of a certification
+ * All certificates appearing in an X509Data element MUST relate to the
+ * validation key by either containing it or being part of a certification
* chain that terminates in a certificate containing the validation key.
*
* No ordering is implied by the above constraints.
*
- * Note, there is no direct provision for a PKCS#7 encoded "bag" of
- * certificates or CRLs. However, a set of certificates and CRLs can occur
- * within an X509Data element and multiple X509Data elements can occur in a
- * KeyInfo. Whenever multiple certificates occur in an X509Data element, at
- * least one such certificate must contain the public key which verifies the
+ * Note, there is no direct provision for a PKCS#7 encoded "bag" of
+ * certificates or CRLs. However, a set of certificates and CRLs can occur
+ * within an X509Data element and multiple X509Data elements can occur in a
+ * KeyInfo. Whenever multiple certificates occur in an X509Data element, at
+ * least one such certificate must contain the public key which verifies the
* signature.
*
* Schema Definition
*
- * <element name="X509Data" type="ds:X509DataType"/>
+ * <element name="X509Data" type="ds:X509DataType"/>
* <complexType name="X509DataType">
* <sequence maxOccurs="unbounded">
* <choice>
@@ -192,10 +189,10 @@ struct _xmlSecMSCryptoX509DataCtx {
* </choice>
* </sequence>
* </complexType>
- * <complexType name="X509IssuerSerialType">
- * <sequence>
- * <element name="X509IssuerName" type="string"/>
- * <element name="X509SerialNumber" type="integer"/>
+ * <complexType name="X509IssuerSerialType">
+ * <sequence>
+ * <element name="X509IssuerName" type="string"/>
+ * <element name="X509SerialNumber" type="integer"/>
* </sequence>
* </complexType>
*
@@ -216,30 +213,30 @@ struct _xmlSecMSCryptoX509DataCtx {
* xmlSecMSCryptoX509DataCtx is located after xmlSecTransform
*
*************************************************************************/
-#define xmlSecMSCryptoX509DataSize \
- (sizeof(xmlSecKeyData) + sizeof(xmlSecMSCryptoX509DataCtx))
+#define xmlSecMSCryptoX509DataSize \
+ (sizeof(xmlSecKeyData) + sizeof(xmlSecMSCryptoX509DataCtx))
#define xmlSecMSCryptoX509DataGetCtx(data) \
((xmlSecMSCryptoX509DataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData)))
-static int xmlSecMSCryptoKeyDataX509Initialize (xmlSecKeyDataPtr data);
-static int xmlSecMSCryptoKeyDataX509Duplicate (xmlSecKeyDataPtr dst,
- xmlSecKeyDataPtr src);
-static void xmlSecMSCryptoKeyDataX509Finalize (xmlSecKeyDataPtr data);
-static int xmlSecMSCryptoKeyDataX509XmlRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecMSCryptoKeyDataX509XmlWrite (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static xmlSecKeyDataType xmlSecMSCryptoKeyDataX509GetType (xmlSecKeyDataPtr data);
-static const xmlChar* xmlSecMSCryptoKeyDataX509GetIdentifier (xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoKeyDataX509Initialize (xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoKeyDataX509Duplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecMSCryptoKeyDataX509Finalize (xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoKeyDataX509XmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoKeyDataX509XmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static xmlSecKeyDataType xmlSecMSCryptoKeyDataX509GetType (xmlSecKeyDataPtr data);
+static const xmlChar* xmlSecMSCryptoKeyDataX509GetIdentifier (xmlSecKeyDataPtr data);
-static void xmlSecMSCryptoKeyDataX509DebugDump (xmlSecKeyDataPtr data,
- FILE* output);
-static void xmlSecMSCryptoKeyDataX509DebugXmlDump (xmlSecKeyDataPtr data,
- FILE* output);
+static void xmlSecMSCryptoKeyDataX509DebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecMSCryptoKeyDataX509DebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
@@ -249,55 +246,55 @@ static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataX509Klass = {
/* data */
xmlSecNameX509Data,
- xmlSecKeyDataUsageKeyInfoNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefX509Data, /* const xmlChar* href; */
- xmlSecNodeX509Data, /* const xmlChar* dataNodeName; */
- xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyInfoNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefX509Data, /* const xmlChar* href; */
+ xmlSecNodeX509Data, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- xmlSecMSCryptoKeyDataX509Initialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecMSCryptoKeyDataX509Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecMSCryptoKeyDataX509Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- NULL, /* xmlSecKeyDataGenerateMethod generate; */
+ xmlSecMSCryptoKeyDataX509Initialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecMSCryptoKeyDataX509Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecMSCryptoKeyDataX509Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
/* get info */
- xmlSecMSCryptoKeyDataX509GetType, /* xmlSecKeyDataGetTypeMethod getType; */
- NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
- xmlSecMSCryptoKeyDataX509GetIdentifier, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ xmlSecMSCryptoKeyDataX509GetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ xmlSecMSCryptoKeyDataX509GetIdentifier, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- xmlSecMSCryptoKeyDataX509XmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecMSCryptoKeyDataX509XmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- NULL, /* xmlSecKeyDataBinReadMethod binRead; */
- NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ xmlSecMSCryptoKeyDataX509XmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecMSCryptoKeyDataX509XmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- xmlSecMSCryptoKeyDataX509DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecMSCryptoKeyDataX509DebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ xmlSecMSCryptoKeyDataX509DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecMSCryptoKeyDataX509DebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecMSCryptoKeyDataX509GetKlass:
- *
+ *
* The MSCrypto X509 key data klass (http://www.w3.org/TR/xmldsig-core/#sec-X509Data).
*
* Returns: the X509 data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecMSCryptoKeyDataX509GetKlass(void) {
return(&xmlSecMSCryptoKeyDataX509Klass);
}
/**
* xmlSecMSCryptoKeyDataX509GetKeyCert:
- * @data: the pointer to X509 key data.
+ * @data: the pointer to X509 key data.
*
- * Gets the certificate from which the key was extracted.
+ * Gets the certificate from which the key was extracted.
*
* Returns: the key's certificate or NULL if key data was not used for key
* extraction or an error occurs.
@@ -305,7 +302,7 @@ xmlSecMSCryptoKeyDataX509GetKlass(void) {
PCCERT_CONTEXT
xmlSecMSCryptoKeyDataX509GetKeyCert(xmlSecKeyDataPtr data) {
xmlSecMSCryptoX509DataCtxPtr ctx;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), NULL);
ctx = xmlSecMSCryptoX509DataGetCtx(data);
@@ -316,8 +313,8 @@ xmlSecMSCryptoKeyDataX509GetKeyCert(xmlSecKeyDataPtr data) {
/**
* xmlSecMSCryptoKeyDataX509AdoptKeyCert:
- * @data: the pointer to X509 key data.
- * @cert: the pointer to MSCRYPTO X509 certificate.
+ * @data: the pointer to X509 key data.
+ * @cert: the pointer to MSCRYPTO X509 certificate.
*
* Sets the key's certificate in @data.
*
@@ -334,8 +331,8 @@ xmlSecMSCryptoKeyDataX509AdoptKeyCert(xmlSecKeyDataPtr data, PCCERT_CONTEXT cert
xmlSecAssert2(ctx != NULL, -1);
if(ctx->keyCert != NULL) {
- CertFreeCertificateContext(ctx->keyCert);
- ctx->keyCert = 0;
+ CertFreeCertificateContext(ctx->keyCert);
+ ctx->keyCert = 0;
}
ctx->keyCert = cert;
@@ -344,14 +341,14 @@ xmlSecMSCryptoKeyDataX509AdoptKeyCert(xmlSecKeyDataPtr data, PCCERT_CONTEXT cert
/**
* xmlSecMSCryptoKeyDataX509AdoptCert:
- * @data: the pointer to X509 key data.
- * @cert: the pointer to MSCRYPTO X509 certificate.
+ * @data: the pointer to X509 key data.
+ * @cert: the pointer to MSCRYPTO X509 certificate.
*
* Adds certificate to the X509 key data.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecMSCryptoKeyDataX509AdoptCert(xmlSecKeyDataPtr data, PCCERT_CONTEXT cert) {
xmlSecMSCryptoX509DataCtxPtr ctx;
@@ -363,30 +360,30 @@ xmlSecMSCryptoKeyDataX509AdoptCert(xmlSecKeyDataPtr data, PCCERT_CONTEXT cert) {
xmlSecAssert2(ctx->hMemStore != 0, -1);
if (!CertAddCertificateContextToStore(ctx->hMemStore, cert, CERT_STORE_ADD_ALWAYS, NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CertAddCertificateContextToStore",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CertAddCertificateContextToStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
CertFreeCertificateContext(cert);
ctx->numCerts++;
-
+
return(0);
}
/**
* xmlSecMSCryptoKeyDataX509GetCert:
- * @data: the pointer to X509 key data.
- * @pos: the desired certificate position.
- *
+ * @data: the pointer to X509 key data.
+ * @pos: the desired certificate position.
+ *
* Gets a certificate from X509 key data.
*
- * Returns: the pointer to certificate or NULL if @pos is larger than the
+ * Returns: the pointer to certificate or NULL if @pos is larger than the
* number of certificates in @data or an error occurs.
*/
-PCCERT_CONTEXT
+PCCERT_CONTEXT
xmlSecMSCryptoKeyDataX509GetCert(xmlSecKeyDataPtr data, xmlSecSize pos) {
xmlSecMSCryptoX509DataCtxPtr ctx;
PCCERT_CONTEXT pCert = NULL;
@@ -399,7 +396,7 @@ xmlSecMSCryptoKeyDataX509GetCert(xmlSecKeyDataPtr data, xmlSecSize pos) {
xmlSecAssert2(ctx->numCerts > pos, NULL);
while ((pCert = CertEnumCertificatesInStore(ctx->hMemStore, pCert)) && (pos > 0)) {
- pos--;
+ pos--;
}
return(pCert);
@@ -407,13 +404,13 @@ xmlSecMSCryptoKeyDataX509GetCert(xmlSecKeyDataPtr data, xmlSecSize pos) {
/**
* xmlSecMSCryptoKeyDataX509GetCertsSize:
- * @data: the pointer to X509 key data.
+ * @data: the pointer to X509 key data.
*
* Gets the number of certificates in @data.
*
* Returns: te number of certificates in @data.
*/
-xmlSecSize
+xmlSecSize
xmlSecMSCryptoKeyDataX509GetCertsSize(xmlSecKeyDataPtr data) {
xmlSecMSCryptoX509DataCtxPtr ctx;
@@ -427,14 +424,14 @@ xmlSecMSCryptoKeyDataX509GetCertsSize(xmlSecKeyDataPtr data) {
/**
* xmlSecMSCryptoKeyDataX509AdoptCrl:
- * @data: the pointer to X509 key data.
- * @crl: the pointer to MSCrypto X509 CRL.
+ * @data: the pointer to X509 key data.
+ * @crl: the pointer to MSCrypto X509 CRL.
*
* Adds CRL to the X509 key data.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecMSCryptoKeyDataX509AdoptCrl(xmlSecKeyDataPtr data, PCCRL_CONTEXT crl) {
xmlSecMSCryptoX509DataCtxPtr ctx;
@@ -446,12 +443,12 @@ xmlSecMSCryptoKeyDataX509AdoptCrl(xmlSecKeyDataPtr data, PCCRL_CONTEXT crl) {
xmlSecAssert2(ctx->hMemStore != 0, -1);
if (!CertAddCRLContextToStore(ctx->hMemStore, crl, CERT_STORE_ADD_ALWAYS, NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CertAddCRLContextToStore",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CertAddCRLContextToStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ctx->numCrls++;
@@ -480,7 +477,7 @@ xmlSecMSCryptoKeyDataX509GetCrl(xmlSecKeyDataPtr data, xmlSecSize pos) {
xmlSecAssert2(ctx->numCrls > pos, NULL);
while ((pCRL = CertEnumCRLsInStore(ctx->hMemStore, pCRL)) && (pos > 0)) {
- pos--;
+ pos--;
}
return(pCRL);
@@ -506,7 +503,7 @@ xmlSecMSCryptoKeyDataX509GetCrlsSize(xmlSecKeyDataPtr data) {
return(ctx->numCrls);
}
-static int
+static int
xmlSecMSCryptoKeyDataX509Initialize(xmlSecKeyDataPtr data) {
xmlSecMSCryptoX509DataCtxPtr ctx;
@@ -518,17 +515,17 @@ xmlSecMSCryptoKeyDataX509Initialize(xmlSecKeyDataPtr data) {
memset(ctx, 0, sizeof(xmlSecMSCryptoX509DataCtx));
ctx->hMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY,
- 0,
- 0,
- CERT_STORE_CREATE_NEW_FLAG,
- NULL);
+ 0,
+ 0,
+ CERT_STORE_CREATE_NEW_FLAG,
+ NULL);
if (ctx->hMemStore == 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CertOpenStore",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CertOpenStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
@@ -544,101 +541,101 @@ xmlSecMSCryptoKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecMSCryptoKeyDataX509Id), -1);
xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecMSCryptoKeyDataX509Id), -1);
- /* copy certsList */
+ /* copy certsList */
size = xmlSecMSCryptoKeyDataX509GetCertsSize(src);
for(pos = 0; pos < size; ++pos) {
- /* TBD: function below does linear scan, eliminate loop within
- * loop
- */
- certSrc = xmlSecMSCryptoKeyDataX509GetCert(src, pos);
- if(certSrc == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
- "xmlSecMSCryptoKeyDataX509GetCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
-
- certDst = CertDuplicateCertificateContext(certSrc);
- if(certDst == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "CertDuplicateCertificateContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- ret = xmlSecMSCryptoKeyDataX509AdoptCert(dst, certDst);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "xmlSecMSCryptoKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CertFreeCertificateContext(certDst);
- return(-1);
- }
+ /* TBD: function below does linear scan, eliminate loop within
+ * loop
+ */
+ certSrc = xmlSecMSCryptoKeyDataX509GetCert(src, pos);
+ if(certSrc == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
+ "xmlSecMSCryptoKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ certDst = CertDuplicateCertificateContext(certSrc);
+ if(certDst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecMSCryptoKeyDataX509AdoptCert(dst, certDst);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecMSCryptoKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext(certDst);
+ return(-1);
+ }
}
/* copy crls */
size = xmlSecMSCryptoKeyDataX509GetCrlsSize(src);
for(pos = 0; pos < size; ++pos) {
- crlSrc = xmlSecMSCryptoKeyDataX509GetCrl(src, pos);
- if(crlSrc == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
- "xmlSecMSCryptoKeyDataX509GetCrl",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
-
- crlDst = CertDuplicateCRLContext(crlSrc);
- if(crlDst == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "CertDuplicateCRLContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- ret = xmlSecMSCryptoKeyDataX509AdoptCrl(dst, crlDst);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "xmlSecMSCryptoKeyDataX509AdoptCrl",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CertFreeCRLContext(crlDst);
- return(-1);
- }
+ crlSrc = xmlSecMSCryptoKeyDataX509GetCrl(src, pos);
+ if(crlSrc == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
+ "xmlSecMSCryptoKeyDataX509GetCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ crlDst = CertDuplicateCRLContext(crlSrc);
+ if(crlDst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "CertDuplicateCRLContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecMSCryptoKeyDataX509AdoptCrl(dst, crlDst);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecMSCryptoKeyDataX509AdoptCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCRLContext(crlDst);
+ return(-1);
+ }
}
/* copy key cert if exist */
certSrc = xmlSecMSCryptoKeyDataX509GetKeyCert(src);
if(certSrc != NULL) {
- certDst = CertDuplicateCertificateContext(certSrc);
- if(certDst == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "CertDuplicateCertificateContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(dst, certDst);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "xmlSecMSCryptoKeyDataX509AdoptKeyCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CertFreeCertificateContext(certDst);
- return(-1);
- }
+ certDst = CertDuplicateCertificateContext(certSrc);
+ if(certDst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(dst, certDst);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecMSCryptoKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext(certDst);
+ return(-1);
+ }
}
return(0);
}
@@ -653,19 +650,19 @@ xmlSecMSCryptoKeyDataX509Finalize(xmlSecKeyDataPtr data) {
xmlSecAssert(ctx != NULL);
if(ctx->keyCert != NULL) {
- CertFreeCertificateContext(ctx->keyCert);
- ctx->keyCert = NULL;
+ CertFreeCertificateContext(ctx->keyCert);
+ ctx->keyCert = NULL;
}
if (ctx->hMemStore != 0) {
- if (!CertCloseStore(ctx->hMemStore, CERT_CLOSE_STORE_FORCE_FLAG)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertCloseStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return;
- }
+ if (!CertCloseStore(ctx->hMemStore, CERT_CLOSE_STORE_FORCE_FLAG)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertCloseStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return;
+ }
}
memset(ctx, 0, sizeof(xmlSecMSCryptoX509DataCtx));
@@ -673,7 +670,7 @@ xmlSecMSCryptoKeyDataX509Finalize(xmlSecKeyDataPtr data) {
static int
xmlSecMSCryptoKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data;
int ret;
@@ -684,48 +681,48 @@ xmlSecMSCryptoKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
data = xmlSecKeyEnsureData(key, id);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyEnsureData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ret = xmlSecMSCryptoX509DataNodeRead(data, node, keyInfoCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecMSCryptoX509DataNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoX509DataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) {
- ret = xmlSecMSCryptoKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecMSCryptoKeyDataX509VerifyAndExtractKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ ret = xmlSecMSCryptoKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoKeyDataX509VerifyAndExtractKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
return(0);
}
-static int
+static int
xmlSecMSCryptoKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data;
PCCERT_CONTEXT cert;
PCCRL_CONTEXT crl;
xmlSecSize size, pos;
int content = 0;
int ret;
-
+
xmlSecAssert2(id == xmlSecMSCryptoKeyDataX509Id, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(node != NULL, -1);
@@ -733,110 +730,110 @@ xmlSecMSCryptoKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx);
if (content < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecX509DataGetNodeContent",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "content=%d", content);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecX509DataGetNodeContent",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "content=%d", content);
+ return(-1);
} else if(content == 0) {
- /* by default we are writing certificates and crls */
- content = XMLSEC_X509DATA_DEFAULT;
+ /* by default we are writing certificates and crls */
+ content = XMLSEC_X509DATA_DEFAULT;
}
/* get x509 data */
data = xmlSecKeyGetData(key, id);
if(data == NULL) {
- /* no x509 data in the key */
- return(0);
+ /* no x509 data in the key */
+ return(0);
}
/* write certs */
size = xmlSecMSCryptoKeyDataX509GetCertsSize(data);
for(pos = 0; pos < size; ++pos) {
- cert = xmlSecMSCryptoKeyDataX509GetCert(data, pos);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecMSCryptoKeyDataX509GetCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
-
- if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
- ret = xmlSecMSCryptoX509CertificateNodeWrite(cert, node, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecMSCryptoX509CertificateNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
- }
-
- if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
- ret = xmlSecMSCryptoX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecMSCryptoX509SubjectNameNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
- }
-
- if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
- ret = xmlSecMSCryptoX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecMSCryptoX509IssuerSerialNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
- }
-
- if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
- ret = xmlSecMSCryptoX509SKINodeWrite(cert, node, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecMSCryptoX509SKINodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
- }
- }
+ cert = xmlSecMSCryptoKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
+ ret = xmlSecMSCryptoX509CertificateNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoX509CertificateNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
+ ret = xmlSecMSCryptoX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoX509SubjectNameNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
+ ret = xmlSecMSCryptoX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoX509IssuerSerialNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
+ ret = xmlSecMSCryptoX509SKINodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoX509SKINodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+ }
/* write crls if needed */
if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
- size = xmlSecMSCryptoKeyDataX509GetCrlsSize(data);
- for(pos = 0; pos < size; ++pos) {
- crl = xmlSecMSCryptoKeyDataX509GetCrl(data, pos);
- if(crl == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecMSCryptoKeyDataX509GetCrl",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
-
- ret = xmlSecMSCryptoX509CRLNodeWrite(crl, node, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecMSCryptoX509CRLNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
- }
+ size = xmlSecMSCryptoKeyDataX509GetCrlsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ crl = xmlSecMSCryptoKeyDataX509GetCrl(data, pos);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoKeyDataX509GetCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ ret = xmlSecMSCryptoX509CRLNodeWrite(crl, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoX509CRLNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
}
return(0);
@@ -846,19 +843,19 @@ static xmlSecKeyDataType
xmlSecMSCryptoKeyDataX509GetType(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), xmlSecKeyDataTypeUnknown);
- /* TODO: return verified/not verified status */
+ /* TODO: return verified/not verified status */
return(xmlSecKeyDataTypeUnknown);
}
static const xmlChar*
xmlSecMSCryptoKeyDataX509GetIdentifier(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), NULL);
-
- /* TODO */
+
+ /* TODO */
return(NULL);
}
-static void
+static void
xmlSecMSCryptoKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) {
PCCERT_CONTEXT cert;
xmlSecSize size, pos;
@@ -869,23 +866,23 @@ xmlSecMSCryptoKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) {
fprintf(output, "=== X509 Data:\n");
cert = xmlSecMSCryptoKeyDataX509GetKeyCert(data);
if(cert != NULL) {
- fprintf(output, "==== Key Certificate:\n");
- xmlSecMSCryptoX509CertDebugDump(cert, output);
+ fprintf(output, "==== Key Certificate:\n");
+ xmlSecMSCryptoX509CertDebugDump(cert, output);
}
size = xmlSecMSCryptoKeyDataX509GetCertsSize(data);
for(pos = 0; pos < size; ++pos) {
- cert = xmlSecMSCryptoKeyDataX509GetCert(data, pos);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecMSCryptoKeyDataX509GetCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return;
- }
- fprintf(output, "==== Certificate:\n");
- xmlSecMSCryptoX509CertDebugDump(cert, output);
+ cert = xmlSecMSCryptoKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "==== Certificate:\n");
+ xmlSecMSCryptoX509CertDebugDump(cert, output);
}
/* we don't print out crls */
@@ -902,25 +899,25 @@ xmlSecMSCryptoKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
fprintf(output, "<X509Data>\n");
cert = xmlSecMSCryptoKeyDataX509GetKeyCert(data);
if(cert != NULL) {
- fprintf(output, "<KeyCertificate>\n");
- xmlSecMSCryptoX509CertDebugXmlDump(cert, output);
- fprintf(output, "</KeyCertificate>\n");
+ fprintf(output, "<KeyCertificate>\n");
+ xmlSecMSCryptoX509CertDebugXmlDump(cert, output);
+ fprintf(output, "</KeyCertificate>\n");
}
size = xmlSecMSCryptoKeyDataX509GetCertsSize(data);
for(pos = 0; pos < size; ++pos) {
- cert = xmlSecMSCryptoKeyDataX509GetCert(data, pos);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecMSCryptoKeyDataX509GetCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return;
- }
- fprintf(output, "<Certificate>\n");
- xmlSecMSCryptoX509CertDebugXmlDump(cert, output);
- fprintf(output, "</Certificate>\n");
+ cert = xmlSecMSCryptoKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "<Certificate>\n");
+ xmlSecMSCryptoX509CertDebugXmlDump(cert, output);
+ fprintf(output, "</Certificate>\n");
}
/* we don't print out crls */
@@ -929,51 +926,51 @@ xmlSecMSCryptoKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
static int
xmlSecMSCryptoX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlNodePtr cur;
+ xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
-
+
for(cur = xmlSecGetNextElementNode(node->children);
- cur != NULL;
- cur = xmlSecGetNextElementNode(cur->next)) {
-
- ret = 0;
- if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) {
- ret = xmlSecMSCryptoX509CertificateNodeRead(data, cur, keyInfoCtx);
- } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
- ret = xmlSecMSCryptoX509SubjectNameNodeRead(data, cur, keyInfoCtx);
- } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
- ret = xmlSecMSCryptoX509IssuerSerialNodeRead(data, cur, keyInfoCtx);
- } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
- ret = xmlSecMSCryptoX509SKINodeRead(data, cur, keyInfoCtx);
- } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
- ret = xmlSecMSCryptoX509CRLNodeRead(data, cur, keyInfoCtx);
- } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) {
- /* laxi schema validation: ignore unknown nodes */
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "read node failed");
- return(-1);
- }
+ cur != NULL;
+ cur = xmlSecGetNextElementNode(cur->next)) {
+
+ ret = 0;
+ if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) {
+ ret = xmlSecMSCryptoX509CertificateNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
+ ret = xmlSecMSCryptoX509SubjectNameNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
+ ret = xmlSecMSCryptoX509IssuerSerialNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
+ ret = xmlSecMSCryptoX509SKINodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
+ ret = xmlSecMSCryptoX509CRLNodeRead(data, cur, keyInfoCtx);
+ } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) {
+ /* laxi schema validation: ignore unknown nodes */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "read node failed");
+ return(-1);
+ }
}
return(0);
}
static int
-xmlSecMSCryptoX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+xmlSecMSCryptoX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlChar *content;
PCCERT_CONTEXT cert;
int ret;
@@ -984,78 +981,78 @@ xmlSecMSCryptoX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xm
content = xmlNodeGetContent(node);
if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
- if(content != NULL) {
- xmlFree(content);
- }
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- return(0);
+ if(content != NULL) {
+ xmlFree(content);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
}
cert = xmlSecMSCryptoX509CertBase64DerRead(content);
if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecMSCryptoX509CertBase64DerRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(content);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoX509CertBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
ret = xmlSecMSCryptoKeyDataX509AdoptCert(data, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecMSCryptoKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CertFreeCertificateContext(cert);
- xmlFree(content);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext(cert);
+ xmlFree(content);
+ return(-1);
+ }
+
xmlFree(content);
return(0);
}
-static int
-xmlSecMSCryptoX509CertificateNodeWrite(PCCERT_CONTEXT cert, xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+static int
+xmlSecMSCryptoX509CertificateNodeWrite(PCCERT_CONTEXT cert, xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlChar* buf;
xmlNodePtr cur;
-
+
xmlSecAssert2(cert != NULL, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
-
+
/* set base64 lines size from context */
- buf = xmlSecMSCryptoX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
+ buf = xmlSecMSCryptoX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoX509CertBase64DerWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoX509CertBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
- xmlFree(buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
+ xmlFree(buf);
+ return(-1);
}
/* todo: add \n around base64 data - from context */
@@ -1066,13 +1063,13 @@ xmlSecMSCryptoX509CertificateNodeWrite(PCCERT_CONTEXT cert, xmlNodePtr node,
return(0);
}
-static int
-xmlSecMSCryptoX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+static int
+xmlSecMSCryptoX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataStorePtr x509Store;
xmlChar* subject;
PCCERT_CONTEXT cert;
int ret;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
@@ -1080,56 +1077,56 @@ xmlSecMSCryptoX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xm
x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecMSCryptoX509StoreId);
if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
subject = xmlNodeGetContent(node);
if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) {
- if(subject != NULL) {
- xmlFree(subject);
- }
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- return(0);
+ if(subject != NULL) {
+ xmlFree(subject);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
}
cert = xmlSecMSCryptoX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
if(cert == NULL){
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_FOUND,
- "subject=%s",
- xmlSecErrorsSafeString(subject));
- xmlFree(subject);
- return(-1);
- }
- xmlFree(subject);
- return(0);
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "subject=%s",
+ xmlSecErrorsSafeString(subject));
+ xmlFree(subject);
+ return(-1);
+ }
+ xmlFree(subject);
+ return(0);
}
ret = xmlSecMSCryptoKeyDataX509AdoptCert(data, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecMSCryptoKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CertFreeCertificateContext(cert);
- xmlFree(subject);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext(cert);
+ xmlFree(subject);
+ return(-1);
}
xmlFree(subject);
@@ -1146,36 +1143,36 @@ xmlSecMSCryptoX509SubjectNameNodeWrite(PCCERT_CONTEXT cert, xmlNodePtr node, xml
buf = xmlSecMSCryptoX509NameWrite(&(cert->pCertInfo->Subject));
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoX509NameWrite(&(cert->pCertInfo->Subject))",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoX509NameWrite(&(cert->pCertInfo->Subject))",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
- xmlFree(buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
+ xmlFree(buf);
+ return(-1);
}
xmlSecNodeEncodeAndSetContent(cur, buf);
xmlFree(buf);
return(0);
}
-static int
+static int
xmlSecMSCryptoX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataStorePtr x509Store;
xmlNodePtr cur;
xmlChar *issuerName;
- xmlChar *issuerSerial;
+ xmlChar *issuerSerial;
PCCERT_CONTEXT cert;
int ret;
@@ -1186,127 +1183,127 @@ xmlSecMSCryptoX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, x
x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecMSCryptoX509StoreId);
if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
cur = xmlSecGetNextElementNode(node->children);
if(cur == NULL) {
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
- return(0);
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ return(0);
}
/* the first is required node X509IssuerName */
if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
issuerName = xmlNodeGetContent(cur);
if(issuerName == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+ return(-1);
}
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
/* next is required node X509SerialNumber */
if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
- xmlFree(issuerName);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+ xmlFree(issuerName);
+ return(-1);
+ }
issuerSerial = xmlNodeGetContent(cur);
if(issuerSerial == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- xmlFree(issuerName);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ xmlFree(issuerName);
+ return(-1);
}
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(issuerSerial);
- xmlFree(issuerName);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
}
cert = xmlSecMSCryptoX509StoreFindCert(x509Store, NULL, issuerName, issuerSerial, NULL, keyInfoCtx);
if(cert == NULL){
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_FOUND,
- "issuerName=%s;issuerSerial=%s",
- xmlSecErrorsSafeString(issuerName),
- xmlSecErrorsSafeString(issuerSerial));
- xmlFree(issuerSerial);
- xmlFree(issuerName);
- return(-1);
- }
-
- xmlFree(issuerSerial);
- xmlFree(issuerName);
- return(0);
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "issuerName=%s;issuerSerial=%s",
+ xmlSecErrorsSafeString(issuerName),
+ xmlSecErrorsSafeString(issuerSerial));
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(0);
}
ret = xmlSecMSCryptoKeyDataX509AdoptCert(data, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecMSCryptoKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CertFreeCertificateContext(cert);
- xmlFree(issuerSerial);
- xmlFree(issuerName);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext(cert);
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
}
-
+
xmlFree(issuerSerial);
xmlFree(issuerName);
return(0);
}
static int
-xmlSecMSCryptoX509IssuerSerialNodeWrite(PCCERT_CONTEXT cert,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+xmlSecMSCryptoX509IssuerSerialNodeWrite(PCCERT_CONTEXT cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
xmlNodePtr cur;
xmlNodePtr issuerNameNode;
xmlNodePtr issuerNumberNode;
@@ -1319,69 +1316,69 @@ xmlSecMSCryptoX509IssuerSerialNodeWrite(PCCERT_CONTEXT cert,
/* create xml nodes */
cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
+ return(-1);
}
issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
if(issuerNameNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+ return(-1);
}
issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
if(issuerNumberNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+ return(-1);
}
/* write data */
buf = xmlSecMSCryptoX509NameWrite(&(cert->pCertInfo->Issuer));
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoX509NameWrite(&(cert->pCertInfo->Issuer))",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoX509NameWrite(&(cert->pCertInfo->Issuer))",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
xmlSecNodeEncodeAndSetContent(issuerNameNode, buf);
xmlFree(buf);
ret = xmlSecMSCryptoASN1IntegerWrite(issuerNumberNode, &(cert->pCertInfo->SerialNumber));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoASN1IntegerWrite(&(cert->serialNumber))",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoASN1IntegerWrite(&(cert->serialNumber))",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
-static int
+static int
xmlSecMSCryptoX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataStorePtr x509Store;
xmlChar* ski;
PCCERT_CONTEXT cert;
int ret;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
@@ -1389,57 +1386,57 @@ xmlSecMSCryptoX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI
x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecMSCryptoX509StoreId);
if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ski = xmlNodeGetContent(node);
if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) {
- if(ski != NULL) {
- xmlFree(ski);
- }
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SKI));
- return(-1);
- }
- return(0);
+ if(ski != NULL) {
+ xmlFree(ski);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ return(-1);
+ }
+ return(0);
}
cert = xmlSecMSCryptoX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
if(cert == NULL){
- xmlFree(ski);
+ xmlFree(ski);
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_FOUND,
- "ski=%s",
- xmlSecErrorsSafeString(ski));
- return(-1);
- }
- return(0);
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "ski=%s",
+ xmlSecErrorsSafeString(ski));
+ return(-1);
+ }
+ return(0);
}
ret = xmlSecMSCryptoKeyDataX509AdoptCert(data, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecMSCryptoKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CertFreeCertificateContext(cert);
- xmlFree(ski);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext(cert);
+ xmlFree(ski);
+ return(-1);
}
xmlFree(ski);
@@ -1456,24 +1453,24 @@ xmlSecMSCryptoX509SKINodeWrite(PCCERT_CONTEXT cert, xmlNodePtr node, xmlSecKeyIn
buf = xmlSecMSCryptoX509SKIWrite(cert);
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoX509SKIWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoX509SKIWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "new_node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SKI));
- xmlFree(buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "new_node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ xmlFree(buf);
+ return(-1);
}
xmlSecNodeEncodeAndSetContent(cur, buf);
xmlFree(buf);
@@ -1481,7 +1478,7 @@ xmlSecMSCryptoX509SKINodeWrite(PCCERT_CONTEXT cert, xmlNodePtr node, xmlSecKeyIn
return(0);
}
-static int
+static int
xmlSecMSCryptoX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlChar *content;
PCCRL_CONTEXT crl;
@@ -1492,42 +1489,42 @@ xmlSecMSCryptoX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI
content = xmlNodeGetContent(node);
if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
- if(content != NULL) {
- xmlFree(content);
- }
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- return(0);
+ if(content != NULL) {
+ xmlFree(content);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
}
crl = xmlSecMSCryptoX509CrlBase64DerRead(content, keyInfoCtx);
if(crl == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecMSCryptoX509CrlBase64DerRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(content);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoX509CrlBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
if (0 != xmlSecMSCryptoKeyDataX509AdoptCrl(data, crl)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecMSCryptoKeyDataX509AdoptCrl",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(content);
- CertFreeCRLContext(crl);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoKeyDataX509AdoptCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ CertFreeCRLContext(crl);
+ return(-1);
}
-
+
xmlFree(content);
return(0);
}
@@ -1542,26 +1539,26 @@ xmlSecMSCryptoX509CRLNodeWrite(PCCRL_CONTEXT crl, xmlNodePtr node, xmlSecKeyInfo
xmlSecAssert2(keyInfoCtx != NULL, -1);
/* set base64 lines size from context */
- buf = xmlSecMSCryptoX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
+ buf = xmlSecMSCryptoX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoX509CrlBase64DerWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoX509CrlBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "new_node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509CRL));
- xmlFree(buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "new_node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509CRL));
+ xmlFree(buf);
+ return(-1);
}
/* todo: add \n around base64 data - from context */
/* todo: add errors check */
@@ -1575,11 +1572,11 @@ xmlSecMSCryptoX509CRLNodeWrite(PCCRL_CONTEXT crl, xmlNodePtr node, xmlSecKeyInfo
static int
xmlSecMSCryptoKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecMSCryptoX509DataCtxPtr ctx;
xmlSecKeyDataStorePtr x509Store;
int ret;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
@@ -1591,119 +1588,119 @@ xmlSecMSCryptoKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr
x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecMSCryptoX509StoreId);
if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
if((ctx->keyCert == NULL) && (xmlSecKeyGetValue(key) == NULL)) {
- PCCERT_CONTEXT cert;
+ PCCERT_CONTEXT cert;
- cert = xmlSecMSCryptoX509StoreVerify(x509Store, ctx->hMemStore, keyInfoCtx);
- if(cert != NULL) {
- xmlSecKeyDataPtr keyValue = NULL;
+ cert = xmlSecMSCryptoX509StoreVerify(x509Store, ctx->hMemStore, keyInfoCtx);
+ if(cert != NULL) {
+ xmlSecKeyDataPtr keyValue = NULL;
PCCERT_CONTEXT pCert = NULL;
- ctx->keyCert = CertDuplicateCertificateContext(cert);
- if(ctx->keyCert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CertDuplicateCertificateContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* search key according to KeyReq */
- pCert = CertDuplicateCertificateContext( ctx->keyCert ) ;
- if( pCert == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CertDuplicateCertificateContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
-
- return(-1);
- }
-
- if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
- keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ;
- if(keyValue == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecMSCryptoCertAdopt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CertFreeCertificateContext( pCert ) ;
- return(-1);
- }
- pCert = NULL ;
- } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
- keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ;
- if(keyValue == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecMSCryptoCertAdopt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CertFreeCertificateContext( pCert ) ;
- return(-1);
- }
- pCert = NULL ;
- }
-
- /* verify that the key matches our expectations */
- if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeyReqMatchKeyValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(keyValue);
- return(-1);
- }
-
- ret = xmlSecKeySetValue(key, keyValue);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(keyValue);
- return(-1);
- }
-
- ret = xmlSecMSCryptoX509CertGetTime(ctx->keyCert->pCertInfo->NotBefore, &(key->notValidBefore));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecMSCryptoX509CertGetTime",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "notValidBefore");
- return(-1);
- }
-
- ret = xmlSecMSCryptoX509CertGetTime(ctx->keyCert->pCertInfo->NotAfter, &(key->notValidAfter));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecMSCryptoX509CertGetTime",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "notValidAfter");
- return(-1);
- }
- } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ ctx->keyCert = CertDuplicateCertificateContext(cert);
+ if(ctx->keyCert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* search key according to KeyReq */
+ pCert = CertDuplicateCertificateContext( ctx->keyCert ) ;
+ if( pCert == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ return(-1);
+ }
+
+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
+ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ;
+ if(keyValue == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoCertAdopt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext( pCert ) ;
+ return(-1);
+ }
+ pCert = NULL ;
+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
+ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ;
+ if(keyValue == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoCertAdopt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext( pCert ) ;
+ return(-1);
+ }
+ pCert = NULL ;
+ }
+
+ /* verify that the key matches our expectations */
+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeyReqMatchKeyValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyValue);
+ return(-1);
+ }
+
+ ret = xmlSecKeySetValue(key, keyValue);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyValue);
+ return(-1);
+ }
+
+ ret = xmlSecMSCryptoX509CertGetTime(ctx->keyCert->pCertInfo->NotBefore, &(key->notValidBefore));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoX509CertGetTime",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "notValidBefore");
+ return(-1);
+ }
+
+ ret = xmlSecMSCryptoX509CertGetTime(ctx->keyCert->pCertInfo->NotAfter, &(key->notValidAfter));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoX509CertGetTime",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "notValidAfter");
+ return(-1);
+ }
+ } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
return(0);
}
@@ -1711,9 +1708,9 @@ xmlSecMSCryptoKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr
static int
xmlSecMSCryptoX509CertGetTime(FILETIME t, time_t* res) {
LONGLONG result;
-
+
xmlSecAssert2(res != NULL, -1);
-
+
result = t.dwHighDateTime;
result = (result) << 32;
result |= t.dwLowDateTime;
@@ -1734,18 +1731,18 @@ xmlSecMSCryptoX509CertBase64DerRead(xmlChar* buf) {
int ret;
xmlSecAssert2(buf != NULL, NULL);
-
+
/* usual trick with base64 decoding "in-place" */
- ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
+ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Decode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
-
+
return(xmlSecMSCryptoX509CertDerRead((xmlSecByte*)buf, ret));
}
@@ -1759,12 +1756,12 @@ xmlSecMSCryptoX509CertDerRead(const xmlSecByte* buf, xmlSecSize size) {
cert = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, buf, size);
if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertCreateCertificateContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertCreateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
return(cert);
@@ -1781,52 +1778,52 @@ xmlSecMSCryptoX509CertBase64DerWrite(PCCERT_CONTEXT cert, int base64LineWrap) {
p = cert->pbCertEncoded;
size = cert->cbCertEncoded;
if((size <= 0) || (p == NULL)){
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "cert->pbCertEncoded",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cert->pbCertEncoded",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
res = xmlSecBase64Encode(p, size, base64LineWrap);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
return(res);
}
static PCCRL_CONTEXT
-xmlSecMSCryptoX509CrlBase64DerRead(xmlChar* buf,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+xmlSecMSCryptoX509CrlBase64DerRead(xmlChar* buf,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
int ret;
xmlSecAssert2(buf != NULL, NULL);
/* usual trick with base64 decoding "in-place" */
- ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
+ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Decode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
return(xmlSecMSCryptoX509CrlDerRead((xmlSecByte*)buf, ret, keyInfoCtx));
}
-static PCCRL_CONTEXT
+static PCCRL_CONTEXT
xmlSecMSCryptoX509CrlDerRead(xmlSecByte* buf, xmlSecSize size,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
PCCRL_CONTEXT crl = NULL;
xmlSecAssert2(buf != NULL, NULL);
@@ -1836,16 +1833,16 @@ xmlSecMSCryptoX509CrlDerRead(xmlSecByte* buf, xmlSecSize size,
crl = CertCreateCRLContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, buf, size);
if(crl == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertCreateCRLContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertCreateCRLContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
return(crl);
- }
+ }
static xmlChar*
xmlSecMSCryptoX509CrlBase64DerWrite(PCCRL_CONTEXT crl, int base64LineWrap) {
@@ -1858,31 +1855,31 @@ xmlSecMSCryptoX509CrlBase64DerWrite(PCCRL_CONTEXT crl, int base64LineWrap) {
p = crl->pbCrlEncoded;
size = crl->cbCrlEncoded;
if((size <= 0) || (p == NULL)){
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "crl->pbCrlEncoded",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "crl->pbCrlEncoded",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
res = xmlSecBase64Encode(p, size, base64LineWrap);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
return(res);
}
static xmlChar*
xmlSecMSCryptoX509NameWrite(PCERT_NAME_BLOB nm) {
+ LPTSTR resT = NULL;
xmlChar *res = NULL;
- char *str;
DWORD csz;
@@ -1890,59 +1887,47 @@ xmlSecMSCryptoX509NameWrite(PCERT_NAME_BLOB nm) {
xmlSecAssert2(nm->cbData > 0, NULL);
csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, NULL, 0);
- str = (char *)xmlMalloc(csz);
- if (NULL == str) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlMalloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return (NULL);
- }
-
- csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, str, csz);
- if (csz < 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertNameToStr",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(str);
- return(NULL);
- }
-
- /* aleksey: this is a hack, but mscrypto can not read E= flag and wants Email= instead.
- * don't ask me how is it possible not to read something you wrote yourself but also
- * see comment in the xmlSecMSCryptoX509FindCert function.
- */
- if(strncmp(str, "E=", 2) == 0) {
- res = xmlMalloc(strlen(str) + 13 + 1);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlMalloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d",
- strlen(str) + 13 + 1);
- xmlFree(str);
- return(NULL);
- }
-
- memcpy(res, "emailAddress=", 13);
- strcpy(res + 13, BAD_CAST (str + 2));
- } else {
- res = xmlStrdup(BAD_CAST str);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrdup",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(str);
- return(NULL);
- }
+ if(csz <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertNameToStr",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ resT = (LPTSTR)xmlMalloc(sizeof(TCHAR) * (csz + 1));
+ if (NULL == resT) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", sizeof(WCHAR) * (csz + 1));
+ return (NULL);
+ }
+
+ csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, resT, csz + 1);
+ if (csz <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertNameToStr",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(resT);
+ return(NULL);
+ }
+
+ res = xmlSecMSCryptoConvertTstrToUtf8(resT);
+ if (NULL == res) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoConvertTstrToUtf8",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(resT);
+ return(NULL);
}
- xmlFree(str);
+
return(res);
}
@@ -1958,40 +1943,40 @@ xmlSecMSCryptoASN1IntegerWrite(xmlNodePtr node, PCRYPT_INTEGER_BLOB num) {
ret = xmlSecBnInitialize(&bn, num->cbData + 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBnInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%ld", num->cbData + 1);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%ld", num->cbData + 1);
+ return(-1);
}
ret = xmlSecBnSetData(&bn, num->pbData, num->cbData);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBnSetData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBnFinalize(&bn);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBnFinalize(&bn);
+ return(-1);
}
- /* I have no clue why at a sudden a swap is needed to
- * convert from lsb... This code is purely based upon
+ /* I have no clue why at a sudden a swap is needed to
+ * convert from lsb... This code is purely based upon
* trial and error :( WK
*/
ret = xmlSecBnSetNodeValue(&bn, node, xmlSecBnDec, 1, 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBnSetNodeValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBnFinalize(&bn);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnSetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBnFinalize(&bn);
+ return(-1);
}
-
+
xmlSecBnFinalize(&bn);
return(0);
}
@@ -2008,142 +1993,168 @@ xmlSecMSCryptoX509SKIWrite(PCCERT_CONTEXT cert) {
/* First check if the SKI extension actually exists, otherwise we get a SHA1 hash o fthe key/cert */
pCertExt = CertFindExtension(szOID_SUBJECT_KEY_IDENTIFIER, cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension);
if (pCertExt == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertFindExtension",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return (NULL);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertFindExtension",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+ }
if (!CertGetCertificateContextProperty(cert, CERT_KEY_IDENTIFIER_PROP_ID, NULL, &dwSize) || dwSize < 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertGetCertificateContextProperty",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return (NULL);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertGetCertificateContextProperty",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+ }
bSKI = xmlMalloc(dwSize);
if (NULL == bSKI) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlMalloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return (NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
}
if (!CertGetCertificateContextProperty(cert, CERT_KEY_IDENTIFIER_PROP_ID, bSKI, &dwSize)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertGetCertificateContextProperty",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(bSKI);
- return (NULL);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertGetCertificateContextProperty",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(bSKI);
+ return (NULL);
+ }
if (NULL == bSKI) {
- return(NULL);
+ return(NULL);
}
res = xmlSecBase64Encode(bSKI, dwSize, 0);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(bSKI);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(bSKI);
+ return(NULL);
}
xmlFree(bSKI);
-
+
return(res);
}
-static void
+static void
xmlSecMSCryptoX509CertDebugDump(PCCERT_CONTEXT cert, FILE* output) {
PCRYPT_INTEGER_BLOB sn;
unsigned int i;
- LPSTR subject, issuer;
- DWORD dwSize;
-
+ xmlChar * subject = NULL;
+ xmlChar * issuer = NULL;
+
xmlSecAssert(cert != NULL);
xmlSecAssert(output != NULL);
- /* todo: add error checks */
- dwSize = CertGetNameString(cert, CERT_NAME_RDN_TYPE, 0, NULL, NULL, 0);
- subject = (LPSTR)xmlMalloc(dwSize);
- dwSize = CertGetNameString(cert, CERT_NAME_RDN_TYPE, 0, NULL, subject, dwSize);
- dwSize = CertGetNameString(cert, CERT_NAME_RDN_TYPE, CERT_NAME_ISSUER_FLAG, NULL, NULL, 0);
- issuer = (LPSTR)xmlMalloc(dwSize);
- dwSize = CertGetNameString(cert, CERT_NAME_RDN_TYPE, CERT_NAME_ISSUER_FLAG, NULL, issuer, dwSize);
-
fprintf(output, "=== X509 Certificate\n");
+
+ /* subject */
+ subject = xmlSecMSCryptoX509GetNameString(cert, CERT_NAME_RDN_TYPE, 0, NULL);
+ if(subject == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlSecMSCryptoX509GetNameString",
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "subject");
+ goto done;
+ }
fprintf(output, "==== Subject Name: %s\n", subject);
+
+ /* issuer */
+ issuer = xmlSecMSCryptoX509GetNameString(cert, CERT_NAME_RDN_TYPE, CERT_NAME_ISSUER_FLAG, NULL);
+ if(issuer == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlSecMSCryptoX509GetNameString",
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "issuer");
+ goto done;
+ }
fprintf(output, "==== Issuer Name: %s\n", issuer);
- if (subject) xmlFree(subject);
- if (issuer) xmlFree(issuer);
- sn = &(cert->pCertInfo->SerialNumber);
+ /* serial number */
+ sn = &(cert->pCertInfo->SerialNumber);
for (i = 0; i < sn->cbData; i++) {
- if (i != sn->cbData - 1) {
- fprintf(output, "%02x:", sn->pbData[i]);
- } else {
- fprintf(output, "%02x", sn->pbData[i]);
- }
+ if (i != sn->cbData - 1) {
+ fprintf(output, "%02x:", sn->pbData[i]);
+ } else {
+ fprintf(output, "%02x", sn->pbData[i]);
+ }
}
fprintf(output, "\n");
+
+done:
+ if (subject) xmlFree(subject);
+ if (issuer) xmlFree(issuer);
}
-static void
+static void
xmlSecMSCryptoX509CertDebugXmlDump(PCCERT_CONTEXT cert, FILE* output) {
PCRYPT_INTEGER_BLOB sn;
unsigned int i;
- LPSTR subject, issuer;
- DWORD dwSize;
+ xmlChar * subject = NULL;
+ xmlChar * issuer = NULL;
xmlSecAssert(cert != NULL);
xmlSecAssert(output != NULL);
- /* todo: add error checks */
-
/* subject */
- dwSize = CertGetNameString(cert, CERT_NAME_RDN_TYPE, 0, NULL, NULL, 0);
- subject = (LPSTR)xmlMalloc(dwSize);
- dwSize = CertGetNameString(cert, CERT_NAME_RDN_TYPE, 0, NULL, subject, dwSize);
-
+ subject = xmlSecMSCryptoX509GetNameString(cert, CERT_NAME_RDN_TYPE, 0, NULL);
+ if(subject == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlSecMSCryptoX509GetNameString",
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "subject");
+ goto done;
+ }
fprintf(output, "<SubjectName>");
xmlSecPrintXmlString(output, BAD_CAST subject);
fprintf(output, "</SubjectName>\n");
- xmlFree(subject);
-
-
- /* issuer */
- dwSize = CertGetNameString(cert, CERT_NAME_RDN_TYPE, CERT_NAME_ISSUER_FLAG, NULL, NULL, 0);
- issuer = (LPSTR)xmlMalloc(dwSize);
- dwSize = CertGetNameString(cert, CERT_NAME_RDN_TYPE, CERT_NAME_ISSUER_FLAG, NULL, issuer, dwSize);
+ /* issuer */
+ issuer = xmlSecMSCryptoX509GetNameString(cert, CERT_NAME_RDN_TYPE, CERT_NAME_ISSUER_FLAG, NULL);
+ if(issuer == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlSecMSCryptoX509GetNameString",
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "issuer");
+ goto done;
+ }
fprintf(output, "<IssuerName>");
xmlSecPrintXmlString(output, BAD_CAST issuer);
fprintf(output, "</IssuerName>\n");
- xmlFree(issuer);
-
+
/* serial */
fprintf(output, "<SerialNumber>");
sn = &(cert->pCertInfo->SerialNumber);
for (i = 0; i < sn->cbData; i++) {
- if (i != sn->cbData - 1) {
- fprintf(output, "%02x:", sn->pbData[i]);
- } else {
- fprintf(output, "%02x", sn->pbData[i]);
- }
+ if (i != sn->cbData - 1) {
+ fprintf(output, "%02x:", sn->pbData[i]);
+ } else {
+ fprintf(output, "%02x", sn->pbData[i]);
+ }
}
fprintf(output, "</SerialNumber>\n");
+
+done:
+ xmlFree(subject);
+ xmlFree(issuer);
}
@@ -2153,11 +2164,11 @@ xmlSecMSCryptoX509CertDebugXmlDump(PCCERT_CONTEXT cert, FILE* output) {
*
*
*************************************************************************/
-static int xmlSecMSCryptoKeyDataRawX509CertBinRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- const xmlSecByte* buf,
- xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoKeyDataRawX509CertBinRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRawX509CertKlass = {
sizeof(xmlSecKeyDataKlass),
@@ -2165,58 +2176,58 @@ static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRawX509CertKlass = {
/* data */
xmlSecNameRawX509Cert,
- xmlSecKeyDataUsageRetrievalMethodNodeBin,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefRawX509Cert, /* const xmlChar* href; */
- NULL, /* const xmlChar* dataNodeName; */
- xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageRetrievalMethodNodeBin,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefRawX509Cert, /* const xmlChar* href; */
+ NULL, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- NULL, /* xmlSecKeyDataInitializeMethod initialize; */
- NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
- NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
- NULL, /* xmlSecKeyDataGenerateMethod generate; */
+ NULL, /* xmlSecKeyDataInitializeMethod initialize; */
+ NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
/* get info */
- NULL, /* xmlSecKeyDataGetTypeMethod getType; */
- NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ NULL, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- xmlSecMSCryptoKeyDataRawX509CertBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
- NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecMSCryptoKeyDataRawX509CertBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecMSCryptoKeyDataRawX509CertGetKlass:
- *
+ *
* The raw X509 certificates key data klass.
*
* Returns: raw X509 certificates key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecMSCryptoKeyDataRawX509CertGetKlass(void) {
return(&xmlSecMSCryptoKeyDataRawX509CertKlass);
}
static int
xmlSecMSCryptoKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- const xmlSecByte* buf, xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data;
PCCERT_CONTEXT cert;
int ret;
-
+
xmlSecAssert2(id == xmlSecMSCryptoKeyDataRawX509CertId, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(buf != NULL, -1);
@@ -2225,44 +2236,44 @@ xmlSecMSCryptoKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
cert = xmlSecMSCryptoX509CertDerRead(buf, bufSize);
if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoX509CertDerRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoX509CertDerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
data = xmlSecKeyEnsureData(key, xmlSecMSCryptoKeyDataX509Id);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyEnsureData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CertFreeCertificateContext(cert);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext(cert);
+ return(-1);
}
ret = xmlSecMSCryptoKeyDataX509AdoptCert(data, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecMSCryptoKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CertFreeCertificateContext(cert);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext(cert);
+ return(-1);
}
ret = xmlSecMSCryptoKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecMSCryptoKeyDataX509VerifyAndExtractKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoKeyDataX509VerifyAndExtractKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
diff --git a/src/mscrypto/x509vfy.c b/src/mscrypto/x509vfy.c
index d854e7a0..cf317877 100644
--- a/src/mscrypto/x509vfy.c
+++ b/src/mscrypto/x509vfy.c
@@ -1,4 +1,4 @@
-/**
+/**
* XMLSec library
*
* X509 support
@@ -6,8 +6,8 @@
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
- * Copyrigth (C) 2003 Cordys R&D BV, All rights reserved.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
* Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -33,23 +33,20 @@
#include <xmlsec/mscrypto/crypto.h>
#include <xmlsec/mscrypto/x509.h>
-
-#if defined(__MINGW32__)
-# include "xmlsec-mingw.h"
-#endif
+#include "private.h"
/**************************************************************************
*
* Internal MSCRYPTO X509 store CTX
*
*************************************************************************/
-typedef struct _xmlSecMSCryptoX509StoreCtx xmlSecMSCryptoX509StoreCtx,
+typedef struct _xmlSecMSCryptoX509StoreCtx xmlSecMSCryptoX509StoreCtx,
*xmlSecMSCryptoX509StoreCtxPtr;
struct _xmlSecMSCryptoX509StoreCtx {
HCERTSTORE trusted;
HCERTSTORE untrusted;
int dont_use_system_trusted_certs;
-};
+};
/****************************************************************************
*
@@ -63,7 +60,7 @@ struct _xmlSecMSCryptoX509StoreCtx {
sizeof(xmlSecKeyDataStoreKlass)))
#define xmlSecMSCryptoX509StoreSize \
(sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecMSCryptoX509StoreCtx))
-
+
static int xmlSecMSCryptoX509StoreInitialize (xmlSecKeyDataStorePtr store);
static void xmlSecMSCryptoX509StoreFinalize (xmlSecKeyDataStorePtr store);
@@ -72,8 +69,8 @@ static xmlSecKeyDataStoreKlass xmlSecMSCryptoX509StoreKlass = {
xmlSecMSCryptoX509StoreSize,
/* data */
- xmlSecNameX509Store, /* const xmlChar* name; */
-
+ xmlSecNameX509Store, /* const xmlChar* name; */
+
/* constructors/destructor */
xmlSecMSCryptoX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */
xmlSecMSCryptoX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */
@@ -84,20 +81,20 @@ static xmlSecKeyDataStoreKlass xmlSecMSCryptoX509StoreKlass = {
};
static PCCERT_CONTEXT xmlSecMSCryptoX509FindCert(HCERTSTORE store,
- xmlChar *subjectName,
- xmlChar *issuerName,
- xmlChar *issuerSerial,
- xmlChar *ski);
+ const xmlChar *subjectName,
+ const xmlChar *issuerName,
+ const xmlChar *issuerSerial,
+ const xmlChar *ski);
-/**
+/**
* xmlSecMSCryptoX509StoreGetKlass:
- *
+ *
* The MSCrypto X509 certificates key data store klass.
*
* Returns: pointer to MSCrypto X509 certificates key data store klass.
*/
-xmlSecKeyDataStoreId
+xmlSecKeyDataStoreId
xmlSecMSCryptoX509StoreGetKlass(void) {
return(&xmlSecMSCryptoX509StoreKlass);
}
@@ -122,7 +119,7 @@ xmlSecMSCryptoX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectNam
xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) {
xmlSecMSCryptoX509StoreCtxPtr ctx;
PCCERT_CONTEXT pCert = NULL;
-
+
xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
@@ -143,7 +140,7 @@ xmlSecMSCryptoX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectNam
}
-static void
+static void
xmlSecMSCryptoUnixTimeToFileTime(time_t t, LPFILETIME pft) {
/* Note that LONGLONG is a 64-bit value */
LONGLONG ll;
@@ -171,7 +168,7 @@ xmlSecMSCrypoVerifyCertTime(PCCERT_CONTEXT pCert, LPFILETIME pft) {
if(-1 == CompareFileTime(&(pCert->pCertInfo->NotAfter), pft)) {
return (FALSE);
}
-
+
return (TRUE);
}
@@ -182,7 +179,7 @@ xmlSecMSCryptoCheckRevocation(HCERTSTORE hStore, PCCERT_CONTEXT pCert) {
xmlSecAssert2(pCert != NULL, FALSE);
xmlSecAssert2(hStore != NULL, FALSE);
-
+
while((pCrl = CertEnumCRLsInStore(hStore, pCrl)) != NULL) {
if (CertFindCertificateInCRL(pCert, pCrl, 0, NULL, &pCrlEntry) && (pCrlEntry != NULL)) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -199,7 +196,7 @@ xmlSecMSCryptoCheckRevocation(HCERTSTORE hStore, PCCERT_CONTEXT pCert) {
static void
xmlSecMSCryptoX509StoreCertError(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cert, DWORD flags) {
- LPSTR subject;
+ xmlChar * subject = NULL;
DWORD dwSize;
xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId));
@@ -207,20 +204,15 @@ xmlSecMSCryptoX509StoreCertError(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cer
xmlSecAssert(flags != 0);
/* get certs subject */
- dwSize = CertGetNameString(cert, CERT_NAME_RDN_TYPE, 0, NULL, NULL, 0);
- subject = xmlMalloc(dwSize + 1);
+ subject = xmlSecMSCryptoX509GetNameString(cert, CERT_NAME_RDN_TYPE, 0, NULL);
if(subject == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlSecMSCryptoX509GetNameString",
NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return;
}
- memset(subject, 0, dwSize + 1);
- if(dwSize > 0) {
- CertGetNameString(cert, CERT_NAME_RDN_TYPE, 0, NULL, subject, dwSize);
- }
/* print error */
if (flags & CERT_STORE_SIGNATURE_FLAG) {
@@ -256,6 +248,7 @@ xmlSecMSCryptoX509StoreCertError(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cer
XMLSEC_ERRORS_R_CERT_VERIFY_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
}
+
xmlFree(subject);
}
@@ -265,99 +258,99 @@ xmlSecMSCryptoX509StoreCertError(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cer
* @pfTime: pointer to FILETIME that we are interested in
* @store_untrusted: untrusted certificates added via API
* @store_doc: untrusted certificates/CRLs extracted from a document
- *
+ *
* Builds certificates chain using Windows API.
- *
+ *
* Returns: TRUE on success or FALSE otherwise.
*/
-static BOOL
+static BOOL
xmlSecBuildChainUsingWinapi (PCCERT_CONTEXT cert, LPFILETIME pfTime,
- HCERTSTORE store_untrusted, HCERTSTORE store_doc)
+ HCERTSTORE store_untrusted, HCERTSTORE store_doc)
{
- PCCERT_CHAIN_CONTEXT pChainContext = NULL;
- CERT_CHAIN_PARA chainPara;
- BOOL rc = FALSE;
- HCERTSTORE store_add = NULL;
+ PCCERT_CHAIN_CONTEXT pChainContext = NULL;
+ CERT_CHAIN_PARA chainPara;
+ BOOL rc = FALSE;
+ HCERTSTORE store_add = NULL;
/* Initialize data structures. */
- memset(&chainPara, 0, sizeof(CERT_CHAIN_PARA));
- chainPara.cbSize = sizeof(CERT_CHAIN_PARA);
-
- /* Create additional store for CertGetCertificateChain() */
- store_add = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0, 0, NULL);
- if (!store_add) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- "chain additional collection store",
- "CertOpenStore",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto end;
- }
- if (!CertAddStoreToCollection(store_add, store_doc, 0, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- "adding document store",
- "CertAddStoreToCollection",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto end;
- }
- if (!CertAddStoreToCollection(store_add, store_untrusted, 0, 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- "adding untrusted store",
- "CertAddStoreToCollection",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto end;
- }
+ memset(&chainPara, 0, sizeof(CERT_CHAIN_PARA));
+ chainPara.cbSize = sizeof(CERT_CHAIN_PARA);
+
+ /* Create additional store for CertGetCertificateChain() */
+ store_add = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0, 0, NULL);
+ if (!store_add) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "chain additional collection store",
+ "CertOpenStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto end;
+ }
+ if (!CertAddStoreToCollection(store_add, store_doc, 0, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "adding document store",
+ "CertAddStoreToCollection",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto end;
+ }
+ if (!CertAddStoreToCollection(store_add, store_untrusted, 0, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "adding untrusted store",
+ "CertAddStoreToCollection",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto end;
+ }
/* Build a chain using CertGetCertificateChain
and the certificate retrieved. */
if(!CertGetCertificateChain(
NULL, /* use the default chain engine */
- cert,
+ cert,
pfTime,
- store_add,
- &chainPara,
- CERT_CHAIN_REVOCATION_CHECK_CHAIN,
+ store_add,
+ &chainPara,
+ CERT_CHAIN_REVOCATION_CHECK_CHAIN,
NULL,
&pChainContext))
{
xmlSecError(XMLSEC_ERRORS_HERE,
- "building certificate chain, checking root",
- "CertGetCertificateChain",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto end;
- }
- if (pChainContext->TrustStatus.dwErrorStatus == CERT_TRUST_REVOCATION_STATUS_UNKNOWN) {
- CertFreeCertificateChain(pChainContext); pChainContext = NULL;
- if(!CertGetCertificateChain(
- NULL, /* use the default chain engine */
- cert,
- pfTime,
- store_add,
- &chainPara,
- CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT,
+ "building certificate chain, checking root",
+ "CertGetCertificateChain",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto end;
+ }
+ if (pChainContext->TrustStatus.dwErrorStatus == CERT_TRUST_REVOCATION_STATUS_UNKNOWN) {
+ CertFreeCertificateChain(pChainContext); pChainContext = NULL;
+ if(!CertGetCertificateChain(
+ NULL, /* use the default chain engine */
+ cert,
+ pfTime,
+ store_add,
+ &chainPara,
+ CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT,
NULL,
- &pChainContext))
- {
- xmlSecError(XMLSEC_ERRORS_HERE,
- "building certificate chain, excluding root",
- "CertGetCertificateChain",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ &pChainContext))
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "building certificate chain, excluding root",
+ "CertGetCertificateChain",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
- goto end;
- }
+ goto end;
+ }
}
- if (pChainContext->TrustStatus.dwErrorStatus == CERT_TRUST_NO_ERROR)
- rc = TRUE;
+ if (pChainContext->TrustStatus.dwErrorStatus == CERT_TRUST_NO_ERROR)
+ rc = TRUE;
end:
- if (pChainContext) CertFreeCertificateChain(pChainContext);
- if (store_add) CertCloseStore(store_add, 0);
- return (rc);
+ if (pChainContext) CertFreeCertificateChain(pChainContext);
+ if (store_add) CertCloseStore(store_add, 0);
+ return (rc);
}
/**
@@ -368,15 +361,15 @@ end:
* @store_untrusted: untrusted certificates added via API
* @certs: untrusted certificates/CRLs extracted from a document
* @store: pointer to store klass passed to error functions
- *
+ *
* Builds certificates chain manually.
- *
+ *
* Returns: TRUE on success or FALSE otherwise.
*/
static BOOL
xmlSecMSCryptoBuildCertChainManually (PCCERT_CONTEXT cert, LPFILETIME pfTime,
- HCERTSTORE store_trusted, HCERTSTORE store_untrusted, HCERTSTORE certs,
- xmlSecKeyDataStorePtr store) {
+ HCERTSTORE store_trusted, HCERTSTORE store_untrusted, HCERTSTORE certs,
+ xmlSecKeyDataStorePtr store) {
PCCERT_CONTEXT issuerCert = NULL;
DWORD flags;
@@ -393,7 +386,7 @@ xmlSecMSCryptoBuildCertChainManually (PCCERT_CONTEXT cert, LPFILETIME pfTime,
* Try to find the cert in the trusted cert store. We will trust
* the certificate in the trusted store.
*/
- issuerCert = CertFindCertificateInStore(store_trusted,
+ issuerCert = CertFindCertificateInStore(store_trusted,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_FIND_SUBJECT_NAME,
@@ -401,7 +394,7 @@ xmlSecMSCryptoBuildCertChainManually (PCCERT_CONTEXT cert, LPFILETIME pfTime,
NULL);
if( issuerCert != NULL) {
/* We have found the trusted cert, so return true */
- /* todo: do we want to verify the trusted cert's revocation? we must, I think */
+ /* todo: do we want to verify the trusted cert's revocation? we must, I think */
CertFreeCertificateContext( issuerCert ) ;
return( TRUE ) ;
}
@@ -412,7 +405,7 @@ xmlSecMSCryptoBuildCertChainManually (PCCERT_CONTEXT cert, LPFILETIME pfTime,
}
/* try to find issuer cert in the trusted cert in the store */
- issuerCert = CertFindCertificateInStore(store_trusted,
+ issuerCert = CertFindCertificateInStore(store_trusted,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_FIND_SUBJECT_NAME,
@@ -425,14 +418,14 @@ xmlSecMSCryptoBuildCertChainManually (PCCERT_CONTEXT cert, LPFILETIME pfTime,
CertFreeCertificateContext(issuerCert);
return(FALSE);
}
- /* todo: do we want to verify the trusted cert? we must check
- * revocation, I think */
+ /* todo: do we want to verify the trusted cert? we must check
+ * revocation, I think */
CertFreeCertificateContext(issuerCert);
return(TRUE);
}
/* try the untrusted certs in the chain */
- issuerCert = CertFindCertificateInStore(certs,
+ issuerCert = CertFindCertificateInStore(certs,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_FIND_SUBJECT_NAME,
@@ -445,7 +438,7 @@ xmlSecMSCryptoBuildCertChainManually (PCCERT_CONTEXT cert, LPFILETIME pfTime,
CertFreeCertificateContext(issuerCert);
return(FALSE);
}
- if(!xmlSecMSCryptoBuildCertChainManually(issuerCert, pfTime, store_trusted, store_untrusted, certs, store)) {
+ if(!xmlSecMSCryptoBuildCertChainManually(issuerCert, pfTime, store_trusted, store_untrusted, certs, store)) {
xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
CertFreeCertificateContext(issuerCert);
return(FALSE);
@@ -455,7 +448,7 @@ xmlSecMSCryptoBuildCertChainManually (PCCERT_CONTEXT cert, LPFILETIME pfTime,
}
/* try the untrusted certs in the store */
- issuerCert = CertFindCertificateInStore(store_untrusted,
+ issuerCert = CertFindCertificateInStore(store_untrusted,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_FIND_SUBJECT_NAME,
@@ -468,7 +461,7 @@ xmlSecMSCryptoBuildCertChainManually (PCCERT_CONTEXT cert, LPFILETIME pfTime,
CertFreeCertificateContext(issuerCert);
return(FALSE);
}
- if(!xmlSecMSCryptoBuildCertChainManually(issuerCert, pfTime, store_trusted, store_untrusted, certs, store)) {
+ if(!xmlSecMSCryptoBuildCertChainManually(issuerCert, pfTime, store_trusted, store_untrusted, certs, store)) {
CertFreeCertificateContext(issuerCert);
return(FALSE);
}
@@ -480,13 +473,13 @@ xmlSecMSCryptoBuildCertChainManually (PCCERT_CONTEXT cert, LPFILETIME pfTime,
}
static BOOL
-xmlSecMSCryptoX509StoreConstructCertsChain(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cert, HCERTSTORE certs,
- xmlSecKeyInfoCtx* keyInfoCtx) {
+xmlSecMSCryptoX509StoreConstructCertsChain(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cert, HCERTSTORE certs,
+ xmlSecKeyInfoCtx* keyInfoCtx) {
xmlSecMSCryptoX509StoreCtxPtr ctx;
PCCERT_CONTEXT tempCert = NULL;
FILETIME fTime;
BOOL res = FALSE;
-
+
xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE);
xmlSecAssert2(cert != NULL, FALSE);
xmlSecAssert2(cert->pCertInfo != NULL, FALSE);
@@ -499,26 +492,26 @@ xmlSecMSCryptoX509StoreConstructCertsChain(xmlSecKeyDataStorePtr store, PCCERT_C
xmlSecAssert2(ctx->untrusted != NULL, FALSE);
if(keyInfoCtx->certsVerificationTime > 0) {
- /* convert the time to FILETIME */
- xmlSecMSCryptoUnixTimeToFileTime(keyInfoCtx->certsVerificationTime, &fTime);
+ /* convert the time to FILETIME */
+ xmlSecMSCryptoUnixTimeToFileTime(keyInfoCtx->certsVerificationTime, &fTime);
} else {
- /* Defaults to current time */
- GetSystemTimeAsFileTime(&fTime);
+ /* Defaults to current time */
+ GetSystemTimeAsFileTime(&fTime);
}
/* try the certificates in the keys manager */
if(!res) {
- tempCert = CertEnumCertificatesInStore(ctx->trusted, NULL);
- if(tempCert) {
- CertFreeCertificateContext(tempCert);
+ tempCert = CertEnumCertificatesInStore(ctx->trusted, NULL);
+ if(tempCert) {
+ CertFreeCertificateContext(tempCert);
res = xmlSecMSCryptoBuildCertChainManually(cert, &fTime, ctx->trusted, ctx->untrusted, certs, store);
}
}
/* try the certificates in the system */
if(!res && !ctx->dont_use_system_trusted_certs) {
- res = xmlSecBuildChainUsingWinapi(cert, &fTime, ctx->untrusted, certs);
- }
+ res = xmlSecBuildChainUsingWinapi(cert, &fTime, ctx->untrusted, certs);
+ }
/* done */
return res;
@@ -533,7 +526,7 @@ xmlSecMSCryptoX509StoreConstructCertsChain(xmlSecKeyDataStorePtr store, PCCERT_C
* Verifies @certs list.
*
* Returns: pointer to the first verified certificate from @certs.
- */
+ */
PCCERT_CONTEXT
xmlSecMSCryptoX509StoreVerify(xmlSecKeyDataStorePtr store, HCERTSTORE certs,
xmlSecKeyInfoCtx* keyInfoCtx) {
@@ -546,10 +539,10 @@ xmlSecMSCryptoX509StoreVerify(xmlSecKeyDataStorePtr store, HCERTSTORE certs,
while((cert = CertEnumCertificatesInStore(certs, cert)) != NULL){
PCCERT_CONTEXT nextCert = NULL;
unsigned char selected = 1;
-
+
xmlSecAssert2(cert->pCertInfo != NULL, NULL);
- /* if cert is the issuer of any other cert in the list, then it is
+ /* if cert is the issuer of any other cert in the list, then it is
* to be skipped except a case of a celf-signed cert*/
do {
nextCert = CertFindCertificateInStore(certs,
@@ -558,13 +551,13 @@ xmlSecMSCryptoX509StoreVerify(xmlSecKeyDataStorePtr store, HCERTSTORE certs,
CERT_FIND_ISSUER_NAME,
&(cert->pCertInfo->Subject),
nextCert);
- if((nextCert != NULL) && !CertCompareCertificateName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ if((nextCert != NULL) && !CertCompareCertificateName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
&(nextCert->pCertInfo->Subject), &(nextCert->pCertInfo->Issuer))) {
selected = 0;
- }
+ }
} while((selected == 1) && (nextCert != NULL));
if(nextCert != NULL) {
- CertFreeCertificateContext(nextCert);
+ CertFreeCertificateContext(nextCert);
}
if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) {
@@ -611,8 +604,8 @@ xmlSecMSCryptoX509StoreAdoptCert(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT pCe
return(-1);
}
- /* TODO: The context to be added here is not duplicated first,
- * hopefully this will not lead to errors when closing teh store
+ /* TODO: The context to be added here is not duplicated first,
+ * hopefully this will not lead to errors when closing teh store
* and freeing the mem for all the context in the store.
*/
xmlSecAssert2(certStore != NULL, -1);
@@ -629,8 +622,8 @@ xmlSecMSCryptoX509StoreAdoptCert(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT pCe
}
-/**
- * xmlSecMSCryptoX509StoreAdoptKeyStore:
+/**
+ * xmlSecMSCryptoX509StoreAdoptKeyStore:
* @store: the pointer to X509 key data store klass.
* @keyStore: the pointer to keys store.
*
@@ -638,7 +631,7 @@ xmlSecMSCryptoX509StoreAdoptCert(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT pCe
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecMSCryptoX509StoreAdoptKeyStore (xmlSecKeyDataStorePtr store, HCERTSTORE keyStore) {
xmlSecMSCryptoX509StoreCtxPtr ctx;
@@ -661,8 +654,8 @@ xmlSecMSCryptoX509StoreAdoptKeyStore (xmlSecKeyDataStorePtr store, HCERTSTORE ke
return(0);
}
-/**
- * xmlSecMSCryptoX509StoreAdoptTrustedStore:
+/**
+ * xmlSecMSCryptoX509StoreAdoptTrustedStore:
* @store: the pointer to X509 key data store klass.
* @trustedStore: the pointer to certs store.
*
@@ -693,8 +686,8 @@ xmlSecMSCryptoX509StoreAdoptTrustedStore (xmlSecKeyDataStorePtr store, HCERTSTOR
return(0);
}
-/**
- * xmlSecMSCryptoX509StoreAdoptUntrustedStore:
+/**
+ * xmlSecMSCryptoX509StoreAdoptUntrustedStore:
* @store: the pointer to X509 key data store klass.
* @untrustedStore: the pointer to certs store.
*
@@ -725,8 +718,8 @@ xmlSecMSCryptoX509StoreAdoptUntrustedStore (xmlSecKeyDataStorePtr store, HCERTST
return(0);
}
-/**
- * xmlSecMSCryptoX509StoreEnableSystemTrustedCerts:
+/**
+ * xmlSecMSCryptoX509StoreEnableSystemTrustedCerts:
* @store: the pointer to X509 key data store klass.
* @val: the enable/disable flag
*
@@ -735,13 +728,13 @@ xmlSecMSCryptoX509StoreAdoptUntrustedStore (xmlSecKeyDataStorePtr store, HCERTST
void
xmlSecMSCryptoX509StoreEnableSystemTrustedCerts (xmlSecKeyDataStorePtr store, int val) {
xmlSecMSCryptoX509StoreCtxPtr ctx;
-
+
xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId));
-
+
ctx = xmlSecMSCryptoX509StoreGetCtx(store);
xmlSecAssert(ctx != NULL);
xmlSecAssert(ctx->untrusted != NULL);
-
+
/* it is other way around to make default value 0 mimic old behaiviour */
ctx->dont_use_system_trusted_certs = !val;
}
@@ -857,7 +850,7 @@ xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) {
}
CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
- return(0);
+ return(0);
}
static void
@@ -884,77 +877,357 @@ xmlSecMSCryptoX509StoreFinalize(xmlSecKeyDataStorePtr store) {
* Low-level x509 functions
*
*****************************************************************************/
-static PCCERT_CONTEXT
-xmlSecMSCryptoX509FindCert(HCERTSTORE store, xmlChar *subjectName, xmlChar *issuerName,
- xmlChar *issuerSerial, xmlChar *ski) {
- PCCERT_CONTEXT pCert = NULL;
- int ret;
+/**
+ * xmlSecMSCryptoCertStrToName:
+ * @dwCertEncodingType: the encoding used.
+ * @pszX500: the string to convert.
+ * @dwStrType: the string type.
+ * @len: the result len.
+ *
+ * Converts input string to name by calling @CertStrToName function.
+ *
+ * Returns: a pointer to newly allocated string or NULL if an error occurs.
+ */
+static BYTE*
+xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPTSTR pszX500, DWORD dwStrType, DWORD* len) {
+ BYTE* str = NULL;
+ LPCTSTR ppszError = NULL;
+
+ xmlSecAssert2(pszX500 != NULL, NULL);
+ xmlSecAssert2(len != NULL, NULL);
+
+ if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType,
+ NULL, NULL, len, &ppszError)) {
+ /* this might not be an error, string might just not exist */
+ DWORD dw = GetLastError();
+ return(NULL);
+ }
- xmlSecAssert2(store != 0, NULL);
+ str = (BYTE *)xmlMalloc(sizeof(TCHAR) * ((*len) + 1));
+ if(str == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "len=%ld", (*len));
+ return(NULL);
+ }
+ memset(str, 0, (*len) + 1);
- if((pCert == NULL) && (NULL != subjectName)) {
- CERT_NAME_BLOB cnb;
- BYTE *cName;
- DWORD cNameLen;
-
- cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- subjectName,
- CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
- &cNameLen);
- if(cName == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoCertStrToName",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return (NULL);
+ if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType,
+ NULL, str, len, NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertStrToName",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(str);
+ return(NULL);
+ }
+
+ return(str);
+}
+
+
+/**
+ * xmlSecMSCryptoX509FindCertBySubject:
+ * @store: the pointer to certs store
+ * @wcSubject: the cert subject (Unicode)
+ * @dwCertEncodingType: the cert encoding type
+ *
+ * Searches for a cert with given @subject in the @store
+ *
+ * Returns: cert handle on success or NULL otherwise
+ */
+PCCERT_CONTEXT
+xmlSecMSCryptoX509FindCertBySubject(HCERTSTORE store, const LPTSTR wcSubject, DWORD dwCertEncodingType) {
+ PCCERT_CONTEXT res = NULL;
+ CERT_NAME_BLOB cnb;
+ BYTE* bdata;
+ DWORD len;
+
+ xmlSecAssert2(store != NULL, NULL);
+ xmlSecAssert2(wcSubject != NULL, NULL);
+
+ /* CASE 1: UTF8, DN */
+ if (NULL == res) {
+ bdata = xmlSecMSCryptoCertStrToName(dwCertEncodingType,
+ wcSubject,
+ CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR,
+ &len);
+ if(bdata != NULL) {
+ cnb.cbData = len;
+ cnb.pbData = bdata;
+
+ res = CertFindCertificateInStore(store,
+ dwCertEncodingType,
+ 0,
+ CERT_FIND_SUBJECT_NAME,
+ &cnb,
+ NULL);
+ xmlFree(bdata);
}
- cnb.pbData = cName;
- cnb.cbData = cNameLen;
- pCert = CertFindCertificateInStore(store,
- PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
+ }
+
+ /* CASE 2: UTF8, REVERSE DN */
+ if (NULL == res) {
+ bdata = xmlSecMSCryptoCertStrToName(dwCertEncodingType,
+ wcSubject,
+ CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
+ &len);
+ if(bdata != NULL) {
+ cnb.cbData = len;
+ cnb.pbData = bdata;
+
+ res = CertFindCertificateInStore(store,
+ dwCertEncodingType,
0,
CERT_FIND_SUBJECT_NAME,
&cnb,
NULL);
- xmlFree(cName);
+ xmlFree(bdata);
+ }
}
- if((pCert == NULL) && (NULL != issuerName) && (NULL != issuerSerial)) {
- xmlSecBn issuerSerialBn;
- xmlChar * p;
- CERT_INFO certInfo;
- CERT_NAME_BLOB cnb;
- BYTE *cName = NULL;
- DWORD cNameLen = 0;
-
- /* aleksey: for some unknown to me reasons, mscrypto wants Email
- * instead of emailAddress. This code is not bullet proof and may
- * produce incorrect results if someone has "emailAddress=" string
- * in one of the fields, but it is best I can suggest to fix this problem.
- * Also see xmlSecMSCryptoX509NameWrite function.
- */
- while( (p = (xmlChar*)xmlStrstr(issuerName, BAD_CAST "emailAddress=")) != NULL) {
- memcpy(p, " Email=", 13);
+ /* CASE 3: UNICODE, DN */
+ if (NULL == res) {
+ bdata = xmlSecMSCryptoCertStrToName(dwCertEncodingType,
+ wcSubject,
+ CERT_OID_NAME_STR,
+ &len);
+ if(bdata != NULL) {
+ cnb.cbData = len;
+ cnb.pbData = bdata;
+
+ res = CertFindCertificateInStore(store,
+ dwCertEncodingType,
+ 0,
+ CERT_FIND_SUBJECT_NAME,
+ &cnb,
+ NULL);
+ xmlFree(bdata);
}
+ }
+ /* CASE 4: UNICODE, REVERSE DN */
+ if (NULL == res) {
+ bdata = xmlSecMSCryptoCertStrToName(dwCertEncodingType,
+ wcSubject,
+ CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
+ &len);
+ if(bdata != NULL) {
+ cnb.cbData = len;
+ cnb.pbData = bdata;
+
+ res = CertFindCertificateInStore(store,
+ dwCertEncodingType,
+ 0,
+ CERT_FIND_SUBJECT_NAME,
+ &cnb,
+ NULL);
+ xmlFree(bdata);
+ }
+ }
- /* get issuer name */
- cName = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- issuerName,
- CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
- &cNameLen);
- if(cName == NULL) {
+ /* done */
+ return (res);
+}
+
+/**
+ * xmlSecMSCryptoX509FindCertByIssuer:
+ * @store: the pointer to certs store
+ * @wcIssuer: the cert issuer (Unicode)
+ * @issuerSerialBn: the cert issuer serial
+ * @dwCertEncodingType: the cert encoding type
+ *
+ * Searches for a cert with given @subject in the @store
+ *
+ * Returns: cert handle on success or NULL otherwise
+ */
+static PCCERT_CONTEXT
+xmlSecMSCryptoX509FindCertByIssuer(HCERTSTORE store, const LPTSTR wcIssuer,
+ xmlSecBnPtr issuerSerialBn, DWORD dwCertEncodingType) {
+
+ PCCERT_CONTEXT res = NULL;
+ CERT_INFO certInfo;
+ BYTE* bdata;
+ DWORD len;
+
+
+ xmlSecAssert2(store != NULL, NULL);
+ xmlSecAssert2(wcIssuer != NULL, NULL);
+ xmlSecAssert2(issuerSerialBn != NULL, NULL);
+
+ certInfo.SerialNumber.cbData = xmlSecBnGetSize(issuerSerialBn);
+ certInfo.SerialNumber.pbData = xmlSecBnGetData(issuerSerialBn);
+
+
+ /* CASE 1: UTF8, DN */
+ if (NULL == res) {
+ bdata = xmlSecMSCryptoCertStrToName(dwCertEncodingType,
+ wcIssuer,
+ CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR,
+ &len);
+ if(bdata != NULL) {
+ certInfo.Issuer.cbData = len;
+ certInfo.Issuer.pbData = bdata;
+
+ res = CertFindCertificateInStore(store,
+ dwCertEncodingType,
+ 0,
+ CERT_FIND_SUBJECT_CERT,
+ &certInfo,
+ NULL);
+ xmlFree(bdata);
+ }
+ }
+
+ /* CASE 2: UTF8, REVERSE DN */
+ if (NULL == res) {
+ bdata = xmlSecMSCryptoCertStrToName(dwCertEncodingType,
+ wcIssuer,
+ CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
+ &len);
+ if(bdata != NULL) {
+ certInfo.Issuer.cbData = len;
+ certInfo.Issuer.pbData = bdata;
+
+ res = CertFindCertificateInStore(store,
+ dwCertEncodingType,
+ 0,
+ CERT_FIND_SUBJECT_CERT,
+ &certInfo,
+ NULL);
+ xmlFree(bdata);
+ }
+ }
+
+ /* CASE 3: UNICODE, DN */
+ if (NULL == res) {
+ bdata = xmlSecMSCryptoCertStrToName(dwCertEncodingType,
+ wcIssuer,
+ CERT_OID_NAME_STR,
+ &len);
+ if(bdata != NULL) {
+ certInfo.Issuer.cbData = len;
+ certInfo.Issuer.pbData = bdata;
+
+ res = CertFindCertificateInStore(store,
+ dwCertEncodingType,
+ 0,
+ CERT_FIND_SUBJECT_CERT,
+ &certInfo,
+ NULL);
+ xmlFree(bdata);
+ }
+ }
+
+ /* CASE 4: UNICODE, REVERSE DN */
+ if (NULL == res) {
+ bdata = xmlSecMSCryptoCertStrToName(dwCertEncodingType,
+ wcIssuer,
+ CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
+ &len);
+ if(bdata != NULL) {
+ certInfo.Issuer.cbData = len;
+ certInfo.Issuer.pbData = bdata;
+
+ res = CertFindCertificateInStore(store,
+ dwCertEncodingType,
+ 0,
+ CERT_FIND_SUBJECT_CERT,
+ &certInfo,
+ NULL);
+ xmlFree(bdata);
+ }
+ }
+
+
+ /* done */
+ return (res);
+}
+
+static LPTSTR
+xmlSecMSCryptoX509GetCertName(const xmlChar * name) {
+ xmlChar *name2 = NULL;
+ xmlChar *p = NULL;
+ LPTSTR res = NULL;
+
+ xmlSecAssert2(name != 0, NULL);
+
+ /* MSCrypto doesn't support "emailAddress" attribute (see NSS as well).
+ * This code is not bullet proof and may produce incorrect results if someone has
+ * "emailAddress=" string in one of the fields, but it is best I can suggest to fix
+ * this problem.
+ */
+ name2 = xmlStrdup(name);
+ if(name2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "xmlStrlen(name)=%d",
+ xmlStrlen(name));
+ return(NULL);
+ }
+ while( (p = (xmlChar*)xmlStrstr(name2, BAD_CAST "emailAddress=")) != NULL) {
+ memcpy(p, " E=", 13);
+ }
+
+ /* get name */
+ res = xmlSecMSCryptoConvertUtf8ToTstr(name2);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoConvertUtf8ToTstr",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ /* done */
+ return(res);
+}
+
+static PCCERT_CONTEXT
+xmlSecMSCryptoX509FindCert(HCERTSTORE store,
+ const xmlChar *subjectName,
+ const xmlChar *issuerName,
+ const xmlChar *issuerSerial,
+ const xmlChar *ski) {
+ PCCERT_CONTEXT pCert = NULL;
+ int ret;
+
+ xmlSecAssert2(store != 0, NULL);
+
+ if((pCert == NULL) && (NULL != subjectName)) {
+ LPTSTR wcSubjectName = NULL;
+
+ /* get unicode subject name */
+ wcSubjectName = xmlSecMSCryptoX509GetCertName(subjectName);
+ if(wcSubjectName == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoCertStrToName",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return (NULL);
+ NULL,
+ "xmlSecMSCryptoX509GetCertName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "wcSubjectName");
+ return(NULL);
}
- cnb.pbData = cName;
- cnb.cbData = cNameLen;
+
+ /* search */
+ pCert = xmlSecMSCryptoX509FindCertBySubject(store,
+ wcSubjectName,
+ PKCS_7_ASN_ENCODING | X509_ASN_ENCODING);
+
+
+ /* cleanup */
+ xmlFree(wcSubjectName);
+ }
+
+ if((pCert == NULL) && (NULL != issuerName) && (NULL != issuerSerial)) {
+ xmlSecBn issuerSerialBn;
+ LPTSTR wcIssuerName = NULL;
/* get serial number */
ret = xmlSecBnInitialize(&issuerSerialBn, 0);
@@ -964,7 +1237,6 @@ xmlSecMSCryptoX509FindCert(HCERTSTORE store, xmlChar *subjectName, xmlChar *issu
"xmlSecBnInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(cName);
return(NULL);
}
@@ -976,12 +1248,11 @@ xmlSecMSCryptoX509FindCert(HCERTSTORE store, xmlChar *subjectName, xmlChar *issu
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecBnFinalize(&issuerSerialBn);
- xmlFree(cName);
return(NULL);
}
- /* I have no clue why at a sudden a swap is needed to
- * convert from lsb... This code is purely based upon
+ /* I have no clue why at a sudden a swap is needed to
+ * convert from lsb... This code is purely based upon
* trial and error :( WK
*/
ret = xmlSecBnReverse(&issuerSerialBn);
@@ -992,25 +1263,30 @@ xmlSecMSCryptoX509FindCert(HCERTSTORE store, xmlChar *subjectName, xmlChar *issu
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecBnFinalize(&issuerSerialBn);
- xmlFree(cName);
return(NULL);
}
- certInfo.Issuer.cbData = cnb.cbData ;
- certInfo.Issuer.pbData = cnb.pbData ;
- certInfo.SerialNumber.cbData = xmlSecBnGetSize( &issuerSerialBn ) ;
- certInfo.SerialNumber.pbData = xmlSecBnGetData( &issuerSerialBn ) ;
+ /* get issuer name */
+ wcIssuerName = xmlSecMSCryptoX509GetCertName(issuerName);
+ if(wcIssuerName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoX509GetCertName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "wcIssuerName");
+ xmlSecBnFinalize(&issuerSerialBn);
+ return(NULL);
+ }
+
+ /* search */
+ pCert = xmlSecMSCryptoX509FindCertByIssuer(store,
+ wcIssuerName,
+ &issuerSerialBn,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING);
- pCert = CertFindCertificateInStore(
- store,
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- 0,
- CERT_FIND_SUBJECT_CERT,
- &certInfo,
- NULL
- ) ;
+ xmlFree(wcIssuerName);
- xmlFree(cName);
+ /* cleanup */
xmlSecBnFinalize(&issuerSerialBn);
}
@@ -1044,7 +1320,7 @@ xmlSecMSCryptoX509FindCert(HCERTSTORE store, xmlChar *subjectName, xmlChar *issu
blob.pbData = binSki;
blob.cbData = binSkiLen;
- pCert = CertFindCertificateInStore(store,
+ pCert = CertFindCertificateInStore(store,
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
0,
CERT_FIND_KEY_IDENTIFIER,
@@ -1053,10 +1329,78 @@ xmlSecMSCryptoX509FindCert(HCERTSTORE store, xmlChar *subjectName, xmlChar *issu
xmlFree(binSki);
}
- return(pCert);
+ return(pCert);
}
+/**
+ * xmlSecMSCryptoX509GetNameString:
+ * @pCertContext: the pointer to cert
+ * @dwType: the type (see CertGetNameString description in MSDN)
+ * @dwFlags: the flags (see CertGetNameString description in MSDN)
+ * @pvTypePara: the type parameter (see CertGetNameString description in MSDN)
+ *
+ * Gets the name string for certificate (see CertGetNameString description in MSDN).
+ *
+ * Returns: name string (should be freed with xmlFree) or NULL if failed.
+ */
+xmlChar *
+xmlSecMSCryptoX509GetNameString(PCCERT_CONTEXT pCertContext, DWORD dwType, DWORD dwFlags, void *pvTypePara) {
+ LPTSTR name = NULL;
+ xmlChar * res = NULL;
+ DWORD dwSize;
+
+ xmlSecAssert2(pCertContext != NULL, NULL);
+
+ /* get size first */
+ dwSize = CertGetNameString(pCertContext, dwType, dwFlags, pvTypePara, NULL, 0);
+ if(dwSize <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "CertGetNameString",
+ NULL,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+ }
+
+ /* allocate buffer */
+ name = (LPTSTR)xmlMalloc(sizeof(TCHAR) * (dwSize + 1));
+ if(name == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+ }
+
+ /* actually get the name */
+ dwSize = CertGetNameString(pCertContext, dwType, dwFlags, pvTypePara, name, dwSize);
+ if(dwSize <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "CertGetNameString",
+ NULL,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(name);
+ return (NULL);
+ }
+
+ res = xmlSecMSCryptoConvertTstrToUtf8(name);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlSecMSCryptoConvertTstrToUtf8",
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(name);
+ return (NULL);
+ }
+ /* done */
+ xmlFree(name);
+ return (res);
+}
+
#endif /* XMLSEC_NO_X509 */
diff --git a/src/mscrypto/xmlsec-mingw.h b/src/mscrypto/xmlsec-mingw.h
index 85d8cc3d..ef5d2ae4 100644
--- a/src/mscrypto/xmlsec-mingw.h
+++ b/src/mscrypto/xmlsec-mingw.h
@@ -3,163 +3,208 @@
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
- * Copyright (C) 2007 Roumen Petrov.
+ *
+ * Copyright (C) 2007,2010 Roumen Petrov.
*/
#ifndef __XMLSEC_MSCRYPTO_XMLSEC_MINGW_H__
#define __XMLSEC_MSCRYPTO_XMLSEC_MINGW_H__
+#ifndef XMLSEC_PRIVATE
+#error "xmlsec-mingw.h file contains private xmlsec definitions for mingw build and should not be used outside xmlsec or xmlsec-<crypto> libraries"
+#endif /* XMLSEC_PRIVATE */
+
/*defines*/
+
+#ifndef ALG_SID_HMAC
+# define ALG_SID_HMAC 9
+#endif
+
+#ifndef ALG_SID_SHA_256
+# define ALG_SID_SHA_256 12
+#endif
+
+#ifndef ALG_SID_SHA_384
+# define ALG_SID_SHA_384 13
+#endif
+
+#ifndef ALG_SID_SHA_512
+# define ALG_SID_SHA_512 14
+#endif
+
+#ifndef CALG_HMAC
+# define CALG_HMAC (ALG_CLASS_HASH|ALG_TYPE_ANY|ALG_SID_HMAC)
+#endif
+
+#ifndef CALG_SHA_256
+# define CALG_SHA_256 (ALG_CLASS_HASH|ALG_TYPE_ANY|ALG_SID_SHA_256)
+#endif
+
+#ifndef CALG_SHA_384
+# define CALG_SHA_384 (ALG_CLASS_HASH|ALG_TYPE_ANY|ALG_SID_SHA_384)
+#endif
+
+#ifndef CALG_SHA_512
+# define CALG_SHA_512 (ALG_CLASS_HASH|ALG_TYPE_ANY|ALG_SID_SHA_512)
+#endif
+
+
+#ifndef KP_OAEP_PARAMS
+# define KP_OAEP_PARAMS 36
+#endif
+
+
#ifndef CERT_CLOSE_STORE_FORCE_FLAG
-# define CERT_CLOSE_STORE_FORCE_FLAG 1
+# define CERT_CLOSE_STORE_FORCE_FLAG 1
#endif
#ifndef CERT_CLOSE_STORE_CHECK_FLAG
-# define CERT_CLOSE_STORE_CHECK_FLAG 2
+# define CERT_CLOSE_STORE_CHECK_FLAG 2
#endif
#ifndef CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG
-# define CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG 1
+# define CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG 1
#endif
#ifndef CERT_STORE_ADD_ALWAYS
-# define CERT_STORE_ADD_ALWAYS 4
+# define CERT_STORE_ADD_ALWAYS 4
#endif
#ifndef CERT_STORE_CREATE_NEW_FLAG
-# define CERT_STORE_CREATE_NEW_FLAG (2<<12)
+# define CERT_STORE_CREATE_NEW_FLAG (2<<12)
#endif
#ifndef CERT_STORE_SIGNATURE_FLAG
-# define CERT_STORE_SIGNATURE_FLAG 1
+# define CERT_STORE_SIGNATURE_FLAG 1
#endif
#ifndef CERT_STORE_TIME_VALIDITY_FLAG
-# define CERT_STORE_TIME_VALIDITY_FLAG 2
+# define CERT_STORE_TIME_VALIDITY_FLAG 2
#endif
#ifndef CERT_STORE_REVOCATION_FLAG
-# define CERT_STORE_REVOCATION_FLAG 4
+# define CERT_STORE_REVOCATION_FLAG 4
#endif
#ifndef CERT_STORE_NO_CRL_FLAG
-# define CERT_STORE_NO_CRL_FLAG (1<<16)
+# define CERT_STORE_NO_CRL_FLAG (1<<16)
#endif
#ifndef CERT_STORE_PROV_COLLECTION
-# define CERT_STORE_PROV_COLLECTION ((LPCSTR) 11)
+# define CERT_STORE_PROV_COLLECTION ((LPCSTR) 11)
#endif
#ifndef CERT_STORE_PROV_MEMORY
-# define CERT_STORE_PROV_MEMORY ((LPCSTR) 2)
+# define CERT_STORE_PROV_MEMORY ((LPCSTR) 2)
#endif
#ifndef CERT_KEY_SPEC_PROP_ID
-# define CERT_KEY_SPEC_PROP_ID 6
+# define CERT_KEY_SPEC_PROP_ID 6
#endif
#ifndef CERT_FRIENDLY_NAME_PROP_ID
-# define CERT_FRIENDLY_NAME_PROP_ID 11
+# define CERT_FRIENDLY_NAME_PROP_ID 11
#endif
#ifndef CERT_KEY_IDENTIFIER_PROP_ID
-# define CERT_KEY_IDENTIFIER_PROP_ID 20
+# define CERT_KEY_IDENTIFIER_PROP_ID 20
#endif
#ifndef CERT_NAME_ISSUER_FLAG
-# define CERT_NAME_ISSUER_FLAG 1
+# define CERT_NAME_ISSUER_FLAG 1
#endif
#ifndef CERT_NAME_RDN_TYPE
-# define CERT_NAME_RDN_TYPE 2
+# define CERT_NAME_RDN_TYPE 2
#endif
#ifndef CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG
-# define CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG (4<<16)
+# define CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG (4<<16)
#endif
#ifndef CERT_CHAIN_REVOCATION_CHECK_CHAIN
-# define CERT_CHAIN_REVOCATION_CHECK_CHAIN (2<<28)
+# define CERT_CHAIN_REVOCATION_CHECK_CHAIN (2<<28)
#endif
#ifndef CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT
-# define CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (4<<28)
+# define CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (4<<28)
#endif
#ifndef szOID_SUBJECT_KEY_IDENTIFIER
-# define szOID_SUBJECT_KEY_IDENTIFIER "2.5.29.14"
+# define szOID_SUBJECT_KEY_IDENTIFIER "2.5.29.14"
#endif
#ifndef CRYPT_ACQUIRE_COMPARE_KEY_FLAG
-# define CRYPT_ACQUIRE_COMPARE_KEY_FLAG 4
+# define CRYPT_ACQUIRE_COMPARE_KEY_FLAG 4
#endif
/*structures/types*/
typedef struct _PUBKEY {
- DWORD magic;
- DWORD bitlen;
+ DWORD magic;
+ DWORD bitlen;
} DSSPUBKEY;
typedef struct _DSSSEED {
- DWORD counter;
- BYTE seed[20];
+ DWORD counter;
+ BYTE seed[20];
} DSSSEED;
typedef struct _PROV_ENUMALGS_EX {
- ALG_ID aiAlgid;
- DWORD dwDefaultLen;
- DWORD dwMinLen;
- DWORD dwMaxLen;
- DWORD dwProtocols;
- DWORD dwNameLen;
- CHAR szName[20];
- DWORD dwLongNameLen;
- CHAR szLongName[40];
+ ALG_ID aiAlgid;
+ DWORD dwDefaultLen;
+ DWORD dwMinLen;
+ DWORD dwMaxLen;
+ DWORD dwProtocols;
+ DWORD dwNameLen;
+ CHAR szName[20];
+ DWORD dwLongNameLen;
+ CHAR szLongName[40];
} PROV_ENUMALGS_EX;
/*methods(functions)*/
-DWORD WINAPI CertGetPublicKeyLength(DWORD,PCERT_PUBLIC_KEY_INFO);
+DWORD WINAPI CertGetPublicKeyLength(DWORD,PCERT_PUBLIC_KEY_INFO);
-BOOL WINAPI CertStrToNameA(DWORD,LPCSTR,DWORD,void*,BYTE*,DWORD*,LPCSTR*);
-BOOL WINAPI CertStrToNameW(DWORD,LPCWSTR,DWORD,void*,BYTE*,DWORD*,LPCWSTR*);
+BOOL WINAPI CertStrToNameA(DWORD,LPCSTR,DWORD,void*,BYTE*,DWORD*,LPCSTR*);
+BOOL WINAPI CertStrToNameW(DWORD,LPCWSTR,DWORD,void*,BYTE*,DWORD*,LPCWSTR*);
#ifdef UNICODE
#define CertStrToName CertStrToNameW
#else
#define CertStrToName CertStrToNameA
#endif
-BOOL WINAPI CertCompareCertificateName(DWORD,PCERT_NAME_BLOB,PCERT_NAME_BLOB);
-BOOL WINAPI CertAddStoreToCollection(HCERTSTORE,HCERTSTORE,DWORD,DWORD);
-PCCERT_CONTEXT WINAPI CertCreateCertificateContext(DWORD,const BYTE*,DWORD);
-BOOL WINAPI CertGetCertificateContextProperty(PCCERT_CONTEXT,DWORD,void*,DWORD*);
-BOOL WINAPI CertVerifySubjectCertificateContext(PCCERT_CONTEXT,PCCERT_CONTEXT,DWORD*);
+BOOL WINAPI CertCompareCertificateName(DWORD,PCERT_NAME_BLOB,PCERT_NAME_BLOB);
+
+BOOL WINAPI CertAddStoreToCollection(HCERTSTORE,HCERTSTORE,DWORD,DWORD);
+
+PCCERT_CONTEXT WINAPI CertCreateCertificateContext(DWORD,const BYTE*,DWORD);
+BOOL WINAPI CertGetCertificateContextProperty(PCCERT_CONTEXT,DWORD,void*,DWORD*);
+BOOL WINAPI CertVerifySubjectCertificateContext(PCCERT_CONTEXT,PCCERT_CONTEXT,DWORD*);
-BOOL WINAPI CertAddCRLContextToStore(HCERTSTORE,PCCRL_CONTEXT,DWORD,PCCRL_CONTEXT*);
-PCCRL_CONTEXT WINAPI CertDuplicateCRLContext(PCCRL_CONTEXT);
-BOOL WINAPI CertFreeCRLContext(PCCRL_CONTEXT);
+BOOL WINAPI CertAddCRLContextToStore(HCERTSTORE,PCCRL_CONTEXT,DWORD,PCCRL_CONTEXT*);
+PCCRL_CONTEXT WINAPI CertDuplicateCRLContext(PCCRL_CONTEXT);
+BOOL WINAPI CertFreeCRLContext(PCCRL_CONTEXT);
-BOOL WINAPI CertFindCertificateInCRL(PCCERT_CONTEXT,PCCRL_CONTEXT,DWORD,void*,PCRL_ENTRY*);
-PCCRL_CONTEXT WINAPI CertEnumCRLsInStore(HCERTSTORE,PCCRL_CONTEXT);
+BOOL WINAPI CertFindCertificateInCRL(PCCERT_CONTEXT,PCCRL_CONTEXT,DWORD,void*,PCRL_ENTRY*);
+PCCRL_CONTEXT WINAPI CertEnumCRLsInStore(HCERTSTORE,PCCRL_CONTEXT);
-PCCRL_CONTEXT WINAPI CertCreateCRLContext(DWORD,const BYTE*,DWORD);
+PCCRL_CONTEXT WINAPI CertCreateCRLContext(DWORD,const BYTE*,DWORD);
-BOOL WINAPI CryptAcquireCertificatePrivateKey(PCCERT_CONTEXT,DWORD,void*,HCRYPTPROV*,DWORD*,BOOL*);
-BOOL WINAPI CryptDuplicateKey(HCRYPTKEY,DWORD*,DWORD,HCRYPTKEY*);
-BOOL WINAPI CryptImportPublicKeyInfo(HCRYPTPROV,DWORD,PCERT_PUBLIC_KEY_INFO,HCRYPTKEY*);
+BOOL WINAPI CryptAcquireCertificatePrivateKey(PCCERT_CONTEXT,DWORD,void*,HCRYPTPROV*,DWORD*,BOOL*);
+BOOL WINAPI CryptDuplicateKey(HCRYPTKEY,DWORD*,DWORD,HCRYPTKEY*);
+BOOL WINAPI CryptImportPublicKeyInfo(HCRYPTPROV,DWORD,PCERT_PUBLIC_KEY_INFO,HCRYPTKEY*);
#endif /*ndef __XMLSEC_MSCRYPTO_XMLSEC_MINGW_H__*/
diff --git a/src/nodeset.c b/src/nodeset.c
index 74c2d5b3..04ae8105 100644
--- a/src/nodeset.c
+++ b/src/nodeset.c
@@ -1,18 +1,18 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* Enchanced nodes set
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
#include <stdlib.h>
#include <string.h>
-
+
#include <libxml/tree.h>
#include <libxml/xpath.h>
#include <libxml/xpathInternals.h>
@@ -25,23 +25,23 @@
(((node)->type != XML_NAMESPACE_DECL) ? \
(node)->parent : \
(xmlNodePtr)((xmlNsPtr)(node))->next)
-
-static int xmlSecNodeSetOneContains (xmlSecNodeSetPtr nset,
- xmlNodePtr node,
- xmlNodePtr parent);
-static int xmlSecNodeSetWalkRecursive (xmlSecNodeSetPtr nset,
- xmlSecNodeSetWalkCallback walkFunc,
- void* data,
- xmlNodePtr cur,
- xmlNodePtr parent);
+
+static int xmlSecNodeSetOneContains (xmlSecNodeSetPtr nset,
+ xmlNodePtr node,
+ xmlNodePtr parent);
+static int xmlSecNodeSetWalkRecursive (xmlSecNodeSetPtr nset,
+ xmlSecNodeSetWalkCallback walkFunc,
+ void* data,
+ xmlNodePtr cur,
+ xmlNodePtr parent);
/**
* xmlSecNodeSetCreate:
- * @doc: the pointer to parent XML document.
- * @nodes: the list of nodes.
- * @type: the nodes set type.
+ * @doc: the pointer to parent XML document.
+ * @nodes: the list of nodes.
+ * @type: the nodes set type.
*
- * Creates new nodes set. Caller is responsible for freeng returend object
+ * Creates new nodes set. Caller is responsible for freeing returned object
* by calling #xmlSecNodeSetDestroy function.
*
* Returns: pointer to newly allocated node set or NULL if an error occurs.
@@ -51,155 +51,163 @@ xmlSecNodeSetCreate(xmlDocPtr doc, xmlNodeSetPtr nodes, xmlSecNodeSetType type)
xmlSecNodeSetPtr nset;
nset = (xmlSecNodeSetPtr)xmlMalloc(sizeof(xmlSecNodeSet));
- if(nset == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "sizeof(xmlSecNodeSet)=%d",
- sizeof(xmlSecNodeSet));
- return(NULL);
+ if(nset == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecNodeSet)=%d",
+ sizeof(xmlSecNodeSet));
+ return(NULL);
}
memset(nset, 0, sizeof(xmlSecNodeSet));
-
- nset->doc = doc;
+
+ nset->doc = doc;
nset->nodes = nodes;
- nset->type = type;
- nset->next = nset->prev = nset;
+ nset->type = type;
+ nset->next = nset->prev = nset;
return(nset);
}
/**
* xmlSecNodeSetDestroy:
- * @nset: the pointer to node set.
+ * @nset: the pointer to node set.
*
* Destroys the nodes set created with #xmlSecNodeSetCreate function.
*/
void
xmlSecNodeSetDestroy(xmlSecNodeSetPtr nset) {
xmlSecNodeSetPtr tmp;
+ xmlDocPtr destroyDoc = NULL;
xmlSecAssert(nset != NULL);
-
+
while((tmp = nset) != NULL) {
- if((nset->next != NULL) && (nset->next != nset)) {
- nset->next->prev = nset->prev;
- nset->prev->next = nset->next;
- nset = nset->next;
- } else {
- nset = NULL;
- }
-
- if(tmp->nodes != NULL) {
- xmlXPathFreeNodeSet(tmp->nodes);
- }
- if(tmp->children != NULL) {
- xmlSecNodeSetDestroy(tmp->children);
- }
- if((tmp->doc != NULL) && (tmp->destroyDoc != 0)) {
- xmlFreeDoc(tmp->doc);
- }
- memset(tmp, 0, sizeof(xmlSecNodeSet));
+ if((nset->next != NULL) && (nset->next != nset)) {
+ nset->next->prev = nset->prev;
+ nset->prev->next = nset->next;
+ nset = nset->next;
+ } else {
+ nset = NULL;
+ }
+
+ if(tmp->nodes != NULL) {
+ xmlXPathFreeNodeSet(tmp->nodes);
+ }
+ if(tmp->children != NULL) {
+ xmlSecNodeSetDestroy(tmp->children);
+ }
+ if((tmp->doc != NULL) && (tmp->destroyDoc != 0)) {
+ /* all nodesets should belong to the same doc */
+ xmlSecAssert((destroyDoc == NULL) || (tmp->doc == destroyDoc));
+ destroyDoc = tmp->doc; /* can't destroy here because other node sets can refer to it */
+ }
+ memset(tmp, 0, sizeof(xmlSecNodeSet));
xmlFree(tmp);
}
+
+ /* finally, destroy the doc if needed */
+ if(destroyDoc != NULL) {
+ xmlFreeDoc(destroyDoc);
+ }
}
/**
* xmlSecNodeSetDocDestroy:
- * @nset: the pointer to node set.
+ * @nset: the pointer to node set.
*
* Instructs node set to destroy nodes parent doc when node set is destroyed.
*/
-void
+void
xmlSecNodeSetDocDestroy(xmlSecNodeSetPtr nset) {
xmlSecAssert(nset != NULL);
-
+
nset->destroyDoc = 1;
}
static int
xmlSecNodeSetOneContains(xmlSecNodeSetPtr nset, xmlNodePtr node, xmlNodePtr parent) {
int in_nodes_set = 1;
-
+
xmlSecAssert2(nset != NULL, 0);
xmlSecAssert2(node != NULL, 0);
-
+
/* special cases: */
switch(nset->type) {
- case xmlSecNodeSetTreeWithoutComments:
+ case xmlSecNodeSetTreeWithoutComments:
case xmlSecNodeSetTreeWithoutCommentsInvert:
- if(node->type == XML_COMMENT_NODE) {
- return(0);
- }
- break;
- case xmlSecNodeSetList:
- return(xmlSecNodeSetContains(nset->children, node, parent));
- default:
- break;
+ if(node->type == XML_COMMENT_NODE) {
+ return(0);
+ }
+ break;
+ case xmlSecNodeSetList:
+ return(xmlSecNodeSetContains(nset->children, node, parent));
+ default:
+ break;
}
-
+
if(nset->nodes != NULL) {
- if(node->type != XML_NAMESPACE_DECL) {
- in_nodes_set = xmlXPathNodeSetContains(nset->nodes, node);
- } else {
- xmlNs ns;
-
- memcpy(&ns, node, sizeof(ns));
-
- /* this is a libxml hack! check xpath.c for details */
- if((parent != NULL) && (parent->type == XML_ATTRIBUTE_NODE)) {
- ns.next = (xmlNsPtr)parent->parent;
- } else {
- ns.next = (xmlNsPtr)parent;
- }
-
- /*
- * If the input is an XPath node-set, then the node-set must explicitly
- * contain every node to be rendered to the canonical form.
- */
- in_nodes_set = (xmlXPathNodeSetContains(nset->nodes, (xmlNodePtr)&ns));
- }
+ if(node->type != XML_NAMESPACE_DECL) {
+ in_nodes_set = xmlXPathNodeSetContains(nset->nodes, node);
+ } else {
+ xmlNs ns;
+
+ memcpy(&ns, node, sizeof(ns));
+
+ /* this is a libxml hack! check xpath.c for details */
+ if((parent != NULL) && (parent->type == XML_ATTRIBUTE_NODE)) {
+ ns.next = (xmlNsPtr)parent->parent;
+ } else {
+ ns.next = (xmlNsPtr)parent;
+ }
+
+ /*
+ * If the input is an XPath node-set, then the node-set must explicitly
+ * contain every node to be rendered to the canonical form.
+ */
+ in_nodes_set = (xmlXPathNodeSetContains(nset->nodes, (xmlNodePtr)&ns));
+ }
}
-
+
switch(nset->type) {
case xmlSecNodeSetNormal:
- return(in_nodes_set);
+ return(in_nodes_set);
case xmlSecNodeSetInvert:
- return(!in_nodes_set);
+ return(!in_nodes_set);
case xmlSecNodeSetTree:
case xmlSecNodeSetTreeWithoutComments:
- if(in_nodes_set) {
- return(1);
- }
- if((parent != NULL) && (parent->type == XML_ELEMENT_NODE)) {
- return(xmlSecNodeSetOneContains(nset, parent, parent->parent));
- }
- return(0);
+ if(in_nodes_set) {
+ return(1);
+ }
+ if((parent != NULL) && (parent->type == XML_ELEMENT_NODE)) {
+ return(xmlSecNodeSetOneContains(nset, parent, parent->parent));
+ }
+ return(0);
case xmlSecNodeSetTreeInvert:
case xmlSecNodeSetTreeWithoutCommentsInvert:
- if(in_nodes_set) {
- return(0);
- }
- if((parent != NULL) && (parent->type == XML_ELEMENT_NODE)) {
- return(xmlSecNodeSetOneContains(nset, parent, parent->parent));
- }
- return(1);
+ if(in_nodes_set) {
+ return(0);
+ }
+ if((parent != NULL) && (parent->type == XML_ELEMENT_NODE)) {
+ return(xmlSecNodeSetOneContains(nset, parent, parent->parent));
+ }
+ return(1);
default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_TYPE,
- "type=%d", nset->type);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TYPE,
+ "type=%d", nset->type);
}
-
+
return(0);
}
/**
* xmlSecNodeSetContains:
- * @nset: the pointer to node set.
- * @node: the pointer to XML node to check.
- * @parent: the pointer to @node parent node.
+ * @nset: the pointer to node set.
+ * @node: the pointer to XML node to check.
+ * @parent: the pointer to @node parent node.
*
* Checks whether the @node is in the nodes set or not.
*
@@ -210,126 +218,129 @@ int
xmlSecNodeSetContains(xmlSecNodeSetPtr nset, xmlNodePtr node, xmlNodePtr parent) {
int status = 1;
xmlSecNodeSetPtr cur;
-
+
xmlSecAssert2(node != NULL, 0);
-
+
/* special cases: */
if(nset == NULL) {
- return(1);
+ return(1);
}
-
+
status = 1;
cur = nset;
do {
- switch(cur->op) {
- case xmlSecNodeSetIntersection:
- if(status && !xmlSecNodeSetOneContains(cur, node, parent)) {
- status = 0;
- }
- break;
- case xmlSecNodeSetSubtraction:
- if(status && xmlSecNodeSetOneContains(cur, node, parent)) {
- status = 0;
- }
- break;
- case xmlSecNodeSetUnion:
- if(!status && xmlSecNodeSetOneContains(cur, node, parent)) {
- status = 1;
- }
- break;
- default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_OPERATION,
- "operation=%d", cur->op);
- return(-1);
- }
- cur = cur->next;
+ switch(cur->op) {
+ case xmlSecNodeSetIntersection:
+ if(status && !xmlSecNodeSetOneContains(cur, node, parent)) {
+ status = 0;
+ }
+ break;
+ case xmlSecNodeSetSubtraction:
+ if(status && xmlSecNodeSetOneContains(cur, node, parent)) {
+ status = 0;
+ }
+ break;
+ case xmlSecNodeSetUnion:
+ if(!status && xmlSecNodeSetOneContains(cur, node, parent)) {
+ status = 1;
+ }
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_OPERATION,
+ "operation=%d", cur->op);
+ return(-1);
+ }
+ cur = cur->next;
} while(cur != nset);
-
+
return(status);
}
/**
* xmlSecNodeSetAdd:
- * @nset: the pointer to currrent nodes set (or NULL).
- * @newNSet: the pointer to new nodes set.
- * @op: the operation type.
+ * @nset: the pointer to currrent nodes set (or NULL).
+ * @newNSet: the pointer to new nodes set.
+ * @op: the operation type.
*
- * Adds @newNSet to the @nset using operation @op.
+ * Adds @newNSet to the @nset using operation @op.
*
- * Returns: the pointer to combined nodes set or NULL if an error
+ * Returns: the pointer to combined nodes set or NULL if an error
* occurs.
*/
-xmlSecNodeSetPtr
-xmlSecNodeSetAdd(xmlSecNodeSetPtr nset, xmlSecNodeSetPtr newNSet,
- xmlSecNodeSetOp op) {
+xmlSecNodeSetPtr
+xmlSecNodeSetAdd(xmlSecNodeSetPtr nset, xmlSecNodeSetPtr newNSet,
+ xmlSecNodeSetOp op) {
xmlSecAssert2(newNSet != NULL, NULL);
xmlSecAssert2(newNSet->next == newNSet, NULL);
- newNSet->op = op;
+ newNSet->op = op;
if(nset == NULL) {
- return(newNSet);
+ return(newNSet);
}
-
+
+ /* all nodesets should belong to the same doc */
+ xmlSecAssert2(nset->doc == newNSet->doc, NULL);
+
newNSet->next = nset;
newNSet->prev = nset->prev;
nset->prev->next = newNSet;
- nset->prev = newNSet;
+ nset->prev = newNSet;
return(nset);
}
/**
* xmlSecNodeSetAddList:
- * @nset: the pointer to currrent nodes set (or NULL).
- * @newNSet: the pointer to new nodes set.
- * @op: the operation type.
+ * @nset: the pointer to currrent nodes set (or NULL).
+ * @newNSet: the pointer to new nodes set.
+ * @op: the operation type.
*
- * Adds @newNSet to the @nset as child using operation @op.
+ * Adds @newNSet to the @nset as child using operation @op.
*
- * Returns: the pointer to combined nodes set or NULL if an error
+ * Returns: the pointer to combined nodes set or NULL if an error
* occurs.
*/
-xmlSecNodeSetPtr
+xmlSecNodeSetPtr
xmlSecNodeSetAddList(xmlSecNodeSetPtr nset, xmlSecNodeSetPtr newNSet, xmlSecNodeSetOp op) {
xmlSecNodeSetPtr tmp1, tmp2;
xmlSecAssert2(newNSet != NULL, NULL);
-
+
tmp1 = xmlSecNodeSetCreate(newNSet->doc, NULL, xmlSecNodeSetList);
if(tmp1 == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNodeSetCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNodeSetCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
tmp1->children = newNSet;
-
+
tmp2 = xmlSecNodeSetAdd(nset, tmp1, op);
if(tmp2 == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNodeSetAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecNodeSetDestroy(tmp1);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNodeSetAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecNodeSetDestroy(tmp1);
+ return(NULL);
}
return(tmp2);
}
-
+
/**
* xmlSecNodeSetWalk:
- * @nset: the pointer to node set.
- * @walkFunc: the callback functions.
- * @data: the application specific data passed to the @walkFunc.
+ * @nset: the pointer to node set.
+ * @walkFunc: the callback functions.
+ * @data: the application specific data passed to the @walkFunc.
*
* Calls the function @walkFunc once per each node in the nodes set @nset.
- * If the @walkFunc returns a negative value, then the walk procedure
+ * If the @walkFunc returns a negative value, then the walk procedure
* is interrupted.
*
* Returns: 0 on success or a negative value if an error occurs.
@@ -338,110 +349,110 @@ int
xmlSecNodeSetWalk(xmlSecNodeSetPtr nset, xmlSecNodeSetWalkCallback walkFunc, void* data) {
xmlNodePtr cur;
int ret = 0;
-
+
xmlSecAssert2(nset != NULL, -1);
xmlSecAssert2(nset->doc != NULL, -1);
xmlSecAssert2(walkFunc != NULL, -1);
/* special cases */
if(nset->nodes != NULL) {
- int i;
-
- switch(nset->type) {
- case xmlSecNodeSetNormal:
- case xmlSecNodeSetTree:
- case xmlSecNodeSetTreeWithoutComments:
- for(i = 0; (ret >= 0) && (i < nset->nodes->nodeNr); ++i) {
- ret = xmlSecNodeSetWalkRecursive(nset, walkFunc, data,
- nset->nodes->nodeTab[i],
- xmlSecGetParent(nset->nodes->nodeTab[i]));
- }
- return(ret);
- default:
- break;
- }
+ int i;
+
+ switch(nset->type) {
+ case xmlSecNodeSetNormal:
+ case xmlSecNodeSetTree:
+ case xmlSecNodeSetTreeWithoutComments:
+ for(i = 0; (ret >= 0) && (i < nset->nodes->nodeNr); ++i) {
+ ret = xmlSecNodeSetWalkRecursive(nset, walkFunc, data,
+ nset->nodes->nodeTab[i],
+ xmlSecGetParent(nset->nodes->nodeTab[i]));
+ }
+ return(ret);
+ default:
+ break;
+ }
}
-
+
for(cur = nset->doc->children; (cur != NULL) && (ret >= 0); cur = cur->next) {
- ret = xmlSecNodeSetWalkRecursive(nset, walkFunc, data, cur, xmlSecGetParent(cur));
+ ret = xmlSecNodeSetWalkRecursive(nset, walkFunc, data, cur, xmlSecGetParent(cur));
}
return(ret);
}
static int
-xmlSecNodeSetWalkRecursive(xmlSecNodeSetPtr nset, xmlSecNodeSetWalkCallback walkFunc,
- void* data, xmlNodePtr cur, xmlNodePtr parent) {
+xmlSecNodeSetWalkRecursive(xmlSecNodeSetPtr nset, xmlSecNodeSetWalkCallback walkFunc,
+ void* data, xmlNodePtr cur, xmlNodePtr parent) {
int ret;
xmlSecAssert2(nset != NULL, -1);
xmlSecAssert2(cur != NULL, -1);
xmlSecAssert2(walkFunc != NULL, -1);
-
+
/* the node itself */
if(xmlSecNodeSetContains(nset, cur, parent)) {
- ret = walkFunc(nset, cur, parent, data);
-
- if(ret < 0) {
- return(ret);
- }
+ ret = walkFunc(nset, cur, parent, data);
+
+ if(ret < 0) {
+ return(ret);
+ }
}
-
- /* element node has attributes, namespaces */
+
+ /* element node has attributes, namespaces */
if(cur->type == XML_ELEMENT_NODE) {
xmlAttrPtr attr;
- xmlNodePtr node;
- xmlNsPtr ns, tmp;
-
+ xmlNodePtr node;
+ xmlNsPtr ns, tmp;
+
attr = (xmlAttrPtr)cur->properties;
while(attr != NULL) {
- if(xmlSecNodeSetContains(nset, (xmlNodePtr)attr, cur)) {
- ret = walkFunc(nset, (xmlNodePtr)attr, cur, data);
- if(ret < 0) {
- return(ret);
- }
- }
- attr = attr->next;
- }
-
- node = cur;
- while(node != NULL) {
- ns = node->nsDef;
- while(ns != NULL) {
- tmp = xmlSearchNs(nset->doc, cur, ns->prefix);
- if((tmp == ns) && xmlSecNodeSetContains(nset, (xmlNodePtr)ns, cur)) {
- ret = walkFunc(nset, (xmlNodePtr)ns, cur, data);
- if(ret < 0) {
- return(ret);
- }
- }
- ns = ns->next;
- }
- node = node->parent;
- }
+ if(xmlSecNodeSetContains(nset, (xmlNodePtr)attr, cur)) {
+ ret = walkFunc(nset, (xmlNodePtr)attr, cur, data);
+ if(ret < 0) {
+ return(ret);
+ }
+ }
+ attr = attr->next;
+ }
+
+ node = cur;
+ while(node != NULL) {
+ ns = node->nsDef;
+ while(ns != NULL) {
+ tmp = xmlSearchNs(nset->doc, cur, ns->prefix);
+ if((tmp == ns) && xmlSecNodeSetContains(nset, (xmlNodePtr)ns, cur)) {
+ ret = walkFunc(nset, (xmlNodePtr)ns, cur, data);
+ if(ret < 0) {
+ return(ret);
+ }
+ }
+ ns = ns->next;
+ }
+ node = node->parent;
+ }
}
/* element and document nodes have children */
if((cur->type == XML_ELEMENT_NODE) || (cur->type == XML_DOCUMENT_NODE)) {
- xmlNodePtr node;
-
- node = cur->children;
- while(node != NULL) {
- ret = xmlSecNodeSetWalkRecursive(nset, walkFunc, data, node, cur);
- if(ret < 0) {
- return(ret);
- }
- node = node->next;
- }
+ xmlNodePtr node;
+
+ node = cur->children;
+ while(node != NULL) {
+ ret = xmlSecNodeSetWalkRecursive(nset, walkFunc, data, node, cur);
+ if(ret < 0) {
+ return(ret);
+ }
+ node = node->next;
+ }
}
return(0);
}
/**
* xmlSecNodeSetGetChildren:
- * @doc: the pointer to an XML document.
- * @parent: the pointer to parent XML node or NULL if we want to include all document nodes.
- * @withComments: the flag include comments or not.
- * @invert: the "invert" flag.
+ * @doc: the pointer to an XML document.
+ * @parent: the pointer to parent XML node or NULL if we want to include all document nodes.
+ * @withComments: the flag include comments or not.
+ * @invert: the "invert" flag.
*
* Creates a new nodes set that contains:
* - if @withComments is not 0 and @invert is 0:
@@ -451,77 +462,77 @@ xmlSecNodeSetWalkRecursive(xmlSecNodeSetPtr nset, xmlSecNodeSetWalkCallback walk
* - if @withComments is not 0 and @invert not is 0:
* all nodes in the @doc except nodes in the @parent subtree;
* - if @withComments is 0 and @invert is 0:
- * all nodes in the @doc except nodes in the @parent subtree
+ * all nodes in the @doc except nodes in the @parent subtree
* and comment nodes.
*
* Returns: pointer to the newly created #xmlSecNodeSet structure
* or NULL if an error occurs.
*/
-xmlSecNodeSetPtr
+xmlSecNodeSetPtr
xmlSecNodeSetGetChildren(xmlDocPtr doc, const xmlNodePtr parent, int withComments, int invert) {
xmlNodeSetPtr nodes;
xmlSecNodeSetType type;
xmlSecAssert2(doc != NULL, NULL);
-
+
nodes = xmlXPathNodeSetCreate(parent);
if(nodes == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlXPathNodeSetCreate",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlXPathNodeSetCreate",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
/* if parent is NULL then we add all the doc children */
if(parent == NULL) {
- xmlNodePtr cur;
- for(cur = doc->children; cur != NULL; cur = cur->next) {
- if(withComments || (cur->type != XML_COMMENT_NODE)) {
- xmlXPathNodeSetAdd(nodes, cur);
- }
- }
+ xmlNodePtr cur;
+ for(cur = doc->children; cur != NULL; cur = cur->next) {
+ if(withComments || (cur->type != XML_COMMENT_NODE)) {
+ xmlXPathNodeSetAdd(nodes, cur);
+ }
+ }
}
if(withComments && invert) {
- type = xmlSecNodeSetTreeInvert;
+ type = xmlSecNodeSetTreeInvert;
} else if(withComments && !invert) {
- type = xmlSecNodeSetTree;
+ type = xmlSecNodeSetTree;
} else if(!withComments && invert) {
- type = xmlSecNodeSetTreeWithoutCommentsInvert;
+ type = xmlSecNodeSetTreeWithoutCommentsInvert;
} else { /* if(!withComments && !invert) */
- type = xmlSecNodeSetTreeWithoutComments;
+ type = xmlSecNodeSetTreeWithoutComments;
}
return(xmlSecNodeSetCreate(doc, nodes, type));
}
static int
-xmlSecNodeSetDumpTextNodesWalkCallback(xmlSecNodeSetPtr nset, xmlNodePtr cur,
- xmlNodePtr parent ATTRIBUTE_UNUSED,
- void* data) {
+xmlSecNodeSetDumpTextNodesWalkCallback(xmlSecNodeSetPtr nset, xmlNodePtr cur,
+ xmlNodePtr parent ATTRIBUTE_UNUSED,
+ void* data) {
xmlSecAssert2(nset != NULL, -1);
xmlSecAssert2(cur != NULL, -1);
xmlSecAssert2(data != NULL, -1);
if(cur->type == XML_TEXT_NODE) {
- xmlOutputBufferWriteString((xmlOutputBufferPtr)data,
- (char*)(cur->content));
+ xmlOutputBufferWriteString((xmlOutputBufferPtr)data,
+ (char*)(cur->content));
}
return(0);
}
/**
* xmlSecNodeSetDumpTextNodes:
- * @nset: the pointer to node set.
- * @out: the output buffer.
+ * @nset: the pointer to node set.
+ * @out: the output buffer.
*
* Dumps content of all the text nodes from @nset to @out.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecNodeSetDumpTextNodes(xmlSecNodeSetPtr nset, xmlOutputBufferPtr out) {
xmlSecAssert2(nset != NULL, -1);
xmlSecAssert2(out != NULL, -1);
@@ -530,10 +541,10 @@ xmlSecNodeSetDumpTextNodes(xmlSecNodeSetPtr nset, xmlOutputBufferPtr out) {
}
/**
- * xmlSecNodeSetDebugDump:
- * @nset: the pointer to node set.
- * @output: the pointer to output FILE.
- *
+ * xmlSecNodeSetDebugDump:
+ * @nset: the pointer to node set.
+ * @output: the pointer to output FILE.
+ *
* Prints information about @nset to the @output.
*/
void
@@ -547,53 +558,53 @@ xmlSecNodeSetDebugDump(xmlSecNodeSetPtr nset, FILE *output) {
fprintf(output, "== Nodes set ");
switch(nset->type) {
case xmlSecNodeSetNormal:
- fprintf(output, "(xmlSecNodeSetNormal)\n");
- break;
+ fprintf(output, "(xmlSecNodeSetNormal)\n");
+ break;
case xmlSecNodeSetInvert:
- fprintf(output, "(xmlSecNodeSetInvert)\n");
- break;
+ fprintf(output, "(xmlSecNodeSetInvert)\n");
+ break;
case xmlSecNodeSetTree:
- fprintf(output, "(xmlSecNodeSetTree)\n");
- break;
+ fprintf(output, "(xmlSecNodeSetTree)\n");
+ break;
case xmlSecNodeSetTreeWithoutComments:
- fprintf(output, "(xmlSecNodeSetTreeWithoutComments)\n");
- break;
+ fprintf(output, "(xmlSecNodeSetTreeWithoutComments)\n");
+ break;
case xmlSecNodeSetTreeInvert:
- fprintf(output, "(xmlSecNodeSetTreeInvert)\n");
- break;
+ fprintf(output, "(xmlSecNodeSetTreeInvert)\n");
+ break;
case xmlSecNodeSetTreeWithoutCommentsInvert:
- fprintf(output, "(xmlSecNodeSetTreeWithoutCommentsInvert)\n");
- break;
+ fprintf(output, "(xmlSecNodeSetTreeWithoutCommentsInvert)\n");
+ break;
case xmlSecNodeSetList:
- fprintf(output, "(xmlSecNodeSetList)\n");
- fprintf(output, ">>>\n");
- xmlSecNodeSetDebugDump(nset->children, output);
- fprintf(output, "<<<\n");
- return;
+ fprintf(output, "(xmlSecNodeSetList)\n");
+ fprintf(output, ">>>\n");
+ xmlSecNodeSetDebugDump(nset->children, output);
+ fprintf(output, "<<<\n");
+ return;
default:
- fprintf(output, "(unknown=%d)\n", nset->type);
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_TYPE,
- "type=%d", nset->type);
+ fprintf(output, "(unknown=%d)\n", nset->type);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TYPE,
+ "type=%d", nset->type);
}
-
+
l = xmlXPathNodeSetGetLength(nset->nodes);
for(i = 0; i < l; ++i) {
- cur = xmlXPathNodeSetItem(nset->nodes, i);
- if(cur->type != XML_NAMESPACE_DECL) {
- fprintf(output, "%d: %s\n", cur->type,
- (cur->name) ? cur->name : BAD_CAST "null");
- } else {
- xmlNsPtr ns = (xmlNsPtr)cur;
- fprintf(output, "%d: %s=%s (%s:%s)\n", cur->type,
- (ns->prefix) ? ns->prefix : BAD_CAST "null",
- (ns->href) ? ns->href : BAD_CAST "null",
- (((xmlNodePtr)ns->next)->ns &&
- ((xmlNodePtr)ns->next)->ns->prefix) ?
- ((xmlNodePtr)ns->next)->ns->prefix : BAD_CAST "null",
- ((xmlNodePtr)ns->next)->name);
- }
+ cur = xmlXPathNodeSetItem(nset->nodes, i);
+ if(cur->type != XML_NAMESPACE_DECL) {
+ fprintf(output, "%d: %s\n", cur->type,
+ (cur->name) ? cur->name : BAD_CAST "null");
+ } else {
+ xmlNsPtr ns = (xmlNsPtr)cur;
+ fprintf(output, "%d: %s=%s (%s:%s)\n", cur->type,
+ (ns->prefix) ? ns->prefix : BAD_CAST "null",
+ (ns->href) ? ns->href : BAD_CAST "null",
+ (((xmlNodePtr)ns->next)->ns &&
+ ((xmlNodePtr)ns->next)->ns->prefix) ?
+ ((xmlNodePtr)ns->next)->ns->prefix : BAD_CAST "null",
+ ((xmlNodePtr)ns->next)->name);
+ }
}
}
diff --git a/src/nss/Makefile.am b/src/nss/Makefile.am
index 5209533f..8cd85863 100644
--- a/src/nss/Makefile.am
+++ b/src/nss/Makefile.am
@@ -42,10 +42,10 @@ libxmlsec1_nss_la_SOURCES += ../strings.c
endif
libxmlsec1_nss_la_LIBADD = \
- ../libxmlsec1.la \
$(NSS_LIBS) \
$(LIBXSLT_LIBS) \
$(LIBXML_LIBS) \
+ ../libxmlsec1.la \
$(NULL)
libxmlsec1_nss_la_DEPENDENCIES = \
diff --git a/src/nss/Makefile.in b/src/nss/Makefile.in
index d6bc31ec..e799b8ee 100644
--- a/src/nss/Makefile.in
+++ b/src/nss/Makefile.in
@@ -1,9 +1,9 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.3 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
-# Inc.
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -38,10 +38,13 @@ host_triplet = @host@
subdir = src/nss
DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/configure.in
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
@@ -66,6 +69,12 @@ am__nobase_list = $(am__nobase_strip_setup); \
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
am__installdirs = "$(DESTDIR)$(libdir)"
LTLIBRARIES = $(lib_LTLIBRARIES)
am__DEPENDENCIES_1 =
@@ -85,22 +94,39 @@ am_libxmlsec1_nss_la_OBJECTS = libxmlsec1_nss_la-app.lo \
libxmlsec1_nss_la-kw_des.lo libxmlsec1_nss_la-kw_aes.lo \
$(am__objects_1) $(am__objects_2)
libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS)
-libxmlsec1_nss_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(libxmlsec1_nss_la_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+libxmlsec1_nss_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(libxmlsec1_nss_la_LDFLAGS) $(LDFLAGS) \
+ -o $@
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
- $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
SOURCES = $(libxmlsec1_nss_la_SOURCES)
DIST_SOURCES = $(am__libxmlsec1_nss_la_SOURCES_DIST)
ETAGS = etags
@@ -108,6 +134,7 @@ CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
@@ -122,6 +149,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -130,6 +158,10 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
GNUTLS_LIBS = @GNUTLS_LIBS@
@@ -160,6 +192,7 @@ LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MAN2HTML = @MAN2HTML@
+MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
@@ -191,8 +224,10 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_ENABLED = @PKG_CONFIG_ENABLED@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
RANLIB = @RANLIB@
RM = @RM@
SED = @SED@
@@ -200,7 +235,6 @@ SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
TAR = @TAR@
-U = @U@
VERSION = @VERSION@
XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
@@ -219,6 +253,8 @@ XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
@@ -228,6 +264,7 @@ XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
XMLSEC_NO_DES = @XMLSEC_NO_DES@
XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
@@ -263,6 +300,7 @@ abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
@@ -295,7 +333,6 @@ libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
-lt_ECHO = @lt_ECHO@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
@@ -335,10 +372,10 @@ libxmlsec1_nss_la_SOURCES = app.c bignum.c ciphers.c crypto.c \
x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \
$(NULL) $(am__append_1)
libxmlsec1_nss_la_LIBADD = \
- ../libxmlsec1.la \
$(NSS_LIBS) \
$(LIBXSLT_LIBS) \
$(LIBXML_LIBS) \
+ ../libxmlsec1.la \
$(NULL)
libxmlsec1_nss_la_DEPENDENCIES = \
@@ -414,8 +451,8 @@ clean-libLTLIBRARIES:
echo "rm -f \"$${dir}/so_locations\""; \
rm -f "$${dir}/so_locations"; \
done
-libxmlsec1-nss.la: $(libxmlsec1_nss_la_OBJECTS) $(libxmlsec1_nss_la_DEPENDENCIES)
- $(libxmlsec1_nss_la_LINK) -rpath $(libdir) $(libxmlsec1_nss_la_OBJECTS) $(libxmlsec1_nss_la_LIBADD) $(LIBS)
+libxmlsec1-nss.la: $(libxmlsec1_nss_la_OBJECTS) $(libxmlsec1_nss_la_DEPENDENCIES) $(EXTRA_libxmlsec1_nss_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libxmlsec1_nss_la_LINK) -rpath $(libdir) $(libxmlsec1_nss_la_OBJECTS) $(libxmlsec1_nss_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -441,137 +478,137 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo@am__quote@
.c.o:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
.c.obj:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
libxmlsec1_nss_la-app.lo: app.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-app.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-app.Tpo -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-app.Tpo $(DEPDIR)/libxmlsec1_nss_la-app.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='app.c' object='libxmlsec1_nss_la-app.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-app.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-app.Tpo -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-app.Tpo $(DEPDIR)/libxmlsec1_nss_la-app.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='app.c' object='libxmlsec1_nss_la-app.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
libxmlsec1_nss_la-bignum.lo: bignum.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo $(DEPDIR)/libxmlsec1_nss_la-bignum.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bignum.c' object='libxmlsec1_nss_la-bignum.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo $(DEPDIR)/libxmlsec1_nss_la-bignum.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bignum.c' object='libxmlsec1_nss_la-bignum.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c
libxmlsec1_nss_la-ciphers.lo: ciphers.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-ciphers.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-ciphers.Tpo -c -o libxmlsec1_nss_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-ciphers.Tpo $(DEPDIR)/libxmlsec1_nss_la-ciphers.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ciphers.c' object='libxmlsec1_nss_la-ciphers.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-ciphers.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-ciphers.Tpo -c -o libxmlsec1_nss_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-ciphers.Tpo $(DEPDIR)/libxmlsec1_nss_la-ciphers.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ciphers.c' object='libxmlsec1_nss_la-ciphers.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
libxmlsec1_nss_la-crypto.lo: crypto.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-crypto.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-crypto.Tpo -c -o libxmlsec1_nss_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-crypto.Tpo $(DEPDIR)/libxmlsec1_nss_la-crypto.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto.c' object='libxmlsec1_nss_la-crypto.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-crypto.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-crypto.Tpo -c -o libxmlsec1_nss_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-crypto.Tpo $(DEPDIR)/libxmlsec1_nss_la-crypto.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='crypto.c' object='libxmlsec1_nss_la-crypto.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
libxmlsec1_nss_la-digests.lo: digests.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-digests.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-digests.Tpo -c -o libxmlsec1_nss_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-digests.Tpo $(DEPDIR)/libxmlsec1_nss_la-digests.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='digests.c' object='libxmlsec1_nss_la-digests.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-digests.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-digests.Tpo -c -o libxmlsec1_nss_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-digests.Tpo $(DEPDIR)/libxmlsec1_nss_la-digests.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='digests.c' object='libxmlsec1_nss_la-digests.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
libxmlsec1_nss_la-hmac.lo: hmac.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-hmac.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-hmac.Tpo -c -o libxmlsec1_nss_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-hmac.Tpo $(DEPDIR)/libxmlsec1_nss_la-hmac.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='hmac.c' object='libxmlsec1_nss_la-hmac.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-hmac.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-hmac.Tpo -c -o libxmlsec1_nss_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-hmac.Tpo $(DEPDIR)/libxmlsec1_nss_la-hmac.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hmac.c' object='libxmlsec1_nss_la-hmac.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
libxmlsec1_nss_la-pkikeys.lo: pkikeys.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-pkikeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-pkikeys.Tpo -c -o libxmlsec1_nss_la-pkikeys.lo `test -f 'pkikeys.c' || echo '$(srcdir)/'`pkikeys.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-pkikeys.Tpo $(DEPDIR)/libxmlsec1_nss_la-pkikeys.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pkikeys.c' object='libxmlsec1_nss_la-pkikeys.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-pkikeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-pkikeys.Tpo -c -o libxmlsec1_nss_la-pkikeys.lo `test -f 'pkikeys.c' || echo '$(srcdir)/'`pkikeys.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-pkikeys.Tpo $(DEPDIR)/libxmlsec1_nss_la-pkikeys.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pkikeys.c' object='libxmlsec1_nss_la-pkikeys.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-pkikeys.lo `test -f 'pkikeys.c' || echo '$(srcdir)/'`pkikeys.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-pkikeys.lo `test -f 'pkikeys.c' || echo '$(srcdir)/'`pkikeys.c
libxmlsec1_nss_la-signatures.lo: signatures.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-signatures.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-signatures.Tpo -c -o libxmlsec1_nss_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-signatures.Tpo $(DEPDIR)/libxmlsec1_nss_la-signatures.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='signatures.c' object='libxmlsec1_nss_la-signatures.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-signatures.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-signatures.Tpo -c -o libxmlsec1_nss_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-signatures.Tpo $(DEPDIR)/libxmlsec1_nss_la-signatures.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='signatures.c' object='libxmlsec1_nss_la-signatures.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
libxmlsec1_nss_la-symkeys.lo: symkeys.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-symkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-symkeys.Tpo -c -o libxmlsec1_nss_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-symkeys.Tpo $(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='symkeys.c' object='libxmlsec1_nss_la-symkeys.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-symkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-symkeys.Tpo -c -o libxmlsec1_nss_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-symkeys.Tpo $(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='symkeys.c' object='libxmlsec1_nss_la-symkeys.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
libxmlsec1_nss_la-x509.lo: x509.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-x509.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-x509.Tpo -c -o libxmlsec1_nss_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-x509.Tpo $(DEPDIR)/libxmlsec1_nss_la-x509.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='x509.c' object='libxmlsec1_nss_la-x509.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-x509.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-x509.Tpo -c -o libxmlsec1_nss_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-x509.Tpo $(DEPDIR)/libxmlsec1_nss_la-x509.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='x509.c' object='libxmlsec1_nss_la-x509.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
libxmlsec1_nss_la-x509vfy.lo: x509vfy.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-x509vfy.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-x509vfy.Tpo -c -o libxmlsec1_nss_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-x509vfy.Tpo $(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='x509vfy.c' object='libxmlsec1_nss_la-x509vfy.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-x509vfy.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-x509vfy.Tpo -c -o libxmlsec1_nss_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-x509vfy.Tpo $(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='x509vfy.c' object='libxmlsec1_nss_la-x509vfy.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
libxmlsec1_nss_la-keysstore.lo: keysstore.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-keysstore.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-keysstore.Tpo -c -o libxmlsec1_nss_la-keysstore.lo `test -f 'keysstore.c' || echo '$(srcdir)/'`keysstore.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-keysstore.Tpo $(DEPDIR)/libxmlsec1_nss_la-keysstore.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keysstore.c' object='libxmlsec1_nss_la-keysstore.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-keysstore.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-keysstore.Tpo -c -o libxmlsec1_nss_la-keysstore.lo `test -f 'keysstore.c' || echo '$(srcdir)/'`keysstore.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-keysstore.Tpo $(DEPDIR)/libxmlsec1_nss_la-keysstore.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='keysstore.c' object='libxmlsec1_nss_la-keysstore.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-keysstore.lo `test -f 'keysstore.c' || echo '$(srcdir)/'`keysstore.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-keysstore.lo `test -f 'keysstore.c' || echo '$(srcdir)/'`keysstore.c
libxmlsec1_nss_la-keytrans.lo: keytrans.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-keytrans.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-keytrans.Tpo -c -o libxmlsec1_nss_la-keytrans.lo `test -f 'keytrans.c' || echo '$(srcdir)/'`keytrans.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-keytrans.Tpo $(DEPDIR)/libxmlsec1_nss_la-keytrans.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keytrans.c' object='libxmlsec1_nss_la-keytrans.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-keytrans.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-keytrans.Tpo -c -o libxmlsec1_nss_la-keytrans.lo `test -f 'keytrans.c' || echo '$(srcdir)/'`keytrans.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-keytrans.Tpo $(DEPDIR)/libxmlsec1_nss_la-keytrans.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='keytrans.c' object='libxmlsec1_nss_la-keytrans.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-keytrans.lo `test -f 'keytrans.c' || echo '$(srcdir)/'`keytrans.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-keytrans.lo `test -f 'keytrans.c' || echo '$(srcdir)/'`keytrans.c
libxmlsec1_nss_la-kw_des.lo: kw_des.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-kw_des.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-kw_des.Tpo -c -o libxmlsec1_nss_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-kw_des.Tpo $(DEPDIR)/libxmlsec1_nss_la-kw_des.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kw_des.c' object='libxmlsec1_nss_la-kw_des.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-kw_des.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-kw_des.Tpo -c -o libxmlsec1_nss_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-kw_des.Tpo $(DEPDIR)/libxmlsec1_nss_la-kw_des.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kw_des.c' object='libxmlsec1_nss_la-kw_des.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
libxmlsec1_nss_la-kw_aes.lo: kw_aes.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-kw_aes.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-kw_aes.Tpo -c -o libxmlsec1_nss_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-kw_aes.Tpo $(DEPDIR)/libxmlsec1_nss_la-kw_aes.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kw_aes.c' object='libxmlsec1_nss_la-kw_aes.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-kw_aes.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-kw_aes.Tpo -c -o libxmlsec1_nss_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-kw_aes.Tpo $(DEPDIR)/libxmlsec1_nss_la-kw_aes.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kw_aes.c' object='libxmlsec1_nss_la-kw_aes.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
libxmlsec1_nss_la-strings.lo: ../strings.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-strings.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-strings.Tpo -c -o libxmlsec1_nss_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-strings.Tpo $(DEPDIR)/libxmlsec1_nss_la-strings.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='../strings.c' object='libxmlsec1_nss_la-strings.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-strings.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-strings.Tpo -c -o libxmlsec1_nss_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-strings.Tpo $(DEPDIR)/libxmlsec1_nss_la-strings.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='../strings.c' object='libxmlsec1_nss_la-strings.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
mostlyclean-libtool:
-rm -f *.lo
@@ -678,10 +715,15 @@ install-am: all-am
installcheck: installcheck-am
install-strip:
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- `test -z '$(STRIP)' || \
- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
mostlyclean-generic:
clean-generic:
diff --git a/src/nss/README b/src/nss/README
index 884ade99..65a0f45e 100644
--- a/src/nss/README
+++ b/src/nss/README
@@ -1,29 +1,29 @@
WHAT VERSION OF NSS?
------------------------------------------------------------------------
-NSS 3.8 or greater and NSPR 4.3 or greater are required.
+NSS 3.9 or greater and NSPR 4.4.1 or greater are required.
KEYS MANAGER
------------------------------------------------------------------------
xmlsec-nss key manager uses a custom Keys Store, and a custom X509 Store.
-The custom Keys Store and the X509 Store use the NSS database as the underlying
+The custom Keys Store and the X509 Store use the NSS database as the underlying
store for public/private keys, Certs and CRLs.
The NSS Keys store uses the Simple Keys Store on top of the NSS repository.
The reason for this is that XMLSEC's generic adoptkey/getKey functions use a
XMLSEC key object that contains more attributes than the raw NSS key object,
and the getkey function may use a combination of one or more of these attributes
-(name, type, usage, Id) to find a key. There is no straightforward 1-1 mapping
-between XMLSEC's adoptkey/getkey and NSS's APIs.
-
-For example, the store may be asked to adopt a symmetric key, and later asked
-to find it just by name. Or the store may be asked to adopt a private key
-just by its type, and later asked to find it just by type. The key returned
-by getKey is expected to contain all the attributes that were present at the
-time of adoptkey - NSS store does not provide a way to store app-specific
+(name, type, usage, Id) to find a key. There is no straightforward 1-1 mapping
+between XMLSEC's adoptkey/getkey and NSS's APIs.
+
+For example, the store may be asked to adopt a symmetric key, and later asked
+to find it just by name. Or the store may be asked to adopt a private key
+just by its type, and later asked to find it just by type. The key returned
+by getKey is expected to contain all the attributes that were present at the
+time of adoptkey - NSS store does not provide a way to store app-specific
attributes.
-When a key is adopted by the NSS Keys Store, it is simply saved in the
+When a key is adopted by the NSS Keys Store, it is simply saved in the
Simple Keys Store. It is not saved into the NSS database. The only
way to load keys into the NSS database is with a load operation through
the XMLSEC API or via an administrator operation.
@@ -41,97 +41,88 @@ are:
- NSS Database
-KNOWN ISSUES.
+KNOWN ISSUES
------------------------------------------------------------------------
-1) NSS needs to provide a way to convert a DER integer string to an ASCII
-decimal string. Once NSS is fixed, the function xmlSecNssASN1IntegerWrite
-in src/nss/x509.c needs to be implemented.
+1) NSS needs to provide a way to convert a DER integer string to an ASCII
+decimal string. Once NSS is fixed, the function xmlSecNssASN1IntegerWrite
+in src/nss/x509.c needs to be implemented.
NSS bug: http://bugzilla.mozilla.org/show_bug.cgi?id=212864
xmlsec bug: http://bugzilla.gnome.org/show_bug.cgi?id=118633
-2) RSA Encryption/Decryption using PKCS#1 v1.5 padding not currently exposed
+2) RSA Encryption/Decryption using PKCS#1 v1.5 padding not currently exposed
in NSS. This causes some tests to fail.
-
+
NSS bug: http://bugzilla.mozilla.org/show_bug.cgi?id=214236
xmlsec bug: http://bugzilla.gnome.org/show_bug.cgi?id=118628
-3) RSA-OAEP is not yet implemented in NSS. This is the only REQUIRED algorithm
+3) RSA-OAEP is not yet implemented in NSS. This is the only REQUIRED algorithm
that is missing from xmlsec-nss.
-
- NSS bug: http://bugzilla.mozilla.org/show_bug.cgi?id=158747
- xmlsec bug: http://bugzilla.gnome.org/show_bug.cgi?id=118629
-
-4) There are 2 fixes in NSS that will be rolled into the next release (3.9).
-They are:
- - http://bugzilla.mozilla.org/show_bug.cgi?id=208194
- Once available, need to change src/nss/x509.c. Replace
- PR_AtomicIncrement(&(crlSrc->referenceCount));
- with
- SEC_DupCrl(crlSrc);
- (there is a comment there that already has the correct line)
-
- - http://bugzilla.mozilla.org/show_bug.cgi?id=211384
- No changes required. The "NSS_Shutdown failed" in some of the
- current tests will go away
-xmlsec bug: http://bugzilla.gnome.org/show_bug.cgi?id=118630
+ NSS bug: http://bugzilla.mozilla.org/show_bug.cgi?id=158747
+ xmlsec bug: http://bugzilla.gnome.org/show_bug.cgi?id=118629
-5) CERT_FindCertByNameString does not work in all cases
+4) CERT_FindCertByNameString does not work in all cases
NSS bug: http://bugzilla.mozilla.org/show_bug.cgi?id=210709
xmlsec bug: http://bugzilla.gnome.org/show_bug.cgi?id=118631
-6) CERT_FindCertBySubjectKeyID does not work in all cases
-
+5) CERT_FindCertBySubjectKeyID does not work in all cases
+
NSS bug: http://bugzilla.mozilla.org/show_bug.cgi?id=211051
xmlsec bug: http://bugzilla.gnome.org/show_bug.cgi?id=118632
-7) Finding a cert by Issuer & Serial Number needs the ability to
+6) Finding a cert by Issuer & Serial Number needs the ability to
convert an ASCII decimal string to a DER integer string. Filed
-an RFE against NSS. Once fixed, xmlSecNumToItem in x509vfy.c
+an RFE against NSS. Once fixed, xmlSecNumToItem in x509vfy.c
needs to be changed to use the new function(s) provided
NSS bug: http://bugzilla.mozilla.org/show_bug.cgi?id=212864
xmlsec bug: http://bugzilla.gnome.org/show_bug.cgi?id=118633
-8) RIPEMD160 Digest and RIPEMD160 HMAC is not supported by NSS
+7) RIPEMD160 Digest and RIPEMD160 HMAC is not supported by NSS
xmlsec bug: http://bugzilla.gnome.org/show_bug.cgi?id=118634
-
-9) AES Key wrap algorithm is implemented in NSS but not exposed due to
+
+8) AES Key wrap algorithm is implemented in NSS but not exposed due to
some bug src/nss/kw_aes.c uses a workaround which should be removed
when the bug is fixed
NSS bug: http://bugzilla.mozilla.org/show_bug.cgi?id=213795
xmlsec bug: http://bugzilla.gnome.org/show_bug.cgi?id=118635
-10) Not all file formats are supported
+9) Not all file formats are supported
-- xmlSecNssAppKeyLoad(): This function loads a PKI key from a file.
+- xmlSecNssAppKeyLoad(): This function loads a PKI key from a file.
The following formats are supported:
- . xmlSecKeyDataFormatDer: This expects the private key to be in
- PrivateKeyInfo format. Note that the DER files containing
+ . xmlSecKeyDataFormatDer: This expects the private key to be in
+ PrivateKeyInfo format. Note that the DER files containing
private keys in the xmlsec test suite aren't in that format
- . xmlsecKeyDataFormatPkcs12
+ . xmlsecKeyDataFormatPkcs12
The following formats are not supported:
. xmlSecKeyDataFormatPkcs8Pem
. xmlSecKeyDataFormatPkcs8Der
-- xmlSecNssAppCertLoad(): This function loads a cert from a file.
+- xmlSecNssAppCertLoad(): This function loads a cert from a file.
The following formats are supported:
xmlSecKeyDataFormatDer
The following formats are not supported:
xmlSecKeyDataFormatPem
-11) "Trusted" vs "Untrusted" certificates:
-The distinction between "trusted" and "untrusted" certificates in
+10) "Trusted" vs "Untrusted" certificates:
+The distinction between "trusted" and "untrusted" certificates in
xmlsec-openssl is maintained because the OPENSSL application (and
-not the OPENSSL library) has to maintain a cert store and verify
+not the OPENSSL library) has to maintain a cert store and verify
certificates. With NSS, no such distinction is necessary in the
application.
Aleksey: Not sure that I understand this point but thats what Tej wrote.
+11) NSS doesn't support emailAddress in the cert subject. There is a hack
+that needs to be removed in xmlSecNssX509FindCert function (x509vfy.c):
+
+https://bugzilla.mozilla.org/show_bug.cgi?id=561689
+
+12) CRLs from xml document support is not working at all.
diff --git a/src/nss/app.c b/src/nss/app.c
index 8aaf3327..dabe36d1 100644
--- a/src/nss/app.c
+++ b/src/nss/app.c
@@ -1,9 +1,9 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
* Copyright (c) 2003 America Online, Inc. All rights reserved.
*/
@@ -34,34 +34,34 @@
#include <xmlsec/nss/keysstore.h>
/* workaround - NSS exports this but doesn't declare it */
-extern CERTCertificate * __CERT_NewTempCertificate (CERTCertDBHandle *handle,
- SECItem *derCert,
- char *nickname,
- PRBool isperm,
- PRBool copyDER);
-static int xmlSecNssAppCreateSECItem (SECItem *contents,
- const xmlSecByte* data,
- xmlSecSize dataSize);
-static int xmlSecNssAppReadSECItem (SECItem *contents,
- const char *fn);
-static PRBool xmlSecNssAppAscii2UCS2Conv (PRBool toUnicode,
- unsigned char *inBuf,
- unsigned int inBufLen,
- unsigned char *outBuf,
- unsigned int maxOutBufLen,
- unsigned int *outBufLen,
- PRBool swapBytes);
-static SECItem *xmlSecNssAppNicknameCollisionCallback (SECItem *old_nick,
- PRBool *cancel,
- void *wincx);
-static xmlSecKeyPtr xmlSecNssAppDerKeyLoadSECItem (SECItem* secItem);
+extern CERTCertificate * __CERT_NewTempCertificate (CERTCertDBHandle *handle,
+ SECItem *derCert,
+ char *nickname,
+ PRBool isperm,
+ PRBool copyDER);
+static int xmlSecNssAppCreateSECItem (SECItem *contents,
+ const xmlSecByte* data,
+ xmlSecSize dataSize);
+static int xmlSecNssAppReadSECItem (SECItem *contents,
+ const char *fn);
+static PRBool xmlSecNssAppAscii2UCS2Conv (PRBool toUnicode,
+ unsigned char *inBuf,
+ unsigned int inBufLen,
+ unsigned char *outBuf,
+ unsigned int maxOutBufLen,
+ unsigned int *outBufLen,
+ PRBool swapBytes);
+static SECItem *xmlSecNssAppNicknameCollisionCallback (SECItem *old_nick,
+ PRBool *cancel,
+ void *wincx);
+static xmlSecKeyPtr xmlSecNssAppDerKeyLoadSECItem (SECItem* secItem);
/**
* xmlSecNssAppInit:
- * @config: the path to NSS database files.
- *
+ * @config: the path to NSS database files.
+ *
* General crypto engine initialization. This function is used
- * by XMLSec command line utility and called before
+ * by XMLSec command line utility and called before
* @xmlSecInit function.
*
* Returns: 0 on success or a negative value otherwise.
@@ -71,34 +71,34 @@ xmlSecNssAppInit(const char* config) {
SECStatus rv;
if(config) {
- rv = NSS_InitReadWrite(config);
- if(rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "NSS_InitReadWrite",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "config=%s",
- xmlSecErrorsSafeString(config));
- return(-1);
- }
+ rv = NSS_InitReadWrite(config);
+ if(rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "NSS_InitReadWrite",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "config=%s",
+ xmlSecErrorsSafeString(config));
+ return(-1);
+ }
} else {
- rv = NSS_NoDB_Init(NULL);
- if(rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "NSS_NoDB_Init",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ rv = NSS_NoDB_Init(NULL);
+ if(rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "NSS_NoDB_Init",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
/* configure PKCS11 */
PK11_ConfigurePKCS11("manufacturesID", "libraryDescription",
"tokenDescription", "privateTokenDescription",
"slotDescription", "privateSlotDescription",
- "fipsSlotDescription", "fipsPrivateSlotDescription",
- 0, 0);
+ "fipsSlotDescription", "fipsPrivateSlotDescription",
+ 0, 0);
/* setup for PKCS12 */
PORT_SetUCS2_ASCIIConversionFunction(xmlSecNssAppAscii2UCS2Conv);
@@ -115,9 +115,9 @@ xmlSecNssAppInit(const char* config) {
/**
* xmlSecNssAppShutdown:
- *
+ *
* General crypto engine shutdown. This function is used
- * by XMLSec command line utility and called after
+ * by XMLSec command line utility and called after
* @xmlSecShutdown function.
*
* Returns: 0 on success or a negative value otherwise.
@@ -127,16 +127,16 @@ xmlSecNssAppShutdown(void) {
SECStatus rv;
/*
SSL_ClearSessionCache();
-*/
- PK11_LogoutAll();
+*/
+ PK11_LogoutAll();
rv = NSS_Shutdown();
if(rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "NSS_Shutdown",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "NSS_Shutdown",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
@@ -149,17 +149,17 @@ xmlSecNssAppCreateSECItem(SECItem *contents, const xmlSecByte* data, xmlSecSize
contents->data = 0;
if (!SECITEM_AllocItem(NULL, contents, dataSize)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "SECITEM_AllocItem",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SECITEM_AllocItem",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
if(dataSize > 0) {
- xmlSecAssert2(contents->data != NULL, -1);
- memcpy(contents->data, data, dataSize);
+ xmlSecAssert2(contents->data != NULL, -1);
+ memcpy(contents->data, data, dataSize);
}
return (0);
@@ -178,64 +178,64 @@ xmlSecNssAppReadSECItem(SECItem *contents, const char *fn) {
file = PR_Open(fn, PR_RDONLY, 00660);
if (file == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PR_Open",
- XMLSEC_ERRORS_R_IO_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(fn));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PR_Open",
+ XMLSEC_ERRORS_R_IO_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(fn));
+ goto done;
}
prStatus = PR_GetOpenFileInfo(file, &info);
if (prStatus != PR_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PR_GetOpenFileInfo",
- XMLSEC_ERRORS_R_IO_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(fn));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PR_GetOpenFileInfo",
+ XMLSEC_ERRORS_R_IO_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(fn));
+ goto done;
}
contents->data = 0;
if (!SECITEM_AllocItem(NULL, contents, info.size)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "SECITEM_AllocItem",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SECITEM_AllocItem",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
numBytes = PR_Read(file, contents->data, info.size);
if (numBytes != info.size) {
- SECITEM_FreeItem(contents, PR_FALSE);
- goto done;
+ SECITEM_FreeItem(contents, PR_FALSE);
+ goto done;
}
ret = 0;
done:
if (file) {
- PR_Close(file);
+ PR_Close(file);
}
return (ret);
}
-static PRBool
+static PRBool
xmlSecNssAppAscii2UCS2Conv(PRBool toUnicode,
- unsigned char *inBuf,
- unsigned int inBufLen,
- unsigned char *outBuf,
- unsigned int maxOutBufLen,
- unsigned int *outBufLen,
- PRBool swapBytes ATTRIBUTE_UNUSED)
+ unsigned char *inBuf,
+ unsigned int inBufLen,
+ unsigned char *outBuf,
+ unsigned int maxOutBufLen,
+ unsigned int *outBufLen,
+ PRBool swapBytes ATTRIBUTE_UNUSED)
{
SECItem it;
-
+
if (toUnicode == PR_FALSE) {
- return (PR_FALSE);
+ return (PR_FALSE);
}
memset(&it, 0, sizeof(it));
@@ -243,16 +243,16 @@ xmlSecNssAppAscii2UCS2Conv(PRBool toUnicode,
it.len = inBufLen;
return(PORT_UCS2_UTF8Conversion(toUnicode, it.data, it.len,
- outBuf, maxOutBufLen, outBufLen));
+ outBuf, maxOutBufLen, outBufLen));
}
static SECItem *
xmlSecNssAppNicknameCollisionCallback(SECItem *old_nick ATTRIBUTE_UNUSED,
- PRBool *cancel,
- void *wincx ATTRIBUTE_UNUSED)
+ PRBool *cancel,
+ void *wincx ATTRIBUTE_UNUSED)
{
if (cancel == NULL) {
- return (NULL);
+ return (NULL);
}
/* XXX not handled yet */
@@ -262,11 +262,11 @@ xmlSecNssAppNicknameCollisionCallback(SECItem *old_nick ATTRIBUTE_UNUSED,
/**
* xmlSecNssAppKeyLoad:
- * @filename: the key filename.
- * @format: the key file format.
- * @pwd: the key file password.
- * @pwdCallback: the key password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @filename: the key filename.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key from a file
*
@@ -274,11 +274,11 @@ xmlSecNssAppNicknameCollisionCallback(SECItem *old_nick ATTRIBUTE_UNUSED,
*/
xmlSecKeyPtr
xmlSecNssAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
- const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
+ const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
SECItem secItem;
xmlSecKeyPtr res;
int ret;
-
+
xmlSecAssert2(filename != NULL, NULL);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
@@ -286,23 +286,23 @@ xmlSecNssAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
memset(&secItem, 0, sizeof(secItem));
ret = xmlSecNssAppReadSECItem(&secItem, filename);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssAppReadSECItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppReadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
res = xmlSecNssAppKeyLoadSECItem(&secItem, format, pwd, pwdCallback, pwdCallbackCtx);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssAppKeyLoadSECItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- SECITEM_FreeItem(&secItem, PR_FALSE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppKeyLoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(NULL);
}
SECITEM_FreeItem(&secItem, PR_FALSE);
@@ -311,12 +311,12 @@ xmlSecNssAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
/**
* xmlSecNssAppKeyLoadMemory:
- * @data: the key binary data.
- * @dataSize: the key binary data size.
- * @format: the key data format.
- * @pwd: the key data2 password.
- * @pwdCallback: the key password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @data: the key binary data.
+ * @dataSize: the key binary data size.
+ * @format: the key data format.
+ * @pwd: the key data2 password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key from a binary @data.
*
@@ -324,34 +324,34 @@ xmlSecNssAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
*/
xmlSecKeyPtr
xmlSecNssAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlSecKeyDataFormat format,
- const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
+ const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
SECItem secItem;
xmlSecKeyPtr res;
int ret;
-
+
xmlSecAssert2(data != NULL, NULL);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
memset(&secItem, 0, sizeof(secItem));
ret = xmlSecNssAppCreateSECItem(&secItem, data, dataSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssAppCreateSECItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppCreateSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
res = xmlSecNssAppKeyLoadSECItem(&secItem, format, pwd, pwdCallback, pwdCallbackCtx);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssAppKeyLoadSECItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- SECITEM_FreeItem(&secItem, PR_FALSE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppKeyLoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(NULL);
}
SECITEM_FreeItem(&secItem, PR_FALSE);
@@ -360,11 +360,11 @@ xmlSecNssAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlSecKey
/**
* xmlSecNssAppKeyLoadSECItem:
- * @secItem: the pointer to sec item.
- * @format: the key format.
- * @pwd: the key password.
- * @pwdCallback: the key password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @secItem: the pointer to sec item.
+ * @format: the key format.
+ * @pwd: the key password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key from a file
*
@@ -372,9 +372,9 @@ xmlSecNssAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlSecKey
*/
xmlSecKeyPtr
xmlSecNssAppKeyLoadSECItem(SECItem* secItem, xmlSecKeyDataFormat format,
- const char *pwd,
- void* pwdCallback,
- void* pwdCallbackCtx) {
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx) {
xmlSecKeyPtr key = NULL;
xmlSecAssert2(secItem != NULL, NULL);
@@ -383,46 +383,46 @@ xmlSecNssAppKeyLoadSECItem(SECItem* secItem, xmlSecKeyDataFormat format,
switch(format) {
#ifndef XMLSEC_NO_X509
case xmlSecKeyDataFormatPkcs12:
- key = xmlSecNssAppPkcs12LoadSECItem(secItem, pwd, pwdCallback, pwdCallbackCtx);
+ key = xmlSecNssAppPkcs12LoadSECItem(secItem, pwd, pwdCallback, pwdCallbackCtx);
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssAppPkcs12LoadSECItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
- break;
- case xmlSecKeyDataFormatCertDer:
- key = xmlSecNssAppKeyFromCertLoadSECItem(secItem, format);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppPkcs12LoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ break;
+ case xmlSecKeyDataFormatCertDer:
+ key = xmlSecNssAppKeyFromCertLoadSECItem(secItem, format);
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssAppKeyFromCertLoadSECItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
- break;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppKeyFromCertLoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ break;
#endif /* XMLSEC_NO_X509 */
case xmlSecKeyDataFormatDer:
- key = xmlSecNssAppDerKeyLoadSECItem(secItem);
+ key = xmlSecNssAppDerKeyLoadSECItem(secItem);
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssAppDerKeyLoadSECItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
- break;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppDerKeyLoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ break;
default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssAppKeyLoad",
- XMLSEC_ERRORS_R_INVALID_FORMAT,
- "format=%d", format);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppKeyLoad",
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(NULL);
}
return(key);
@@ -443,108 +443,108 @@ xmlSecNssAppDerKeyLoadSECItem(SECItem* secItem) {
xmlSecAssert2(secItem != NULL, NULL);
- /* we're importing a key about which we know nothing yet, just use the
- * internal slot
+ /* we're importing a key about which we know nothing yet, just use the
+ * internal slot
*/
slot = xmlSecNssGetInternalKeySlot();
if (slot == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssGetInternalKeySlot",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssGetInternalKeySlot",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
nickname.len = 0;
nickname.data = NULL;
- /* TRY PRIVATE KEY FIRST
+ /* TRY PRIVATE KEY FIRST
* Note: This expects the key to be in PrivateKeyInfo format. The
- * DER files created from PEM via openssl utilities aren't in that
+ * DER files created from PEM via openssl utilities aren't in that
* format
*/
- status = PK11_ImportDERPrivateKeyInfoAndReturnKey(slot, secItem,
- &nickname, NULL, PR_FALSE,
- PR_TRUE, KU_ALL, &privkey, NULL);
+ status = PK11_ImportDERPrivateKeyInfoAndReturnKey(slot, secItem,
+ &nickname, NULL, PR_FALSE,
+ PR_TRUE, KU_ALL, &privkey, NULL);
if (status != SECSuccess) {
- /* TRY PUBLIC KEY */
- spki = SECKEY_DecodeDERSubjectPublicKeyInfo(secItem);
- if (spki == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "SECKEY_DecodeDERSubjectPublicKeyInfo",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- }
-
- pubkey = SECKEY_ExtractPublicKey(spki);
- if (pubkey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "SECKEY_ExtractPublicKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
+ /* TRY PUBLIC KEY */
+ spki = SECKEY_DecodeDERSubjectPublicKeyInfo(secItem);
+ if (spki == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SECKEY_DecodeDERSubjectPublicKeyInfo",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ }
+
+ pubkey = SECKEY_ExtractPublicKey(spki);
+ if (pubkey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SECKEY_ExtractPublicKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
}
data = xmlSecNssPKIAdoptKey(privkey, pubkey);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssPKIAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssPKIAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
privkey = NULL;
pubkey = NULL;
key = xmlSecKeyCreate();
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
+ goto done;
}
retval = key;
key = NULL;
data = NULL;
-
+
done:
if(slot != NULL) {
- PK11_FreeSlot(slot);
+ PK11_FreeSlot(slot);
}
if(privkey != NULL) {
- SECKEY_DestroyPrivateKey(privkey);
+ SECKEY_DestroyPrivateKey(privkey);
}
if(pubkey != NULL) {
- SECKEY_DestroyPublicKey(pubkey);
+ SECKEY_DestroyPublicKey(pubkey);
}
if(key != NULL) {
- xmlSecKeyDestroy(key);
+ xmlSecKeyDestroy(key);
}
if(data != NULL) {
- xmlSecKeyDataDestroy(data);
+ xmlSecKeyDataDestroy(data);
}
if(spki != NULL) {
- SECKEY_DestroySubjectPublicKeyInfo(spki);
+ SECKEY_DestroySubjectPublicKeyInfo(spki);
}
return (retval);
}
@@ -552,19 +552,19 @@ done:
#ifndef XMLSEC_NO_X509
/**
* xmlSecNssAppKeyCertLoad:
- * @key: the pointer to key.
- * @filename: the certificate filename.
- * @format: the certificate file format.
+ * @key: the pointer to key.
+ * @filename: the certificate filename.
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from $@filename and adds it to key
*
- * Reads the certificate from $@filename and adds it to key
- *
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecNssAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, xmlSecKeyDataFormat format) {
SECItem secItem;
int ret;
-
+
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
@@ -573,23 +573,23 @@ xmlSecNssAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, xmlSecKeyDataFor
memset(&secItem, 0, sizeof(secItem));
ret = xmlSecNssAppReadSECItem(&secItem, filename);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssAppReadSECItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppReadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecNssAppKeyCertLoadSECItem(key, &secItem, format);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssAppKeyCertLoadSECItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- SECITEM_FreeItem(&secItem, PR_FALSE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppKeyCertLoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(-1);
}
SECITEM_FreeItem(&secItem, PR_FALSE);
@@ -598,20 +598,20 @@ xmlSecNssAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, xmlSecKeyDataFor
/**
* xmlSecNssAppKeyCertLoadMemory:
- * @key: the pointer to key.
- * @data: the key binary data.
- * @dataSize: the key binary data size.
- * @format: the certificate format.
+ * @key: the pointer to key.
+ * @data: the key binary data.
+ * @dataSize: the key binary data size.
+ * @format: the certificate format.
+ *
+ * Reads the certificate from @data and adds it to key
*
- * Reads the certificate from @data and adds it to key
- *
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecNssAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSize dataSize, xmlSecKeyDataFormat format) {
SECItem secItem;
int ret;
-
+
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
@@ -620,23 +620,23 @@ xmlSecNssAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSi
memset(&secItem, 0, sizeof(secItem));
ret = xmlSecNssAppCreateSECItem(&secItem, data, dataSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssAppCreateSECItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppCreateSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecNssAppKeyCertLoadSECItem(key, &secItem, format);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssAppKeyCertLoadSECItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- SECITEM_FreeItem(&secItem, PR_FALSE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppKeyCertLoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(-1);
}
SECITEM_FreeItem(&secItem, PR_FALSE);
@@ -645,15 +645,15 @@ xmlSecNssAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSi
/**
* xmlSecNssAppKeyCertLoadSECItem:
- * @key: the pointer to key.
- * @secItem: the pointer to SECItem.
- * @format: the certificate format.
+ * @key: the pointer to key.
+ * @secItem: the pointer to SECItem.
+ * @format: the certificate format.
+ *
+ * Reads the certificate from @secItem and adds it to key
*
- * Reads the certificate from @secItem and adds it to key
- *
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecNssAppKeyCertLoadSECItem(xmlSecKeyPtr key, SECItem* secItem, xmlSecKeyDataFormat format) {
CERTCertificate *cert=NULL;
xmlSecKeyDataPtr data;
@@ -662,63 +662,63 @@ xmlSecNssAppKeyCertLoadSECItem(xmlSecKeyPtr key, SECItem* secItem, xmlSecKeyData
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(secItem != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
-
+
data = xmlSecKeyEnsureData(key, xmlSecNssKeyDataX509Id);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyEnsureData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
+ return(-1);
}
switch(format) {
case xmlSecKeyDataFormatPkcs8Der:
case xmlSecKeyDataFormatDer:
- cert = __CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
- secItem, NULL, PR_FALSE, PR_TRUE);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "__CERT_NewTempCertificate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "format=%d", format);
- return(-1);
- }
- break;
+ cert = __CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+ secItem, NULL, PR_FALSE, PR_TRUE);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "__CERT_NewTempCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "format=%d", format);
+ return(-1);
+ }
+ break;
default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_FORMAT,
- "format=%d", format);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(-1);
+ }
+
xmlSecAssert2(cert != NULL, -1);
ret = xmlSecNssKeyDataX509AdoptCert(data, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
- CERT_DestroyCertificate(cert);
- return(-1);
- }
-
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
+ CERT_DestroyCertificate(cert);
+ return(-1);
+ }
+
+ return(0);
}
/**
* xmlSecNssAppPkcs12Load:
- * @filename: the PKCS12 key filename.
- * @pwd: the PKCS12 file password.
- * @pwdCallback: the password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @filename: the PKCS12 key filename.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key and all associated certificates from the PKCS12 file.
* For uniformity, call xmlSecNssAppKeyLoad instead of this function. Pass
@@ -726,37 +726,37 @@ xmlSecNssAppKeyCertLoadSECItem(xmlSecKeyPtr key, SECItem* secItem, xmlSecKeyData
*
* Returns: pointer to the key or NULL if an error occurs.
*/
-xmlSecKeyPtr
+xmlSecKeyPtr
xmlSecNssAppPkcs12Load(const char *filename, const char *pwd,
- void *pwdCallback ATTRIBUTE_UNUSED,
- void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+ void *pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
SECItem secItem;
xmlSecKeyPtr res;
int ret;
-
+
xmlSecAssert2(filename != NULL, NULL);
/* read the file contents */
memset(&secItem, 0, sizeof(secItem));
ret = xmlSecNssAppReadSECItem(&secItem, filename);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssAppReadSECItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppReadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
res = xmlSecNssAppPkcs12LoadSECItem(&secItem, pwd, pwdCallback, pwdCallbackCtx);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssAppPkcs12LoadSECItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- SECITEM_FreeItem(&secItem, PR_FALSE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppPkcs12LoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(NULL);
}
SECITEM_FreeItem(&secItem, PR_FALSE);
@@ -765,11 +765,11 @@ xmlSecNssAppPkcs12Load(const char *filename, const char *pwd,
/**
* xmlSecNssAppPkcs12LoadMemory:
- * @data: the key binary data.
- * @dataSize: the key binary data size.
- * @pwd: the PKCS12 password.
- * @pwdCallback: the password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @data: the key binary data.
+ * @dataSize: the key binary data size.
+ * @pwd: the PKCS12 password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key and all associated certificates from the PKCS12 binary data.
* For uniformity, call xmlSecNssAppKeyLoad instead of this function. Pass
@@ -777,36 +777,36 @@ xmlSecNssAppPkcs12Load(const char *filename, const char *pwd,
*
* Returns: pointer to the key or NULL if an error occurs.
*/
-xmlSecKeyPtr
+xmlSecKeyPtr
xmlSecNssAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, const char *pwd,
- void *pwdCallback ATTRIBUTE_UNUSED,
- void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+ void *pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
SECItem secItem;
xmlSecKeyPtr res;
int ret;
-
+
xmlSecAssert2(data != NULL, NULL);
memset(&secItem, 0, sizeof(secItem));
ret = xmlSecNssAppCreateSECItem(&secItem, data, dataSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssAppCreateSECItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppCreateSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
res = xmlSecNssAppPkcs12LoadSECItem(&secItem, pwd, pwdCallback, pwdCallbackCtx);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssAppPkcs12LoadSECItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- SECITEM_FreeItem(&secItem, PR_FALSE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppPkcs12LoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(NULL);
}
SECITEM_FreeItem(&secItem, PR_FALSE);
@@ -816,10 +816,10 @@ xmlSecNssAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, const
/**
* xmlSecNssAppPkcs12LoadSECItem:
- * @secItem: the @SECItem object.
- * @pwd: the PKCS12 file password.
- * @pwdCallback: the password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @secItem: the @SECItem object.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key and all associated certificates from the PKCS12 SECItem.
* For uniformity, call xmlSecNssAppKeyLoad instead of this function. Pass
@@ -827,10 +827,10 @@ xmlSecNssAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, const
*
* Returns: pointer to the key or NULL if an error occurs.
*/
-xmlSecKeyPtr
+xmlSecKeyPtr
xmlSecNssAppPkcs12LoadSECItem(SECItem* secItem, const char *pwd,
- void *pwdCallback ATTRIBUTE_UNUSED,
- void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+ void *pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
xmlSecKeyPtr key = NULL;
xmlSecKeyDataPtr data = NULL;
xmlSecKeyDataPtr x509Data = NULL;
@@ -851,116 +851,116 @@ xmlSecNssAppPkcs12LoadSECItem(SECItem* secItem, const char *pwd,
xmlSecAssert2((secItem != NULL), NULL);
if (pwd == NULL) {
- pwd = "";
+ pwd = "";
}
memset(&uc2_pwditem, 0, sizeof(uc2_pwditem));
-
- /* we're importing a key about which we know nothing yet, just use the
- * internal slot. We have no criteria to choose a slot.
+
+ /* we're importing a key about which we know nothing yet, just use the
+ * internal slot. We have no criteria to choose a slot.
*/
slot = xmlSecNssGetInternalKeySlot();
if (slot == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssGetInternalKeySlot",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssGetInternalKeySlot",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
pwditem.data = (unsigned char *)pwd;
pwditem.len = strlen(pwd)+1;
if (!SECITEM_AllocItem(NULL, &uc2_pwditem, 2*pwditem.len)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "SECITEM_AllocItem",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SECITEM_AllocItem",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
if (PORT_UCS2_ASCIIConversion(PR_TRUE, pwditem.data, pwditem.len,
uc2_pwditem.data, 2*pwditem.len,
&(uc2_pwditem.len), 0) == PR_FALSE) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PORT_UCS2_ASCIIConversion",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PORT_UCS2_ASCIIConversion",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
p12ctx = SEC_PKCS12DecoderStart(&uc2_pwditem, slot, NULL,
NULL, NULL, NULL, NULL, NULL);
if (p12ctx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "SEC_PKCS12DecoderStart",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SEC_PKCS12DecoderStart",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
rv = SEC_PKCS12DecoderUpdate(p12ctx, secItem->data, secItem->len);
if (rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "SEC_PKCS12DecoderUpdate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SEC_PKCS12DecoderUpdate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
rv = SEC_PKCS12DecoderVerify(p12ctx);
if (rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "SEC_PKCS12DecoderVerify",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SEC_PKCS12DecoderVerify",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
rv = SEC_PKCS12DecoderValidateBags(p12ctx, xmlSecNssAppNicknameCollisionCallback);
if (rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "SEC_PKCS12DecoderValidateBags",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SEC_PKCS12DecoderValidateBags",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
rv = SEC_PKCS12DecoderImportBags(p12ctx);
if (rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "SEC_PKCS12DecoderImportBags",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SEC_PKCS12DecoderImportBags",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
certlist = SEC_PKCS12DecoderGetCerts(p12ctx);
if (certlist == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "SEC_PKCS12DecoderGetCerts",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SEC_PKCS12DecoderGetCerts",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
if(x509Data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
- goto done;
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
+ goto done;
+ }
for (head = CERT_LIST_HEAD(certlist);
!CERT_LIST_END(head, certlist);
@@ -969,132 +969,132 @@ xmlSecNssAppPkcs12LoadSECItem(SECItem* secItem, const char *pwd,
privkey = PK11_FindKeyByAnyCert(cert, NULL);
if (privkey != NULL) {
- if (data != NULL) {
- /* we already found a private key.
- * assume the first private key we find is THE ONE
- */
- SECKEY_DestroyPrivateKey(privkey);
- privkey = NULL;
- } else {
- pubkey = CERT_ExtractPublicKey(cert);
- if (pubkey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CERT_ExtractPublicKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- data = xmlSecNssPKIAdoptKey(privkey, pubkey);
- if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssPKIAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- pubkey = NULL;
- privkey = NULL;
-
- tmpcert = CERT_DupCertificate(cert);
- if(tmpcert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CERT_DupCertificate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
-
- ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, tmpcert);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKeyDataX509AdoptKeyCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- CERT_DestroyCertificate(tmpcert);
- goto done;
+ if (data != NULL) {
+ /* we already found a private key.
+ * assume the first private key we find is THE ONE
+ */
+ SECKEY_DestroyPrivateKey(privkey);
+ privkey = NULL;
+ } else {
+ pubkey = CERT_ExtractPublicKey(cert);
+ if (pubkey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_ExtractPublicKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ data = xmlSecNssPKIAdoptKey(privkey, pubkey);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssPKIAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
- }
+ pubkey = NULL;
+ privkey = NULL;
+
+ tmpcert = CERT_DupCertificate(cert);
+ if(tmpcert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+
+ ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, tmpcert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ CERT_DestroyCertificate(tmpcert);
+ goto done;
+ }
+
+ }
}
- tmpcert = CERT_DupCertificate(cert);
+ tmpcert = CERT_DupCertificate(cert);
if(tmpcert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CERT_DupCertificate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
- ret = xmlSecNssKeyDataX509AdoptCert(x509Data, tmpcert);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- CERT_DestroyCertificate(tmpcert);
- goto done;
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ ret = xmlSecNssKeyDataX509AdoptCert(x509Data, tmpcert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ CERT_DestroyCertificate(tmpcert);
+ goto done;
+ }
} /* end for loop */
if (data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssAppPkcs12Load",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "private key not found in PKCS12 file");
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppPkcs12Load",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "private key not found in PKCS12 file");
+ goto done;
}
key = xmlSecKeyCreate();
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- xmlSecKeyDestroy(key);
- key = NULL;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ xmlSecKeyDestroy(key);
+ key = NULL;
+ goto done;
}
data = NULL;
ret = xmlSecKeyAdoptData(key, x509Data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyAdoptData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- xmlSecKeyDestroy(key);
- key = NULL;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyAdoptData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ xmlSecKeyDestroy(key);
+ key = NULL;
+ goto done;
}
x509Data = NULL;
-
+
done:
if (p12ctx) {
SEC_PKCS12DecoderFinish(p12ctx);
@@ -1107,31 +1107,31 @@ done:
CERT_DestroyCertList(certlist);
}
if(x509Data != NULL) {
- xmlSecKeyDataDestroy(x509Data);
+ xmlSecKeyDataDestroy(x509Data);
}
if(data != NULL) {
xmlSecKeyDataDestroy(data);
}
if (privkey) {
- SECKEY_DestroyPrivateKey(privkey);
+ SECKEY_DestroyPrivateKey(privkey);
}
if (pubkey) {
- SECKEY_DestroyPublicKey(pubkey);
+ SECKEY_DestroyPublicKey(pubkey);
}
- return(key);
+ return(key);
}
/**
* xmlSecNssAppKeyFromCertLoadSECItem:
- * @secItem: the @SECItem object.
- * @format: the cert format.
+ * @secItem: the @SECItem object.
+ * @format: the cert format.
*
* Loads public key from cert.
*
* Returns: pointer to key or NULL if an error occurs.
*/
-xmlSecKeyPtr
+xmlSecKeyPtr
xmlSecNssAppKeyFromCertLoadSECItem(SECItem* secItem, xmlSecKeyDataFormat format) {
xmlSecKeyPtr key;
xmlSecKeyDataPtr keyData;
@@ -1141,105 +1141,105 @@ xmlSecNssAppKeyFromCertLoadSECItem(SECItem* secItem, xmlSecKeyDataFormat format)
xmlSecAssert2(secItem != NULL, NULL);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
-
+
/* load cert */
switch(format) {
case xmlSecKeyDataFormatCertDer:
- cert = __CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
- secItem, NULL, PR_FALSE, PR_TRUE);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "__CERT_NewTempCertificate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "format=%d", format);
- return(NULL);
- }
- break;
+ cert = __CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+ secItem, NULL, PR_FALSE, PR_TRUE);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "__CERT_NewTempCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "format=%d", format);
+ return(NULL);
+ }
+ break;
default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_FORMAT,
- "format=%d", format);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(NULL);
}
/* get key value */
keyData = xmlSecNssX509CertGetKey(cert);
if(keyData == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssX509CertGetKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CERT_DestroyCertificate(cert);
- return(NULL);
- }
-
+ NULL,
+ "xmlSecNssX509CertGetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CERT_DestroyCertificate(cert);
+ return(NULL);
+ }
+
/* create key */
key = xmlSecKeyCreate();
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(keyData);
- CERT_DestroyCertificate(cert);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyData);
+ CERT_DestroyCertificate(cert);
+ return(NULL);
+ }
+
/* set key value */
ret = xmlSecKeySetValue(key, keyData);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDestroy(key);
- xmlSecKeyDataDestroy(keyData);
- CERT_DestroyCertificate(cert);
- return(NULL);
- }
-
- /* create cert data */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ xmlSecKeyDataDestroy(keyData);
+ CERT_DestroyCertificate(cert);
+ return(NULL);
+ }
+
+ /* create cert data */
certData = xmlSecKeyEnsureData(key, xmlSecNssKeyDataX509Id);
if(certData == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyEnsureData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDestroy(key);
- CERT_DestroyCertificate(cert);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ CERT_DestroyCertificate(cert);
+ return(NULL);
}
/* put cert in the cert data */
ret = xmlSecNssKeyDataX509AdoptCert(certData, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDestroy(key);
- CERT_DestroyCertificate(cert);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ CERT_DestroyCertificate(cert);
+ return(NULL);
+ }
+
return(key);
}
/**
* xmlSecNssAppKeysMngrCertLoad:
- * @mngr: the pointer to keys manager.
- * @filename: the certificate file.
- * @format: the certificate file format (PEM or DER).
- * @type: the certificate type (trusted/untrusted).
+ * @mngr: the pointer to keys manager.
+ * @filename: the certificate file.
+ * @format: the certificate file format (PEM or DER).
+ * @type: the certificate type (trusted/untrusted).
*
* Reads cert from @filename and adds to the list of trusted or known
* untrusted certs in @store
@@ -1247,12 +1247,12 @@ xmlSecNssAppKeyFromCertLoadSECItem(SECItem* secItem, xmlSecKeyDataFormat format)
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecNssAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
- xmlSecKeyDataFormat format,
- xmlSecKeyDataType type) {
+xmlSecNssAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type) {
SECItem secItem;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
@@ -1261,23 +1261,23 @@ xmlSecNssAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
memset(&secItem, 0, sizeof(secItem));
ret = xmlSecNssAppReadSECItem(&secItem, filename);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssAppReadSECItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppReadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecNssAppKeysMngrCertLoadSECItem(mngr, &secItem, format, type);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssAppKeysMngrCertLoadSECItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- SECITEM_FreeItem(&secItem, PR_FALSE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppKeysMngrCertLoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(-1);
}
SECITEM_FreeItem(&secItem, PR_FALSE);
@@ -1286,11 +1286,11 @@ xmlSecNssAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
/**
* xmlSecNssAppKeysMngrCertLoadMemory:
- * @mngr: the pointer to keys manager.
- * @data: the key binary data.
- * @dataSize: the key binary data size.
- * @format: the certificate format (PEM or DER).
- * @type: the certificate type (trusted/untrusted).
+ * @mngr: the pointer to keys manager.
+ * @data: the key binary data.
+ * @dataSize: the key binary data size.
+ * @format: the certificate format (PEM or DER).
+ * @type: the certificate type (trusted/untrusted).
*
* Reads cert from @data and adds to the list of trusted or known
* untrusted certs in @store
@@ -1298,12 +1298,12 @@ xmlSecNssAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecNssAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* data,
- xmlSecSize dataSize, xmlSecKeyDataFormat format,
- xmlSecKeyDataType type) {
+xmlSecNssAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* data,
+ xmlSecSize dataSize, xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type) {
SECItem secItem;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
@@ -1311,23 +1311,23 @@ xmlSecNssAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* dat
memset(&secItem, 0, sizeof(secItem));
ret = xmlSecNssAppCreateSECItem(&secItem, data, dataSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssAppCreateSECItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppCreateSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecNssAppKeysMngrCertLoadSECItem(mngr, &secItem, format, type);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssAppKeysMngrCertLoadSECItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- SECITEM_FreeItem(&secItem, PR_FALSE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppKeysMngrCertLoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(-1);
}
SECITEM_FreeItem(&secItem, PR_FALSE);
@@ -1336,10 +1336,10 @@ xmlSecNssAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* dat
/**
* xmlSecNssAppKeysMngrCertLoadSECItem:
- * @mngr: the pointer to keys manager.
- * @secItem: the pointer to SECItem.
- * @format: the certificate format (PEM or DER).
- * @type: the certificate type (trusted/untrusted).
+ * @mngr: the pointer to keys manager.
+ * @secItem: the pointer to SECItem.
+ * @format: the certificate format (PEM or DER).
+ * @type: the certificate type (trusted/untrusted).
*
* Reads cert from @secItem and adds to the list of trusted or known
* untrusted certs in @store
@@ -1347,9 +1347,9 @@ xmlSecNssAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* dat
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecNssAppKeysMngrCertLoadSECItem(xmlSecKeysMngrPtr mngr, SECItem* secItem,
- xmlSecKeyDataFormat format,
- xmlSecKeyDataType type) {
+xmlSecNssAppKeysMngrCertLoadSECItem(xmlSecKeysMngrPtr mngr, SECItem* secItem,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type) {
xmlSecKeyDataStorePtr x509Store;
CERTCertificate* cert;
int ret;
@@ -1357,7 +1357,7 @@ xmlSecNssAppKeysMngrCertLoadSECItem(xmlSecKeysMngrPtr mngr, SECItem* secItem,
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(secItem != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
-
+
x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecNssX509StoreId);
if(x509Store == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -1370,26 +1370,26 @@ xmlSecNssAppKeysMngrCertLoadSECItem(xmlSecKeysMngrPtr mngr, SECItem* secItem,
switch(format) {
case xmlSecKeyDataFormatDer:
- cert = __CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
- secItem, NULL, PR_FALSE, PR_TRUE);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "__CERT_NewTempCertificate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "format=%d", format);
- return(-1);
- }
- break;
+ cert = __CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+ secItem, NULL, PR_FALSE, PR_TRUE);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "__CERT_NewTempCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "format=%d", format);
+ return(-1);
+ }
+ break;
default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_FORMAT,
- "format=%d", format);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(-1);
+ }
+
ret = xmlSecNssX509StoreAdoptCert(x509Store, cert, type);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -1397,7 +1397,7 @@ xmlSecNssAppKeysMngrCertLoadSECItem(xmlSecKeysMngrPtr mngr, SECItem* secItem,
"xmlSecNssX509StoreAdoptCert",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
- CERT_DestroyCertificate(cert);
+ CERT_DestroyCertificate(cert);
return(-1);
}
@@ -1408,179 +1408,179 @@ xmlSecNssAppKeysMngrCertLoadSECItem(xmlSecKeysMngrPtr mngr, SECItem* secItem,
/**
* xmlSecNssAppDefaultKeysMngrInit:
- * @mngr: the pointer to keys manager.
+ * @mngr: the pointer to keys manager.
*
* Initializes @mngr with NSS keys store #xmlSecNssKeysStoreId
* and a default NSS crypto key data stores.
*
* Returns: 0 on success or a negative value otherwise.
- */
+ */
int
xmlSecNssAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) {
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
- /* create NSS keys store if needed */
+ /* create NSS keys store if needed */
if(xmlSecKeysMngrGetKeysStore(mngr) == NULL) {
- xmlSecKeyStorePtr keysStore;
-
- keysStore = xmlSecKeyStoreCreate(xmlSecNssKeysStoreId);
- if(keysStore == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyStoreCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecNssKeysStoreId");
- return(-1);
- }
-
- ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrAdoptKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyStoreDestroy(keysStore);
- return(-1);
- }
- }
-
- ret = xmlSecNssKeysMngrInit(mngr);
+ xmlSecKeyStorePtr keysStore;
+
+ keysStore = xmlSecKeyStoreCreate(xmlSecNssKeysStoreId);
+ if(keysStore == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecNssKeysStoreId");
+ return(-1);
+ }
+
+ ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrAdoptKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyStoreDestroy(keysStore);
+ return(-1);
+ }
+ }
+
+ ret = xmlSecNssKeysMngrInit(mngr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKeysMngrInit",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKeysMngrInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
mngr->getKey = xmlSecKeysMngrGetKey;
return(0);
}
/**
* xmlSecNssAppDefaultKeysMngrAdoptKey:
- * @mngr: the pointer to keys manager.
- * @key: the pointer to key.
+ * @mngr: the pointer to keys manager.
+ * @key: the pointer to key.
*
* Adds @key to the keys manager @mngr created with #xmlSecNssAppDefaultKeysMngrInit
* function.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecNssAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) {
xmlSecKeyStorePtr store;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(key != NULL, -1);
-
+
store = xmlSecKeysMngrGetKeysStore(mngr);
if(store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecNssKeysStoreAdoptKey(store, key);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKeysStoreAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKeysStoreAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
return(0);
}
/**
* xmlSecNssAppDefaultKeysMngrLoad:
- * @mngr: the pointer to keys manager.
- * @uri: the uri.
+ * @mngr: the pointer to keys manager.
+ * @uri: the uri.
*
- * Loads XML keys file from @uri to the keys manager @mngr created
+ * Loads XML keys file from @uri to the keys manager @mngr created
* with #xmlSecNssAppDefaultKeysMngrInit function.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecNssAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) {
xmlSecKeyStorePtr store;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(uri != NULL, -1);
-
+
store = xmlSecKeysMngrGetKeysStore(mngr);
if(store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecNssKeysStoreLoad(store, uri, mngr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKeysStoreLoad",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "uri=%s", xmlSecErrorsSafeString(uri));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKeysStoreLoad",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s", xmlSecErrorsSafeString(uri));
+ return(-1);
+ }
+
return(0);
}
/**
* xmlSecNssAppDefaultKeysMngrSave:
- * @mngr: the pointer to keys manager.
- * @filename: the destination filename.
- * @type: the type of keys to save (public/private/symmetric).
+ * @mngr: the pointer to keys manager.
+ * @filename: the destination filename.
+ * @type: the type of keys to save (public/private/symmetric).
*
* Saves keys from @mngr to XML keys file.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecNssAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename, xmlSecKeyDataType type) {
xmlSecKeyStorePtr store;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
-
+
store = xmlSecKeysMngrGetKeysStore(mngr);
if(store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecNssKeysStoreSave(store, filename, type);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKeysStoreSave",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename%s", xmlSecErrorsSafeString(filename));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKeysStoreSave",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename%s", xmlSecErrorsSafeString(filename));
+ return(-1);
+ }
+
return(0);
}
diff --git a/src/nss/bignum.c b/src/nss/bignum.c
index 40bd5359..261155e6 100644
--- a/src/nss/bignum.c
+++ b/src/nss/bignum.c
@@ -1,11 +1,11 @@
-/**
+/**
* XMLSec library
- *
+ *
* Reading/writing bignum values
- *
+ *
* This is free software; see Copyright file in the source
* distribution for precise wording.
- *
+ *
* Copyright (c) 2003 America Online, Inc. All rights reserved.
*/
#include "globals.h"
@@ -13,10 +13,10 @@
#include <stdlib.h>
#include <string.h>
-#include <nss.h>
-#include <secitem.h>
+#include <nss.h>
+#include <secitem.h>
-#include <libxml/tree.h>
+#include <libxml/tree.h>
#include <xmlsec/xmlsec.h>
#include <xmlsec/buffer.h>
@@ -32,8 +32,8 @@
* @cur: the poitner to an XML node.
* @a: a SECItem object to hold the BigNum value
*
- * Converts the node content from CryptoBinary format
- * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * Converts the node content from CryptoBinary format
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
* to a SECItem. If no SECItem object provided then a new
* one is created (caller is responsible for freeing it).
*
@@ -41,8 +41,8 @@
* or NULL if an error occurs.
*/
SECItem *
-xmlSecNssNodeGetBigNumValue(PRArenaPool *arena, const xmlNodePtr cur,
- SECItem *a) {
+xmlSecNssNodeGetBigNumValue(PRArenaPool *arena, const xmlNodePtr cur,
+ SECItem *a) {
xmlSecBuffer buf;
int ret;
SECItem *rv;
@@ -53,36 +53,36 @@ xmlSecNssNodeGetBigNumValue(PRArenaPool *arena, const xmlNodePtr cur,
ret = xmlSecBufferInitialize(&buf, 128);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
ret = xmlSecBufferBase64NodeContentRead(&buf, cur);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferBase64NodeContentRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBufferFinalize(&buf);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferBase64NodeContentRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(NULL);
+ }
+
len = xmlSecBufferGetSize(&buf);
if (a == NULL) {
- rv = SECITEM_AllocItem(arena, NULL, len);
+ rv = SECITEM_AllocItem(arena, NULL, len);
} else {
- rv = a;
- xmlSecAssert2(rv->data == NULL, NULL);
+ rv = a;
+ xmlSecAssert2(rv->data == NULL, NULL);
rv->len = len;
rv->data = PORT_ArenaZAlloc(arena, len);
}
-
+
PORT_Memcpy(rv->data, xmlSecBufferGetData(&buf), len);
xmlSecBufferFinalize(&buf);
@@ -93,68 +93,68 @@ xmlSecNssNodeGetBigNumValue(PRArenaPool *arena, const xmlNodePtr cur,
* xmlSecNssNodeSetBigNumValue:
* @cur: the pointer to an XML node.
* @a: a SECItem containing the BigNum value.
- * @addLineBreaks: if the flag is equal to 1 then
- * linebreaks will be added before and after
- * new buffer content.
+ * @addLineBreaks: if the flag is equal to 1 then
+ * linebreaks will be added before and after
+ * new buffer content.
*
* Converts SECItem to CryptoBinary string
- * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
- * and sets it as the content of the given node. If the
- * addLineBreaks is set then line breaks are added
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * and sets it as the content of the given node. If the
+ * addLineBreaks is set then line breaks are added
* before and after the CryptoBinary string.
- *
+ *
* Returns: 0 on success or -1 otherwise.
*/
int
xmlSecNssNodeSetBigNumValue(xmlNodePtr cur, const SECItem *a, int addLineBreaks) {
xmlSecBuffer buf;
int ret;
-
+
xmlSecAssert2(a != NULL, -1);
xmlSecAssert2(cur != NULL, -1);
ret = xmlSecBufferInitialize(&buf, a->len + 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", a->len + 1);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", a->len + 1);
+ return(-1);
+ }
PORT_Memcpy(xmlSecBufferGetData(&buf), a->data, a->len);
-
+
ret = xmlSecBufferSetSize(&buf, a->len);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", a->len);
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", a->len);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
if(addLineBreaks) {
- xmlNodeSetContent(cur, xmlSecStringCR);
+ xmlNodeSetContent(cur, xmlSecStringCR);
} else {
- xmlNodeSetContent(cur, xmlSecStringEmpty);
+ xmlNodeSetContent(cur, xmlSecStringEmpty);
}
-
+
ret = xmlSecBufferBase64NodeContentWrite(&buf, cur, xmlSecBase64GetDefaultLineSize());
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferBase64NodeContentWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferBase64NodeContentWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
if(addLineBreaks) {
- xmlNodeAddContent(cur, xmlSecStringCR);
+ xmlNodeAddContent(cur, xmlSecStringCR);
}
xmlSecBufferFinalize(&buf);
diff --git a/src/nss/ciphers.c b/src/nss/ciphers.c
index 48bd6e11..54bd2af2 100644
--- a/src/nss/ciphers.c
+++ b/src/nss/ciphers.c
@@ -1,9 +1,9 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
* Copyright (c) 2003 America Online, Inc. All rights reserved.
*/
@@ -23,52 +23,52 @@
#include <xmlsec/nss/crypto.h>
-#define XMLSEC_NSS_MAX_KEY_SIZE 32
-#define XMLSEC_NSS_MAX_IV_SIZE 32
-#define XMLSEC_NSS_MAX_BLOCK_SIZE 32
+#define XMLSEC_NSS_MAX_KEY_SIZE 32
+#define XMLSEC_NSS_MAX_IV_SIZE 32
+#define XMLSEC_NSS_MAX_BLOCK_SIZE 32
/**************************************************************************
*
* Internal Nss Block cipher CTX
*
*****************************************************************************/
-typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx,
- *xmlSecNssBlockCipherCtxPtr;
+typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx,
+ *xmlSecNssBlockCipherCtxPtr;
struct _xmlSecNssBlockCipherCtx {
- CK_MECHANISM_TYPE cipher;
- PK11Context* cipherCtx;
- xmlSecKeyDataId keyId;
- int keyInitialized;
- int ctxInitialized;
- xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE];
- xmlSecSize keySize;
- xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE];
- xmlSecSize ivSize;
+ CK_MECHANISM_TYPE cipher;
+ PK11Context* cipherCtx;
+ xmlSecKeyDataId keyId;
+ int keyInitialized;
+ int ctxInitialized;
+ xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE];
+ xmlSecSize keySize;
+ xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE];
+ xmlSecSize ivSize;
};
-static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx);
-static int
+static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int
xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in, xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx) {
+ xmlSecBufferPtr in, xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
SECItem keyItem;
SECItem ivItem;
PK11SlotInfo* slot;
@@ -89,94 +89,94 @@ xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx,
ivLen = PK11_GetIVLength(ctx->cipher);
xmlSecAssert2(ivLen > 0, -1);
xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1);
-
+
if(encrypt) {
/* generate random iv */
rv = PK11_GenerateRandom(ctx->iv, ivLen);
- if(rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "PK11_GenerateRandom",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "size=%d", ivLen);
- return(-1);
- }
-
- /* write iv to the output */
- ret = xmlSecBufferAppend(out, ctx->iv, ivLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", ivLen);
- return(-1);
- }
-
+ if(rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "PK11_GenerateRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", ivLen);
+ return(-1);
+ }
+
+ /* write iv to the output */
+ ret = xmlSecBufferAppend(out, ctx->iv, ivLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", ivLen);
+ return(-1);
+ }
+
} else {
- /* if we don't have enough data, exit and hope that
- * we'll have iv next time */
- if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) {
- return(0);
- }
-
- /* copy iv to our buffer*/
- xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
- memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen);
-
- /* and remove from input */
- ret = xmlSecBufferRemoveHead(in, ivLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", ivLen);
- return(-1);
- }
+ /* if we don't have enough data, exit and hope that
+ * we'll have iv next time */
+ if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) {
+ return(0);
+ }
+
+ /* copy iv to our buffer*/
+ xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
+ memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen);
+
+ /* and remove from input */
+ ret = xmlSecBufferRemoveHead(in, ivLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", ivLen);
+ return(-1);
+ }
}
memset(&keyItem, 0, sizeof(keyItem));
keyItem.data = ctx->key;
- keyItem.len = ctx->keySize;
+ keyItem.len = ctx->keySize;
memset(&ivItem, 0, sizeof(ivItem));
ivItem.data = ctx->iv;
- ivItem.len = ctx->ivSize;
+ ivItem.len = ctx->ivSize;
slot = PK11_GetBestSlot(ctx->cipher, NULL);
if(slot == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "PK11_GetBestSlot",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "PK11_GetBestSlot",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
- symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive,
- CKA_SIGN, &keyItem, NULL);
+
+ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive,
+ CKA_SIGN, &keyItem, NULL);
if(symKey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "PK11_ImportSymKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "PK11_ImportSymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
PK11_FreeSlot(slot);
- return(-1);
+ return(-1);
}
- ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher,
- (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT,
- symKey, &ivItem);
+ ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher,
+ (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT,
+ symKey, &ivItem);
if(ctx->cipherCtx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "PK11_CreateContextBySymKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- PK11_FreeSymKey(symKey);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "PK11_CreateContextBySymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_FreeSymKey(symKey);
PK11_FreeSlot(slot);
- return(-1);
+ return(-1);
}
ctx->ctxInitialized = 1;
@@ -185,19 +185,19 @@ xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx,
return(0);
}
-static int
+static int
xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in, xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx) {
+ xmlSecBufferPtr in, xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
xmlSecSize inSize, inBlocks, outSize;
int blockLen;
int outLen = 0;
xmlSecByte* outBuf;
SECStatus rv;
int ret;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->cipher != 0, -1);
xmlSecAssert2(ctx->cipherCtx != NULL, -1);
@@ -211,16 +211,16 @@ xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx,
inSize = xmlSecBufferGetSize(in);
outSize = xmlSecBufferGetSize(out);
-
+
if(inSize < (xmlSecSize)blockLen) {
- return(0);
+ return(0);
}
if(encrypt) {
inBlocks = inSize / ((xmlSecSize)blockLen);
} else {
- /* we want to have the last block in the input buffer
- * for padding check */
+ /* we want to have the last block in the input buffer
+ * for padding check */
inBlocks = (inSize - 1) / ((xmlSecSize)blockLen);
}
inSize = inBlocks * ((xmlSecSize)blockLen);
@@ -228,65 +228,65 @@ xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx,
/* we write out the input size plus may be one block */
ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + inSize + blockLen);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + inSize + blockLen);
+ return(-1);
}
outBuf = xmlSecBufferGetData(out) + outSize;
-
+
rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen,
- xmlSecBufferGetData(in), inSize);
+ xmlSecBufferGetData(in), inSize);
if(rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "PK11_CipherOp",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "PK11_CipherOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
-
+
/* set correct output buffer size */
ret = xmlSecBufferSetSize(out, outSize + outLen);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + outLen);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
}
-
+
/* remove the processed block from input */
ret = xmlSecBufferRemoveHead(in, inSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
}
return(0);
}
-static int
+static int
xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx) {
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
xmlSecSize inSize, outSize;
int blockLen, outLen = 0;
xmlSecByte* inBuf;
xmlSecByte* outBuf;
SECStatus rv;
int ret;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->cipher != 0, -1);
xmlSecAssert2(ctx->cipherCtx != NULL, -1);
@@ -302,103 +302,103 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx,
outSize = xmlSecBufferGetSize(out);
if(encrypt != 0) {
- xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1);
-
- /* create padding */
+ xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1);
+
+ /* create padding */
ret = xmlSecBufferSetMaxSize(in, blockLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", blockLen);
- return(-1);
- }
- inBuf = xmlSecBufferGetData(in);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", blockLen);
+ return(-1);
+ }
+ inBuf = xmlSecBufferGetData(in);
/* generate random padding */
- if((xmlSecSize)blockLen > (inSize + 1)) {
- rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1);
- if(rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "PK11_GenerateRandom",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "size=%d", blockLen - inSize - 1);
- return(-1);
- }
- }
- inBuf[blockLen - 1] = blockLen - inSize;
- inSize = blockLen;
+ if((xmlSecSize)blockLen > (inSize + 1)) {
+ rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1);
+ if(rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "PK11_GenerateRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", blockLen - inSize - 1);
+ return(-1);
+ }
+ }
+ inBuf[blockLen - 1] = blockLen - inSize;
+ inSize = blockLen;
} else {
- if(inSize != (xmlSecSize)blockLen) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "data=%d;block=%d", inSize, blockLen);
- return(-1);
- }
+ if(inSize != (xmlSecSize)blockLen) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data=%d;block=%d", inSize, blockLen);
+ return(-1);
+ }
}
-
+
/* process last block */
ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + 2 * blockLen);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + 2 * blockLen);
+ return(-1);
}
outBuf = xmlSecBufferGetData(out) + outSize;
rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen,
- xmlSecBufferGetData(in), inSize);
+ xmlSecBufferGetData(in), inSize);
if(rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "PK11_CipherOp",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "PK11_CipherOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
-
+
if(encrypt == 0) {
- /* check padding */
- if(outLen < outBuf[blockLen - 1]) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "padding=%d;buffer=%d",
- outBuf[blockLen - 1], outLen);
- return(-1);
- }
- outLen -= outBuf[blockLen - 1];
- }
+ /* check padding */
+ if(outLen < outBuf[blockLen - 1]) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "padding=%d;buffer=%d",
+ outBuf[blockLen - 1], outLen);
+ return(-1);
+ }
+ outLen -= outBuf[blockLen - 1];
+ }
/* set correct output buffer size */
ret = xmlSecBufferSetSize(out, outSize + outLen);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + outLen);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
}
/* remove the processed block from input */
ret = xmlSecBufferRemoveHead(in, inSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
}
return(0);
@@ -410,31 +410,31 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx,
* EVP Block Cipher transforms
*
* xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure
- *
+ *
*****************************************************************************/
-#define xmlSecNssBlockCipherSize \
+#define xmlSecNssBlockCipherSize \
(sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx))
#define xmlSecNssBlockCipherGetCtx(transform) \
((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform);
-static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform);
-static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform);
-
+static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform);
+static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform);
+static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform);
+
static int
xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) {
#ifndef XMLSEC_NO_DES
if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) {
- return(1);
+ return(1);
}
#endif /* XMLSEC_NO_DES */
@@ -442,63 +442,63 @@ xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) {
if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) ||
xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) ||
xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) {
-
+
return(1);
}
#endif /* XMLSEC_NO_AES */
-
+
return(0);
}
-static int
+static int
xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) {
xmlSecNssBlockCipherCtxPtr ctx;
-
+
xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
ctx = xmlSecNssBlockCipherGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
-
+
memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
#ifndef XMLSEC_NO_DES
if(transform->id == xmlSecNssTransformDes3CbcId) {
- ctx->cipher = CKM_DES3_CBC;
- ctx->keyId = xmlSecNssKeyDataDesId;
- ctx->keySize = 24;
- } else
+ ctx->cipher = CKM_DES3_CBC;
+ ctx->keyId = xmlSecNssKeyDataDesId;
+ ctx->keySize = 24;
+ } else
#endif /* XMLSEC_NO_DES */
#ifndef XMLSEC_NO_AES
if(transform->id == xmlSecNssTransformAes128CbcId) {
- ctx->cipher = CKM_AES_CBC;
- ctx->keyId = xmlSecNssKeyDataAesId;
- ctx->keySize = 16;
+ ctx->cipher = CKM_AES_CBC;
+ ctx->keyId = xmlSecNssKeyDataAesId;
+ ctx->keySize = 16;
} else if(transform->id == xmlSecNssTransformAes192CbcId) {
- ctx->cipher = CKM_AES_CBC;
- ctx->keyId = xmlSecNssKeyDataAesId;
- ctx->keySize = 24;
+ ctx->cipher = CKM_AES_CBC;
+ ctx->keyId = xmlSecNssKeyDataAesId;
+ ctx->keySize = 24;
} else if(transform->id == xmlSecNssTransformAes256CbcId) {
- ctx->cipher = CKM_AES_CBC;
- ctx->keyId = xmlSecNssKeyDataAesId;
- ctx->keySize = 32;
- } else
+ ctx->cipher = CKM_AES_CBC;
+ ctx->keyId = xmlSecNssKeyDataAesId;
+ ctx->keySize = 32;
+ } else
#endif /* XMLSEC_NO_AES */
if(1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
return(0);
}
-static void
+static void
xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) {
xmlSecNssBlockCipherCtxPtr ctx;
@@ -511,11 +511,11 @@ xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) {
if(ctx->cipherCtx != NULL) {
PK11_DestroyContext(ctx->cipherCtx, PR_TRUE);
}
-
+
memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
}
-static int
+static int
xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecNssBlockCipherCtxPtr ctx;
@@ -528,12 +528,12 @@ xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr key
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->keyId != NULL, -1);
- keyReq->keyId = ctx->keyId;
- keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ keyReq->keyId = ctx->keyId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
if(transform->operation == xmlSecTransformOperationEncrypt) {
- keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
} else {
- keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
}
keyReq->keyBitsSize = 8 * ctx->keySize;
return(0);
@@ -543,7 +543,7 @@ static int
xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecNssBlockCipherCtxPtr ctx;
xmlSecBufferPtr buffer;
-
+
xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
@@ -563,28 +563,28 @@ xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecAssert2(buffer != NULL, -1);
if(xmlSecBufferGetSize(buffer) < ctx->keySize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
- "keySize=%d;expected=%d",
- xmlSecBufferGetSize(buffer), ctx->keySize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "keySize=%d;expected=%d",
+ xmlSecBufferGetSize(buffer), ctx->keySize);
+ return(-1);
}
-
+
xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize);
-
+
ctx->keyInitialized = 1;
return(0);
}
-static int
+static int
xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecNssBlockCipherCtxPtr ctx;
xmlSecBufferPtr in, out;
int ret;
-
+
xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
@@ -597,75 +597,75 @@ xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransf
xmlSecAssert2(ctx != NULL, -1);
if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
+ transform->status = xmlSecTransformStatusWorking;
}
if(transform->status == xmlSecTransformStatusWorking) {
- if(ctx->ctxInitialized == 0) {
- ret = xmlSecNssBlockCipherCtxInit(ctx, in, out,
- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
- xmlSecTransformGetName(transform), transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecNssBlockCipherCtxInit",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
- if((ctx->ctxInitialized == 0) && (last != 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "not enough data to initialize transform");
- return(-1);
- }
-
- if(ctx->ctxInitialized != 0) {
- ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out,
- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
- xmlSecTransformGetName(transform), transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecNssBlockCipherCtxUpdate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
- if(last) {
- ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out,
- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
- xmlSecTransformGetName(transform), transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecNssBlockCipherCtxFinal",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- transform->status = xmlSecTransformStatusFinished;
- }
+ if(ctx->ctxInitialized == 0) {
+ ret = xmlSecNssBlockCipherCtxInit(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNssBlockCipherCtxInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ if((ctx->ctxInitialized == 0) && (last != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "not enough data to initialize transform");
+ return(-1);
+ }
+
+ if(ctx->ctxInitialized != 0) {
+ ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNssBlockCipherCtxUpdate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ if(last) {
+ ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNssBlockCipherCtxFinal",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
} else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
} else if(transform->status == xmlSecTransformStatusNone) {
- /* the only way we can get here is if there is no enough data in the input */
- xmlSecAssert2(last == 0, -1);
+ /* the only way we can get here is if there is no enough data in the input */
+ xmlSecAssert2(last == 0, -1);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
-
+
return(0);
}
@@ -678,117 +678,117 @@ xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransf
********************************************************************/
static xmlSecTransformKlass xmlSecNssAes128CbcKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameAes128Cbc, /* const xmlChar* name; */
- xmlSecHrefAes128Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes128Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes128Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecNssTransformAes128CbcGetKlass:
- *
+ *
* AES 128 CBC encryption transform klass.
- *
+ *
* Returns: pointer to AES 128 CBC encryption transform.
- */
-xmlSecTransformId
+ */
+xmlSecTransformId
xmlSecNssTransformAes128CbcGetKlass(void) {
return(&xmlSecNssAes128CbcKlass);
}
static xmlSecTransformKlass xmlSecNssAes192CbcKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameAes192Cbc, /* const xmlChar* name; */
- xmlSecHrefAes192Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes192Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes192Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecNssTransformAes192CbcGetKlass:
- *
+ *
* AES 192 CBC encryption transform klass.
- *
+ *
* Returns: pointer to AES 192 CBC encryption transform.
- */
-xmlSecTransformId
+ */
+xmlSecTransformId
xmlSecNssTransformAes192CbcGetKlass(void) {
return(&xmlSecNssAes192CbcKlass);
}
static xmlSecTransformKlass xmlSecNssAes256CbcKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameAes256Cbc, /* const xmlChar* name; */
- xmlSecHrefAes256Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes256Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes256Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecNssTransformAes256CbcGetKlass:
- *
+ *
* AES 256 CBC encryption transform klass.
- *
+ *
* Returns: pointer to AES 256 CBC encryption transform.
- */
-xmlSecTransformId
+ */
+xmlSecTransformId
xmlSecNssTransformAes256CbcGetKlass(void) {
return(&xmlSecNssAes256CbcKlass);
}
@@ -798,39 +798,39 @@ xmlSecNssTransformAes256CbcGetKlass(void) {
#ifndef XMLSEC_NO_DES
static xmlSecTransformKlass xmlSecNssDes3CbcKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameDes3Cbc, /* const xmlChar* name; */
- xmlSecHrefDes3Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameDes3Cbc, /* const xmlChar* name; */
+ xmlSecHrefDes3Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecNssTransformDes3CbcGetKlass:
*
* Triple DES CBC encryption transform klass.
- *
+ *
* Returns: pointer to Triple DES encryption transform.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecNssTransformDes3CbcGetKlass(void) {
return(&xmlSecNssDes3CbcKlass);
}
diff --git a/src/nss/crypto.c b/src/nss/crypto.c
index 141ceeac..7137f1c4 100644
--- a/src/nss/crypto.c
+++ b/src/nss/crypto.c
@@ -1,9 +1,9 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
* Copyright (c) 2003 America Online, Inc. All rights reserved.
*/
@@ -41,139 +41,217 @@ static xmlSecCryptoDLFunctionsPtr gXmlSecNssFunctions = NULL;
xmlSecCryptoDLFunctionsPtr
xmlSecCryptoGetFunctions_nss(void) {
static xmlSecCryptoDLFunctions functions;
-
+
if(gXmlSecNssFunctions != NULL) {
- return(gXmlSecNssFunctions);
+ return(gXmlSecNssFunctions);
}
memset(&functions, 0, sizeof(functions));
gXmlSecNssFunctions = &functions;
- /**
+ /********************************************************************
+ *
* Crypto Init/shutdown
- */
- gXmlSecNssFunctions->cryptoInit = xmlSecNssInit;
- gXmlSecNssFunctions->cryptoShutdown = xmlSecNssShutdown;
- gXmlSecNssFunctions->cryptoKeysMngrInit = xmlSecNssKeysMngrInit;
-
- /**
+ *
+ ********************************************************************/
+ gXmlSecNssFunctions->cryptoInit = xmlSecNssInit;
+ gXmlSecNssFunctions->cryptoShutdown = xmlSecNssShutdown;
+ gXmlSecNssFunctions->cryptoKeysMngrInit = xmlSecNssKeysMngrInit;
+
+ /********************************************************************
+ *
* Key data ids
- */
-#ifndef XMLSEC_NO_AES
- gXmlSecNssFunctions->keyDataAesGetKlass = xmlSecNssKeyDataAesGetKlass;
+ *
+ ********************************************************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecNssFunctions->keyDataAesGetKlass = xmlSecNssKeyDataAesGetKlass;
#endif /* XMLSEC_NO_AES */
-#ifndef XMLSEC_NO_DES
- gXmlSecNssFunctions->keyDataDesGetKlass = xmlSecNssKeyDataDesGetKlass;
+#ifndef XMLSEC_NO_DES
+ gXmlSecNssFunctions->keyDataDesGetKlass = xmlSecNssKeyDataDesGetKlass;
#endif /* XMLSEC_NO_DES */
#ifndef XMLSEC_NO_DSA
- gXmlSecNssFunctions->keyDataDsaGetKlass = xmlSecNssKeyDataDsaGetKlass;
-#endif /* XMLSEC_NO_DSA */
+ gXmlSecNssFunctions->keyDataDsaGetKlass = xmlSecNssKeyDataDsaGetKlass;
+#endif /* XMLSEC_NO_DSA */
-#ifndef XMLSEC_NO_HMAC
- gXmlSecNssFunctions->keyDataHmacGetKlass = xmlSecNssKeyDataHmacGetKlass;
-#endif /* XMLSEC_NO_HMAC */
+#ifndef XMLSEC_NO_HMAC
+ gXmlSecNssFunctions->keyDataHmacGetKlass = xmlSecNssKeyDataHmacGetKlass;
+#endif /* XMLSEC_NO_HMAC */
#ifndef XMLSEC_NO_RSA
- gXmlSecNssFunctions->keyDataRsaGetKlass = xmlSecNssKeyDataRsaGetKlass;
+ gXmlSecNssFunctions->keyDataRsaGetKlass = xmlSecNssKeyDataRsaGetKlass;
#endif /* XMLSEC_NO_RSA */
#ifndef XMLSEC_NO_X509
- gXmlSecNssFunctions->keyDataX509GetKlass = xmlSecNssKeyDataX509GetKlass;
- gXmlSecNssFunctions->keyDataRawX509CertGetKlass = xmlSecNssKeyDataRawX509CertGetKlass;
+ gXmlSecNssFunctions->keyDataX509GetKlass = xmlSecNssKeyDataX509GetKlass;
+ gXmlSecNssFunctions->keyDataRawX509CertGetKlass = xmlSecNssKeyDataRawX509CertGetKlass;
#endif /* XMLSEC_NO_X509 */
- /**
+ /********************************************************************
+ *
* Key data store ids
- */
+ *
+ ********************************************************************/
#ifndef XMLSEC_NO_X509
- gXmlSecNssFunctions->x509StoreGetKlass = xmlSecNssX509StoreGetKlass;
+ gXmlSecNssFunctions->x509StoreGetKlass = xmlSecNssX509StoreGetKlass;
#endif /* XMLSEC_NO_X509 */
- /**
+ /********************************************************************
+ *
* Crypto transforms ids
- */
-#ifndef XMLSEC_NO_AES
- gXmlSecNssFunctions->transformAes128CbcGetKlass = xmlSecNssTransformAes128CbcGetKlass;
- gXmlSecNssFunctions->transformAes192CbcGetKlass = xmlSecNssTransformAes192CbcGetKlass;
- gXmlSecNssFunctions->transformAes256CbcGetKlass = xmlSecNssTransformAes256CbcGetKlass;
- gXmlSecNssFunctions->transformKWAes128GetKlass = xmlSecNssTransformKWAes128GetKlass;
- gXmlSecNssFunctions->transformKWAes192GetKlass = xmlSecNssTransformKWAes192GetKlass;
- gXmlSecNssFunctions->transformKWAes256GetKlass = xmlSecNssTransformKWAes256GetKlass;
+ *
+ ********************************************************************/
+
+ /******************************* AES ********************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecNssFunctions->transformAes128CbcGetKlass = xmlSecNssTransformAes128CbcGetKlass;
+ gXmlSecNssFunctions->transformAes192CbcGetKlass = xmlSecNssTransformAes192CbcGetKlass;
+ gXmlSecNssFunctions->transformAes256CbcGetKlass = xmlSecNssTransformAes256CbcGetKlass;
+ gXmlSecNssFunctions->transformKWAes128GetKlass = xmlSecNssTransformKWAes128GetKlass;
+ gXmlSecNssFunctions->transformKWAes192GetKlass = xmlSecNssTransformKWAes192GetKlass;
+ gXmlSecNssFunctions->transformKWAes256GetKlass = xmlSecNssTransformKWAes256GetKlass;
#endif /* XMLSEC_NO_AES */
-#ifndef XMLSEC_NO_DES
- gXmlSecNssFunctions->transformDes3CbcGetKlass = xmlSecNssTransformDes3CbcGetKlass;
- gXmlSecNssFunctions->transformKWDes3GetKlass = xmlSecNssTransformKWDes3GetKlass;
+ /******************************* DES ********************************/
+#ifndef XMLSEC_NO_DES
+ gXmlSecNssFunctions->transformDes3CbcGetKlass = xmlSecNssTransformDes3CbcGetKlass;
+ gXmlSecNssFunctions->transformKWDes3GetKlass = xmlSecNssTransformKWDes3GetKlass;
#endif /* XMLSEC_NO_DES */
+ /******************************* DSA ********************************/
#ifndef XMLSEC_NO_DSA
- gXmlSecNssFunctions->transformDsaSha1GetKlass = xmlSecNssTransformDsaSha1GetKlass;
+ gXmlSecNssFunctions->transformDsaSha1GetKlass = xmlSecNssTransformDsaSha1GetKlass;
#endif /* XMLSEC_NO_DSA */
+ /******************************* HMAC ********************************/
#ifndef XMLSEC_NO_HMAC
- gXmlSecNssFunctions->transformHmacSha1GetKlass = xmlSecNssTransformHmacSha1GetKlass;
+
+#ifndef XMLSEC_NO_MD5
+ gXmlSecNssFunctions->transformHmacMd5GetKlass = xmlSecNssTransformHmacMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
gXmlSecNssFunctions->transformHmacRipemd160GetKlass = xmlSecNssTransformHmacRipemd160GetKlass;
- gXmlSecNssFunctions->transformHmacMd5GetKlass = xmlSecNssTransformHmacMd5GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecNssFunctions->transformHmacSha1GetKlass = xmlSecNssTransformHmacSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecNssFunctions->transformHmacSha256GetKlass = xmlSecNssTransformHmacSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecNssFunctions->transformHmacSha384GetKlass = xmlSecNssTransformHmacSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecNssFunctions->transformHmacSha512GetKlass = xmlSecNssTransformHmacSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
#endif /* XMLSEC_NO_HMAC */
+ /******************************* RSA ********************************/
#ifndef XMLSEC_NO_RSA
- gXmlSecNssFunctions->transformRsaSha1GetKlass = xmlSecNssTransformRsaSha1GetKlass;
- gXmlSecNssFunctions->transformRsaPkcs1GetKlass = xmlSecNssTransformRsaPkcs1GetKlass;
-/* RSA OAEP is not supported by NSS yet */
-#ifdef TODO
- gXmlSecNssFunctions->transformRsaOaepGetKlass = xmlSecNssTransformRsaOaepGetKlass;
-#endif /* TODO: RSA OAEP is not supported by NSS yet */
+#ifndef XMLSEC_NO_MD5
+ gXmlSecNssFunctions->transformRsaMd5GetKlass = xmlSecNssTransformRsaMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecNssFunctions->transformRsaSha1GetKlass = xmlSecNssTransformRsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecNssFunctions->transformRsaSha256GetKlass = xmlSecNssTransformRsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecNssFunctions->transformRsaSha384GetKlass = xmlSecNssTransformRsaSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecNssFunctions->transformRsaSha512GetKlass = xmlSecNssTransformRsaSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+ gXmlSecNssFunctions->transformRsaPkcs1GetKlass = xmlSecNssTransformRsaPkcs1GetKlass;
+
+/* aleksey, April 2010: NSS 3.12.6 has CKM_RSA_PKCS_OAEP algorithm but
+ it doesn't implement the SHA1 OAEP PKCS we need
+
+ https://bugzilla.mozilla.org/show_bug.cgi?id=158747
+*/
+#ifdef XMLSEC_NSS_RSA_OAEP_TODO
+ gXmlSecNssFunctions->transformRsaOaepGetKlass = xmlSecNssTransformRsaOaepGetKlass;
+#endif /* XMLSEC_NSS_RSA_OAEP_TODO */
#endif /* XMLSEC_NO_RSA */
-#ifndef XMLSEC_NO_SHA1
- gXmlSecNssFunctions->transformSha1GetKlass = xmlSecNssTransformSha1GetKlass;
+ /******************************* SHA ********************************/
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecNssFunctions->transformSha1GetKlass = xmlSecNssTransformSha1GetKlass;
#endif /* XMLSEC_NO_SHA1 */
-
- /**
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecNssFunctions->transformSha256GetKlass = xmlSecNssTransformSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecNssFunctions->transformSha384GetKlass = xmlSecNssTransformSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecNssFunctions->transformSha512GetKlass = xmlSecNssTransformSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+ /******************************* MD5 ********************************/
+#ifndef XMLSEC_NO_MD5
+ gXmlSecNssFunctions->transformMd5GetKlass = xmlSecNssTransformMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+
+ /********************************************************************
+ *
* High level routines form xmlsec command line utility
- */
- gXmlSecNssFunctions->cryptoAppInit = xmlSecNssAppInit;
- gXmlSecNssFunctions->cryptoAppShutdown = xmlSecNssAppShutdown;
- gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = xmlSecNssAppDefaultKeysMngrInit;
- gXmlSecNssFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecNssAppDefaultKeysMngrAdoptKey;
- gXmlSecNssFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecNssAppDefaultKeysMngrLoad;
- gXmlSecNssFunctions->cryptoAppDefaultKeysMngrSave = xmlSecNssAppDefaultKeysMngrSave;
+ *
+ ********************************************************************/
+ gXmlSecNssFunctions->cryptoAppInit = xmlSecNssAppInit;
+ gXmlSecNssFunctions->cryptoAppShutdown = xmlSecNssAppShutdown;
+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = xmlSecNssAppDefaultKeysMngrInit;
+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecNssAppDefaultKeysMngrAdoptKey;
+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecNssAppDefaultKeysMngrLoad;
+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrSave = xmlSecNssAppDefaultKeysMngrSave;
#ifndef XMLSEC_NO_X509
- gXmlSecNssFunctions->cryptoAppKeysMngrCertLoad = xmlSecNssAppKeysMngrCertLoad;
+ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoad = xmlSecNssAppKeysMngrCertLoad;
gXmlSecNssFunctions->cryptoAppKeysMngrCertLoadMemory= xmlSecNssAppKeysMngrCertLoadMemory;
- gXmlSecNssFunctions->cryptoAppPkcs12Load = xmlSecNssAppPkcs12Load;
- gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory;
- gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad;
- gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory;
+ gXmlSecNssFunctions->cryptoAppPkcs12Load = xmlSecNssAppPkcs12Load;
+ gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory;
+ gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad;
+ gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory;
#endif /* XMLSEC_NO_X509 */
- gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad;
- gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory;
- gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback();
+ gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad;
+ gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory;
+ gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback();
return(gXmlSecNssFunctions);
}
/**
* xmlSecNssInit:
- *
- * XMLSec library specific crypto engine initialization.
+ *
+ * XMLSec library specific crypto engine initialization.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecNssInit (void) {
/* Check loaded xmlsec library version */
if(xmlSecCheckVersionExact() != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecCheckVersionExact",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCheckVersionExact",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* set default errors callback for xmlsec to us */
@@ -181,32 +259,32 @@ xmlSecNssInit (void) {
/* register our klasses */
if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_nss()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
return(0);
}
/**
* xmlSecNssShutdown:
- *
- * XMLSec library specific crypto engine shutdown.
+ *
+ * XMLSec library specific crypto engine shutdown.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecNssShutdown(void) {
return(0);
}
/**
* xmlSecNssKeysMngrInit:
- * @mngr: the pointer to keys manager.
+ * @mngr: the pointer to keys manager.
*
* Adds NSS specific key data stores in keys manager.
*
@@ -215,7 +293,7 @@ xmlSecNssShutdown(void) {
int
xmlSecNssKeysMngrInit(xmlSecKeysMngrPtr mngr) {
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
#ifndef XMLSEC_NO_X509
@@ -251,35 +329,35 @@ xmlSecNssKeysMngrInit(xmlSecKeysMngrPtr mngr) {
/**
* xmlSecNssGetInternalKeySlot:
- *
+ *
* Gets internal NSS key slot.
- *
+ *
* Returns: internal key slot and initializes it if needed.
*/
-PK11SlotInfo *
+PK11SlotInfo *
xmlSecNssGetInternalKeySlot()
{
PK11SlotInfo *slot = NULL;
SECStatus rv;
-
+
slot = PK11_GetInternalKeySlot();
if (slot == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_GetInternalKeySlot",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_GetInternalKeySlot",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
"error code=%d", PORT_GetError());
- return NULL;
+ return NULL;
}
- if (PK11_NeedUserInit(slot)) {
+ if (PK11_NeedUserInit(slot)) {
rv = PK11_InitPin(slot, NULL, NULL);
if (rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_Authenticate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_Authenticate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return NULL;
}
}
@@ -287,11 +365,11 @@ xmlSecNssGetInternalKeySlot()
if(PK11_IsLoggedIn(slot, NULL) != PR_TRUE) {
rv = PK11_Authenticate(slot, PR_TRUE, NULL);
if (rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_Authenticate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_Authenticate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return NULL;
}
}
@@ -301,66 +379,66 @@ xmlSecNssGetInternalKeySlot()
/**
* xmlSecNssGenerateRandom:
- * @buffer: the destination buffer.
- * @size: the numer of bytes to generate.
+ * @buffer: the destination buffer.
+ * @size: the numer of bytes to generate.
*
* Generates @size random bytes and puts result in @buffer.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecNssGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) {
+xmlSecNssGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) {
SECStatus rv;
int ret;
-
+
xmlSecAssert2(buffer != NULL, -1);
xmlSecAssert2(size > 0, -1);
ret = xmlSecBufferSetSize(buffer, size);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", size);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return(-1);
}
-
+
/* get random data */
rv = PK11_GenerateRandom((xmlSecByte*)xmlSecBufferGetData(buffer), size);
if(rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_GenerateRandom",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "size=%d", size);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_GenerateRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", size);
+ return(-1);
+ }
return(0);
}
/**
* xmlSecNssErrorsDefaultCallback:
- * @file: the error location file name (__FILE__ macro).
- * @line: the error location line number (__LINE__ macro).
- * @func: the error location function name (__FUNCTION__ macro).
- * @errorObject: the error specific error object
- * @errorSubject: the error specific error subject.
- * @reason: the error code.
- * @msg: the additional error message.
+ * @file: the error location file name (__FILE__ macro).
+ * @line: the error location line number (__LINE__ macro).
+ * @func: the error location function name (__FUNCTION__ macro).
+ * @errorObject: the error specific error object
+ * @errorSubject: the error specific error subject.
+ * @reason: the error code.
+ * @msg: the additional error message.
*
* The default errors reporting callback function.
*/
-void
+void
xmlSecNssErrorsDefaultCallback(const char* file, int line, const char* func,
- const char* errorObject, const char* errorSubject,
- int reason, const char* msg) {
+ const char* errorObject, const char* errorSubject,
+ int reason, const char* msg) {
xmlChar buf[500];
int err;
err = PORT_GetError();
xmlSecStrPrintf(buf, sizeof(buf), BAD_CAST "%s;last nss error=%d (0x%08X)", msg, err, err);
- xmlSecErrorsDefaultCallback(file, line, func,
- errorObject, errorSubject,
- reason, (char*)buf);
+ xmlSecErrorsDefaultCallback(file, line, func,
+ errorObject, errorSubject,
+ reason, (char*)buf);
}
diff --git a/src/nss/digests.c b/src/nss/digests.c
index 5a1db916..8063b443 100644
--- a/src/nss/digests.c
+++ b/src/nss/digests.c
@@ -1,9 +1,9 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
* Copyright (c) 2003 America Online, Inc. All rights reserved.
*/
@@ -24,20 +24,20 @@
#include <xmlsec/nss/app.h>
#include <xmlsec/nss/crypto.h>
-#define XMLSEC_NSS_MAX_DIGEST_SIZE 32
+#define XMLSEC_NSS_MAX_DIGEST_SIZE 64
/**************************************************************************
*
* Internal NSS Digest CTX
*
*****************************************************************************/
-typedef struct _xmlSecNssDigestCtx xmlSecNssDigestCtx, *xmlSecNssDigestCtxPtr;
+typedef struct _xmlSecNssDigestCtx xmlSecNssDigestCtx, *xmlSecNssDigestCtxPtr;
struct _xmlSecNssDigestCtx {
- SECOidData* digest;
- PK11Context* digestCtx;
- xmlSecByte dgst[XMLSEC_NSS_MAX_DIGEST_SIZE];
- xmlSecSize dgstSize; /* dgst size in bytes */
-};
+ SECOidData* digest;
+ PK11Context* digestCtx;
+ xmlSecByte dgst[XMLSEC_NSS_MAX_DIGEST_SIZE];
+ xmlSecSize dgstSize; /* dgst size in bytes */
+};
/******************************************************************************
*
@@ -46,35 +46,59 @@ struct _xmlSecNssDigestCtx {
* xmlSecNssDigestCtx is located after xmlSecTransform
*
*****************************************************************************/
-#define xmlSecNssDigestSize \
- (sizeof(xmlSecTransform) + sizeof(xmlSecNssDigestCtx))
+#define xmlSecNssDigestSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecNssDigestCtx))
#define xmlSecNssDigestGetCtx(transform) \
((xmlSecNssDigestCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-static int xmlSecNssDigestInitialize (xmlSecTransformPtr transform);
-static void xmlSecNssDigestFinalize (xmlSecTransformPtr transform);
-static int xmlSecNssDigestVerify (xmlSecTransformPtr transform,
- const xmlSecByte* data,
- xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecNssDigestExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecNssDigestCheckId (xmlSecTransformPtr transform);
+static int xmlSecNssDigestCheckId (xmlSecTransformPtr transform);
+static int xmlSecNssDigestInitialize (xmlSecTransformPtr transform);
+static void xmlSecNssDigestFinalize (xmlSecTransformPtr transform);
+static int xmlSecNssDigestVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecNssDigestExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
static int
xmlSecNssDigestCheckId(xmlSecTransformPtr transform) {
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformMd5Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_MD5 */
+
#ifndef XMLSEC_NO_SHA1
if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha1Id)) {
- return(1);
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha256Id)) {
+ return(1);
}
-#endif /* XMLSEC_NO_SHA1 */
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha384Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha512Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA512 */
return(0);
}
-static int
+static int
xmlSecNssDigestInitialize(xmlSecTransformPtr transform) {
xmlSecNssDigestCtxPtr ctx;
@@ -87,44 +111,69 @@ xmlSecNssDigestInitialize(xmlSecTransformPtr transform) {
/* initialize context */
memset(ctx, 0, sizeof(xmlSecNssDigestCtx));
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformMd5Id)) {
+ ctx->digest = SECOID_FindOIDByTag(SEC_OID_MD5);
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
#ifndef XMLSEC_NO_SHA1
if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha1Id)) {
- ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA1);
+ ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha256Id)) {
+ ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA256);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha384Id)) {
+ ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA384);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha512Id)) {
+ ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA512);
} else
-#endif /* XMLSEC_NO_SHA1 */
+#endif /* XMLSEC_NO_SHA512 */
if(1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
if(ctx->digest == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "SECOID_FindOIDByTag",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "SECOID_FindOIDByTag",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
}
-
+
ctx->digestCtx = PK11_CreateDigestContext(ctx->digest->offset);
if(ctx->digestCtx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_CreateDigestContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_CreateDigestContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
}
-
+
return(0);
}
-static void
+static void
xmlSecNssDigestFinalize(xmlSecTransformPtr transform) {
xmlSecNssDigestCtxPtr ctx;
@@ -133,19 +182,19 @@ xmlSecNssDigestFinalize(xmlSecTransformPtr transform) {
ctx = xmlSecNssDigestGetCtx(transform);
xmlSecAssert(ctx != NULL);
-
+
if(ctx->digestCtx != NULL) {
- PK11_DestroyContext(ctx->digestCtx, PR_TRUE);
+ PK11_DestroyContext(ctx->digestCtx, PR_TRUE);
}
memset(ctx, 0, sizeof(xmlSecNssDigestCtx));
}
static int
-xmlSecNssDigestVerify(xmlSecTransformPtr transform,
- const xmlSecByte* data, xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx) {
+xmlSecNssDigestVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
xmlSecNssDigestCtxPtr ctx;
-
+
xmlSecAssert2(xmlSecNssDigestCheckId(transform), -1);
xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssDigestSize), -1);
@@ -156,39 +205,39 @@ xmlSecNssDigestVerify(xmlSecTransformPtr transform,
ctx = xmlSecNssDigestGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->dgstSize > 0, -1);
-
+
if(dataSize != ctx->dgstSize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "data and digest sizes are different (data=%d, dgst=%d)",
- dataSize, ctx->dgstSize);
- transform->status = xmlSecTransformStatusFail;
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data and digest sizes are different (data=%d, dgst=%d)",
+ dataSize, ctx->dgstSize);
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
}
-
+
if(memcmp(ctx->dgst, data, dataSize) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "data and digest do not match");
- transform->status = xmlSecTransformStatusFail;
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data and digest do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
}
-
+
transform->status = xmlSecTransformStatusOk;
return(0);
}
-static int
+static int
xmlSecNssDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecNssDigestCtxPtr ctx;
xmlSecBufferPtr in, out;
SECStatus rv;
int ret;
-
+
xmlSecAssert2(xmlSecNssDigestCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(transformCtx != NULL, -1);
@@ -202,83 +251,135 @@ xmlSecNssDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCt
out = &(transform->outBuf);
if(transform->status == xmlSecTransformStatusNone) {
- rv = PK11_DigestBegin(ctx->digestCtx);
- if(rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_DigestBegin",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(-1);
- }
- transform->status = xmlSecTransformStatusWorking;
+ rv = PK11_DigestBegin(ctx->digestCtx);
+ if(rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestBegin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusWorking;
}
-
+
if(transform->status == xmlSecTransformStatusWorking) {
- xmlSecSize inSize;
-
- inSize = xmlSecBufferGetSize(in);
- if(inSize > 0) {
- rv = PK11_DigestOp(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
- if (rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_DigestOp",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(-1);
- }
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
- }
- if(last) {
- rv = PK11_DigestFinal(ctx->digestCtx, ctx->dgst, &ctx->dgstSize, sizeof(ctx->dgst));
- if(rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_DigestFinal",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(-1);
- }
- xmlSecAssert2(ctx->dgstSize > 0, -1);
-
- if(transform->operation == xmlSecTransformOperationSign) {
- ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", ctx->dgstSize);
- return(-1);
- }
- }
- transform->status = xmlSecTransformStatusFinished;
- }
+ xmlSecSize inSize;
+
+ inSize = xmlSecBufferGetSize(in);
+ if(inSize > 0) {
+ rv = PK11_DigestOp(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
+ if (rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+ if(last) {
+ unsigned int dgstSize;
+
+ rv = PK11_DigestFinal(ctx->digestCtx, ctx->dgst, &dgstSize, sizeof(ctx->dgst));
+ if(rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ xmlSecAssert2(dgstSize > 0, -1);
+ ctx->dgstSize = XMLSEC_SIZE_BAD_CAST(dgstSize);
+
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", ctx->dgstSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
} else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
-
+
return(0);
}
+#ifndef XMLSEC_NO_MD5
+/******************************************************************************
+ *
+ * Md5 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecNssMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameMd5, /* const xmlChar* name; */
+ xmlSecHrefMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecNssDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformMd5GetKlass:
+ *
+ * MD5 digest transform klass.
+ *
+ * Returns: pointer to MD5 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformMd5GetKlass(void) {
+ return(&xmlSecNssMd5Klass);
+}
+#endif /* XMLSEC_NO_MD5 */
+
+
#ifndef XMLSEC_NO_SHA1
/******************************************************************************
*
@@ -287,45 +388,189 @@ xmlSecNssDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCt
*****************************************************************************/
static xmlSecTransformKlass xmlSecNssSha1Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssDigestSize, /* xmlSecSize objSize */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssDigestSize, /* xmlSecSize objSize */
/* data */
- xmlSecNameSha1, /* const xmlChar* name; */
- xmlSecHrefSha1, /* const xmlChar* href; */
- xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
-
+ xmlSecNameSha1, /* const xmlChar* name; */
+ xmlSecHrefSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
/* methods */
- xmlSecNssDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecNssDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecNssDigestVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecNssDigestExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ xmlSecNssDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecNssTransformSha1GetKlass:
*
* SHA-1 digest transform klass.
*
* Returns: pointer to SHA-1 digest transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecNssTransformSha1GetKlass(void) {
return(&xmlSecNssSha1Klass);
}
#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+/******************************************************************************
+ *
+ * SHA256 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecNssSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameSha256, /* const xmlChar* name; */
+ xmlSecHrefSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecNssDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformSha256GetKlass:
+ *
+ * SHA256 digest transform klass.
+ *
+ * Returns: pointer to SHA256 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformSha256GetKlass(void) {
+ return(&xmlSecNssSha256Klass);
+}
+#endif /* XMLSEC_NO_SHA256 */
+
+
+#ifndef XMLSEC_NO_SHA384
+/******************************************************************************
+ *
+ * SHA384 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecNssSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameSha384, /* const xmlChar* name; */
+ xmlSecHrefSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecNssDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformSha384GetKlass:
+ *
+ * SHA384 digest transform klass.
+ *
+ * Returns: pointer to SHA384 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformSha384GetKlass(void) {
+ return(&xmlSecNssSha384Klass);
+}
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/******************************************************************************
+ *
+ * SHA512 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecNssSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameSha512, /* const xmlChar* name; */
+ xmlSecHrefSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecNssDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformSha512GetKlass:
+ *
+ * SHA512 digest transform klass.
+ *
+ * Returns: pointer to SHA512 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformSha512GetKlass(void) {
+ return(&xmlSecNssSha512Klass);
+}
+#endif /* XMLSEC_NO_SHA512 */
diff --git a/src/nss/globals.h b/src/nss/globals.h
index 272a27b8..770b6dba 100644
--- a/src/nss/globals.h
+++ b/src/nss/globals.h
@@ -5,14 +5,14 @@
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#ifndef __XMLSEC_GLOBALS_H__
#define __XMLSEC_GLOBALS_H__
/**
- * Use autoconf defines if present.
+ * Use autoconf defines if present.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
diff --git a/src/nss/hmac.c b/src/nss/hmac.c
index 98bf0c12..ae7e67ef 100644
--- a/src/nss/hmac.c
+++ b/src/nss/hmac.c
@@ -1,9 +1,9 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
* Copyright (c) 2003 America Online, Inc. All rights reserved.
*/
@@ -27,8 +27,8 @@
#include <xmlsec/nss/crypto.h>
/* sizes in bits */
-#define XMLSEC_NSS_MIN_HMAC_SIZE 80
-#define XMLSEC_NSS_MAX_HMAC_SIZE (128 * 8)
+#define XMLSEC_NSS_MIN_HMAC_SIZE 80
+#define XMLSEC_NSS_MAX_HMAC_SIZE (128 * 8)
/**************************************************************************
*
@@ -38,10 +38,10 @@
static int g_xmlsec_nss_hmac_min_length = XMLSEC_NSS_MIN_HMAC_SIZE;
/**
- * xmlSecNssHmacGetMinOutputLength:
- *
+ * xmlSecNssHmacGetMinOutputLength:
+ *
* Gets the value of min HMAC length.
- *
+ *
* Returns: the min HMAC output length
*/
int xmlSecNssHmacGetMinOutputLength(void)
@@ -50,9 +50,9 @@ int xmlSecNssHmacGetMinOutputLength(void)
}
/**
- * xmlSecNssHmacSetMinOutputLength:
- * @min_length: the new min length
- *
+ * xmlSecNssHmacSetMinOutputLength:
+ * @min_length: the new min length
+ *
* Sets the min HMAC output length
*/
void xmlSecNssHmacSetMinOutputLength(int min_length)
@@ -65,13 +65,13 @@ void xmlSecNssHmacSetMinOutputLength(int min_length)
* Internal NSS HMAC CTX
*
*****************************************************************************/
-typedef struct _xmlSecNssHmacCtx xmlSecNssHmacCtx, *xmlSecNssHmacCtxPtr;
+typedef struct _xmlSecNssHmacCtx xmlSecNssHmacCtx, *xmlSecNssHmacCtxPtr;
struct _xmlSecNssHmacCtx {
- CK_MECHANISM_TYPE digestType;
- PK11Context* digestCtx;
- xmlSecByte dgst[XMLSEC_NSS_MAX_HMAC_SIZE / 8];
- xmlSecSize dgstSize; /* dgst size in bits */
-};
+ CK_MECHANISM_TYPE digestType;
+ PK11Context* digestCtx;
+ xmlSecByte dgst[XMLSEC_NSS_MAX_HMAC_SIZE / 8];
+ xmlSecSize dgstSize; /* dgst size in bits */
+};
/******************************************************************************
*
@@ -82,31 +82,72 @@ struct _xmlSecNssHmacCtx {
*****************************************************************************/
#define xmlSecNssHmacGetCtx(transform) \
((xmlSecNssHmacCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-#define xmlSecNssHmacSize \
+#define xmlSecNssHmacSize \
(sizeof(xmlSecTransform) + sizeof(xmlSecNssHmacCtx))
-#define xmlSecNssHmacCheckId(transform) \
- (xmlSecTransformCheckId((transform), xmlSecNssTransformHmacSha1Id) || \
- xmlSecTransformCheckId((transform), xmlSecNssTransformHmacMd5Id) || \
- xmlSecTransformCheckId((transform), xmlSecNssTransformHmacRipemd160Id))
-
-static int xmlSecNssHmacInitialize (xmlSecTransformPtr transform);
-static void xmlSecNssHmacFinalize (xmlSecTransformPtr transform);
-static int xmlSecNssHmacNodeRead (xmlSecTransformPtr transform,
- xmlNodePtr node,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecNssHmacSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecNssHmacSetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecNssHmacVerify (xmlSecTransformPtr transform,
- const xmlSecByte* data,
- xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecNssHmacExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-
-static int
+
+static int xmlSecNssHmacCheckId (xmlSecTransformPtr transform);
+static int xmlSecNssHmacInitialize (xmlSecTransformPtr transform);
+static void xmlSecNssHmacFinalize (xmlSecTransformPtr transform);
+static int xmlSecNssHmacNodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecNssHmacSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecNssHmacSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecNssHmacVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecNssHmacExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+
+static int
+xmlSecNssHmacCheckId(xmlSecTransformPtr transform) {
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacMd5Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacRipemd160Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha1Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha256Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha384Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha512Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA512 */
+
+ /* not found */
+ return(0);
+}
+
+static int
xmlSecNssHmacInitialize(xmlSecTransformPtr transform) {
xmlSecNssHmacCtxPtr ctx;
@@ -115,30 +156,61 @@ xmlSecNssHmacInitialize(xmlSecTransformPtr transform) {
ctx = xmlSecNssHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
-
memset(ctx, 0, sizeof(xmlSecNssHmacCtx));
- if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha1Id)) {
- ctx->digestType = CKM_SHA_1_HMAC;
- } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacMd5Id)) {
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacMd5Id)) {
ctx->digestType = CKM_MD5_HMAC;
- } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacRipemd160Id)) {
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacRipemd160Id)) {
ctx->digestType = CKM_RIPEMD160_HMAC;
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha1Id)) {
+ ctx->digestType = CKM_SHA_1_HMAC;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha256Id)) {
+ ctx->digestType = CKM_SHA256_HMAC;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha384Id)) {
+ ctx->digestType = CKM_SHA384_HMAC;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha512Id)) {
+ ctx->digestType = CKM_SHA512_HMAC;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+ /* not found */
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
-static void
+static void
xmlSecNssHmacFinalize(xmlSecTransformPtr transform) {
xmlSecNssHmacCtxPtr ctx;
- xmlSecAssert(xmlSecNssHmacCheckId(transform));
+ xmlSecAssert(xmlSecNssHmacCheckId(transform));
xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssHmacSize));
ctx = xmlSecNssHmacGetCtx(transform);
@@ -155,21 +227,21 @@ xmlSecNssHmacFinalize(xmlSecTransformPtr transform) {
*
* HMAC (http://www.w3.org/TR/xmldsig-core/#sec-HMAC):
*
- * The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits
- * as a parameter; if the parameter is not specified then all the bits of the
- * hash are output. An example of an HMAC SignatureMethod element:
+ * The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits
+ * as a parameter; if the parameter is not specified then all the bits of the
+ * hash are output. An example of an HMAC SignatureMethod element:
* <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
* <HMACOutputLength>128</HMACOutputLength>
* </SignatureMethod>
- *
+ *
* Schema Definition:
- *
+ *
* <simpleType name="HMACOutputLengthType">
* <restriction base="integer"/>
* </simpleType>
- *
+ *
* DTD:
- *
+ *
* <!ELEMENT HMACOutputLength (#PCDATA)>
*/
static int
@@ -185,45 +257,45 @@ xmlSecNssHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTrans
ctx = xmlSecNssHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
- cur = xmlSecGetNextElementNode(node->children);
- if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
- xmlChar *content;
-
- content = xmlNodeGetContent(cur);
- if(content != NULL) {
- ctx->dgstSize = atoi((char*)content);
- xmlFree(content);
- }
-
- /* Ensure that HMAC length is greater than min specified.
- Otherwise, an attacker can set this lenght to 0 or very
- small value
- */
- if((int)ctx->dgstSize < xmlSecNssHmacGetMinOutputLength()) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
- "HMAC output length is too small");
- return(-1);
- }
-
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(node->children);
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
+ xmlChar *content;
+
+ content = xmlNodeGetContent(cur);
+ if(content != NULL) {
+ ctx->dgstSize = atoi((char*)content);
+ xmlFree(content);
+ }
+
+ /* Ensure that HMAC length is greater than min specified.
+ Otherwise, an attacker can set this length to 0 or very
+ small value
+ */
+ if((int)ctx->dgstSize < xmlSecNssHmacGetMinOutputLength()) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "HMAC output length is too small");
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(cur->next);
}
-
+
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "no nodes expected");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "no nodes expected");
+ return(-1);
}
- return(0);
+ return(0);
}
-static int
+static int
xmlSecNssHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecNssHmacCtxPtr ctx;
@@ -238,11 +310,11 @@ xmlSecNssHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
keyReq->keyId = xmlSecNssKeyDataHmacId;
keyReq->keyType= xmlSecKeyDataTypeSymmetric;
if(transform->operation == xmlSecTransformOperationSign) {
- keyReq->keyUsage = xmlSecKeyUsageSign;
+ keyReq->keyUsage = xmlSecKeyUsageSign;
} else {
- keyReq->keyUsage = xmlSecKeyUsageVerify;
+ keyReq->keyUsage = xmlSecKeyUsageVerify;
}
-
+
return(0);
}
@@ -255,7 +327,7 @@ xmlSecNssHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
SECItem ignore;
PK11SlotInfo* slot;
PK11SymKey* symKey;
-
+
xmlSecAssert2(xmlSecNssHmacCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssHmacSize), -1);
@@ -265,7 +337,7 @@ xmlSecNssHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->digestType != 0, -1);
xmlSecAssert2(ctx->digestCtx == NULL, -1);
-
+
value = xmlSecKeyGetValue(key);
xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecNssKeyDataHmacId), -1);
@@ -273,51 +345,51 @@ xmlSecNssHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecAssert2(buffer != NULL, -1);
if(xmlSecBufferGetSize(buffer) == 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
- "key is empty");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key is empty");
+ return(-1);
}
memset(&ignore, 0, sizeof(ignore));
memset(&keyItem, 0, sizeof(keyItem));
keyItem.data = xmlSecBufferGetData(buffer);
- keyItem.len = xmlSecBufferGetSize(buffer);
+ keyItem.len = xmlSecBufferGetSize(buffer);
slot = PK11_GetBestSlot(ctx->digestType, NULL);
if(slot == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_GetBestSlot",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_GetBestSlot",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
- symKey = PK11_ImportSymKey(slot, ctx->digestType, PK11_OriginDerive,
- CKA_SIGN, &keyItem, NULL);
+
+ symKey = PK11_ImportSymKey(slot, ctx->digestType, PK11_OriginDerive,
+ CKA_SIGN, &keyItem, NULL);
if(symKey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_ImportSymKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_ImportSymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
PK11_FreeSlot(slot);
- return(-1);
+ return(-1);
}
ctx->digestCtx = PK11_CreateContextBySymKey(ctx->digestType, CKA_SIGN, symKey, &ignore);
if(ctx->digestCtx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_CreateContextBySymKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- PK11_FreeSymKey(symKey);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_CreateContextBySymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ PK11_FreeSymKey(symKey);
PK11_FreeSlot(slot);
- return(-1);
+ return(-1);
}
PK11_FreeSymKey(symKey);
@@ -326,15 +398,15 @@ xmlSecNssHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
}
static int
-xmlSecNssHmacVerify(xmlSecTransformPtr transform,
- const xmlSecByte* data, xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx) {
- static xmlSecByte last_byte_masks[] =
- { 0xFF, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
+xmlSecNssHmacVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ static xmlSecByte last_byte_masks[] =
+ { 0xFF, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
xmlSecNssHmacCtxPtr ctx;
xmlSecByte mask;
-
+
xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssHmacSize), -1);
@@ -346,54 +418,54 @@ xmlSecNssHmacVerify(xmlSecTransformPtr transform,
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->digestCtx != NULL, -1);
xmlSecAssert2(ctx->dgstSize > 0, -1);
-
+
/* compare the digest size in bytes */
if(dataSize != ((ctx->dgstSize + 7) / 8)){
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "data=%d;dgst=%d",
- dataSize, ((ctx->dgstSize + 7) / 8));
- transform->status = xmlSecTransformStatusFail;
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "data=%d;dgst=%d",
+ dataSize, ((ctx->dgstSize + 7) / 8));
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
}
/* we check the last byte separatelly */
xmlSecAssert2(dataSize > 0, -1);
mask = last_byte_masks[ctx->dgstSize % 8];
if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_DATA_NOT_MATCH,
- "data and digest do not match (last byte)");
- transform->status = xmlSecTransformStatusFail;
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "data and digest do not match (last byte)");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
}
/* now check the rest of the digest */
if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_DATA_NOT_MATCH,
- "data and digest do not match");
- transform->status = xmlSecTransformStatusFail;
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "data and digest do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
}
-
+
transform->status = xmlSecTransformStatusOk;
return(0);
}
-static int
+static int
xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecNssHmacCtxPtr ctx;
xmlSecBufferPtr in, out;
SECStatus rv;
int ret;
-
+
xmlSecAssert2(xmlSecNssHmacCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssHmacSize), -1);
@@ -407,226 +479,376 @@ xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxP
out = &(transform->outBuf);
if(transform->status == xmlSecTransformStatusNone) {
- rv = PK11_DigestBegin(ctx->digestCtx);
- if(rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_DigestBegin",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(-1);
- }
- transform->status = xmlSecTransformStatusWorking;
+ rv = PK11_DigestBegin(ctx->digestCtx);
+ if(rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestBegin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusWorking;
}
-
+
if(transform->status == xmlSecTransformStatusWorking) {
- xmlSecSize inSize;
-
- inSize = xmlSecBufferGetSize(in);
- if(inSize > 0) {
- rv = PK11_DigestOp(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
- if (rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_DigestOp",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(-1);
- }
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
- }
- if(last) {
- xmlSecSize dgstSize;
-
- rv = PK11_DigestFinal(ctx->digestCtx, ctx->dgst, &dgstSize, sizeof(ctx->dgst));
- if(rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_DigestFinal",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(-1);
- }
- xmlSecAssert2(dgstSize > 0, -1);
-
- /* check/set the result digest size */
- if(ctx->dgstSize == 0) {
- ctx->dgstSize = dgstSize * 8; /* no dgst size specified, use all we have */
- } else if(ctx->dgstSize <= 8 * dgstSize) {
- dgstSize = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "result-bits=%d;required-bits=%d",
- 8 * dgstSize, ctx->dgstSize);
- return(-1);
- }
-
- if(transform->operation == xmlSecTransformOperationSign) {
- ret = xmlSecBufferAppend(out, ctx->dgst, dgstSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", dgstSize);
- return(-1);
- }
- }
- transform->status = xmlSecTransformStatusFinished;
- }
+ xmlSecSize inSize;
+
+ inSize = xmlSecBufferGetSize(in);
+ if(inSize > 0) {
+ rv = PK11_DigestOp(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
+ if (rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+ if(last) {
+ unsigned int dgstSize;
+
+ rv = PK11_DigestFinal(ctx->digestCtx, ctx->dgst, &dgstSize, sizeof(ctx->dgst));
+ if(rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ xmlSecAssert2(dgstSize > 0, -1);
+
+ /* check/set the result digest size */
+ if(ctx->dgstSize == 0) {
+ ctx->dgstSize = XMLSEC_SIZE_BAD_CAST(dgstSize * 8); /* no dgst size specified, use all we have */
+ } else if(ctx->dgstSize <= XMLSEC_SIZE_BAD_CAST(8 * dgstSize)) {
+ dgstSize = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "result-bits=%d;required-bits=%d",
+ 8 * dgstSize, ctx->dgstSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = xmlSecBufferAppend(out, ctx->dgst, dgstSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", dgstSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
} else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "size=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "size=%d", transform->status);
+ return(-1);
}
-
+
return(0);
}
-/**
- * HMAC SHA1
- */
-static xmlSecTransformKlass xmlSecNssHmacSha1Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssHmacSize, /* xmlSecSize objSize */
-
- xmlSecNameHmacSha1, /* const xmlChar* name; */
- xmlSecHrefHmacSha1, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecNssHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecNssHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecNssHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecNssHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecNssHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecNssHmacVerify, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecNssHmacExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-/**
- * xmlSecNssTransformHmacSha1GetKlass:
- *
- * The HMAC-SHA1 transform klass.
+#ifndef XMLSEC_NO_RIPEMD160
+/******************************************************************************
*
- * Returns: the HMAC-SHA1 transform klass.
- */
-xmlSecTransformId
-xmlSecNssTransformHmacSha1GetKlass(void) {
- return(&xmlSecNssHmacSha1Klass);
-}
-
-/**
* HMAC Ripemd160
- */
+ *
+ ******************************************************************************/
static xmlSecTransformKlass xmlSecNssHmacRipemd160Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssHmacSize, /* xmlSecSize objSize */
-
- xmlSecNameHmacRipemd160, /* const xmlChar* name; */
- xmlSecHrefHmacRipemd160, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecNssHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecNssHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecNssHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecNssHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecNssHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecNssHmacVerify, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecNssHmacExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacRipemd160, /* const xmlChar* name; */
+ xmlSecHrefHmacRipemd160, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecNssHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecNssTransformHmacRipemd160GetKlass:
*
* The HMAC-RIPEMD160 transform klass.
*
* Returns: the HMAC-RIPEMD160 transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecNssTransformHmacRipemd160GetKlass(void) {
return(&xmlSecNssHmacRipemd160Klass);
}
+#endif /* XMLSEC_NO_RIPEMD160 */
-/**
- * HMAC Md5
- */
+#ifndef XMLSEC_NO_MD5
+/******************************************************************************
+ *
+ * HMAC MD5
+ *
+ ******************************************************************************/
static xmlSecTransformKlass xmlSecNssHmacMd5Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssHmacSize, /* xmlSecSize objSize */
-
- xmlSecNameHmacMd5, /* const xmlChar* name; */
- xmlSecHrefHmacMd5, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecNssHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecNssHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecNssHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecNssHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecNssHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecNssHmacVerify, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecNssHmacExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacMd5, /* const xmlChar* name; */
+ xmlSecHrefHmacMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecNssHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecNssTransformHmacMd5GetKlass:
*
* The HMAC-MD5 transform klass.
*
* Returns: the HMAC-MD5 transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecNssTransformHmacMd5GetKlass(void) {
return(&xmlSecNssHmacMd5Klass);
}
+#endif /* XMLSEC_NO_MD5 */
+#ifndef XMLSEC_NO_SHA1
+/******************************************************************************
+ *
+ * HMAC SHA1
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecNssHmacSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha1, /* const xmlChar* name; */
+ xmlSecHrefHmacSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecNssHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformHmacSha1GetKlass:
+ *
+ * The HMAC-SHA1 transform klass.
+ *
+ * Returns: the HMAC-SHA1 transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformHmacSha1GetKlass(void) {
+ return(&xmlSecNssHmacSha1Klass);
+}
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/******************************************************************************
+ *
+ * HMAC SHA256
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecNssHmacSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha256, /* const xmlChar* name; */
+ xmlSecHrefHmacSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecNssHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformHmacSha256GetKlass:
+ *
+ * The HMAC-SHA256 transform klass.
+ *
+ * Returns: the HMAC-SHA256 transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformHmacSha256GetKlass(void) {
+ return(&xmlSecNssHmacSha256Klass);
+}
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/******************************************************************************
+ *
+ * HMAC SHA384
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecNssHmacSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha384, /* const xmlChar* name; */
+ xmlSecHrefHmacSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecNssHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformHmacSha384GetKlass:
+ *
+ * The HMAC-SHA384 transform klass.
+ *
+ * Returns: the HMAC-SHA384 transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformHmacSha384GetKlass(void) {
+ return(&xmlSecNssHmacSha384Klass);
+}
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/******************************************************************************
+ *
+ * HMAC SHA512
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecNssHmacSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha512, /* const xmlChar* name; */
+ xmlSecHrefHmacSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecNssHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformHmacSha512GetKlass:
+ *
+ * The HMAC-SHA512 transform klass.
+ *
+ * Returns: the HMAC-SHA512 transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformHmacSha512GetKlass(void) {
+ return(&xmlSecNssHmacSha512Klass);
+}
+#endif /* XMLSEC_NO_SHA512 */
#endif /* XMLSEC_NO_HMAC */
diff --git a/src/nss/keysstore.c b/src/nss/keysstore.c
index a583f604..f07e44be 100644
--- a/src/nss/keysstore.c
+++ b/src/nss/keysstore.c
@@ -1,6 +1,6 @@
-/**
+/**
* XMLSec library
- *
+ *
* Nss keys store that uses Simple Keys Store under the hood. Uses the
* Nss DB as a backing store for the finding keys, but the NSS DB is
* not written to by the keys store.
@@ -8,12 +8,12 @@
* keys store, the NSS DB is looked up.
* If store is called to adopt a key, that key is not written to the NSS
* DB.
- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate
+ * Thus, the NSS DB can be used to pre-load keys and becomes an alternate
* source of keys for xmlsec
- *
+ *
* This is free software; see Copyright file in the source
* distribution for precise wording.
- *
+ *
* Copyright (c) 2003 America Online, Inc. All rights reserved.
*/
#include "globals.h"
@@ -21,12 +21,12 @@
#include <stdlib.h>
#include <string.h>
-#include <nss.h>
-#include <cert.h>
-#include <pk11func.h>
-#include <keyhi.h>
+#include <nss.h>
+#include <cert.h>
+#include <pk11func.h>
+#include <keyhi.h>
-#include <libxml/tree.h>
+#include <libxml/tree.h>
#include <xmlsec/xmlsec.h>
#include <xmlsec/buffer.h>
@@ -44,89 +44,89 @@
/****************************************************************************
*
* Nss Keys Store. Uses Simple Keys Store under the hood
- *
+ *
* Simple Keys Store ptr is located after xmlSecKeyStore
*
***************************************************************************/
#define xmlSecNssKeysStoreSize \
- (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
+ (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
#define xmlSecNssKeysStoreGetSS(store) \
((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \
(xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
(xmlSecKeyStorePtr*)NULL)
-static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store);
-static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store);
-static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store,
- const xmlChar* name,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store);
+static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store);
+static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store,
+ const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
sizeof(xmlSecKeyStoreKlass),
xmlSecNssKeysStoreSize,
/* data */
- BAD_CAST "NSS-keys-store", /* const xmlChar* name; */
-
+ BAD_CAST "NSS-keys-store", /* const xmlChar* name; */
+
/* constructors/destructor */
- xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
- xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
- xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
+ xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
+ xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
+ xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecNssKeysStoreGetKlass:
- *
+ *
* The Nss list based keys store klass.
*
* Returns: Nss list based keys store klass.
*/
-xmlSecKeyStoreId
+xmlSecKeyStoreId
xmlSecNssKeysStoreGetKlass(void) {
return(&xmlSecNssKeysStoreKlass);
}
/**
* xmlSecNssKeysStoreAdoptKey:
- * @store: the pointer to Nss keys store.
- * @key: the pointer to key.
- *
- * Adds @key to the @store.
+ * @store: the pointer to Nss keys store.
+ * @key: the pointer to key.
+ *
+ * Adds @key to the @store.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
xmlSecKeyStorePtr *ss;
-
+
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
xmlSecAssert2((key != NULL), -1);
ss = xmlSecNssKeysStoreGetSS(store);
- xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
+ xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
+ (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
}
-/**
+/**
* xmlSecNssKeysStoreLoad:
- * @store: the pointer to Nss keys store.
- * @uri: the filename.
- * @keysMngr: the pointer to associated keys manager.
- *
+ * @store: the pointer to Nss keys store.
+ * @uri: the filename.
+ * @keysMngr: the pointer to associated keys manager.
+ *
* Reads keys from an XML file.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
int
-xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
- xmlSecKeysMngrPtr keysMngr) {
+xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
+ xmlSecKeysMngrPtr keysMngr) {
xmlDocPtr doc;
xmlNodePtr root;
xmlNodePtr cur;
@@ -135,117 +135,117 @@ xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
- xmlSecAssert2((uri != NULL), -1);
+ xmlSecAssert2((uri != NULL), -1);
doc = xmlParseFile(uri);
if(doc == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlParseFile",
- XMLSEC_ERRORS_R_XML_FAILED,
- "uri=%s",
- xmlSecErrorsSafeString(uri));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlParseFile",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "uri=%s",
+ xmlSecErrorsSafeString(uri));
+ return(-1);
}
-
+
root = xmlDocGetRootElement(doc);
if(!xmlSecCheckNodeName(root, BAD_CAST "Keys", xmlSecNs)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(root)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "expected-node=<xmlsec:Keys>");
- xmlFreeDoc(doc);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(root)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected-node=<xmlsec:Keys>");
+ xmlFreeDoc(doc);
+ return(-1);
}
-
+
cur = xmlSecGetNextElementNode(root->children);
- while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) {
- key = xmlSecKeyCreate();
- if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "expected-node=%s",
- xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
- xmlFreeDoc(doc);
- return(-1);
- }
-
- ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecKeyInfoCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDestroy(key);
- xmlFreeDoc(doc);
- return(-1);
- }
-
- keyInfoCtx.mode = xmlSecKeyInfoModeRead;
- keyInfoCtx.keysMngr = keysMngr;
- keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND |
- XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
- keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
- keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypeAny;
- keyInfoCtx.keyReq.keyUsage= xmlSecKeyDataUsageAny;
-
- ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecKeyInfoNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
- xmlSecKeyDestroy(key);
- xmlFreeDoc(doc);
- return(-1);
- }
- xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
-
- if(xmlSecKeyIsValid(key)) {
- ret = xmlSecNssKeysStoreAdoptKey(store, key);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecNssKeysStoreAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDestroy(key);
- xmlFreeDoc(doc);
- return(-1);
- }
- } else {
- /* we have an unknown key in our file, just ignore it */
- xmlSecKeyDestroy(key);
- }
+ while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) {
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected-node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ keyInfoCtx.mode = xmlSecKeyInfoModeRead;
+ keyInfoCtx.keysMngr = keysMngr;
+ keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND |
+ XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
+ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
+ keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypeAny;
+ keyInfoCtx.keyReq.keyUsage= xmlSecKeyDataUsageAny;
+
+ ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeyInfoNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+ xmlSecKeyDestroy(key);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+
+ if(xmlSecKeyIsValid(key)) {
+ ret = xmlSecNssKeysStoreAdoptKey(store, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecNssKeysStoreAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+ } else {
+ /* we have an unknown key in our file, just ignore it */
+ xmlSecKeyDestroy(key);
+ }
cur = xmlSecGetNextElementNode(cur->next);
}
-
+
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFreeDoc(doc);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(doc);
+ return(-1);
}
-
+
xmlFreeDoc(doc);
return(0);
}
-/**
+/**
* xmlSecNssKeysStoreSave:
- * @store: the pointer to Nss keys store.
- * @filename: the filename.
- * @type: the saved keys type (public, private, ...).
- *
+ * @store: the pointer to Nss keys store.
+ * @filename: the filename.
+ * @type: the saved keys type (public, private, ...).
+ *
* Writes keys from @store to an XML file.
*
* Returns: 0 on success or a negative value if an error occurs.
@@ -255,11 +255,11 @@ xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyD
xmlSecKeyStorePtr *ss;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
- xmlSecAssert2((filename != NULL), -1);
-
+ xmlSecAssert2((filename != NULL), -1);
+
ss = xmlSecNssKeysStoreGetSS(store);
- xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
+ xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
+ (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
return (xmlSecSimpleKeysStoreSave(*ss, filename, type));
}
@@ -275,32 +275,32 @@ xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) {
*ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
if(*ss == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecKeyStoreCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecSimpleKeysStoreId");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeyStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecSimpleKeysStoreId");
+ return(-1);
}
- return(0);
+ return(0);
}
static void
xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) {
xmlSecKeyStorePtr *ss;
-
+
xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId));
-
+
ss = xmlSecNssKeysStoreGetSS(store);
xmlSecAssert((ss != NULL) && (*ss != NULL));
-
+
xmlSecKeyStoreDestroy(*ss);
}
-static xmlSecKeyPtr
-xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+static xmlSecKeyPtr
+xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyStorePtr* ss;
xmlSecKeyPtr key = NULL;
xmlSecKeyPtr retval = NULL;
@@ -320,165 +320,165 @@ xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
if (key != NULL) {
- return (key);
+ return (key);
}
/* Try to find the key in the NSS DB, and construct an xmlSecKey.
* we must have a name to lookup keys in NSS DB.
*/
if (name == NULL) {
- goto done;
+ goto done;
}
- /* what type of key are we looking for?
+ /* what type of key are we looking for?
* TBD: For now, we'll look only for public/private keys using the
* name as a cert nickname. Later on, we can attempt to find
- * symmetric keys using PK11_FindFixedKey
+ * symmetric keys using PK11_FindFixedKey
*/
keyReq = &(keyInfoCtx->keyReq);
- if (keyReq->keyType &
- (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
- cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name);
- if (cert == NULL) {
- goto done;
- }
-
- if (keyReq->keyType & xmlSecKeyDataTypePublic) {
- pubkey = CERT_ExtractPublicKey(cert);
- if (pubkey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CERT_ExtractPublicKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- }
-
- if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
- privkey = PK11_FindKeyByAnyCert(cert, NULL);
- if (privkey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_FindKeyByAnyCert",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- }
-
- data = xmlSecNssPKIAdoptKey(privkey, pubkey);
- if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssPKIAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- privkey = NULL;
- pubkey = NULL;
+ if (keyReq->keyType &
+ (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
+ cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name);
+ if (cert == NULL) {
+ goto done;
+ }
+
+ if (keyReq->keyType & xmlSecKeyDataTypePublic) {
+ pubkey = CERT_ExtractPublicKey(cert);
+ if (pubkey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_ExtractPublicKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+
+ if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
+ privkey = PK11_FindKeyByAnyCert(cert, NULL);
+ if (privkey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_FindKeyByAnyCert",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+
+ data = xmlSecNssPKIAdoptKey(privkey, pubkey);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssPKIAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ privkey = NULL;
+ pubkey = NULL;
key = xmlSecKeyCreate();
if (key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return (NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+ }
+
+ x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
+ if(x509Data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
+ goto done;
+ }
+
+ ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ cert = CERT_DupCertificate(cert);
+ if (cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+
+ ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ cert = NULL;
+
+ ret = xmlSecKeySetValue(key, data);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
+ goto done;
+ }
+ data = NULL;
+
+ ret = xmlSecKeyAdoptData(key, x509Data);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyAdoptData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
}
+ x509Data = NULL;
- x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
- if(x509Data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
- goto done;
- }
-
- ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
- if (ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKeyDataX509AdoptKeyCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
- cert = CERT_DupCertificate(cert);
- if (cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CERT_DupCertificate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
-
- ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
- if (ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
- cert = NULL;
-
- ret = xmlSecKeySetValue(key, data);
- if (ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
- goto done;
- }
- data = NULL;
-
- ret = xmlSecKeyAdoptData(key, x509Data);
- if (ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyAdoptData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
- x509Data = NULL;
-
- retval = key;
- key = NULL;
+ retval = key;
+ key = NULL;
}
done:
if (cert != NULL) {
- CERT_DestroyCertificate(cert);
+ CERT_DestroyCertificate(cert);
}
if (pubkey != NULL) {
- SECKEY_DestroyPublicKey(pubkey);
+ SECKEY_DestroyPublicKey(pubkey);
}
if (privkey != NULL) {
- SECKEY_DestroyPrivateKey(privkey);
+ SECKEY_DestroyPrivateKey(privkey);
}
if (data != NULL) {
- xmlSecKeyDataDestroy(data);
+ xmlSecKeyDataDestroy(data);
}
if (x509Data != NULL) {
- xmlSecKeyDataDestroy(x509Data);
+ xmlSecKeyDataDestroy(x509Data);
}
if (key != NULL) {
- xmlSecKeyDestroy(key);
+ xmlSecKeyDestroy(key);
}
return (retval);
diff --git a/src/nss/keytrans.c b/src/nss/keytrans.c
index 5d256c22..d84593b9 100644
--- a/src/nss/keytrans.c
+++ b/src/nss/keytrans.c
@@ -1,12 +1,12 @@
-/**
+/**
*
* XMLSec library
- *
+ *
* AES Algorithm support
- *
+ *
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright .................................
*/
#include "globals.h"
@@ -32,713 +32,722 @@
/*********************************************************************
*
- * key transform transforms
+ * Key transport transforms
*
********************************************************************/
-typedef struct _xmlSecNssKeyTransportCtx xmlSecNssKeyTransportCtx;
-typedef struct _xmlSecNssKeyTransportCtx* xmlSecNssKeyTransportCtxPtr;
+typedef struct _xmlSecNssKeyTransportCtx xmlSecNssKeyTransportCtx;
+typedef struct _xmlSecNssKeyTransportCtx* xmlSecNssKeyTransportCtxPtr;
-#define xmlSecNssKeyTransportSize \
- ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyTransportCtx ) )
+#define xmlSecNssKeyTransportSize \
+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyTransportCtx ) )
#define xmlSecNssKeyTransportGetCtx( transform ) \
- ( ( xmlSecNssKeyTransportCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
+ ( ( xmlSecNssKeyTransportCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
struct _xmlSecNssKeyTransportCtx {
- CK_MECHANISM_TYPE cipher ;
- SECKEYPublicKey* pubkey ;
- SECKEYPrivateKey* prikey ;
- xmlSecKeyDataId keyId ;
- xmlSecBufferPtr material ; /* to be encrypted/decrypted material */
+ CK_MECHANISM_TYPE cipher ;
+ SECKEYPublicKey* pubkey ;
+ SECKEYPrivateKey* prikey ;
+ xmlSecKeyDataId keyId ;
+ xmlSecBufferPtr material ; /* to be encrypted/decrypted material */
} ;
-static int xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform);
-static void xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform);
-static int xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
+static int xmlSecNssKeyTransportInitialize (xmlSecTransformPtr transform);
+static void xmlSecNssKeyTransportFinalize (xmlSecTransformPtr transform);
+static int xmlSecNssKeyTransportSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecNssKeyTransportSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecNssKeyTransportExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
static int
xmlSecNssKeyTransportCheckId(xmlSecTransformPtr transform) {
+
+#ifndef XMLSEC_NO_RSA
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaPkcs1Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_RSA */
+
+/* aleksey, April 2010: NSS 3.12.6 has CKM_RSA_PKCS_OAEP algorithm but
+ it doesn't implement the SHA1 OAEP PKCS we need
+
+ https://bugzilla.mozilla.org/show_bug.cgi?id=158747
+*/
+#ifdef XMLSEC_NSS_RSA_OAEP_TODO
#ifndef XMLSEC_NO_RSA
- if( xmlSecTransformCheckId( transform, xmlSecNssTransformRsaPkcs1Id )
-/* RSA OAEP is not supported by NSS yet */
-#ifdef TODO
- || xmlSecTransformCheckId( transform, xmlSecNssTransformRsaOaepId )
-#endif /* TODO: RSA OAEP is not supported by NSS yet */
-
- ) {
-
- return(1);
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaOaepId)) {
+ return (1);
}
#endif /* XMLSEC_NO_RSA */
-
+#endif /* XMLSEC_NSS_RSA_OAEP_TODO */
+
+ /* not found */
return(0);
}
-static int
+static int
xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) {
- xmlSecNssKeyTransportCtxPtr context ;
+ xmlSecNssKeyTransportCtxPtr context ;
xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1);
-
- context = xmlSecNssKeyTransportGetCtx( transform ) ;
- xmlSecAssert2( context != NULL , -1 ) ;
+
+ context = xmlSecNssKeyTransportGetCtx( transform ) ;
+ xmlSecAssert2( context != NULL , -1 ) ;
+
+ /* initialize context */
+ memset(context, 0, sizeof(xmlSecNssKeyTransportCtx));
#ifndef XMLSEC_NO_RSA
- if( transform->id == xmlSecNssTransformRsaPkcs1Id ) {
- context->cipher = CKM_RSA_PKCS ;
- context->keyId = xmlSecNssKeyDataRsaId ;
-/* RSA OAEP is not supported by NSS yet */
-#ifdef TODO
- } else if( transform->id == xmlSecNssTransformRsaOaepId ) {
- context->cipher = CKM_RSA_PKCS_OAEP ;
- context->keyId = xmlSecNssKeyDataRsaId ;
-#endif /* TODO: RSA OAEP is not supported by NSS yet */
- } else
-#endif /* XMLSEC_NO_RSA */
-
- if( 1 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- context->pubkey = NULL ;
- context->prikey = NULL ;
- context->material = NULL ;
+ if(transform->id == xmlSecNssTransformRsaPkcs1Id) {
+ context->cipher = CKM_RSA_PKCS;
+ context->keyId = xmlSecNssKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_RSA */
+
+/* aleksey, April 2010: NSS 3.12.6 has CKM_RSA_PKCS_OAEP algorithm but
+ it doesn't implement the SHA1 OAEP PKCS we need
+
+ https://bugzilla.mozilla.org/show_bug.cgi?id=158747
+*/
+#ifdef XMLSEC_NSS_RSA_OAEP_TODO
+#ifndef XMLSEC_NO_RSA
+ if(transform->id == xmlSecNssTransformRsaOaepId) {
+ context->cipher = CKM_RSA_PKCS_OAEP;
+ context->keyId = xmlSecNssKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_RSA */
+#endif /* XMLSEC_NSS_RSA_OAEP_TODO */
+
+ /* not found */
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
return(0);
}
-static void
+static void
xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform) {
- xmlSecNssKeyTransportCtxPtr context ;
-
+ xmlSecNssKeyTransportCtxPtr context ;
+
xmlSecAssert(xmlSecNssKeyTransportCheckId(transform));
xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize));
-
- context = xmlSecNssKeyTransportGetCtx( transform ) ;
- xmlSecAssert( context != NULL ) ;
-
- if( context->pubkey != NULL ) {
- SECKEY_DestroyPublicKey( context->pubkey ) ;
- context->pubkey = NULL ;
- }
-
- if( context->prikey != NULL ) {
- SECKEY_DestroyPrivateKey( context->prikey ) ;
- context->prikey = NULL ;
- }
-
- if( context->material != NULL ) {
- xmlSecBufferDestroy(context->material);
- context->material = NULL ;
- }
+
+ context = xmlSecNssKeyTransportGetCtx( transform ) ;
+ xmlSecAssert( context != NULL ) ;
+
+ if( context->pubkey != NULL ) {
+ SECKEY_DestroyPublicKey( context->pubkey ) ;
+ context->pubkey = NULL ;
+ }
+
+ if( context->prikey != NULL ) {
+ SECKEY_DestroyPrivateKey( context->prikey ) ;
+ context->prikey = NULL ;
+ }
+
+ if( context->material != NULL ) {
+ xmlSecBufferDestroy(context->material);
+ context->material = NULL ;
+ }
}
-static int
+static int
xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
- xmlSecNssKeyTransportCtxPtr context ;
-
+ xmlSecNssKeyTransportCtxPtr context ;
+
xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(keyReq != NULL, -1);
-
- context = xmlSecNssKeyTransportGetCtx( transform ) ;
- xmlSecAssert2( context != NULL , -1 ) ;
- keyReq->keyId = context->keyId;
+ context = xmlSecNssKeyTransportGetCtx( transform ) ;
+ xmlSecAssert2( context != NULL , -1 ) ;
+
+ keyReq->keyId = context->keyId;
if(transform->operation == xmlSecTransformOperationEncrypt) {
- keyReq->keyUsage = xmlSecKeyUsageEncrypt;
- keyReq->keyType = xmlSecKeyDataTypePublic;
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ keyReq->keyType = xmlSecKeyDataTypePublic;
} else {
- keyReq->keyUsage = xmlSecKeyUsageDecrypt;
- keyReq->keyType = xmlSecKeyDataTypePrivate;
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ keyReq->keyType = xmlSecKeyDataTypePrivate;
}
return(0);
}
-static int
+static int
xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
- xmlSecNssKeyTransportCtxPtr context = NULL ;
- xmlSecKeyDataPtr keyData = NULL ;
- SECKEYPublicKey* pubkey = NULL ;
- SECKEYPrivateKey* prikey = NULL ;
+ xmlSecNssKeyTransportCtxPtr context = NULL ;
+ xmlSecKeyDataPtr keyData = NULL ;
+ SECKEYPublicKey* pubkey = NULL ;
+ SECKEYPrivateKey* prikey = NULL ;
xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(key != NULL, -1);
- context = xmlSecNssKeyTransportGetCtx( transform ) ;
- if( (context == NULL) || (context->keyId == NULL) || (context->pubkey != NULL) ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
- "xmlSecNssKeyTransportGetCtx" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
- xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
-
- keyData = xmlSecKeyGetValue( key ) ;
- if( keyData == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
- "xmlSecKeyGetValue" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
+ context = xmlSecNssKeyTransportGetCtx( transform ) ;
+ if( (context == NULL) || (context->keyId == NULL) || (context->pubkey != NULL) ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyTransportGetCtx" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
+
+ keyData = xmlSecKeyGetValue( key ) ;
+ if( keyData == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
+ "xmlSecKeyGetValue" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
if(transform->operation == xmlSecTransformOperationEncrypt) {
- if( ( pubkey = xmlSecNssPKIKeyDataGetPubKey( keyData ) ) == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
- "xmlSecNssPKIKeyDataGetPubKey" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- context->pubkey = pubkey ;
- } else {
- if( ( prikey = xmlSecNssPKIKeyDataGetPrivKey( keyData ) ) == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
- "xmlSecNssPKIKeyDataGetPrivKey" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- context->prikey = prikey ;
- }
-
- return(0) ;
+ if( ( pubkey = xmlSecNssPKIKeyDataGetPubKey( keyData ) ) == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
+ "xmlSecNssPKIKeyDataGetPubKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ context->pubkey = pubkey ;
+ } else {
+ if( ( prikey = xmlSecNssPKIKeyDataGetPrivKey( keyData ) ) == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
+ "xmlSecNssPKIKeyDataGetPrivKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ context->prikey = prikey ;
+ }
+
+ return(0) ;
}
-/**
- * key wrap transform
- */
-static int
+static int
xmlSecNssKeyTransportCtxInit(
- xmlSecNssKeyTransportCtxPtr ctx ,
- xmlSecBufferPtr in ,
- xmlSecBufferPtr out ,
- int encrypt ,
- xmlSecTransformCtxPtr transformCtx
+ xmlSecNssKeyTransportCtxPtr ctx ,
+ xmlSecBufferPtr in ,
+ xmlSecBufferPtr out ,
+ int encrypt ,
+ xmlSecTransformCtxPtr transformCtx
) {
- int blockSize ;
-
- xmlSecAssert2( ctx != NULL , -1 ) ;
- xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
- xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
- xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
- xmlSecAssert2( in != NULL , -1 ) ;
- xmlSecAssert2( out != NULL , -1 ) ;
- xmlSecAssert2( transformCtx != NULL , -1 ) ;
-
- if( ctx->material != NULL ) {
- xmlSecBufferDestroy( ctx->material ) ;
- ctx->material = NULL ;
- }
-
- if( ctx->pubkey != NULL ) {
- blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ;
- } else if( ctx->prikey != NULL ) {
- blockSize = PK11_SignatureLen( ctx->prikey ) ;
- } else {
- blockSize = -1 ;
- }
-
- if( blockSize < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- NULL ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- ctx->material = xmlSecBufferCreate( blockSize ) ;
- if( ctx->material == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecBufferCreate" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- /* read raw key material into context */
- if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecBufferSetData" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecBufferRemoveHead" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- return(0);
+ int blockSize ;
+
+ xmlSecAssert2( ctx != NULL , -1 ) ;
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2( in != NULL , -1 ) ;
+ xmlSecAssert2( out != NULL , -1 ) ;
+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
+
+ if( ctx->material != NULL ) {
+ xmlSecBufferDestroy( ctx->material ) ;
+ ctx->material = NULL ;
+ }
+
+ if( ctx->pubkey != NULL ) {
+ blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ;
+ } else if( ctx->prikey != NULL ) {
+ blockSize = PK11_SignatureLen( ctx->prikey ) ;
+ } else {
+ blockSize = -1 ;
+ }
+
+ if( blockSize < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ ctx->material = xmlSecBufferCreate( blockSize ) ;
+ if( ctx->material == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferCreate" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ /* read raw key material into context */
+ if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferSetData" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferRemoveHead" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ return(0);
}
-/**
- * key wrap transform update
- */
-static int
+static int
xmlSecNssKeyTransportCtxUpdate(
- xmlSecNssKeyTransportCtxPtr ctx ,
- xmlSecBufferPtr in ,
- xmlSecBufferPtr out ,
- int encrypt ,
- xmlSecTransformCtxPtr transformCtx
+ xmlSecNssKeyTransportCtxPtr ctx ,
+ xmlSecBufferPtr in ,
+ xmlSecBufferPtr out ,
+ int encrypt ,
+ xmlSecTransformCtxPtr transformCtx
) {
- xmlSecAssert2( ctx != NULL , -1 ) ;
- xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
- xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
- xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
- xmlSecAssert2( ctx->material != NULL , -1 ) ;
- xmlSecAssert2( in != NULL , -1 ) ;
- xmlSecAssert2( out != NULL , -1 ) ;
- xmlSecAssert2( transformCtx != NULL , -1 ) ;
-
- /* read raw key material and append into context */
- if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecBufferAppend" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecBufferRemoveHead" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- return(0);
+ xmlSecAssert2( ctx != NULL , -1 ) ;
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
+ xmlSecAssert2( in != NULL , -1 ) ;
+ xmlSecAssert2( out != NULL , -1 ) ;
+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
+
+ /* read raw key material and append into context */
+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferAppend" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferRemoveHead" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ return(0);
}
-/**
- * Block cipher transform final
- */
-static int
-xmlSecNssKeyTransportCtxFinal(xmlSecNssKeyTransportCtxPtr ctx, xmlSecBufferPtr in, xmlSecBufferPtr out,
+static int
+xmlSecNssKeyTransportCtxFinal(xmlSecNssKeyTransportCtxPtr ctx, xmlSecBufferPtr in, xmlSecBufferPtr out,
int encrypt, xmlSecTransformCtxPtr transformCtx) {
- PK11SymKey* symKey ;
- PK11SlotInfo* slot ;
- SECItem oriskv ;
- int blockSize ;
- xmlSecBufferPtr result ;
-
- xmlSecAssert2( ctx != NULL , -1 ) ;
- xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
- xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
- xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
- xmlSecAssert2( ctx->material != NULL , -1 ) ;
- xmlSecAssert2( in != NULL , -1 ) ;
- xmlSecAssert2( out != NULL , -1 ) ;
- xmlSecAssert2( transformCtx != NULL , -1 ) ;
-
- /* read raw key material and append into context */
- if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecBufferAppend" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecBufferRemoveHead" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- /* Now we get all of the key materail */
- /* from now on we will wrap or unwrap the key */
- if( ctx->pubkey != NULL ) {
- blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ;
- } else if( ctx->prikey != NULL ) {
- blockSize = PK11_SignatureLen( ctx->prikey ) ;
- } else {
- blockSize = -1 ;
- }
-
- if( blockSize < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "PK11_GetBlockSize" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- result = xmlSecBufferCreate( blockSize * 2 ) ;
- if( result == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL,
- "xmlSecBufferCreate" ,
- XMLSEC_ERRORS_R_XMLSEC_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE) ;
- return(-1);
- }
-
- oriskv.type = siBuffer ;
- oriskv.data = xmlSecBufferGetData( ctx->material ) ;
- oriskv.len = xmlSecBufferGetSize( ctx->material ) ;
-
- if( encrypt != 0 ) {
- CK_OBJECT_HANDLE id ;
- SECItem wrpskv ;
-
- /* Create template symmetric key from material */
- slot = ctx->pubkey->pkcs11Slot;
- if( slot == NULL ) {
- slot = PK11_GetBestSlot( ctx->cipher, NULL ) ;
- if( slot == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecNssSlotGet" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- xmlSecBufferDestroy(result);
- return(-1);
- }
-
- id = PK11_ImportPublicKey( slot, ctx->pubkey, PR_FALSE ) ;
- if( id == CK_INVALID_HANDLE ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "PK11_ImportPublicKey" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- xmlSecBufferDestroy(result);
- PK11_FreeSlot( slot ) ;
- return(-1);
- }
- }
-
- /* pay attention to mechanism */
- symKey = PK11_ImportSymKey( slot, ctx->cipher, PK11_OriginUnwrap, CKA_WRAP, &oriskv, NULL ) ;
- if( symKey == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "PK11_ImportSymKey" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- xmlSecBufferDestroy(result);
- PK11_FreeSlot( slot ) ;
- return(-1);
- }
-
- wrpskv.type = siBuffer ;
- wrpskv.data = xmlSecBufferGetData( result ) ;
- wrpskv.len = xmlSecBufferGetMaxSize( result ) ;
-
- if( PK11_PubWrapSymKey( ctx->cipher, ctx->pubkey, symKey, &wrpskv ) != SECSuccess ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "PK11_PubWrapSymKey" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- PK11_FreeSymKey( symKey ) ;
- xmlSecBufferDestroy(result);
- PK11_FreeSlot( slot ) ;
- return(-1);
- }
-
- if( xmlSecBufferSetSize( result , wrpskv.len ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecBufferSetSize" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- PK11_FreeSymKey( symKey ) ;
- xmlSecBufferDestroy(result);
- PK11_FreeSlot( slot ) ;
- return(-1);
- }
- PK11_FreeSymKey( symKey ) ;
- PK11_FreeSlot( slot ) ;
- } else {
- SECItem* keyItem ;
-
- /* pay attention to mechanism */
- symKey = PK11_PubUnwrapSymKey( ctx->prikey, &oriskv, ctx->cipher, CKA_UNWRAP, 0 );
- if( symKey == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "PK11_PubUnwrapSymKey" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- xmlSecBufferDestroy(result);
- return(-1);
- }
-
- /* Extract raw data from symmetric key */
- if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "PK11_ExtractKeyValue" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- PK11_FreeSymKey( symKey ) ;
- xmlSecBufferDestroy(result);
- return(-1);
- }
-
- keyItem = PK11_GetKeyData( symKey );
- if( keyItem == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "PK11_GetKeyData" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- PK11_FreeSymKey( symKey ) ;
- xmlSecBufferDestroy(result);
- return(-1);
- }
-
- if( xmlSecBufferSetData( result, keyItem->data, keyItem->len ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "PK11_PubUnwrapSymKey" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- PK11_FreeSymKey( symKey ) ;
- xmlSecBufferDestroy(result);
- return(-1);
- }
- PK11_FreeSymKey( symKey ) ;
- }
-
- /* Write output */
- if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- "xmlSecBufferAppend" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- xmlSecBufferDestroy(result);
- return(-1);
- }
- xmlSecBufferDestroy(result);
-
- return(0);
+ PK11SymKey* symKey ;
+ PK11SlotInfo* slot ;
+ SECItem oriskv ;
+ int blockSize ;
+ xmlSecBufferPtr result ;
+
+ xmlSecAssert2( ctx != NULL , -1 ) ;
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
+ xmlSecAssert2( in != NULL , -1 ) ;
+ xmlSecAssert2( out != NULL , -1 ) ;
+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
+
+ /* read raw key material and append into context */
+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferAppend" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferRemoveHead" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ /* Now we get all of the key materail */
+ /* from now on we will wrap or unwrap the key */
+ if( ctx->pubkey != NULL ) {
+ blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ;
+ } else if( ctx->prikey != NULL ) {
+ blockSize = PK11_SignatureLen( ctx->prikey ) ;
+ } else {
+ blockSize = -1 ;
+ }
+
+ if( blockSize < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_GetBlockSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ result = xmlSecBufferCreate( blockSize * 2 ) ;
+ if( result == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL,
+ "xmlSecBufferCreate" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE) ;
+ return(-1);
+ }
+
+ oriskv.type = siBuffer ;
+ oriskv.data = xmlSecBufferGetData( ctx->material ) ;
+ oriskv.len = xmlSecBufferGetSize( ctx->material ) ;
+
+ if( encrypt != 0 ) {
+ CK_OBJECT_HANDLE id ;
+ SECItem wrpskv ;
+
+ /* Create template symmetric key from material */
+ slot = ctx->pubkey->pkcs11Slot;
+ if( slot == NULL ) {
+ slot = PK11_GetBestSlot( ctx->cipher, NULL ) ;
+ if( slot == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSlotGet" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecBufferDestroy(result);
+ return(-1);
+ }
+
+ id = PK11_ImportPublicKey( slot, ctx->pubkey, PR_FALSE ) ;
+ if( id == CK_INVALID_HANDLE ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_ImportPublicKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecBufferDestroy(result);
+ PK11_FreeSlot( slot ) ;
+ return(-1);
+ }
+ }
+
+ /* pay attention to mechanism */
+ symKey = PK11_ImportSymKey( slot, ctx->cipher, PK11_OriginUnwrap, CKA_WRAP, &oriskv, NULL ) ;
+ if( symKey == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_ImportSymKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecBufferDestroy(result);
+ PK11_FreeSlot( slot ) ;
+ return(-1);
+ }
+
+ wrpskv.type = siBuffer ;
+ wrpskv.data = xmlSecBufferGetData( result ) ;
+ wrpskv.len = xmlSecBufferGetMaxSize( result ) ;
+
+ if( PK11_PubWrapSymKey( ctx->cipher, ctx->pubkey, symKey, &wrpskv ) != SECSuccess ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_PubWrapSymKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ PK11_FreeSymKey( symKey ) ;
+ xmlSecBufferDestroy(result);
+ PK11_FreeSlot( slot ) ;
+ return(-1);
+ }
+
+ if( xmlSecBufferSetSize( result , wrpskv.len ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferSetSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ PK11_FreeSymKey( symKey ) ;
+ xmlSecBufferDestroy(result);
+ PK11_FreeSlot( slot ) ;
+ return(-1);
+ }
+ PK11_FreeSymKey( symKey ) ;
+ PK11_FreeSlot( slot ) ;
+ } else {
+ SECItem* keyItem ;
+
+ /* pay attention to mechanism */
+ symKey = PK11_PubUnwrapSymKey( ctx->prikey, &oriskv, ctx->cipher, CKA_UNWRAP, 0 );
+ if( symKey == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_PubUnwrapSymKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecBufferDestroy(result);
+ return(-1);
+ }
+
+ /* Extract raw data from symmetric key */
+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_ExtractKeyValue" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ PK11_FreeSymKey( symKey ) ;
+ xmlSecBufferDestroy(result);
+ return(-1);
+ }
+
+ keyItem = PK11_GetKeyData( symKey );
+ if( keyItem == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_GetKeyData" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ PK11_FreeSymKey( symKey ) ;
+ xmlSecBufferDestroy(result);
+ return(-1);
+ }
+
+ if( xmlSecBufferSetData( result, keyItem->data, keyItem->len ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_PubUnwrapSymKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ PK11_FreeSymKey( symKey ) ;
+ xmlSecBufferDestroy(result);
+ return(-1);
+ }
+ PK11_FreeSymKey( symKey ) ;
+ }
+
+ /* Write output */
+ if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferAppend" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecBufferDestroy(result);
+ return(-1);
+ }
+ xmlSecBufferDestroy(result);
+
+ return(0);
}
-static int
+static int
xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecNssKeyTransportCtxPtr context = NULL ;
- xmlSecBufferPtr inBuf, outBuf ;
- int operation ;
- int rtv ;
-
- xmlSecAssert2( xmlSecNssKeyTransportCheckId( transform ), -1 ) ;
- xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyTransportSize ), -1 ) ;
- xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
- xmlSecAssert2( transformCtx != NULL , -1 ) ;
-
- context = xmlSecNssKeyTransportGetCtx( transform ) ;
- if( context == NULL ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
- "xmlSecNssKeyTransportGetCtx" ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
-
- inBuf = &( transform->inBuf ) ;
- outBuf = &( transform->outBuf ) ;
-
- if( transform->status == xmlSecTransformStatusNone ) {
- transform->status = xmlSecTransformStatusWorking ;
- }
-
- operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
- if( transform->status == xmlSecTransformStatusWorking ) {
- if( context->material == NULL ) {
- rtv = xmlSecNssKeyTransportCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
- if( rtv < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
- "xmlSecNssKeyTransportCtxInit" ,
- XMLSEC_ERRORS_R_INVALID_STATUS ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
- }
-
- if( (context->material == NULL) && (last != 0) ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
- NULL ,
- XMLSEC_ERRORS_R_INVALID_STATUS ,
- "No enough data to intialize transform" ) ;
- return(-1);
- }
-
- if( context->material != NULL ) {
- rtv = xmlSecNssKeyTransportCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
- if( rtv < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
- "xmlSecNssKeyTransportCtxUpdate" ,
- XMLSEC_ERRORS_R_INVALID_STATUS ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
- }
-
- if( last ) {
- rtv = xmlSecNssKeyTransportCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
- if( rtv < 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
- "xmlSecNssKeyTransportCtxFinal" ,
- XMLSEC_ERRORS_R_INVALID_STATUS ,
- XMLSEC_ERRORS_NO_MESSAGE ) ;
- return(-1);
- }
- transform->status = xmlSecTransformStatusFinished ;
- }
- } else if( transform->status == xmlSecTransformStatusFinished ) {
- if( xmlSecBufferGetSize( inBuf ) != 0 ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
- NULL ,
- XMLSEC_ERRORS_R_INVALID_STATUS ,
- "status=%d", transform->status ) ;
- return(-1);
- }
- } else {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
- NULL ,
- XMLSEC_ERRORS_R_INVALID_STATUS ,
- "status=%d", transform->status ) ;
- return(-1);
- }
-
- return(0);
+ xmlSecNssKeyTransportCtxPtr context = NULL ;
+ xmlSecBufferPtr inBuf, outBuf ;
+ int operation ;
+ int rtv ;
+
+ xmlSecAssert2( xmlSecNssKeyTransportCheckId( transform ), -1 ) ;
+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyTransportSize ), -1 ) ;
+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
+
+ context = xmlSecNssKeyTransportGetCtx( transform ) ;
+ if( context == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyTransportGetCtx" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ inBuf = &( transform->inBuf ) ;
+ outBuf = &( transform->outBuf ) ;
+
+ if( transform->status == xmlSecTransformStatusNone ) {
+ transform->status = xmlSecTransformStatusWorking ;
+ }
+
+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
+ if( transform->status == xmlSecTransformStatusWorking ) {
+ if( context->material == NULL ) {
+ rtv = xmlSecNssKeyTransportCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
+ if( rtv < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyTransportCtxInit" ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ }
+
+ if( (context->material == NULL) && (last != 0) ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ NULL ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ "No enough data to intialize transform" ) ;
+ return(-1);
+ }
+
+ if( context->material != NULL ) {
+ rtv = xmlSecNssKeyTransportCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
+ if( rtv < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyTransportCtxUpdate" ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ }
+
+ if( last ) {
+ rtv = xmlSecNssKeyTransportCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
+ if( rtv < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyTransportCtxFinal" ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished ;
+ }
+ } else if( transform->status == xmlSecTransformStatusFinished ) {
+ if( xmlSecBufferGetSize( inBuf ) != 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ NULL ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ "status=%d", transform->status ) ;
+ return(-1);
+ }
+ } else {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ NULL ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ "status=%d", transform->status ) ;
+ return(-1);
+ }
+
+ return(0);
}
#ifndef XMLSEC_NO_RSA
-
static xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssKeyTransportSize, /* xmlSecSize objSize */
-
- xmlSecNameRsaPkcs1, /* const xmlChar* name; */
- xmlSecHrefRsaPkcs1, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKeyTransportSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaPkcs1, /* const xmlChar* name; */
+ xmlSecHrefRsaPkcs1, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecNssTransformRsaPkcs1GetKlass:
*
* The RSA-PKCS1 key transport transform klass.
*
* Returns: RSA-PKCS1 key transport transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecNssTransformRsaPkcs1GetKlass(void) {
return(&xmlSecNssRsaPkcs1Klass);
}
+#endif /* XMLSEC_NO_RSA */
+/* aleksey, April 2010: NSS 3.12.6 has CKM_RSA_PKCS_OAEP algorithm but
+ it doesn't implement the SHA1 OAEP PKCS we need
-/* RSA OAEP is not supported by NSS yet */
-#ifdef TODO
-
+ https://bugzilla.mozilla.org/show_bug.cgi?id=158747
+*/
+#ifdef XMLSEC_NSS_RSA_OAEP_TODO
+#ifndef XMLSEC_NO_RSA
static xmlSecTransformKlass xmlSecNssRsaOaepKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssKeyTransportSize, /* xmlSecSize objSize */
-
- xmlSecNameRsaOaep, /* const xmlChar* name; */
- xmlSecHrefRsaOaep, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKeyTransportSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaOaep, /* const xmlChar* name; */
+ xmlSecHrefRsaOaep, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecNssTransformRsaOaepGetKlass:
*
* The RSA-PKCS1 key transport transform klass.
*
* Returns: RSA-PKCS1 key transport transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecNssTransformRsaOaepGetKlass(void) {
return(&xmlSecNssRsaOaepKlass);
}
-#endif /* TODO: RSA OAEP is not supported by NSS yet */
-
#endif /* XMLSEC_NO_RSA */
+#endif /* XMLSEC_NSS_RSA_OAEP_TODO */
diff --git a/src/nss/kw_aes.c b/src/nss/kw_aes.c
index 0c3a5708..0438e306 100644
--- a/src/nss/kw_aes.c
+++ b/src/nss/kw_aes.c
@@ -1,13 +1,14 @@
-/**
+/**
*
* XMLSec library
- *
+ *
* AES Algorithm support
- *
+ *
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (c) 2003 America Online, Inc. All rights reserved.
+ * Copyright (C) 2010 Aleksey Sanin, All rights reserved.
*/
#ifndef XMLSEC_NO_AES
@@ -28,271 +29,328 @@
#include <xmlsec/nss/crypto.h>
-#define XMLSEC_NSS_AES128_KEY_SIZE 16
-#define XMLSEC_NSS_AES192_KEY_SIZE 24
-#define XMLSEC_NSS_AES256_KEY_SIZE 32
-#define XMLSEC_NSS_AES_IV_SIZE 16
-#define XMLSEC_NSS_AES_BLOCK_SIZE 16
-
-#ifndef NSS_AES_KEYWRAP_BUG_FIXED
-static PK11SymKey* xmlSecNssMakeAesKey(const xmlSecByte *key,
- xmlSecSize keySize, int enc);
-static void xmlSecNssAesOp(PK11SymKey *aeskey,
- const xmlSecByte *in, xmlSecByte *out,
- int enc);
-#endif /* NSS_AES_KEYWRAP_BUG_FIXED */
+#include "../kw_aes_des.h"
-/*********************************************************************
+/*
+ * NSS needs to implement AES KW internally and then the code
+ * needs to change to use the direct implementation instead.
*
- * AES KW transforms
+ * Follow the NSS bug system for more details on the fix
+ * http://bugzilla.mozilla.org/show_bug.cgi?id=213795
+ */
+/*********************************************************************
*
- * key (xmlSecBuffer) is located after xmlSecTransform structure
+ * AES KW implementation
*
- ********************************************************************/
-#define xmlSecNssKWAesGetKey(transform) \
- ((xmlSecBufferPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-#define xmlSecNssKWAesSize \
- (sizeof(xmlSecTransform) + sizeof(xmlSecBuffer))
-
-static int xmlSecNssKWAesInitialize (xmlSecTransformPtr transform);
-static void xmlSecNssKWAesFinalize (xmlSecTransformPtr transform);
-static int xmlSecNssKWAesSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecNssKWAesSetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecNssKWAesExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static xmlSecSize xmlSecNssKWAesGetKeySize (xmlSecTransformPtr transform);
-static int xmlSecNssKWAesOp (const xmlSecByte *key,
- xmlSecSize keySize,
- const xmlSecByte* in,
- xmlSecSize inSize,
- xmlSecByte* out,
- xmlSecSize outSize,
- int enc);
-
-static xmlSecTransformKlass xmlSecNssKWAes128Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssKWAesSize, /* xmlSecSize objSize */
-
- xmlSecNameKWAes128, /* const xmlChar* name; */
- xmlSecHrefKWAes128, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecNssKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecNssKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecNssKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecNssKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecNssKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ *********************************************************************/
+static int xmlSecNSSKWAesBlockEncrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+static int xmlSecNSSKWAesBlockDecrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+static xmlSecKWAesKlass xmlSecNssKWAesKlass = {
+ /* callbacks */
+ xmlSecNSSKWAesBlockEncrypt, /* xmlSecKWAesBlockEncryptMethod encrypt; */
+ xmlSecNSSKWAesBlockDecrypt, /* xmlSecKWAesBlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL /* void* reserved1; */
};
-static xmlSecTransformKlass xmlSecNssKWAes192Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssKWAesSize, /* xmlSecSize objSize */
-
- xmlSecNameKWAes192, /* const xmlChar* name; */
- xmlSecHrefKWAes192, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecNssKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecNssKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecNssKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecNssKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecNssKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-static xmlSecTransformKlass xmlSecNssKWAes256Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssKWAesSize, /* xmlSecSize objSize */
-
- xmlSecNameKWAes256, /* const xmlChar* name; */
- xmlSecHrefKWAes256, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecNssKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecNssKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecNssKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecNssKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecNssKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-#define XMLSEC_NSS_KW_AES_MAGIC_BLOCK_SIZE 8
+
+static PK11SymKey* xmlSecNssMakeAesKey (const xmlSecByte *key,
+ xmlSecSize keySize,
+ int enc);
+static int xmlSecNssAesOp (PK11SymKey *aeskey,
+ const xmlSecByte *in,
+ xmlSecByte *out,
+ int enc);
+
+
+/*********************************************************************
+ *
+ * AES KW transforms
+ *
+ ********************************************************************/
+typedef struct _xmlSecNssKWAesCtx xmlSecNssKWAesCtx,
+ *xmlSecNssKWAesCtxPtr;
+struct _xmlSecNssKWAesCtx {
+ xmlSecBuffer keyBuffer;
+ xmlSecSize keyExpectedSize;
+};
+#define xmlSecNssKWAesSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecNssKWAesCtx))
+#define xmlSecNssKWAesGetCtx(transform) \
+ ((xmlSecNssKWAesCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
#define xmlSecNssKWAesCheckId(transform) \
(xmlSecTransformCheckId((transform), xmlSecNssTransformKWAes128Id) || \
xmlSecTransformCheckId((transform), xmlSecNssTransformKWAes192Id) || \
xmlSecTransformCheckId((transform), xmlSecNssTransformKWAes256Id))
-/**
+
+static int xmlSecNssKWAesInitialize (xmlSecTransformPtr transform);
+static void xmlSecNssKWAesFinalize (xmlSecTransformPtr transform);
+static int xmlSecNssKWAesSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecNssKWAesSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecNssKWAesExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+static xmlSecTransformKlass xmlSecNssKWAes128Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes128, /* const xmlChar* name; */
+ xmlSecHrefKWAes128, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
* xmlSecNssTransformKWAes128GetKlass:
*
* The AES-128 key wrapper transform klass.
*
* Returns: AES-128 key wrapper transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecNssTransformKWAes128GetKlass(void) {
return(&xmlSecNssKWAes128Klass);
}
-/**
+static xmlSecTransformKlass xmlSecNssKWAes192Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes192, /* const xmlChar* name; */
+ xmlSecHrefKWAes192, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
* xmlSecNssTransformKWAes192GetKlass:
*
* The AES-192 key wrapper transform klass.
*
* Returns: AES-192 key wrapper transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecNssTransformKWAes192GetKlass(void) {
return(&xmlSecNssKWAes192Klass);
}
-/**
+static xmlSecTransformKlass xmlSecNssKWAes256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes256, /* const xmlChar* name; */
+ xmlSecHrefKWAes256, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
* xmlSecNssTransformKWAes256GetKlass:
*
* The AES-256 key wrapper transform klass.
*
* Returns: AES-256 key wrapper transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecNssTransformKWAes256GetKlass(void) {
return(&xmlSecNssKWAes256Klass);
}
-static int
+static int
xmlSecNssKWAesInitialize(xmlSecTransformPtr transform) {
+ xmlSecNssKWAesCtxPtr ctx;
int ret;
-
+
xmlSecAssert2(xmlSecNssKWAesCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWAesSize), -1);
-
- ret = xmlSecBufferInitialize(xmlSecNssKWAesGetKey(transform), 0);
+
+ ctx = xmlSecNssKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) {
+ ctx->keyExpectedSize = XMLSEC_KW_AES128_KEY_SIZE;
+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) {
+ ctx->keyExpectedSize = XMLSEC_KW_AES192_KEY_SIZE;
+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
+ ctx->keyExpectedSize = XMLSEC_KW_AES256_KEY_SIZE;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
return(0);
}
-static void
+static void
xmlSecNssKWAesFinalize(xmlSecTransformPtr transform) {
+ xmlSecNssKWAesCtxPtr ctx;
+
xmlSecAssert(xmlSecNssKWAesCheckId(transform));
xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKWAesSize));
-
- if(xmlSecNssKWAesGetKey(transform) != NULL) {
- xmlSecBufferFinalize(xmlSecNssKWAesGetKey(transform));
- }
+
+ ctx = xmlSecNssKWAesGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecBufferFinalize(&(ctx->keyBuffer));
}
-static int
+static int
xmlSecNssKWAesSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecNssKWAesCtxPtr ctx;
+
xmlSecAssert2(xmlSecNssKWAesCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWAesSize), -1);
xmlSecAssert2(keyReq != NULL, -1);
- keyReq->keyId = xmlSecNssKeyDataAesId;
+ ctx = xmlSecNssKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecNssKeyDataAesId;
keyReq->keyType = xmlSecKeyDataTypeSymmetric;
if(transform->operation == xmlSecTransformOperationEncrypt) {
- keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
} else {
- keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
}
- keyReq->keyBitsSize = 8 * xmlSecNssKWAesGetKeySize(transform);
-
+ keyReq->keyBitsSize = 8 * ctx->keyExpectedSize;
+
return(0);
}
-static int
+static int
xmlSecNssKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecNssKWAesCtxPtr ctx;
xmlSecBufferPtr buffer;
xmlSecSize keySize;
- xmlSecSize expectedKeySize;
int ret;
-
+
xmlSecAssert2(xmlSecNssKWAesCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWAesSize), -1);
- xmlSecAssert2(xmlSecNssKWAesGetKey(transform) != NULL, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecNssKeyDataAesId), -1);
-
+
+ ctx = xmlSecNssKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
xmlSecAssert2(buffer != NULL, -1);
keySize = xmlSecBufferGetSize(buffer);
- expectedKeySize = xmlSecNssKWAesGetKeySize(transform);
- if(keySize < expectedKeySize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
- "key=%d;expected=%d",
- keySize, expectedKeySize);
- return(-1);
+ if(keySize < ctx->keyExpectedSize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key=%d;expected=%d",
+ keySize, ctx->keyExpectedSize);
+ return(-1);
}
-
- ret = xmlSecBufferSetData(xmlSecNssKWAesGetKey(transform),
- xmlSecBufferGetData(buffer),
- expectedKeySize);
+
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer),
+ xmlSecBufferGetData(buffer),
+ ctx->keyExpectedSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "expected-size=%d", expectedKeySize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "expected-size=%d",
+ ctx->keyExpectedSize);
+ return(-1);
}
return(0);
}
-static int
+static int
xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecBufferPtr in, out, key;
- xmlSecSize inSize, outSize, keySize, expectedKeySize;
+ xmlSecNssKWAesCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize, keySize;
int ret;
xmlSecAssert2(xmlSecNssKWAesCheckId(transform), -1);
@@ -300,317 +358,205 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWAesSize), -1);
xmlSecAssert2(transformCtx != NULL, -1);
- key = xmlSecNssKWAesGetKey(transform);
- xmlSecAssert2(key != NULL, -1);
+ ctx = xmlSecNssKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+ xmlSecAssert2(keySize == ctx->keyExpectedSize, -1);
- keySize = xmlSecBufferGetSize(key);
- expectedKeySize = xmlSecNssKWAesGetKeySize(transform);
- xmlSecAssert2(keySize == expectedKeySize, -1);
-
in = &(transform->inBuf);
out = &(transform->outBuf);
inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
+ outSize = xmlSecBufferGetSize(out);
xmlSecAssert2(outSize == 0, -1);
-
+
if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
+ transform->status = xmlSecTransformStatusWorking;
}
-
+
if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
- /* just do nothing */
+ /* just do nothing */
} else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
- if((inSize % 8) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "size=%d(not 8 bytes aligned)", inSize);
- return(-1);
- }
-
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- /* the encoded key might be 8 bytes longer plus 8 bytes just in case */
- outSize = inSize + XMLSEC_NSS_KW_AES_MAGIC_BLOCK_SIZE +
- XMLSEC_NSS_AES_BLOCK_SIZE;
- } else {
- outSize = inSize + XMLSEC_NSS_AES_BLOCK_SIZE;
- }
-
- ret = xmlSecBufferSetMaxSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "outSize=%d", outSize);
- return(-1);
- }
-
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- ret = xmlSecNssKWAesOp(xmlSecBufferGetData(key), keySize,
- xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(out), outSize, 1);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecNssKWAesOp",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- outSize = ret;
- } else {
- ret = xmlSecNssKWAesOp(xmlSecBufferGetData(key), keySize,
- xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(out), outSize, 0);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecNssKWAesOp",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- outSize = ret;
- }
-
- ret = xmlSecBufferSetSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "outSize=%d", outSize);
- return(-1);
- }
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "inSize%d", inSize);
- return(-1);
- }
-
- transform->status = xmlSecTransformStatusFinished;
+ if((inSize % 8) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size=%d(not 8 bytes aligned)", inSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* the encoded key might be 8 bytes longer plus 8 bytes just in case */
+ outSize = inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE +
+ XMLSEC_KW_AES_BLOCK_SIZE;
+ } else {
+ outSize = inSize + XMLSEC_KW_AES_BLOCK_SIZE;
+ }
+
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ PK11SymKey *aeskey = NULL;
+
+ /* create key */
+ aeskey = xmlSecNssMakeAesKey(xmlSecBufferGetData(&(ctx->keyBuffer)), keySize, 1); /* encrypt */
+ if(aeskey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssMakeAesKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+
+ /* encrypt */
+ ret = xmlSecKWAesEncode(&xmlSecNssKWAesKlass, aeskey,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWAesEncode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_FreeSymKey(aeskey);
+ return(-1);
+ }
+
+ outSize = ret;
+ PK11_FreeSymKey(aeskey);
+ } else {
+ PK11SymKey *aeskey = NULL;
+
+ /* create key */
+ aeskey = xmlSecNssMakeAesKey(xmlSecBufferGetData(&(ctx->keyBuffer)), keySize, 0); /* decrypt */
+ if(aeskey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssMakeAesKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* decrypt */
+ ret = xmlSecKWAesDecode(&xmlSecNssKWAesKlass, aeskey,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWAesDecode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_FreeSymKey(aeskey);
+ return(-1);
+ }
+
+ outSize = ret;
+ PK11_FreeSymKey(aeskey);
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "inSize%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
} else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
- }
- return(0);
-}
-
-static xmlSecSize
-xmlSecNssKWAesGetKeySize(xmlSecTransformPtr transform) {
- if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) {
- return(XMLSEC_NSS_AES128_KEY_SIZE);
- } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) {
- return(XMLSEC_NSS_AES192_KEY_SIZE);
- } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
- return(XMLSEC_NSS_AES256_KEY_SIZE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
return(0);
}
-/**
- * http://www.w3.org/TR/xmlenc-core/#sec-Alg-SymmetricKeyWrap:
- *
- * Assume that the data to be wrapped consists of N 64-bit data blocks
- * denoted P(1), P(2), P(3) ... P(N). The result of wrapping will be N+1
- * 64-bit blocks denoted C(0), C(1), C(2), ... C(N). The key encrypting
- * key is represented by K. Assume integers i, j, and t and intermediate
- * 64-bit register A, 128-bit register B, and array of 64-bit quantities
- * R(1) through R(N).
- *
- * "|" represents concatentation so x|y, where x and y and 64-bit quantities,
- * is the 128-bit quantity with x in the most significant bits and y in the
- * least significant bits. AES(K)enc(x) is the operation of AES encrypting
- * the 128-bit quantity x under the key K. AES(K)dec(x) is the corresponding
- * decryption opteration. XOR(x,y) is the bitwise exclusive or of x and y.
- * MSB(x) and LSB(y) are the most significant 64 bits and least significant
- * 64 bits of x and y respectively.
- *
- * If N is 1, a single AES operation is performed for wrap or unwrap.
- * If N>1, then 6*N AES operations are performed for wrap or unwrap.
- *
- * The key wrap algorithm is as follows:
- *
- * 1. If N is 1:
- * * B=AES(K)enc(0xA6A6A6A6A6A6A6A6|P(1))
- * * C(0)=MSB(B)
- * * C(1)=LSB(B)
- * If N>1, perform the following steps:
- * 2. Initialize variables:
- * * Set A to 0xA6A6A6A6A6A6A6A6
- * * Fori=1 to N,
- * R(i)=P(i)
- * 3. Calculate intermediate values:
- * * Forj=0 to 5,
- * o For i=1 to N,
- * t= i + j*N
- * B=AES(K)enc(A|R(i))
- * A=XOR(t,MSB(B))
- * R(i)=LSB(B)
- * 4. Output the results:
- * * Set C(0)=A
- * * For i=1 to N,
- * C(i)=R(i)
+/*********************************************************************
*
- * The key unwrap algorithm is as follows:
+ * AES KW implementation
*
- * 1. If N is 1:
- * * B=AES(K)dec(C(0)|C(1))
- * * P(1)=LSB(B)
- * * If MSB(B) is 0xA6A6A6A6A6A6A6A6, return success. Otherwise,
- * return an integrity check failure error.
- * If N>1, perform the following steps:
- * 2. Initialize the variables:
- * * A=C(0)
- * * For i=1 to N,
- * R(i)=C(i)
- * 3. Calculate intermediate values:
- * * For j=5 to 0,
- * o For i=N to 1,
- * t= i + j*N
- * B=AES(K)dec(XOR(t,A)|R(i))
- * A=MSB(B)
- * R(i)=LSB(B)
- * 4. Output the results:
- * * For i=1 to N,
- * P(i)=R(i)
- * * If A is 0xA6A6A6A6A6A6A6A6, return success. Otherwise, return
- * an integrity check failure error.
- */
+ *********************************************************************/
+static int
+xmlSecNSSKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ PK11SymKey *aeskey = (PK11SymKey *)context;
+ int ret;
-#ifndef NSS_AES_KEYWRAP_BUG_FIXED
-static const xmlSecByte xmlSecNssKWAesMagicBlock[XMLSEC_NSS_KW_AES_MAGIC_BLOCK_SIZE] = {
- 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6
-};
-
-static int
-xmlSecNssKWAesOp(const xmlSecByte *key, xmlSecSize keySize,
- const xmlSecByte *in, xmlSecSize inSize,
- xmlSecByte *out, xmlSecSize outSize, int enc) {
- xmlSecByte block[XMLSEC_NSS_AES_BLOCK_SIZE];
- xmlSecByte *p;
- int N, i, j, t;
- int result = -1;
- PK11SymKey *aeskey = NULL;
-
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(keySize > 0, -1);
xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(inSize >= XMLSEC_KW_AES_BLOCK_SIZE, -1);
xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= inSize + 8, -1);
-
- if (enc == 1) {
- aeskey = xmlSecNssMakeAesKey(key, keySize, enc);
- if(aeskey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssMakeAesKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- /* prepend magic block */
- if(in != out) {
- memcpy(out + XMLSEC_NSS_KW_AES_MAGIC_BLOCK_SIZE, in, inSize);
- } else {
- memmove(out + XMLSEC_NSS_KW_AES_MAGIC_BLOCK_SIZE, out, inSize);
- }
- memcpy(out, xmlSecNssKWAesMagicBlock, XMLSEC_NSS_KW_AES_MAGIC_BLOCK_SIZE);
-
- N = (inSize / 8);
- if(N == 1) {
- xmlSecNssAesOp(aeskey, out, out, enc);
- } else {
- for(j = 0; j <= 5; ++j) {
- for(i = 1; i <= N; ++i) {
- t = i + (j * N);
- p = out + i * 8;
-
- memcpy(block, out, 8);
- memcpy(block + 8, p, 8);
-
- xmlSecNssAesOp(aeskey, block, block, enc);
- block[7] ^= t;
- memcpy(out, block, 8);
- memcpy(p, block + 8, 8);
- }
- }
- }
-
- result = inSize + 8;
- } else {
- aeskey = xmlSecNssMakeAesKey(key, keySize, enc);
- if(aeskey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssMakeAesKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- /* copy input */
- if(in != out) {
- memcpy(out, in, inSize);
- }
-
- N = (inSize / 8) - 1;
- if(N == 1) {
- xmlSecNssAesOp(aeskey, out, out, enc);
- } else {
- for(j = 5; j >= 0; --j) {
- for(i = N; i > 0; --i) {
- t = i + (j * N);
- p = out + i * 8;
-
- memcpy(block, out, 8);
- memcpy(block + 8, p, 8);
- block[7] ^= t;
-
- xmlSecNssAesOp(aeskey, block, block, enc);
- memcpy(out, block, 8);
- memcpy(p, block + 8, 8);
- }
- }
- }
- /* do not left data in memory */
- memset(block, 0, sizeof(block));
-
- if(memcmp(xmlSecNssKWAesMagicBlock, out, XMLSEC_NSS_KW_AES_MAGIC_BLOCK_SIZE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "bad magic block");
- goto done;
- }
-
- memmove(out, out + XMLSEC_NSS_KW_AES_MAGIC_BLOCK_SIZE, inSize - XMLSEC_NSS_KW_AES_MAGIC_BLOCK_SIZE);
- result = (inSize - XMLSEC_NSS_KW_AES_MAGIC_BLOCK_SIZE);
- }
+ xmlSecAssert2(outSize >= XMLSEC_KW_AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(aeskey != NULL, -1);
-done:
- if (aeskey != NULL) {
- PK11_FreeSymKey(aeskey);
+ /* one block */
+ ret = xmlSecNssAesOp(aeskey, in, out, 1); /* encrypt */
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAesOp",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
+ return(XMLSEC_KW_AES_BLOCK_SIZE);
+}
+
+static int
+xmlSecNSSKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ PK11SymKey *aeskey = (PK11SymKey *)context;
+ int ret;
+
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= XMLSEC_KW_AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= XMLSEC_KW_AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(aeskey != NULL, -1);
- return (result);
+ /* one block */
+ ret = xmlSecNssAesOp(aeskey, in, out, 0); /* decrypt */
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAesOp",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(XMLSEC_KW_AES_BLOCK_SIZE);
}
static PK11SymKey *
@@ -619,46 +565,45 @@ xmlSecNssMakeAesKey(const xmlSecByte *key, xmlSecSize keySize, int enc) {
PK11SlotInfo* slot = NULL;
PK11SymKey* aeskey = NULL;
SECItem keyItem;
-
+
xmlSecAssert2(key != NULL, NULL);
xmlSecAssert2(keySize > 0, NULL);
cipherMech = CKM_AES_ECB;
slot = PK11_GetBestSlot(cipherMech, NULL);
if (slot == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_GetBestSlot",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_GetBestSlot",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
keyItem.data = (unsigned char *)key;
keyItem.len = keySize;
- aeskey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap,
- enc ? CKA_ENCRYPT : CKA_DECRYPT, &keyItem, NULL);
+ aeskey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap,
+ enc ? CKA_ENCRYPT : CKA_DECRYPT, &keyItem, NULL);
if (aeskey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_ImportSymKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_ImportSymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
done:
if (slot) {
- PK11_FreeSlot(slot);
+ PK11_FreeSlot(slot);
}
return(aeskey);
}
-/* encrypt a block (XMLSEC_NSS_AES_BLOCK_SIZE), in and out can overlap */
-static void
-xmlSecNssAesOp(PK11SymKey *aeskey, const xmlSecByte *in, xmlSecByte *out,
- int enc) {
+/* encrypt a block (XMLSEC_KW_AES_BLOCK_SIZE), in and out can overlap */
+static int
+xmlSecNssAesOp(PK11SymKey *aeskey, const xmlSecByte *in, xmlSecByte *out, int enc) {
CK_MECHANISM_TYPE cipherMech;
SECItem* SecParam = NULL;
@@ -666,192 +611,71 @@ xmlSecNssAesOp(PK11SymKey *aeskey, const xmlSecByte *in, xmlSecByte *out,
SECStatus rv;
int tmp1_outlen;
unsigned int tmp2_outlen;
+ int ret = -1;
- xmlSecAssert(in != NULL);
- xmlSecAssert(out != NULL);
-
- cipherMech = CKM_AES_ECB;
- SecParam = PK11_ParamFromIV(cipherMech, NULL);
- if (SecParam == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_ParamFromIV",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- EncContext = PK11_CreateContextBySymKey(cipherMech,
- enc ? CKA_ENCRYPT : CKA_DECRYPT,
- aeskey, SecParam);
- if (EncContext == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_CreateContextBySymKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- tmp1_outlen = tmp2_outlen = 0;
- rv = PK11_CipherOp(EncContext, out, &tmp1_outlen,
- XMLSEC_NSS_AES_BLOCK_SIZE, (unsigned char *)in,
- XMLSEC_NSS_AES_BLOCK_SIZE);
- if (rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_CipherOp",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- rv = PK11_DigestFinal(EncContext, out+tmp1_outlen,
- &tmp2_outlen, XMLSEC_NSS_AES_BLOCK_SIZE-tmp1_outlen);
- if (rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_DigestFinal",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
-done:
- if (SecParam) {
- SECITEM_FreeItem(SecParam, PR_TRUE);
- }
- if (EncContext) {
- PK11_DestroyContext(EncContext, PR_TRUE);
- }
-
-}
-
-#else /* NSS_AES_KEYWRAP_BUG_FIXED */
-
-/* Note: When the bug gets fixed, it is not enough to just remove
- * the #ifdef (NSS_AES_KEYWRAP_BUG_FIXED). The code also has
- * to change from doing the Init/Update/Final to just a straight
- * encrypt or decrypt. PK11 wrappers have to be exposed by
- * NSS, and these should be used.
- * Follow the NSS bug system for more details on the fix
- * http://bugzilla.mozilla.org/show_bug.cgi?id=213795
- */
-
-/* NSS implements the AES Key Wrap algorithm described at
- * http://www.w3.org/TR/xmlenc-core/#sec-Alg-SymmetricKeyWrap
- */
-
-static int
-xmlSecNssKWAesOp(const xmlSecByte *key, xmlSecSize keySize,
- const xmlSecByte *in, xmlSecSize inSize,
- xmlSecByte *out, xmlSecSize outSize, int enc) {
-
- CK_MECHANISM_TYPE cipherMech;
- PK11SlotInfo* slot = NULL;
- PK11SymKey* aeskey = NULL;
- SECItem* SecParam = NULL;
- PK11Context* EncContext = NULL;
- SECItem keyItem;
- SECStatus rv;
- int result_len = -1;
- int tmp1_outlen;
- unsigned int tmp2_outlen;
-
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(keySize > 0, -1);
xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize > 0, -1);
xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= inSize + 8, -1);
-
- cipherMech = CKM_NETSCAPE_AES_KEY_WRAP;
- slot = PK11_GetBestSlot(cipherMech, NULL);
- if (slot == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_GetBestSlot",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- keyItem.data = (unsigned char *)key;
- keyItem.len = keySize;
- aeskey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap,
- enc ? CKA_ENCRYPT : CKA_DECRYPT, &keyItem, NULL);
- if (aeskey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_ImportSymKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
+ cipherMech = CKM_AES_ECB;
SecParam = PK11_ParamFromIV(cipherMech, NULL);
if (SecParam == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_ParamFromIV",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_ParamFromIV",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
- EncContext = PK11_CreateContextBySymKey(cipherMech,
- enc ? CKA_ENCRYPT : CKA_DECRYPT,
- aeskey, SecParam);
+ EncContext = PK11_CreateContextBySymKey(cipherMech,
+ enc ? CKA_ENCRYPT : CKA_DECRYPT,
+ aeskey, SecParam);
if (EncContext == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_CreateContextBySymKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_CreateContextBySymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
tmp1_outlen = tmp2_outlen = 0;
- rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize,
- (unsigned char *)in, inSize);
+ rv = PK11_CipherOp(EncContext, out, &tmp1_outlen,
+ XMLSEC_KW_AES_BLOCK_SIZE, (unsigned char *)in,
+ XMLSEC_KW_AES_BLOCK_SIZE);
if (rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_CipherOp",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_CipherOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
- rv = PK11_DigestFinal(EncContext, out+tmp1_outlen,
- &tmp2_outlen, outSize-tmp1_outlen);
+ rv = PK11_DigestFinal(EncContext, out+tmp1_outlen,
+ &tmp2_outlen, XMLSEC_KW_AES_BLOCK_SIZE-tmp1_outlen);
if (rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_DigestFinal",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
- result_len = tmp1_outlen + tmp2_outlen;
+ /* done - success! */
+ ret = 0;
done:
- if (slot) {
- PK11_FreeSlot(slot);
- }
- if (aeskey) {
- PK11_FreeSymKey(aeskey);
- }
if (SecParam) {
- SECITEM_FreeItem(SecParam, PR_TRUE);
+ SECITEM_FreeItem(SecParam, PR_TRUE);
}
if (EncContext) {
- PK11_DestroyContext(EncContext, PR_TRUE);
+ PK11_DestroyContext(EncContext, PR_TRUE);
}
- return(result_len);
+ return (ret);
}
-#endif /* NSS_AES_KEYWRAP_BUG_FIXED */
+
#endif /* XMLSEC_NO_AES */
diff --git a/src/nss/kw_des.c b/src/nss/kw_des.c
index 0cb6f24a..e75f69c9 100644
--- a/src/nss/kw_des.c
+++ b/src/nss/kw_des.c
@@ -1,15 +1,15 @@
-/**
+/**
*
* XMLSec library
- *
- * DES Algorithm support
- *
+ *
+ * DES KW Algorithm support
+ *
* This is free software; see Copyright file in the source
- * distribution for precise wording.
- *
+ * distribution for preciese wording.
+ *
* Copyright (c) 2003 America Online, Inc. All rights reserved.
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
-
#ifndef XMLSEC_NO_DES
#include "globals.h"
@@ -29,14 +29,57 @@
#include <xmlsec/nss/crypto.h>
-#define XMLSEC_NSS_DES3_KEY_LENGTH 24
-#define XMLSEC_NSS_DES3_IV_LENGTH 8
-#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8
+#include "../kw_aes_des.h"
-static xmlSecByte *xmlSecNssComputeSHA1(const xmlSecByte *in,
- xmlSecSize inSize,
- xmlSecByte *out,
- xmlSecSize outSize);
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int xmlSecNssKWDes3GenerateRandom (void * context,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecNssKWDes3Sha1 (void * context,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecNssKWDes3BlockEncrypt (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecNssKWDes3BlockDecrypt (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+
+static xmlSecKWDes3Klass xmlSecNssKWDes3ImplKlass = {
+ /* callbacks */
+ xmlSecNssKWDes3GenerateRandom, /* xmlSecKWDes3GenerateRandomMethod generateRandom; */
+ xmlSecNssKWDes3Sha1, /* xmlSecKWDes3Sha1Method sha1; */
+ xmlSecNssKWDes3BlockEncrypt, /* xmlSecKWDes3BlockEncryptMethod encrypt; */
+ xmlSecNssKWDes3BlockDecrypt, /* xmlSecKWDes3BlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+static int xmlSecNssKWDes3Encrypt (const xmlSecByte *key,
+ xmlSecSize keySize,
+ const xmlSecByte *iv,
+ xmlSecSize ivSize,
+ const xmlSecByte *in,
+ xmlSecSize inSize,
+ xmlSecByte *out,
+ xmlSecSize outSize,
+ int enc);
/*********************************************************************
@@ -46,176 +89,171 @@ static xmlSecByte *xmlSecNssComputeSHA1(const xmlSecByte *in,
* key (xmlSecBuffer) is located after xmlSecTransform structure
*
********************************************************************/
-#define xmlSecNssKWDes3GetKey(transform) \
- ((xmlSecBufferPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-#define xmlSecNssKWDes3Size \
- (sizeof(xmlSecTransform) + sizeof(xmlSecBuffer))
-
-static int xmlSecNssKWDes3Initialize (xmlSecTransformPtr transform);
-static void xmlSecNssKWDes3Finalize (xmlSecTransformPtr transform);
-static int xmlSecNssKWDes3SetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecNssKWDes3SetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecNssKWDes3Execute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecNssKWDes3Encode (const xmlSecByte *key,
- xmlSecSize keySize,
- const xmlSecByte *in,
- xmlSecSize inSize,
- xmlSecByte *out,
- xmlSecSize outSize);
-static int xmlSecNssKWDes3Decode (const xmlSecByte *key,
- xmlSecSize keySize,
- const xmlSecByte *in,
- xmlSecSize inSize,
- xmlSecByte *out,
- xmlSecSize outSize);
-static int xmlSecNssKWDes3Encrypt (const xmlSecByte *key,
- xmlSecSize keySize,
- const xmlSecByte *iv,
- xmlSecSize ivSize,
- const xmlSecByte *in,
- xmlSecSize inSize,
- xmlSecByte *out,
- xmlSecSize outSize,
- int enc);
-static int xmlSecNssKWDes3BufferReverse (xmlSecByte *buf,
- xmlSecSize size);
-
+typedef struct _xmlSecNssKWDes3Ctx xmlSecNssKWDes3Ctx,
+ *xmlSecNssKWDes3CtxPtr;
+struct _xmlSecNssKWDes3Ctx {
+ xmlSecBuffer keyBuffer;
+};
+#define xmlSecNssKWDes3Size \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecNssKWDes3Ctx))
+#define xmlSecNssKWDes3GetCtx(transform) \
+ ((xmlSecNssKWDes3CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecNssKWDes3Initialize (xmlSecTransformPtr transform);
+static void xmlSecNssKWDes3Finalize (xmlSecTransformPtr transform);
+static int xmlSecNssKWDes3SetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecNssKWDes3SetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecNssKWDes3Execute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
static xmlSecTransformKlass xmlSecNssKWDes3Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssKWDes3Size, /* xmlSecSize objSize */
-
- xmlSecNameKWDes3, /* const xmlChar* name; */
- xmlSecHrefKWDes3, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecNssKWDes3Initialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecNssKWDes3Finalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecNssKWDes3SetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecNssKWDes3SetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecNssKWDes3Execute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKWDes3Size, /* xmlSecSize objSize */
+
+ xmlSecNameKWDes3, /* const xmlChar* name; */
+ xmlSecHrefKWDes3, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKWDes3Initialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKWDes3Finalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKWDes3SetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKWDes3SetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKWDes3Execute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecNssTransformKWDes3GetKlass:
- *
+ *
* The Triple DES key wrapper transform klass.
*
* Returns: Triple DES key wrapper transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecNssTransformKWDes3GetKlass(void) {
return(&xmlSecNssKWDes3Klass);
}
-static int
+static int
xmlSecNssKWDes3Initialize(xmlSecTransformPtr transform) {
+ xmlSecNssKWDes3CtxPtr ctx;
int ret;
-
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecNssTransformKWDes3Id), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWDes3Size), -1);
-
- ret = xmlSecBufferInitialize(xmlSecNssKWDes3GetKey(transform), 0);
+
+ ctx = xmlSecNssKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
return(0);
}
-static void
+static void
xmlSecNssKWDes3Finalize(xmlSecTransformPtr transform) {
+ xmlSecNssKWDes3CtxPtr ctx;
+
xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecNssTransformKWDes3Id));
xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKWDes3Size));
-
- if(xmlSecNssKWDes3GetKey(transform) != NULL) {
- xmlSecBufferFinalize(xmlSecNssKWDes3GetKey(transform));
- }
+
+ ctx = xmlSecNssKWDes3GetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecBufferFinalize(&(ctx->keyBuffer));
}
-static int
+static int
xmlSecNssKWDes3SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecNssKWDes3CtxPtr ctx;
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecNssTransformKWDes3Id), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWDes3Size), -1);
xmlSecAssert2(keyReq != NULL, -1);
- keyReq->keyId = xmlSecNssKeyDataDesId;
- keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ ctx = xmlSecNssKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecNssKeyDataDesId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
if(transform->operation == xmlSecTransformOperationEncrypt) {
- keyReq->keyUsage= xmlSecKeyUsageEncrypt;
+ keyReq->keyUsage= xmlSecKeyUsageEncrypt;
} else {
- keyReq->keyUsage= xmlSecKeyUsageDecrypt;
+ keyReq->keyUsage= xmlSecKeyUsageDecrypt;
}
- keyReq->keyBitsSize = 8 * XMLSEC_NSS_DES3_KEY_LENGTH;
+ keyReq->keyBitsSize = 8 * XMLSEC_KW_DES3_KEY_LENGTH;
return(0);
}
-static int
+static int
xmlSecNssKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecNssKWDes3CtxPtr ctx;
xmlSecBufferPtr buffer;
xmlSecSize keySize;
int ret;
-
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecNssTransformKWDes3Id), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWDes3Size), -1);
- xmlSecAssert2(xmlSecNssKWDes3GetKey(transform) != NULL, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecNssKeyDataDesId), -1);
-
+
+ ctx = xmlSecNssKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
xmlSecAssert2(buffer != NULL, -1);
keySize = xmlSecBufferGetSize(buffer);
- if(keySize < XMLSEC_NSS_DES3_KEY_LENGTH) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
- "key length %d is not enough (%d expected)",
- keySize, XMLSEC_NSS_DES3_KEY_LENGTH);
- return(-1);
+ if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key length %d is not enough (%d expected)",
+ keySize, XMLSEC_KW_DES3_KEY_LENGTH);
+ return(-1);
}
-
- ret = xmlSecBufferSetData(xmlSecNssKWDes3GetKey(transform),
- xmlSecBufferGetData(buffer),
- XMLSEC_NSS_DES3_KEY_LENGTH);
+
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", XMLSEC_NSS_DES3_KEY_LENGTH);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", XMLSEC_KW_DES3_KEY_LENGTH);
+ return(-1);
}
return(0);
}
-static int
+static int
xmlSecNssKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecBufferPtr in, out, key;
+ xmlSecNssKWDes3CtxPtr ctx;
+ xmlSecBufferPtr in, out;
xmlSecSize inSize, outSize, keySize;
int ret;
@@ -224,535 +262,402 @@ xmlSecNssKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCt
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWDes3Size), -1);
xmlSecAssert2(transformCtx != NULL, -1);
- key = xmlSecNssKWDes3GetKey(transform);
- xmlSecAssert2(key != NULL, -1);
+ ctx = xmlSecNssKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+ xmlSecAssert2(keySize == XMLSEC_KW_DES3_KEY_LENGTH, -1);
- keySize = xmlSecBufferGetSize(key);
- xmlSecAssert2(keySize == XMLSEC_NSS_DES3_KEY_LENGTH, -1);
-
in = &(transform->inBuf);
out = &(transform->outBuf);
inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
+ outSize = xmlSecBufferGetSize(out);
xmlSecAssert2(outSize == 0, -1);
-
+
if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
+ transform->status = xmlSecTransformStatusWorking;
}
-
+
if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
- /* just do nothing */
+ /* just do nothing */
} else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
- if((inSize % XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "%d bytes - not %d bytes aligned",
- inSize, XMLSEC_NSS_DES3_BLOCK_LENGTH);
- return(-1);
- }
-
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- /* the encoded key might be 16 bytes longer plus one block just in case */
- outSize = inSize + XMLSEC_NSS_DES3_IV_LENGTH +
- XMLSEC_NSS_DES3_BLOCK_LENGTH +
- XMLSEC_NSS_DES3_BLOCK_LENGTH;
- } else {
- outSize = inSize + XMLSEC_NSS_DES3_BLOCK_LENGTH;
- }
-
- ret = xmlSecBufferSetMaxSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- return(-1);
- }
-
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- ret = xmlSecNssKWDes3Encode(xmlSecBufferGetData(key), keySize,
- xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(out), outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecNssKWDes3Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "key=%d,in=%d,out=%d",
- keySize, inSize, outSize);
- return(-1);
- }
- outSize = ret;
- } else {
- ret = xmlSecNssKWDes3Decode(xmlSecBufferGetData(key), keySize,
- xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(out), outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecNssKWDes3Decode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "key=%d,in=%d,out=%d",
- keySize, inSize, outSize);
- return(-1);
- }
- outSize = ret;
- }
-
- ret = xmlSecBufferSetSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- return(-1);
- }
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
-
- transform->status = xmlSecTransformStatusFinished;
+ if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "%d bytes - not %d bytes aligned",
+ inSize, XMLSEC_KW_DES3_BLOCK_LENGTH);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* the encoded key might be 16 bytes longer plus one block just in case */
+ outSize = inSize + XMLSEC_KW_DES3_IV_LENGTH +
+ XMLSEC_KW_DES3_BLOCK_LENGTH +
+ XMLSEC_KW_DES3_BLOCK_LENGTH;
+ } else {
+ /* just in case, add a block */
+ outSize = inSize + XMLSEC_KW_DES3_BLOCK_LENGTH;
+ }
+
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ ret = xmlSecKWDes3Encode(&xmlSecNssKWDes3ImplKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWDes3Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "key=%d,in=%d,out=%d",
+ keySize, inSize, outSize);
+ return(-1);
+ }
+ outSize = ret;
+ } else {
+ ret = xmlSecKWDes3Decode(&xmlSecNssKWDes3ImplKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWDes3Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "key=%d,in=%d,out=%d",
+ keySize, inSize, outSize);
+ return(-1);
+ }
+ outSize = ret;
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
} else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
return(0);
}
-static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = {
- 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
-};
-/**
- * CMS Triple DES Key Wrap
- *
- * http://www.w3.org/TR/xmlenc-core/#sec-Alg-SymmetricKeyWrap
- *
- * The following algorithm wraps (encrypts) a key (the wrapped key, WK)
- * under a TRIPLEDES key-encryption-key (KEK) as specified in [CMS-Algorithms]:
+/*********************************************************************
*
- * 1. Represent the key being wrapped as an octet sequence. If it is a
- * TRIPLEDES key, this is 24 octets (192 bits) with odd parity bit as
- * the bottom bit of each octet.
- * 2. Compute the CMS key checksum (section 5.6.1) call this CKS.
- * 3. Let WKCKS = WK || CKS, where || is concatenation.
- * 4. Generate 8 random octets [RANDOM] and call this IV.
- * 5. Encrypt WKCKS in CBC mode using KEK as the key and IV as the
- * initialization vector. Call the results TEMP1.
- * 6. Left TEMP2 = IV || TEMP1.
- * 7. Reverse the order of the octets in TEMP2 and call the result TEMP3.
- * 8. Encrypt TEMP3 in CBC mode using the KEK and an initialization vector
- * of 0x4adda22c79e82105. The resulting cipher text is the desired result.
- * It is 40 octets long if a 168 bit key is being wrapped.
+ * DES KW implementation
*
- */
-static int
-xmlSecNssKWDes3Encode(const xmlSecByte *key, xmlSecSize keySize,
- const xmlSecByte *in, xmlSecSize inSize,
- xmlSecByte *out, xmlSecSize outSize) {
- xmlSecByte sha1[SHA1_LENGTH];
- xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH];
- xmlSecSize s;
- int ret;
+ *********************************************************************/
+static int
+xmlSecNssKWDes3Sha1(void * context,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecNssKWDes3CtxPtr ctx = (xmlSecNssKWDes3CtxPtr)context;
+ PK11Context *pk11ctx = NULL;
+ unsigned int outLen = 0;
SECStatus status;
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(keySize == XMLSEC_NSS_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(in != NULL, -1);
xmlSecAssert2(inSize > 0, -1);
xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= inSize + 16, -1);
-
- /* step 2: calculate sha1 and CMS */
- if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssComputeSHA1",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecAssert2(outSize >= SHA1_LENGTH, -1);
+
+ /* Create a pk11ctx for hashing (digesting) */
+ pk11ctx = PK11_CreateDigestContext(SEC_OID_SHA1);
+ if (pk11ctx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_CreateDigestContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ status = PK11_DigestBegin(pk11ctx);
+ if (status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestBegin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_DestroyContext(pk11ctx, PR_TRUE);
+ return(-1);
+ }
+
+ status = PK11_DigestOp(pk11ctx, in, inSize);
+ if (status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_DestroyContext(pk11ctx, PR_TRUE);
+ return(-1);
+ }
+
+ status = PK11_DigestFinal(pk11ctx, out, &outLen, outSize);
+ if (status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_DestroyContext(pk11ctx, PR_TRUE);
+ return(-1);
+ }
+
+ /* done */
+ PK11_DestroyContext(pk11ctx, PR_TRUE);
+ xmlSecAssert2(outLen == SHA1_LENGTH, -1);
+ return(outLen);
+}
+
+static int
+xmlSecNssKWDes3GenerateRandom(void * context,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecNssKWDes3CtxPtr ctx = (xmlSecNssKWDes3CtxPtr)context;
+ SECStatus status;
- /* step 3: construct WKCKS */
- memcpy(out, in, inSize);
- memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH);
-
- /* step 4: generate random iv */
- status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize > 0, -1);
+
+ status = PK11_GenerateRandom(out, outSize);
if(status != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_GenerateRandom",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* step 5: first encryption, result is TEMP1 */
- ret = xmlSecNssKWDes3Encrypt(key, keySize,
- iv, XMLSEC_NSS_DES3_IV_LENGTH,
- out, inSize + XMLSEC_NSS_DES3_BLOCK_LENGTH,
- out, outSize, 1);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKWDes3Encrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_GenerateRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
- /* step 6: construct TEMP2=IV || TEMP1 */
- memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out,
- inSize + XMLSEC_NSS_DES3_IV_LENGTH);
- memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH);
- s = ret + XMLSEC_NSS_DES3_IV_LENGTH;
-
- /* step 7: reverse octets order, result is TEMP3 */
- ret = xmlSecNssKWDes3BufferReverse(out, s);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKWDes3BufferReverse",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ return((int)outSize);
+}
+
+static int
+xmlSecNssKWDes3BlockEncrypt(void * context,
+ const xmlSecByte * iv, xmlSecSize ivSize,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecNssKWDes3CtxPtr ctx = (xmlSecNssKWDes3CtxPtr)context;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
- /* step 8: second encryption with static IV */
- ret = xmlSecNssKWDes3Encrypt(key, keySize,
- xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
- out, s, out, outSize, 1);
+ ret = xmlSecNssKWDes3Encrypt(xmlSecBufferGetData(&(ctx->keyBuffer)), XMLSEC_KW_DES3_KEY_LENGTH,
+ iv, XMLSEC_KW_DES3_IV_LENGTH,
+ in, inSize,
+ out, outSize,
+ 1); /* encrypt */
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKWDes3Encrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
- s = ret;
- return(s);
+
+ return(ret);
}
-/**
- * CMS Triple DES Key Wrap
- *
- * http://www.w3.org/TR/xmlenc-core/#sec-Alg-SymmetricKeyWrap
- *
- * The following algorithm unwraps (decrypts) a key as specified in
- * [CMS-Algorithms]:
- *
- * 1. Check if the length of the cipher text is reasonable given the key type.
- * It must be 40 bytes for a 168 bit key and either 32, 40, or 48 bytes for
- * a 128, 192, or 256 bit key. If the length is not supported or inconsistent
- * with the algorithm for which the key is intended, return error.
- * 2. Decrypt the cipher text with TRIPLEDES in CBC mode using the KEK and
- * an initialization vector (IV) of 0x4adda22c79e82105. Call the output TEMP3.
- * 3. Reverse the order of the octets in TEMP3 and call the result TEMP2.
- * 4. Decompose TEMP2 into IV, the first 8 octets, and TEMP1, the remaining
- * octets.
- * 5. Decrypt TEMP1 using TRIPLEDES in CBC mode using the KEK and the IV found
- * in the previous step. Call the result WKCKS.
- * 6. Decompose WKCKS. CKS is the last 8 octets and WK, the wrapped key, are
- * those octets before the CKS.
- * 7. Calculate a CMS key checksum (section 5.6.1) over the WK and compare
- * with the CKS extracted in the above step. If they are not equal, return
- * error.
- * 8. WK is the wrapped key, now extracted for use in data decryption.
- */
-static int
-xmlSecNssKWDes3Decode(const xmlSecByte *key, xmlSecSize keySize,
- const xmlSecByte *in, xmlSecSize inSize,
- xmlSecByte *out, xmlSecSize outSize) {
- xmlSecByte sha1[SHA1_LENGTH];
- xmlSecSize s;
+static int
+xmlSecNssKWDes3BlockDecrypt(void * context,
+ const xmlSecByte * iv, xmlSecSize ivSize,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecNssKWDes3CtxPtr ctx = (xmlSecNssKWDes3CtxPtr)context;
int ret;
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(keySize == XMLSEC_NSS_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
xmlSecAssert2(in != NULL, -1);
xmlSecAssert2(inSize > 0, -1);
xmlSecAssert2(out != NULL, -1);
xmlSecAssert2(outSize >= inSize, -1);
- /* step 2: first decryption with static IV, result is TEMP3 */
- ret = xmlSecNssKWDes3Encrypt(key, keySize,
- xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
- in, inSize, out, outSize, 0);
- if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKWDes3Encrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- s = ret;
-
- /* step 3: reverse octets order in TEMP3, result is TEMP2 */
- ret = xmlSecNssKWDes3BufferReverse(out, s);
+ ret = xmlSecNssKWDes3Encrypt(xmlSecBufferGetData(&(ctx->keyBuffer)), XMLSEC_KW_DES3_KEY_LENGTH,
+ iv, XMLSEC_KW_DES3_IV_LENGTH,
+ in, inSize,
+ out, outSize,
+ 0); /* decrypt */
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKWDes3BufferReverse",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
- /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */
- ret = xmlSecNssKWDes3Encrypt(key, keySize,
- out, XMLSEC_NSS_DES3_IV_LENGTH,
- out + XMLSEC_NSS_DES3_IV_LENGTH,
- s - XMLSEC_NSS_DES3_IV_LENGTH,
- out, outSize, 0);
- if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssKWDes3Encrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- s = ret - XMLSEC_NSS_DES3_BLOCK_LENGTH;
-
- /* steps 6 and 7: calculate SHA1 and validate it */
- if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssComputeSHA1",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "SHA1 does not match");
- return(-1);
- }
-
- return(s);
+ return(ret);
}
+
+
static int
xmlSecNssKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize,
- const xmlSecByte *iv, xmlSecSize ivSize,
- const xmlSecByte *in, xmlSecSize inSize,
- xmlSecByte *out, xmlSecSize outSize, int enc) {
+ const xmlSecByte *iv, xmlSecSize ivSize,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize,
+ int enc) {
CK_MECHANISM_TYPE cipherMech;
- PK11SlotInfo* slot = NULL;
- PK11SymKey* SymKey = NULL;
- SECItem* SecParam = NULL;
- PK11Context* EncContext = NULL;
- SECItem keyItem, ivItem;
- SECStatus rv;
- int result_len = -1;
- int tmp1_outlen;
- unsigned int tmp2_outlen;
+ PK11SlotInfo* slot = NULL;
+ PK11SymKey* symKey = NULL;
+ SECItem* param = NULL;
+ PK11Context* pk11ctx = NULL;
+ SECItem keyItem, ivItem;
+ SECStatus status;
+ int result_len = -1;
+ int tmp1_outlen;
+ unsigned int tmp2_outlen;
xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(keySize == XMLSEC_NSS_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(keySize == XMLSEC_KW_DES3_KEY_LENGTH, -1);
xmlSecAssert2(iv != NULL, -1);
- xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(ivSize == XMLSEC_KW_DES3_IV_LENGTH, -1);
xmlSecAssert2(in != NULL, -1);
xmlSecAssert2(inSize > 0, -1);
xmlSecAssert2(out != NULL, -1);
xmlSecAssert2(outSize >= inSize, -1);
-
+
cipherMech = CKM_DES3_CBC;
slot = PK11_GetBestSlot(cipherMech, NULL);
if (slot == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_GetBestSlot",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_GetBestSlot",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
keyItem.data = (unsigned char *)key;
keyItem.len = keySize;
- SymKey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap,
- enc ? CKA_ENCRYPT : CKA_DECRYPT, &keyItem, NULL);
- if (SymKey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_ImportSymKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ symKey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap,
+ enc ? CKA_ENCRYPT : CKA_DECRYPT, &keyItem, NULL);
+ if (symKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_ImportSymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
ivItem.data = (unsigned char *)iv;
ivItem.len = ivSize;
- SecParam = PK11_ParamFromIV(cipherMech, &ivItem);
- if (SecParam == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_ParamFromIV",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ param = PK11_ParamFromIV(cipherMech, &ivItem);
+ if (param == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_ParamFromIV",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
- EncContext = PK11_CreateContextBySymKey(cipherMech,
- enc ? CKA_ENCRYPT : CKA_DECRYPT,
- SymKey, SecParam);
- if (EncContext == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_CreateContextBySymKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ pk11ctx = PK11_CreateContextBySymKey(cipherMech,
+ enc ? CKA_ENCRYPT : CKA_DECRYPT,
+ symKey, param);
+ if (pk11ctx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_CreateContextBySymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
tmp1_outlen = tmp2_outlen = 0;
- rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize,
- (unsigned char *)in, inSize);
- if (rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_CipherOp",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- rv = PK11_DigestFinal(EncContext, out+tmp1_outlen,
- &tmp2_outlen, outSize-tmp1_outlen);
- if (rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_DigestFinal",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ status = PK11_CipherOp(pk11ctx, out, &tmp1_outlen, outSize,
+ (unsigned char *)in, inSize);
+ if (status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_CipherOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ status = PK11_DigestFinal(pk11ctx, out+tmp1_outlen,
+ &tmp2_outlen, outSize-tmp1_outlen);
+ if (status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
result_len = tmp1_outlen + tmp2_outlen;
done:
if (slot) {
- PK11_FreeSlot(slot);
+ PK11_FreeSlot(slot);
}
- if (SymKey) {
- PK11_FreeSymKey(SymKey);
+ if (symKey) {
+ PK11_FreeSymKey(symKey);
}
- if (SecParam) {
- SECITEM_FreeItem(SecParam, PR_TRUE);
+ if (param) {
+ SECITEM_FreeItem(param, PR_TRUE);
}
- if (EncContext) {
- PK11_DestroyContext(EncContext, PR_TRUE);
+ if (pk11ctx) {
+ PK11_DestroyContext(pk11ctx, PR_TRUE);
}
return(result_len);
-}
-
-static int
-xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) {
- xmlSecSize s;
- xmlSecSize i;
- xmlSecByte c;
-
- xmlSecAssert2(buf != NULL, -1);
-
- s = size / 2;
- --size;
- for(i = 0; i < s; ++i) {
- c = buf[i];
- buf[i] = buf[size - i];
- buf[size - i] = c;
- }
- return(0);
}
-static xmlSecByte *
-xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize,
- xmlSecByte *out, xmlSecSize outSize)
-{
- PK11Context *context = NULL;
- SECStatus s;
- xmlSecByte *digest = NULL;
- unsigned int len;
-
- xmlSecAssert2(in != NULL, NULL);
- xmlSecAssert2(out != NULL, NULL);
- xmlSecAssert2(outSize >= SHA1_LENGTH, NULL);
-
- /* Create a context for hashing (digesting) */
- context = PK11_CreateDigestContext(SEC_OID_SHA1);
- if (context == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_CreateDigestContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- s = PK11_DigestBegin(context);
- if (s != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_DigestBegin",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- s = PK11_DigestOp(context, in, inSize);
- if (s != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_DigestOp",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- s = PK11_DigestFinal(context, out, &len, outSize);
- if (s != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_DigestFinal",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- xmlSecAssert2(len == SHA1_LENGTH, NULL);
-
- digest = out;
-
-done:
- if (context != NULL) {
- PK11_DestroyContext(context, PR_TRUE);
- }
- return (digest);
-}
#endif /* XMLSEC_NO_DES */
diff --git a/src/nss/pkikeys.c b/src/nss/pkikeys.c
index f8549352..ae9e29b4 100644
--- a/src/nss/pkikeys.c
+++ b/src/nss/pkikeys.c
@@ -1,9 +1,9 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (c) 2003 America Online, Inc. All rights reserved.
*/
#include "globals.h"
@@ -30,12 +30,12 @@
* Internal NSS PKI key CTX
*
*************************************************************************/
-typedef struct _xmlSecNssPKIKeyDataCtx xmlSecNssPKIKeyDataCtx,
- *xmlSecNssPKIKeyDataCtxPtr;
+typedef struct _xmlSecNssPKIKeyDataCtx xmlSecNssPKIKeyDataCtx,
+ *xmlSecNssPKIKeyDataCtxPtr;
struct _xmlSecNssPKIKeyDataCtx {
SECKEYPublicKey *pubkey;
SECKEYPrivateKey *privkey;
-};
+};
/******************************************************************************
*
@@ -44,22 +44,22 @@ struct _xmlSecNssPKIKeyDataCtx {
* xmlSecNssPKIKeyDataCtx is located after xmlSecTransform
*
*****************************************************************************/
-#define xmlSecNssPKIKeyDataSize \
- (sizeof(xmlSecKeyData) + sizeof(xmlSecNssPKIKeyDataCtx))
+#define xmlSecNssPKIKeyDataSize \
+ (sizeof(xmlSecKeyData) + sizeof(xmlSecNssPKIKeyDataCtx))
#define xmlSecNssPKIKeyDataGetCtx(data) \
((xmlSecNssPKIKeyDataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData)))
-static int xmlSecNssPKIKeyDataInitialize (xmlSecKeyDataPtr data);
-static void xmlSecNssPKIKeyDataFinalize (xmlSecKeyDataPtr data);
+static int xmlSecNssPKIKeyDataInitialize (xmlSecKeyDataPtr data);
+static void xmlSecNssPKIKeyDataFinalize (xmlSecKeyDataPtr data);
-static void xmlSecNSSPKIKeyDataCtxFree (xmlSecNssPKIKeyDataCtxPtr ctx);
-static int xmlSecNSSPKIKeyDataCtxDup (xmlSecNssPKIKeyDataCtxPtr ctxDst,
- xmlSecNssPKIKeyDataCtxPtr ctxSrc);
-static int xmlSecNssPKIKeyDataAdoptKey (xmlSecKeyDataPtr data,
- SECKEYPrivateKey *privkey,
- SECKEYPublicKey *pubkey);
+static void xmlSecNSSPKIKeyDataCtxFree (xmlSecNssPKIKeyDataCtxPtr ctx);
+static int xmlSecNSSPKIKeyDataCtxDup (xmlSecNssPKIKeyDataCtxPtr ctxDst,
+ xmlSecNssPKIKeyDataCtxPtr ctxSrc);
+static int xmlSecNssPKIKeyDataAdoptKey (xmlSecKeyDataPtr data,
+ SECKEYPrivateKey *privkey,
+ SECKEYPublicKey *pubkey);
static int
@@ -81,107 +81,107 @@ xmlSecNssPKIKeyDataInitialize(xmlSecKeyDataPtr data) {
static void
xmlSecNssPKIKeyDataFinalize(xmlSecKeyDataPtr data) {
xmlSecNssPKIKeyDataCtxPtr ctx;
-
+
xmlSecAssert(xmlSecKeyDataIsValid(data));
xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize));
ctx = xmlSecNssPKIKeyDataGetCtx(data);
xmlSecAssert(ctx != NULL);
-
+
xmlSecNSSPKIKeyDataCtxFree(ctx);
memset(ctx, 0, sizeof(xmlSecNssPKIKeyDataCtx));
}
-static void
+static void
xmlSecNSSPKIKeyDataCtxFree(xmlSecNssPKIKeyDataCtxPtr ctx)
{
xmlSecAssert(ctx != NULL);
if (ctx->privkey != NULL) {
- SECKEY_DestroyPrivateKey(ctx->privkey);
- ctx->privkey = NULL;
+ SECKEY_DestroyPrivateKey(ctx->privkey);
+ ctx->privkey = NULL;
}
if (ctx->pubkey)
{
- SECKEY_DestroyPublicKey(ctx->pubkey);
- ctx->pubkey = NULL;
+ SECKEY_DestroyPublicKey(ctx->pubkey);
+ ctx->pubkey = NULL;
}
}
-static int
-xmlSecNSSPKIKeyDataCtxDup(xmlSecNssPKIKeyDataCtxPtr ctxDst,
+static int
+xmlSecNSSPKIKeyDataCtxDup(xmlSecNssPKIKeyDataCtxPtr ctxDst,
xmlSecNssPKIKeyDataCtxPtr ctxSrc)
{
xmlSecNSSPKIKeyDataCtxFree(ctxDst);
if (ctxSrc->privkey != NULL) {
- ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
- if(ctxDst->privkey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "SECKEY_CopyPrivateKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(-1);
- }
+ ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
+ if(ctxDst->privkey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SECKEY_CopyPrivateKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
}
if (ctxSrc->pubkey != NULL) {
- ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey);
- if(ctxDst->pubkey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "SECKEY_CopyPublicKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(-1);
- }
+ ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey);
+ if(ctxDst->pubkey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SECKEY_CopyPublicKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
}
return (0);
}
-static int
+static int
xmlSecNssPKIKeyDataAdoptKey(xmlSecKeyDataPtr data,
- SECKEYPrivateKey *privkey,
+ SECKEYPrivateKey *privkey,
SECKEYPublicKey *pubkey)
{
xmlSecNssPKIKeyDataCtxPtr ctx;
- KeyType pubType = nullKey ;
- KeyType priType = nullKey ;
-
+ KeyType pubType = nullKey ;
+ KeyType priType = nullKey ;
+
xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1);
- if( privkey != NULL ) {
- priType = SECKEY_GetPrivateKeyType( privkey ) ;
- }
-
- if( pubkey != NULL ) {
- pubType = SECKEY_GetPublicKeyType( pubkey ) ;
- }
-
- if( priType != nullKey && pubType != nullKey ) {
- if( pubType != priType ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- NULL ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- "different type of private and public key" ) ;
- return -1 ;
- }
- }
+ if( privkey != NULL ) {
+ priType = SECKEY_GetPrivateKeyType( privkey ) ;
+ }
+
+ if( pubkey != NULL ) {
+ pubType = SECKEY_GetPublicKeyType( pubkey ) ;
+ }
+
+ if( priType != nullKey && pubType != nullKey ) {
+ if( pubType != priType ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ "different type of private and public key" ) ;
+ return -1 ;
+ }
+ }
ctx = xmlSecNssPKIKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
-
+
if (ctx->privkey) {
- SECKEY_DestroyPrivateKey(ctx->privkey);
+ SECKEY_DestroyPrivateKey(ctx->privkey);
}
ctx->privkey = privkey;
if (ctx->pubkey) {
- SECKEY_DestroyPublicKey(ctx->pubkey);
+ SECKEY_DestroyPublicKey(ctx->pubkey);
}
ctx->pubkey = pubkey;
@@ -199,80 +199,80 @@ xmlSecNssPKIKeyDataAdoptKey(xmlSecKeyDataPtr data,
* Returns: pointer to KeyData object or NULL if an error occurs.
*/
xmlSecKeyDataPtr
-xmlSecNssPKIAdoptKey(SECKEYPrivateKey *privkey,
+xmlSecNssPKIAdoptKey(SECKEYPrivateKey *privkey,
SECKEYPublicKey *pubkey)
{
xmlSecKeyDataPtr data = NULL;
int ret;
- KeyType pubType = nullKey ;
- KeyType priType = nullKey ;
-
- if( privkey != NULL ) {
- priType = SECKEY_GetPrivateKeyType( privkey ) ;
- }
-
- if( pubkey != NULL ) {
- pubType = SECKEY_GetPublicKeyType( pubkey ) ;
- }
-
- if( priType != nullKey && pubType != nullKey ) {
- if( pubType != priType ) {
- xmlSecError( XMLSEC_ERRORS_HERE ,
- NULL ,
- NULL ,
- XMLSEC_ERRORS_R_CRYPTO_FAILED ,
- "different type of private and public key" ) ;
- return( NULL ) ;
- }
- }
-
- pubType = priType != nullKey ? priType : pubType ;
- switch(pubType) {
-#ifndef XMLSEC_NO_RSA
+ KeyType pubType = nullKey ;
+ KeyType priType = nullKey ;
+
+ if( privkey != NULL ) {
+ priType = SECKEY_GetPrivateKeyType( privkey ) ;
+ }
+
+ if( pubkey != NULL ) {
+ pubType = SECKEY_GetPublicKeyType( pubkey ) ;
+ }
+
+ if( priType != nullKey && pubType != nullKey ) {
+ if( pubType != priType ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ "different type of private and public key" ) ;
+ return( NULL ) ;
+ }
+ }
+
+ pubType = priType != nullKey ? priType : pubType ;
+ switch(pubType) {
+#ifndef XMLSEC_NO_RSA
case rsaKey:
- data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId);
- if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecNssKeyDataRsaId");
- return(NULL);
- }
- break;
-#endif /* XMLSEC_NO_RSA */
-#ifndef XMLSEC_NO_DSA
+ data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecNssKeyDataRsaId");
+ return(NULL);
+ }
+ break;
+#endif /* XMLSEC_NO_RSA */
+#ifndef XMLSEC_NO_DSA
case dsaKey:
- data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId);
- if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecNssKeyDataDsaId");
- return(NULL);
- }
- break;
-#endif /* XMLSEC_NO_DSA */
- default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_TYPE,
- "PKI key type %d not supported", pubType);
- return(NULL);
- }
-
- xmlSecAssert2(data != NULL, NULL);
+ data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecNssKeyDataDsaId");
+ return(NULL);
+ }
+ break;
+#endif /* XMLSEC_NO_DSA */
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TYPE,
+ "PKI key type %d not supported", pubType);
+ return(NULL);
+ }
+
+ xmlSecAssert2(data != NULL, NULL);
ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssPKIKeyDataAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(data);
- return(NULL);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssPKIKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(NULL);
}
return(data);
}
@@ -333,7 +333,7 @@ xmlSecNssPKIKeyDataGetPrivKey(xmlSecKeyDataPtr data) {
*
* Gets the Key Type from the key data.
*
- * Returns: Key Type
+ * Returns: Key Type
*/
KeyType
xmlSecNssPKIKeyDataGetKeyType(xmlSecKeyDataPtr data) {
@@ -345,11 +345,11 @@ xmlSecNssPKIKeyDataGetKeyType(xmlSecKeyDataPtr data) {
ctx = xmlSecNssPKIKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, nullKey);
-
+
if (ctx->pubkey != NULL) {
- kt = SECKEY_GetPublicKeyType(ctx->pubkey);
+ kt = SECKEY_GetPublicKeyType(ctx->pubkey);
} else {
- kt = SECKEY_GetPrivateKeyType(ctx->privkey);
+ kt = SECKEY_GetPrivateKeyType(ctx->privkey);
}
return(kt);
}
@@ -381,17 +381,17 @@ xmlSecNssPKIKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
if (xmlSecNSSPKIKeyDataCtxDup(ctxDst, ctxSrc) != 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "xmlSecNssPKIKeydataCtxDup",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecNssPKIKeydataCtxDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
- }
+ }
return(0);
}
-#ifndef XMLSEC_NO_DSA
+#ifndef XMLSEC_NO_DSA
/**************************************************************************
*
* <dsig:DSAKeyValue> processing
@@ -399,57 +399,57 @@ xmlSecNssPKIKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
*
* The DSAKeyValue Element (http://www.w3.org/TR/xmldsig-core/#sec-DSAKeyValue)
*
- * DSA keys and the DSA signature algorithm are specified in [DSS].
+ * DSA keys and the DSA signature algorithm are specified in [DSS].
* DSA public key values can have the following fields:
- *
- * * P - a prime modulus meeting the [DSS] requirements
- * * Q - an integer in the range 2**159 < Q < 2**160 which is a prime
- * divisor of P-1
- * * G - an integer with certain properties with respect to P and Q
- * * Y - G**X mod P (where X is part of the private key and not made
- * public)
- * * J - (P - 1) / Q
- * * seed - a DSA prime generation seed
+ *
+ * * P - a prime modulus meeting the [DSS] requirements
+ * * Q - an integer in the range 2**159 < Q < 2**160 which is a prime
+ * divisor of P-1
+ * * G - an integer with certain properties with respect to P and Q
+ * * Y - G**X mod P (where X is part of the private key and not made
+ * public)
+ * * J - (P - 1) / Q
+ * * seed - a DSA prime generation seed
* * pgenCounter - a DSA prime generation counter
*
- * Parameter J is available for inclusion solely for efficiency as it is
- * calculatable from P and Q. Parameters seed and pgenCounter are used in the
- * DSA prime number generation algorithm specified in [DSS]. As such, they are
- * optional but must either both be present or both be absent. This prime
- * generation algorithm is designed to provide assurance that a weak prime is
- * not being used and it yields a P and Q value. Parameters P, Q, and G can be
- * public and common to a group of users. They might be known from application
- * context. As such, they are optional but P and Q must either both appear or
- * both be absent. If all of P, Q, seed, and pgenCounter are present,
- * implementations are not required to check if they are consistent and are
- * free to use either P and Q or seed and pgenCounter. All parameters are
+ * Parameter J is available for inclusion solely for efficiency as it is
+ * calculatable from P and Q. Parameters seed and pgenCounter are used in the
+ * DSA prime number generation algorithm specified in [DSS]. As such, they are
+ * optional but must either both be present or both be absent. This prime
+ * generation algorithm is designed to provide assurance that a weak prime is
+ * not being used and it yields a P and Q value. Parameters P, Q, and G can be
+ * public and common to a group of users. They might be known from application
+ * context. As such, they are optional but P and Q must either both appear or
+ * both be absent. If all of P, Q, seed, and pgenCounter are present,
+ * implementations are not required to check if they are consistent and are
+ * free to use either P and Q or seed and pgenCounter. All parameters are
* encoded as base64 [MIME] values.
- *
- * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ *
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
* represented in XML as octet strings as defined by the ds:CryptoBinary type.
- *
+ *
* Schema Definition:
- *
- * <element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
- * <complexType name="DSAKeyValueType">
+ *
+ * <element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+ * <complexType name="DSAKeyValueType">
* <sequence>
* <sequence minOccurs="0">
- * <element name="P" type="ds:CryptoBinary"/>
+ * <element name="P" type="ds:CryptoBinary"/>
* <element name="Q" type="ds:CryptoBinary"/>
* </sequence>
- * <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
- * <element name="Y" type="ds:CryptoBinary"/>
+ * <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ * <element name="Y" type="ds:CryptoBinary"/>
* <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
* <sequence minOccurs="0">
- * <element name="Seed" type="ds:CryptoBinary"/>
- * <element name="PgenCounter" type="ds:CryptoBinary"/>
+ * <element name="Seed" type="ds:CryptoBinary"/>
+ * <element name="PgenCounter" type="ds:CryptoBinary"/>
* </sequence>
* </sequence>
* </complexType>
- *
+ *
* DTD Definition:
- *
- * <!ELEMENT DSAKeyValue ((P, Q)?, G?, Y, J?, (Seed, PgenCounter)?) >
+ *
+ * <!ELEMENT DSAKeyValue ((P, Q)?, G?, Y, J?, (Seed, PgenCounter)?) >
* <!ELEMENT P (#PCDATA) >
* <!ELEMENT Q (#PCDATA) >
* <!ELEMENT G (#PCDATA) >
@@ -459,34 +459,34 @@ xmlSecNssPKIKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
* <!ELEMENT PgenCounter (#PCDATA) >
*
* ============================================================================
- *
+ *
* To support reading/writing private keys an X element added (before Y).
* todo: The current implementation does not support Seed and PgenCounter!
* by this the P, Q and G are *required*!
*
*************************************************************************/
-static int xmlSecNssKeyDataDsaInitialize (xmlSecKeyDataPtr data);
-static int xmlSecNssKeyDataDsaDuplicate (xmlSecKeyDataPtr dst,
- xmlSecKeyDataPtr src);
-static void xmlSecNssKeyDataDsaFinalize (xmlSecKeyDataPtr data);
-static int xmlSecNssKeyDataDsaXmlRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecNssKeyDataDsaXmlWrite (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecNssKeyDataDsaGenerate (xmlSecKeyDataPtr data,
- xmlSecSize sizeBits,
- xmlSecKeyDataType type);
-
-static xmlSecKeyDataType xmlSecNssKeyDataDsaGetType (xmlSecKeyDataPtr data);
-static xmlSecSize xmlSecNssKeyDataDsaGetSize (xmlSecKeyDataPtr data);
-static void xmlSecNssKeyDataDsaDebugDump (xmlSecKeyDataPtr data,
- FILE* output);
-static void xmlSecNssKeyDataDsaDebugXmlDump (xmlSecKeyDataPtr data,
- FILE* output);
+static int xmlSecNssKeyDataDsaInitialize (xmlSecKeyDataPtr data);
+static int xmlSecNssKeyDataDsaDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecNssKeyDataDsaFinalize (xmlSecKeyDataPtr data);
+static int xmlSecNssKeyDataDsaXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssKeyDataDsaXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssKeyDataDsaGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecNssKeyDataDsaGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecNssKeyDataDsaGetSize (xmlSecKeyDataPtr data);
+static void xmlSecNssKeyDataDsaDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecNssKeyDataDsaDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
static xmlSecKeyDataKlass xmlSecNssKeyDataDsaKlass = {
sizeof(xmlSecKeyDataKlass),
@@ -494,46 +494,46 @@ static xmlSecKeyDataKlass xmlSecNssKeyDataDsaKlass = {
/* data */
xmlSecNameDSAKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefDSAKeyValue, /* const xmlChar* href; */
- xmlSecNodeDSAKeyValue, /* const xmlChar* dataNodeName; */
- xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefDSAKeyValue, /* const xmlChar* href; */
+ xmlSecNodeDSAKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- xmlSecNssKeyDataDsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecNssKeyDataDsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecNssKeyDataDsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- xmlSecNssKeyDataDsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
+ xmlSecNssKeyDataDsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecNssKeyDataDsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecNssKeyDataDsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecNssKeyDataDsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
/* get info */
- xmlSecNssKeyDataDsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
- xmlSecNssKeyDataDsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ xmlSecNssKeyDataDsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecNssKeyDataDsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- xmlSecNssKeyDataDsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecNssKeyDataDsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- NULL, /* xmlSecKeyDataBinReadMethod binRead; */
- NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ xmlSecNssKeyDataDsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecNssKeyDataDsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- xmlSecNssKeyDataDsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecNssKeyDataDsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ xmlSecNssKeyDataDsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecNssKeyDataDsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecNssKeyDataDsaGetKlass:
- *
+ *
* The DSA key data klass.
*
* Returns: pointer to DSA key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecNssKeyDataDsaGetKlass(void) {
return(&xmlSecNssKeyDataDsaKlass);
}
@@ -557,13 +557,13 @@ xmlSecNssKeyDataDsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
static void
xmlSecNssKeyDataDsaFinalize(xmlSecKeyDataPtr data) {
xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId));
-
+
xmlSecNssPKIKeyDataFinalize(data);
}
static int
xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data = NULL;
xmlNodePtr cur;
int ret;
@@ -579,48 +579,48 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
xmlSecAssert2(keyInfoCtx != NULL, -1);
if(xmlSecKeyGetValue(key) != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA,
- XMLSEC_ERRORS_NO_MESSAGE);
- ret = -1;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ ret = -1;
+ goto done;
}
slot = PK11_GetBestSlot(CKM_DSA, NULL);
if(slot == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "PK11_GetBestSlot",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- ret = -1;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "PK11_GetBestSlot",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ ret = -1;
+ goto done;
}
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if(arena == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "PORT_NewArena",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- ret = -1;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "PORT_NewArena",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ ret = -1;
+ goto done;
}
- pubkey = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena,
- sizeof(SECKEYPublicKey));
+ pubkey = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena,
+ sizeof(SECKEYPublicKey));
if(pubkey == NULL ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "PORT_ArenaZAlloc",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- PORT_FreeArena(arena, PR_FALSE);
- ret = -1;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "PORT_ArenaZAlloc",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ PORT_FreeArena(arena, PR_FALSE);
+ ret = -1;
+ goto done;
}
pubkey->arena = arena;
pubkey->u.dsa.params.arena = arena;
@@ -630,159 +630,159 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
/* first is P node. It is REQUIRED because we do not support Seed and PgenCounter*/
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAP, xmlSecDSigNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAP));
- ret = -1;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ ret = -1;
+ goto done;
}
if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.dsa.params.prime)) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssNodeGetBigNumValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAP));
- ret = -1;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeGetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ ret = -1;
+ goto done;
}
cur = xmlSecGetNextElementNode(cur->next);
/* next is Q node. It is REQUIRED because we do not support Seed and PgenCounter*/
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAQ, xmlSecDSigNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAQ));
- ret = -1;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ ret = -1;
+ goto done;
}
if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.dsa.params.subPrime)) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssNodeGetBigNumValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAQ));
- ret = -1;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeGetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ ret = -1;
+ goto done;
}
cur = xmlSecGetNextElementNode(cur->next);
/* next is G node. It is REQUIRED because we do not support Seed and PgenCounter*/
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAG, xmlSecDSigNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAG));
- ret = -1;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ ret = -1;
+ goto done;
}
if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.dsa.params.base)) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssNodeGetBigNumValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAG));
- ret = -1;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeGetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ ret = -1;
+ goto done;
}
cur = xmlSecGetNextElementNode(cur->next);
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAX, xmlSecNs))) {
/* next is X node. It is REQUIRED for private key but
- * NSS does not support it, we just ignore it */
+ * NSS does not support it, we just ignore it */
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
}
/* next is Y node. */
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAY, xmlSecDSigNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAY));
- ret = -1;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ ret = -1;
+ goto done;
}
if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.dsa.publicValue)) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssNodeGetBigNumValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY));
- ret = -1;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeGetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ ret = -1;
+ goto done;
}
cur = xmlSecGetNextElementNode(cur->next);
-
+
/* todo: add support for J */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAJ, xmlSecDSigNs))) {
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
}
/* todo: add support for seed */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSASeed, xmlSecDSigNs))) {
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
}
/* todo: add support for pgencounter */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAPgenCounter, xmlSecDSigNs))) {
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- ret = -1;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ ret = -1;
+ goto done;
}
handle = PK11_ImportPublicKey(slot, pubkey, PR_FALSE);
data = xmlSecKeyDataCreate(id);
if(data == NULL ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- ret = -1;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ ret = -1;
+ goto done;
}
ret = xmlSecNssPKIKeyDataAdoptKey(data, NULL, pubkey);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssPKIKeyDataAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssPKIKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
- pubkey = NULL;
+ pubkey = NULL;
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
data = NULL;
@@ -790,26 +790,26 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
done:
if (slot != NULL) {
- PK11_FreeSlot(slot);
+ PK11_FreeSlot(slot);
}
if (ret != 0) {
- if (pubkey != NULL) {
- SECKEY_DestroyPublicKey(pubkey);
- }
- if (data != NULL) {
- xmlSecKeyDataDestroy(data);
- }
+ if (pubkey != NULL) {
+ SECKEY_DestroyPublicKey(pubkey);
+ }
+ if (data != NULL) {
+ xmlSecKeyDataDestroy(data);
+ }
}
return(ret);
}
-static int
+static int
xmlSecNssKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecNssPKIKeyDataCtxPtr ctx;
xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(id == xmlSecNssKeyDataDsaId, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecNssKeyDataDsaId), -1);
@@ -821,74 +821,74 @@ xmlSecNssKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
- /* we can have only private key or public key */
- return(0);
- }
-
+ /* we can have only private key or public key */
+ return(0);
+ }
+
/* first is P node */
cur = xmlSecAddChild(node, xmlSecNodeDSAP, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAP));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ return(-1);
}
ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.dsa.params.prime), 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssNodeSetBigNumValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAP));
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeSetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ return(-1);
+ }
/* next is Q node. */
cur = xmlSecAddChild(node, xmlSecNodeDSAQ, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAQ));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ return(-1);
}
ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.dsa.params.subPrime), 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssNodeSetBigNumValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAQ));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeSetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ return(-1);
}
/* next is G node. */
cur = xmlSecAddChild(node, xmlSecNodeDSAG, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAG));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ return(-1);
}
ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.dsa.params.base), 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssNodeSetBigNumValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAG));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeSetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ return(-1);
}
/* next is X node: not supported in NSS */
@@ -896,23 +896,23 @@ xmlSecNssKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
/* next is Y node. */
cur = xmlSecAddChild(node, xmlSecNodeDSAY, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAY));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ return(-1);
}
ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.dsa.publicValue), 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssNodeSetBigNumValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAY));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeSetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ return(-1);
}
return(0);
@@ -929,76 +929,76 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
SECKEYPublicKey *pubkey = NULL;
int ret = -1;
int j;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), -1);
xmlSecAssert2(sizeBits > 0, -1);
j = PQG_PBITS_TO_INDEX(sizeBits);
rv = PK11_PQG_ParamGen(j, &pqgParams, &pqgVerify);
if (rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "PK11_PQG_ParamGen",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "size=%d", sizeBits);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_PQG_ParamGen",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", sizeBits);
+ goto done;
}
rv = PK11_PQG_VerifyParams(pqgParams, pqgVerify, &res);
if (rv != SECSuccess || res != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "PK11_PQG_VerifyParams",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "size=%d", sizeBits);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_PQG_VerifyParams",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", sizeBits);
+ goto done;
}
slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams,
- &pubkey, PR_FALSE, PR_TRUE, NULL);
+ &pubkey, PR_FALSE, PR_TRUE, NULL);
if((privkey == NULL) || (pubkey == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "PK11_GenerateKeyPair",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
-
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_GenerateKeyPair",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ goto done;
}
ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssPKIKeyDataAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssPKIKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
ret = 0;
done:
if (slot != NULL) {
- PK11_FreeSlot(slot);
+ PK11_FreeSlot(slot);
}
if (pqgParams != NULL) {
- PK11_PQG_DestroyParams(pqgParams);
+ PK11_PQG_DestroyParams(pqgParams);
}
if (pqgVerify != NULL) {
- PK11_PQG_DestroyVerify(pqgVerify);
+ PK11_PQG_DestroyVerify(pqgVerify);
}
if (ret == 0) {
- return (0);
+ return (0);
}
if (pubkey != NULL) {
- SECKEY_DestroyPublicKey(pubkey);
+ SECKEY_DestroyPublicKey(pubkey);
}
if (privkey != NULL) {
- SECKEY_DestroyPrivateKey(privkey);
+ SECKEY_DestroyPrivateKey(privkey);
}
return(-1);
}
@@ -1006,21 +1006,21 @@ done:
static xmlSecKeyDataType
xmlSecNssKeyDataDsaGetType(xmlSecKeyDataPtr data) {
xmlSecNssPKIKeyDataCtxPtr ctx;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown);
ctx = xmlSecNssPKIKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
if (ctx->privkey != NULL) {
- return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+ return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
} else {
- return(xmlSecKeyDataTypePublic);
+ return(xmlSecKeyDataTypePublic);
}
-
+
return(xmlSecKeyDataTypeUnknown);
}
-static xmlSecSize
+static xmlSecSize
xmlSecNssKeyDataDsaGetSize(xmlSecKeyDataPtr data) {
xmlSecNssPKIKeyDataCtxPtr ctx;
@@ -1032,22 +1032,22 @@ xmlSecNssKeyDataDsaGetSize(xmlSecKeyDataPtr data) {
return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
}
-static void
+static void
xmlSecNssKeyDataDsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId));
xmlSecAssert(output != NULL);
-
- fprintf(output, "=== dsa key: size = %d\n",
- xmlSecNssKeyDataDsaGetSize(data));
+
+ fprintf(output, "=== dsa key: size = %d\n",
+ xmlSecNssKeyDataDsaGetSize(data));
}
static void
xmlSecNssKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId));
xmlSecAssert(output != NULL);
-
- fprintf(output, "<DSAKeyValue size=\"%d\" />\n",
- xmlSecNssKeyDataDsaGetSize(data));
+
+ fprintf(output, "<DSAKeyValue size=\"%d\" />\n",
+ xmlSecNssKeyDataDsaGetSize(data));
}
#endif /* XMLSEC_NO_DSA */
@@ -1065,59 +1065,59 @@ xmlSecNssKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
* <RSAKeyValue>
* <Modulus>xA7SEU+e0yQH5rm9kbCDN9o3aPIo7HbP7tX6WOocLZAtNfyxSZDU16ksL6W
* jubafOqNEpcwR3RdFsT7bCqnXPBe5ELh5u4VEy19MzxkXRgrMvavzyBpVRgBUwUlV
- * 5foK5hhmbktQhyNdy/6LpQRhDUDsTvK+g9Ucj47es9AQJ3U=
+ * 5foK5hhmbktQhyNdy/6LpQRhDUDsTvK+g9Ucj47es9AQJ3U=
* </Modulus>
* <Exponent>AQAB</Exponent>
* </RSAKeyValue>
*
- * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
* represented in XML as octet strings as defined by the ds:CryptoBinary type.
*
* Schema Definition:
- *
+ *
* <element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
* <complexType name="RSAKeyValueType">
* <sequence>
- * <element name="Modulus" type="ds:CryptoBinary"/>
+ * <element name="Modulus" type="ds:CryptoBinary"/>
* <element name="Exponent" type="ds:CryptoBinary"/>
* </sequence>
* </complexType>
*
* DTD Definition:
- *
- * <!ELEMENT RSAKeyValue (Modulus, Exponent) >
+ *
+ * <!ELEMENT RSAKeyValue (Modulus, Exponent) >
* <!ELEMENT Modulus (#PCDATA) >
* <!ELEMENT Exponent (#PCDATA) >
*
* ============================================================================
- *
+ *
* To support reading/writing private keys an PrivateExponent element is added
* to the end
*
*************************************************************************/
-static int xmlSecNssKeyDataRsaInitialize (xmlSecKeyDataPtr data);
-static int xmlSecNssKeyDataRsaDuplicate (xmlSecKeyDataPtr dst,
- xmlSecKeyDataPtr src);
-static void xmlSecNssKeyDataRsaFinalize (xmlSecKeyDataPtr data);
-static int xmlSecNssKeyDataRsaXmlRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecNssKeyDataRsaXmlWrite (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecNssKeyDataRsaGenerate (xmlSecKeyDataPtr data,
- xmlSecSize sizeBits,
- xmlSecKeyDataType type);
-
-static xmlSecKeyDataType xmlSecNssKeyDataRsaGetType (xmlSecKeyDataPtr data);
-static xmlSecSize xmlSecNssKeyDataRsaGetSize (xmlSecKeyDataPtr data);
-static void xmlSecNssKeyDataRsaDebugDump (xmlSecKeyDataPtr data,
- FILE* output);
-static void xmlSecNssKeyDataRsaDebugXmlDump (xmlSecKeyDataPtr data,
- FILE* output);
+static int xmlSecNssKeyDataRsaInitialize (xmlSecKeyDataPtr data);
+static int xmlSecNssKeyDataRsaDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecNssKeyDataRsaFinalize (xmlSecKeyDataPtr data);
+static int xmlSecNssKeyDataRsaXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssKeyDataRsaXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssKeyDataRsaGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecNssKeyDataRsaGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecNssKeyDataRsaGetSize (xmlSecKeyDataPtr data);
+static void xmlSecNssKeyDataRsaDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecNssKeyDataRsaDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
static xmlSecKeyDataKlass xmlSecNssKeyDataRsaKlass = {
sizeof(xmlSecKeyDataKlass),
@@ -1125,46 +1125,46 @@ static xmlSecKeyDataKlass xmlSecNssKeyDataRsaKlass = {
/* data */
xmlSecNameRSAKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefRSAKeyValue, /* const xmlChar* href; */
- xmlSecNodeRSAKeyValue, /* const xmlChar* dataNodeName; */
- xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefRSAKeyValue, /* const xmlChar* href; */
+ xmlSecNodeRSAKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- xmlSecNssKeyDataRsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecNssKeyDataRsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecNssKeyDataRsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- xmlSecNssKeyDataRsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
+ xmlSecNssKeyDataRsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecNssKeyDataRsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecNssKeyDataRsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecNssKeyDataRsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
/* get info */
- xmlSecNssKeyDataRsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
- xmlSecNssKeyDataRsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ xmlSecNssKeyDataRsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecNssKeyDataRsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- xmlSecNssKeyDataRsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecNssKeyDataRsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- NULL, /* xmlSecKeyDataBinReadMethod binRead; */
- NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ xmlSecNssKeyDataRsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecNssKeyDataRsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- xmlSecNssKeyDataRsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecNssKeyDataRsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ xmlSecNssKeyDataRsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecNssKeyDataRsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecNssKeyDataRsaGetKlass:
*
* The RSA key data klass.
*
* Returns: pointer to RSA key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecNssKeyDataRsaGetKlass(void) {
return(&xmlSecNssKeyDataRsaKlass);
}
@@ -1193,7 +1193,7 @@ xmlSecNssKeyDataRsaFinalize(xmlSecKeyDataPtr data) {
static int
xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data = NULL;
xmlNodePtr cur;
int ret;
@@ -1207,13 +1207,13 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
xmlSecAssert2(keyInfoCtx != NULL, -1);
if(xmlSecKeyGetValue(key) != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA,
- "key already has a value");
- ret = -1;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+ "key already has a value");
+ ret = -1;
+ goto done;
}
slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL);
@@ -1246,7 +1246,7 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
"PORT_ArenaZAlloc",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"error code=%d", PORT_GetError());
- PORT_FreeArena(arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
ret = -1;
goto done;
}
@@ -1254,101 +1254,101 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
pubkey->keyType = rsaKey;
cur = xmlSecGetNextElementNode(node->children);
-
+
/* first is Modulus node. It is REQUIRED because we do not support Seed and PgenCounter*/
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAModulus, xmlSecDSigNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
- ret = -1;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ ret = -1;
+ goto done;
}
if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.rsa.modulus)) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssNodeGetBigNumValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
- ret = -1;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeGetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ ret = -1;
+ goto done;
}
cur = xmlSecGetNextElementNode(cur->next);
/* next is Exponent node. It is REQUIRED because we do not support Seed and PgenCounter*/
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAExponent, xmlSecDSigNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
- ret = -1;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ ret = -1;
+ goto done;
}
if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.rsa.publicExponent)) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssNodeGetBigNumValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
- ret = -1;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeGetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ ret = -1;
+ goto done;
}
cur = xmlSecGetNextElementNode(cur->next);
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeRSAPrivateExponent, xmlSecNs))) {
/* next is X node. It is REQUIRED for private key but
- * NSS does not support it. We just ignore it */
- cur = xmlSecGetNextElementNode(cur->next);
+ * NSS does not support it. We just ignore it */
+ cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "no nodes expected");
- ret = -1;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "no nodes expected");
+ ret = -1;
+ goto done;
}
data = xmlSecKeyDataCreate(id);
if(data == NULL ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- ret = -1;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ ret = -1;
+ goto done;
}
ret = xmlSecNssPKIKeyDataAdoptKey(data, NULL, pubkey);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssPKIKeyDataAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(data);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssPKIKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ goto done;
}
pubkey = NULL;
-
+
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(data);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ goto done;
}
data = NULL;
@@ -1359,23 +1359,23 @@ done:
PK11_FreeSlot(slot);
}
if (ret != 0) {
- if (pubkey != 0) {
+ if (pubkey != 0) {
SECKEY_DestroyPublicKey(pubkey);
- }
- if (data != 0) {
+ }
+ if (data != 0) {
xmlSecKeyDataDestroy(data);
- }
+ }
}
return(ret);
}
-static int
+static int
xmlSecNssKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecNssPKIKeyDataCtxPtr ctx;
xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(id == xmlSecNssKeyDataRsaId, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecNssKeyDataRsaId), -1);
@@ -1388,52 +1388,52 @@ xmlSecNssKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
- /* we can have only private key or public key */
- return(0);
- }
+ /* we can have only private key or public key */
+ return(0);
+ }
/* first is Modulus node */
cur = xmlSecAddChild(node, xmlSecNodeRSAModulus, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ return(-1);
}
ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.rsa.modulus), 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssNodeSetBigNumValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeSetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ return(-1);
+ }
/* next is Exponent node. */
cur = xmlSecAddChild(node, xmlSecNodeRSAExponent, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ return(-1);
}
ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.rsa.publicExponent), 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssNodeSetBigNumValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeSetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ return(-1);
}
/* next is PrivateExponent node: not supported in NSS */
@@ -1458,43 +1458,43 @@ xmlSecNssKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL);
PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &params,
- &pubkey, PR_FALSE, PR_TRUE, NULL);
+ &pubkey, PR_FALSE, PR_TRUE, NULL);
if(privkey == NULL || pubkey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "PK11_GenerateKeyPair",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
-
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_GenerateKeyPair",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+
+ goto done;
}
ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssPKIKeyDataAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssPKIKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
ret = 0;
done:
if (slot != NULL) {
- PK11_FreeSlot(slot);
+ PK11_FreeSlot(slot);
}
if (ret == 0) {
- return (0);
+ return (0);
}
if (pubkey != NULL) {
- SECKEY_DestroyPublicKey(pubkey);
+ SECKEY_DestroyPublicKey(pubkey);
}
if (privkey != NULL) {
- SECKEY_DestroyPrivateKey(privkey);
+ SECKEY_DestroyPrivateKey(privkey);
}
return(-1);
}
@@ -1502,22 +1502,22 @@ done:
static xmlSecKeyDataType
xmlSecNssKeyDataRsaGetType(xmlSecKeyDataPtr data) {
xmlSecNssPKIKeyDataCtxPtr ctx;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataRsaId), xmlSecKeyDataTypeUnknown);
-
+
ctx = xmlSecNssPKIKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->pubkey == NULL || SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
if (ctx->privkey != NULL) {
- return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+ return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
} else {
- return(xmlSecKeyDataTypePublic);
+ return(xmlSecKeyDataTypePublic);
}
-
+
return(xmlSecKeyDataTypeUnknown);
}
-static xmlSecSize
+static xmlSecSize
xmlSecNssKeyDataRsaGetSize(xmlSecKeyDataPtr data) {
xmlSecNssPKIKeyDataCtxPtr ctx;
@@ -1530,24 +1530,24 @@ xmlSecNssKeyDataRsaGetSize(xmlSecKeyDataPtr data) {
return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
}
-static void
+static void
xmlSecNssKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataRsaId));
xmlSecAssert(output != NULL);
-
- fprintf(output, "=== rsa key: size = %d\n",
- xmlSecNssKeyDataRsaGetSize(data));
+
+ fprintf(output, "=== rsa key: size = %d\n",
+ xmlSecNssKeyDataRsaGetSize(data));
}
static void
xmlSecNssKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataRsaId));
xmlSecAssert(output != NULL);
-
- fprintf(output, "<RSAKeyValue size=\"%d\" />\n",
- xmlSecNssKeyDataRsaGetSize(data));
+
+ fprintf(output, "<RSAKeyValue size=\"%d\" />\n",
+ xmlSecNssKeyDataRsaGetSize(data));
}
-
+
#endif /* XMLSEC_NO_RSA */
diff --git a/src/nss/signatures.c b/src/nss/signatures.c
index 3c9639c3..4f54170e 100644
--- a/src/nss/signatures.c
+++ b/src/nss/signatures.c
@@ -1,9 +1,9 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (c) 2003 America Online, Inc. All rights reserved.
*/
#include "globals.h"
@@ -29,24 +29,24 @@
* Internal NSS signatures ctx
*
*****************************************************************************/
-typedef struct _xmlSecNssSignatureCtx xmlSecNssSignatureCtx,
- *xmlSecNssSignatureCtxPtr;
+typedef struct _xmlSecNssSignatureCtx xmlSecNssSignatureCtx,
+ *xmlSecNssSignatureCtxPtr;
struct _xmlSecNssSignatureCtx {
- xmlSecKeyDataId keyId;
+ xmlSecKeyDataId keyId;
SECOidTag alg;
union {
struct {
- SGNContext *sigctx;
- SECKEYPrivateKey *privkey;
+ SGNContext *sigctx;
+ SECKEYPrivateKey *privkey;
} sig;
struct {
- VFYContext *vfyctx;
- SECKEYPublicKey *pubkey;
+ VFYContext *vfyctx;
+ SECKEYPublicKey *pubkey;
} vfy;
} u;
-};
+};
/******************************************************************************
*
@@ -55,88 +55,143 @@ struct _xmlSecNssSignatureCtx {
* xmlSecNssSignatureCtx is located after xmlSecTransform
*
*****************************************************************************/
-#define xmlSecNssSignatureSize \
+#define xmlSecNssSignatureSize \
(sizeof(xmlSecTransform) + sizeof(xmlSecNssSignatureCtx))
#define xmlSecNssSignatureGetCtx(transform) \
((xmlSecNssSignatureCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-static int xmlSecNssSignatureCheckId (xmlSecTransformPtr transform);
-static int xmlSecNssSignatureInitialize (xmlSecTransformPtr transform);
-static void xmlSecNssSignatureFinalize (xmlSecTransformPtr transform);
-static int xmlSecNssSignatureSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecNssSignatureSetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecNssSignatureVerify (xmlSecTransformPtr transform,
- const xmlSecByte* data,
- xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecNssSignatureExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
+static int xmlSecNssSignatureCheckId (xmlSecTransformPtr transform);
+static int xmlSecNssSignatureInitialize (xmlSecTransformPtr transform);
+static void xmlSecNssSignatureFinalize (xmlSecTransformPtr transform);
+static int xmlSecNssSignatureSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecNssSignatureSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecNssSignatureVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecNssSignatureExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
static int
xmlSecNssSignatureCheckId(xmlSecTransformPtr transform) {
#ifndef XMLSEC_NO_DSA
if(xmlSecTransformCheckId(transform, xmlSecNssTransformDsaSha1Id)) {
- return(1);
+ return(1);
}
#endif /* XMLSEC_NO_DSA */
#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaMd5Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha1Id)) {
- return(1);
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha256Id)) {
+ return(1);
}
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha384Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha512Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA512 */
+
#endif /* XMLSEC_NO_RSA */
return(0);
}
-static int
+static int
xmlSecNssSignatureInitialize(xmlSecTransformPtr transform) {
xmlSecNssSignatureCtxPtr ctx;
-
+
xmlSecAssert2(xmlSecNssSignatureCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssSignatureSize), -1);
ctx = xmlSecNssSignatureGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
- memset(ctx, 0, sizeof(xmlSecNssSignatureCtx));
+ memset(ctx, 0, sizeof(xmlSecNssSignatureCtx));
#ifndef XMLSEC_NO_DSA
if(xmlSecTransformCheckId(transform, xmlSecNssTransformDsaSha1Id)) {
- ctx->keyId = xmlSecNssKeyDataDsaId;
-
- /* This creates a signature which is ASN1 encoded */
- /*ctx->alg = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;*/
-
- /* Fortezza uses the same DSA signature format as XML does.
- * DSA and FORTEZZA keys are treated as equivalent keys for doing
- * DSA signatures (which is how they are supposed to be treated).
- */
- ctx->alg = SEC_OID_MISSI_DSS;
- } else
+ ctx->keyId = xmlSecNssKeyDataDsaId;
+ /* This creates a signature which is ASN1 encoded */
+ ctx->alg = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
+ } else
#endif /* XMLSEC_NO_DSA */
#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaMd5Id)) {
+ ctx->keyId = xmlSecNssKeyDataRsaId;
+ ctx->alg = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+
+#ifndef XMLSEC_NO_SHA1
if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha1Id)) {
- ctx->keyId = xmlSecNssKeyDataRsaId;
- ctx->alg = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
- } else
+ ctx->keyId = xmlSecNssKeyDataRsaId;
+ ctx->alg = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha256Id)) {
+ ctx->keyId = xmlSecNssKeyDataRsaId;
+ ctx->alg = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha384Id)) {
+ ctx->keyId = xmlSecNssKeyDataRsaId;
+ ctx->alg = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha512Id)) {
+ ctx->keyId = xmlSecNssKeyDataRsaId;
+ ctx->alg = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
#endif /* XMLSEC_NO_RSA */
- if(1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+
+ if(1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
return(0);
}
-static void
+static void
xmlSecNssSignatureFinalize(xmlSecTransformPtr transform) {
xmlSecNssSignatureCtxPtr ctx;
@@ -146,23 +201,23 @@ xmlSecNssSignatureFinalize(xmlSecTransformPtr transform) {
ctx = xmlSecNssSignatureGetCtx(transform);
xmlSecAssert(ctx != NULL);
-
+
if (transform->operation == xmlSecTransformOperationSign) {
- SGN_DestroyContext(ctx->u.sig.sigctx, PR_TRUE);
- if (ctx->u.sig.privkey) {
- SECKEY_DestroyPrivateKey(ctx->u.sig.privkey);
- }
+ SGN_DestroyContext(ctx->u.sig.sigctx, PR_TRUE);
+ if (ctx->u.sig.privkey) {
+ SECKEY_DestroyPrivateKey(ctx->u.sig.privkey);
+ }
} else {
- VFY_DestroyContext(ctx->u.vfy.vfyctx, PR_TRUE);
- if (ctx->u.vfy.pubkey) {
- SECKEY_DestroyPublicKey(ctx->u.vfy.pubkey);
- }
+ VFY_DestroyContext(ctx->u.vfy.vfyctx, PR_TRUE);
+ if (ctx->u.vfy.pubkey) {
+ SECKEY_DestroyPublicKey(ctx->u.vfy.pubkey);
+ }
}
- memset(ctx, 0, sizeof(xmlSecNssSignatureCtx));
+ memset(ctx, 0, sizeof(xmlSecNssSignatureCtx));
}
-static int
+static int
xmlSecNssSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecNssSignatureCtxPtr ctx;
xmlSecKeyDataPtr value;
@@ -179,58 +234,58 @@ xmlSecNssSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
value = xmlSecKeyGetValue(key);
xmlSecAssert2(value != NULL, -1);
-
+
if (transform->operation == xmlSecTransformOperationSign) {
- if (ctx->u.sig.privkey)
- SECKEY_DestroyPrivateKey(ctx->u.sig.privkey);
- ctx->u.sig.privkey = xmlSecNssPKIKeyDataGetPrivKey(value);
- if(ctx->u.sig.privkey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecNssPKIKeyDataGetPrivKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- ctx->u.sig.sigctx = SGN_NewContext(ctx->alg, ctx->u.sig.privkey);
+ if (ctx->u.sig.privkey)
+ SECKEY_DestroyPrivateKey(ctx->u.sig.privkey);
+ ctx->u.sig.privkey = xmlSecNssPKIKeyDataGetPrivKey(value);
+ if(ctx->u.sig.privkey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNssPKIKeyDataGetPrivKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ctx->u.sig.sigctx = SGN_NewContext(ctx->alg, ctx->u.sig.privkey);
if (ctx->u.sig.sigctx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "SGN_NewContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "SGN_NewContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
}
} else {
- if (ctx->u.vfy.pubkey)
- SECKEY_DestroyPublicKey(ctx->u.vfy.pubkey);
- ctx->u.vfy.pubkey = xmlSecNssPKIKeyDataGetPubKey(value);
- if(ctx->u.vfy.pubkey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecNssPKIKeyDataGetPubKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- ctx->u.vfy.vfyctx = VFY_CreateContext(ctx->u.vfy.pubkey, NULL,
- ctx->alg, NULL);
- if (ctx->u.vfy.vfyctx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "VFY_CreateContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(-1);
+ if (ctx->u.vfy.pubkey)
+ SECKEY_DestroyPublicKey(ctx->u.vfy.pubkey);
+ ctx->u.vfy.pubkey = xmlSecNssPKIKeyDataGetPubKey(value);
+ if(ctx->u.vfy.pubkey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNssPKIKeyDataGetPubKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ctx->u.vfy.vfyctx = VFY_CreateContext(ctx->u.vfy.pubkey, NULL,
+ ctx->alg, NULL);
+ if (ctx->u.vfy.vfyctx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "VFY_CreateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
}
}
-
+
return(0);
}
-static int
+static int
xmlSecNssSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecNssSignatureCtxPtr ctx;
@@ -246,23 +301,23 @@ xmlSecNssSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyRe
keyReq->keyId = ctx->keyId;
if(transform->operation == xmlSecTransformOperationSign) {
keyReq->keyType = xmlSecKeyDataTypePrivate;
- keyReq->keyUsage = xmlSecKeyUsageSign;
+ keyReq->keyUsage = xmlSecKeyUsageSign;
} else {
keyReq->keyType = xmlSecKeyDataTypePublic;
- keyReq->keyUsage = xmlSecKeyUsageVerify;
+ keyReq->keyUsage = xmlSecKeyUsageVerify;
}
return(0);
}
static int
-xmlSecNssSignatureVerify(xmlSecTransformPtr transform,
- const xmlSecByte* data, xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx) {
+xmlSecNssSignatureVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
xmlSecNssSignatureCtxPtr ctx;
SECStatus status;
SECItem signature;
-
+
xmlSecAssert2(xmlSecNssSignatureCheckId(transform), -1);
xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssSignatureSize), -1);
@@ -275,31 +330,52 @@ xmlSecNssSignatureVerify(xmlSecTransformPtr transform,
signature.data = (unsigned char *)data;
signature.len = dataSize;
- status = VFY_EndWithSignature(ctx->u.vfy.vfyctx, &signature);
+
+ if(ctx->alg == SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) {
+ /* This creates a signature which is ASN1 encoded */
+ SECItem signatureDer;
+ SECStatus statusDer;
+
+ statusDer = DSAU_EncodeDerSig(&signatureDer, &signature);
+ if(statusDer != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "DSAU_EncodeDerSig",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d",
+ PORT_GetError());
+ return(-1);
+ }
+ status = VFY_EndWithSignature(ctx->u.vfy.vfyctx, &signatureDer);
+ SECITEM_FreeItem(&signatureDer, PR_FALSE);
+ } else {
+ status = VFY_EndWithSignature(ctx->u.vfy.vfyctx, &signature);
+ }
if (status != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "VFY_Update, VFY_End",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
-
- if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "VFY_End",
- XMLSEC_ERRORS_R_DATA_NOT_MATCH,
- "signature does not verify");
- transform->status = xmlSecTransformStatusFail;
- }
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "VFY_EndWithSignature",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d",
+ PORT_GetError());
+
+ if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "VFY_EndWithSignature",
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "signature does not verify");
+ transform->status = xmlSecTransformStatusFail;
+ }
+ return(-1);
}
transform->status = xmlSecTransformStatusOk;
return(0);
}
-static int
+static int
xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecNssSignatureCtxPtr ctx;
xmlSecBufferPtr in, out;
@@ -307,7 +383,7 @@ xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor
SECStatus status;
SECItem signature;
int ret;
-
+
xmlSecAssert2(xmlSecNssSignatureCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssSignatureSize), -1);
@@ -319,136 +395,158 @@ xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor
in = &(transform->inBuf);
out = &(transform->outBuf);
inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
-
+ outSize = xmlSecBufferGetSize(out);
+
ctx = xmlSecNssSignatureGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
if(transform->operation == xmlSecTransformOperationSign) {
- xmlSecAssert2(ctx->u.sig.sigctx != NULL, -1);
- xmlSecAssert2(ctx->u.sig.privkey != NULL, -1);
+ xmlSecAssert2(ctx->u.sig.sigctx != NULL, -1);
+ xmlSecAssert2(ctx->u.sig.privkey != NULL, -1);
} else {
- xmlSecAssert2(ctx->u.vfy.vfyctx != NULL, -1);
- xmlSecAssert2(ctx->u.vfy.pubkey != NULL, -1);
+ xmlSecAssert2(ctx->u.vfy.vfyctx != NULL, -1);
+ xmlSecAssert2(ctx->u.vfy.pubkey != NULL, -1);
}
if(transform->status == xmlSecTransformStatusNone) {
- xmlSecAssert2(outSize == 0, -1);
-
- if(transform->operation == xmlSecTransformOperationSign) {
- status = SGN_Begin(ctx->u.sig.sigctx);
- if(status != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "SGN_Begin",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(-1);
- }
- } else {
- status = VFY_Begin(ctx->u.vfy.vfyctx);
- if(status != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "VFY_Begin",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(-1);
- }
- }
- transform->status = xmlSecTransformStatusWorking;
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->operation == xmlSecTransformOperationSign) {
+ status = SGN_Begin(ctx->u.sig.sigctx);
+ if(status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "SGN_Begin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ } else {
+ status = VFY_Begin(ctx->u.vfy.vfyctx);
+ if(status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "VFY_Begin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusWorking;
}
-
+
if((transform->status == xmlSecTransformStatusWorking) && (inSize > 0)) {
- xmlSecAssert2(outSize == 0, -1);
-
- if(transform->operation == xmlSecTransformOperationSign) {
- status = SGN_Update(ctx->u.sig.sigctx, xmlSecBufferGetData(in), inSize);
- if(status != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "SGN_Update",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(-1);
- }
- } else {
- status = VFY_Update(ctx->u.vfy.vfyctx, xmlSecBufferGetData(in), inSize);
- if(status != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "VFY_Update",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(-1);
- }
- }
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->operation == xmlSecTransformOperationSign) {
+ status = SGN_Update(ctx->u.sig.sigctx, xmlSecBufferGetData(in), inSize);
+ if(status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "SGN_Update",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ } else {
+ status = VFY_Update(ctx->u.vfy.vfyctx, xmlSecBufferGetData(in), inSize);
+ if(status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "VFY_Update",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
- xmlSecAssert2(outSize == 0, -1);
- if(transform->operation == xmlSecTransformOperationSign) {
- memset(&signature, 0, sizeof(signature));
- status = SGN_End(ctx->u.sig.sigctx, &signature);
- if(status != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "SGN_End",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(-1);
- }
-
- outSize = signature.len;
- ret = xmlSecBufferSetMaxSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- PR_Free(signature.data);
- return(-1);
- }
-
- memcpy(xmlSecBufferGetData(out), signature.data, signature.len);
-
- ret = xmlSecBufferSetSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- PR_Free(signature.data);
- return(-1);
- }
- PR_Free(signature.data);
- }
- transform->status = xmlSecTransformStatusFinished;
+ xmlSecAssert2(outSize == 0, -1);
+ if(transform->operation == xmlSecTransformOperationSign) {
+ memset(&signature, 0, sizeof(signature));
+ status = SGN_End(ctx->u.sig.sigctx, &signature);
+ if(status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "SGN_End",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+ if(ctx->alg == SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) {
+ /* This creates a signature which is ASN1 encoded */
+ SECItem * signatureClr;
+
+ signatureClr = DSAU_DecodeDerSig(&signature);
+ if(signatureClr == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "DSAU_EncodeDerSig",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d",
+ PORT_GetError());
+ SECITEM_FreeItem(&signature, PR_FALSE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetData(out, signatureClr->data, signatureClr->len);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d",
+ signatureClr->len);
+ SECITEM_FreeItem(&signature, PR_FALSE);
+ return(-1);
+ }
+
+ SECITEM_FreeItem(signatureClr, PR_TRUE);
+ } else {
+ /* This signature is used as-is */
+ ret = xmlSecBufferSetData(out, signature.data, signature.len);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d",
+ signature.len);
+ SECITEM_FreeItem(&signature, PR_FALSE);
+ return(-1);
+ }
+ }
+
+ /* cleanup */
+ SECITEM_FreeItem(&signature, PR_FALSE);
+ }
+ transform->status = xmlSecTransformStatusFinished;
}
-
+
+
if((transform->status == xmlSecTransformStatusWorking) || (transform->status == xmlSecTransformStatusFinished)) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
-
+
return(0);
}
@@ -461,39 +559,39 @@ xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor
static xmlSecTransformKlass xmlSecNssDsaSha1Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssSignatureSize, /* xmlSecSize objSize */
-
- xmlSecNameDsaSha1, /* const xmlChar* name; */
- xmlSecHrefDsaSha1, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameDsaSha1, /* const xmlChar* name; */
+ xmlSecHrefDsaSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecNssTransformDsaSha1GetKlass:
- *
+ *
* The DSA-SHA1 signature transform klass.
*
* Returns: DSA-SHA1 signature transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecNssTransformDsaSha1GetKlass(void) {
return(&xmlSecNssDsaSha1Klass);
}
@@ -501,6 +599,56 @@ xmlSecNssTransformDsaSha1GetKlass(void) {
#endif /* XMLSEC_NO_DSA */
#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+/****************************************************************************
+ *
+ * RSA-MD5 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecNssRsaMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaMd5, /* const xmlChar* name; */
+ xmlSecHrefRsaMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformRsaMd5GetKlass:
+ *
+ * The RSA-MD5 signature transform klass.
+ *
+ * Returns: RSA-MD5 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformRsaMd5GetKlass(void) {
+ return(&xmlSecNssRsaMd5Klass);
+}
+
+#endif /* XMLSEC_NO_MD5 */
+
+
+#ifndef XMLSEC_NO_SHA1
/****************************************************************************
*
* RSA-SHA1 signature transform
@@ -508,43 +656,186 @@ xmlSecNssTransformDsaSha1GetKlass(void) {
***************************************************************************/
static xmlSecTransformKlass xmlSecNssRsaSha1Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecNssSignatureSize, /* xmlSecSize objSize */
-
- xmlSecNameRsaSha1, /* const xmlChar* name; */
- xmlSecHrefRsaSha1, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha1, /* const xmlChar* name; */
+ xmlSecHrefRsaSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecNssTransformRsaSha1GetKlass:
- *
+ *
* The RSA-SHA1 signature transform klass.
*
* Returns: RSA-SHA1 signature transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecNssTransformRsaSha1GetKlass(void) {
return(&xmlSecNssRsaSha1Klass);
}
-#endif /* XMLSEC_NO_DSA */
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/****************************************************************************
+ *
+ * RSA-SHA256 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecNssRsaSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha256, /* const xmlChar* name; */
+ xmlSecHrefRsaSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformRsaSha256GetKlass:
+ *
+ * The RSA-SHA256 signature transform klass.
+ *
+ * Returns: RSA-SHA256 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformRsaSha256GetKlass(void) {
+ return(&xmlSecNssRsaSha256Klass);
+}
+
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/****************************************************************************
+ *
+ * RSA-SHA384 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecNssRsaSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha384, /* const xmlChar* name; */
+ xmlSecHrefRsaSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformRsaSha384GetKlass:
+ *
+ * The RSA-SHA384 signature transform klass.
+ *
+ * Returns: RSA-SHA384 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformRsaSha384GetKlass(void) {
+ return(&xmlSecNssRsaSha384Klass);
+}
+
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/****************************************************************************
+ *
+ * RSA-SHA512 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecNssRsaSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha512, /* const xmlChar* name; */
+ xmlSecHrefRsaSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformRsaSha512GetKlass:
+ *
+ * The RSA-SHA512 signature transform klass.
+ *
+ * Returns: RSA-SHA512 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformRsaSha512GetKlass(void) {
+ return(&xmlSecNssRsaSha512Klass);
+}
+
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
diff --git a/src/nss/symkeys.c b/src/nss/symkeys.c
index fb23f4fd..3da7a694 100644
--- a/src/nss/symkeys.c
+++ b/src/nss/symkeys.c
@@ -1,12 +1,12 @@
-/**
+/**
*
* XMLSec library
- *
+ *
* DES Algorithm support
- *
+ *
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -25,43 +25,43 @@
#include <xmlsec/nss/crypto.h>
/*****************************************************************************
- *
+ *
* Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
*
****************************************************************************/
-static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
-static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
- xmlSecKeyDataPtr src);
-static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data);
-static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- const xmlSecByte* buf,
- xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlSecByte** buf,
- xmlSecSize* bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data,
- xmlSecSize sizeBits,
- xmlSecKeyDataType type);
-
-static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data);
-static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data);
-static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data,
- FILE* output);
-static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
- FILE* output);
-static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
+static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
+static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data);
+static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlSecByte** buf,
+ xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data);
+static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
#define xmlSecNssSymKeyDataCheckId(data) \
(xmlSecKeyDataIsValid((data)) && \
@@ -70,7 +70,7 @@ static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
static int
xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
-
+
return(xmlSecKeyDataBinaryValueInitialize(data));
}
@@ -79,48 +79,48 @@ xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1);
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1);
xmlSecAssert2(dst->id == src->id, -1);
-
+
return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
}
static void
xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) {
xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
-
+
xmlSecKeyDataBinaryValueFinalize(data);
}
static int
xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-
+
return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
}
-static int
+static int
xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-
+
return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
}
static int
xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- const xmlSecByte* buf, xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-
+
return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
}
static int
xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlSecByte** buf, xmlSecSize* bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecByte** buf, xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-
+
return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
}
@@ -133,7 +133,7 @@ xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
xmlSecAssert2(buffer != NULL, -1);
-
+
return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8));
}
@@ -149,44 +149,44 @@ xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) {
return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
}
-static xmlSecSize
+static xmlSecSize
xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0);
-
+
return(xmlSecKeyDataBinaryValueGetSize(data));
}
-static void
+static void
xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
-
- xmlSecKeyDataBinaryValueDebugDump(data, output);
+
+ xmlSecKeyDataBinaryValueDebugDump(data, output);
}
static void
xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
-
- xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
+
+ xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
}
-static int
-xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
+static int
+xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
#ifndef XMLSEC_NO_DES
if(klass == xmlSecNssKeyDataDesId) {
- return(1);
+ return(1);
}
#endif /* XMLSEC_NO_DES */
#ifndef XMLSEC_NO_AES
if(klass == xmlSecNssKeyDataAesId) {
- return(1);
+ return(1);
}
#endif /* XMLSEC_NO_AES */
#ifndef XMLSEC_NO_HMAC
if(klass == xmlSecNssKeyDataHmacId) {
- return(1);
+ return(1);
}
#endif /* XMLSEC_NO_HMAC */
@@ -205,55 +205,55 @@ static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
/* data */
xmlSecNameAESKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefAESKeyValue, /* const xmlChar* href; */
- xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
- xmlSecNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefAESKeyValue, /* const xmlChar* href; */
+ xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
+ xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
/* get info */
- xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
- xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
- xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecNssKeyDataAesGetKlass:
- *
+ *
* The AES key data klass.
*
* Returns: AES key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecNssKeyDataAesGetKlass(void) {
return(&xmlSecNssKeyDataAesKlass);
}
/**
* xmlSecNssKeyDataAesSet:
- * @data: the pointer to AES key data.
- * @buf: the pointer to key value.
- * @bufSize: the key value size (in bytes).
+ * @data: the pointer to AES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
*
* Sets the value of AES key data.
*
@@ -262,14 +262,14 @@ xmlSecNssKeyDataAesGetKlass(void) {
int
xmlSecNssKeyDataAesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
xmlSecBufferPtr buffer;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataAesId), -1);
xmlSecAssert2(buf != NULL, -1);
xmlSecAssert2(bufSize > 0, -1);
-
+
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
xmlSecAssert2(buffer != NULL, -1);
-
+
return(xmlSecBufferSetData(buffer, buf, bufSize));
}
#endif /* XMLSEC_NO_AES */
@@ -286,55 +286,55 @@ static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
/* data */
xmlSecNameDESKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefDESKeyValue, /* const xmlChar* href; */
- xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
- xmlSecNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefDESKeyValue, /* const xmlChar* href; */
+ xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
+ xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
/* get info */
- xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
- xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
- xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecNssKeyDataDesGetKlass:
- *
+ *
* The DES key data klass.
*
* Returns: DES key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecNssKeyDataDesGetKlass(void) {
return(&xmlSecNssKeyDataDesKlass);
}
/**
* xmlSecNssKeyDataDesSet:
- * @data: the pointer to DES key data.
- * @buf: the pointer to key value.
- * @bufSize: the key value size (in bytes).
+ * @data: the pointer to DES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
*
* Sets the value of DES key data.
*
@@ -343,14 +343,14 @@ xmlSecNssKeyDataDesGetKlass(void) {
int
xmlSecNssKeyDataDesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
xmlSecBufferPtr buffer;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId), -1);
xmlSecAssert2(buf != NULL, -1);
xmlSecAssert2(bufSize > 0, -1);
-
+
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
xmlSecAssert2(buffer != NULL, -1);
-
+
return(xmlSecBufferSetData(buffer, buf, bufSize));
}
@@ -368,55 +368,55 @@ static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
/* data */
xmlSecNameHMACKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
- xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
- xmlSecNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
+ xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
+ xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
/* get info */
- xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
- xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
- xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecNssKeyDataHmacGetKlass:
- *
+ *
* The HMAC key data klass.
*
* Returns: HMAC key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecNssKeyDataHmacGetKlass(void) {
return(&xmlSecNssKeyDataHmacKlass);
}
/**
* xmlSecNssKeyDataHmacSet:
- * @data: the pointer to HMAC key data.
- * @buf: the pointer to key value.
- * @bufSize: the key value size (in bytes).
+ * @data: the pointer to HMAC key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
*
* Sets the value of HMAC key data.
*
@@ -425,14 +425,14 @@ xmlSecNssKeyDataHmacGetKlass(void) {
int
xmlSecNssKeyDataHmacSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
xmlSecBufferPtr buffer;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataHmacId), -1);
xmlSecAssert2(buf != NULL, -1);
xmlSecAssert2(bufSize > 0, -1);
-
+
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
xmlSecAssert2(buffer != NULL, -1);
-
+
return(xmlSecBufferSetData(buffer, buf, bufSize));
}
diff --git a/src/nss/x509.c b/src/nss/x509.c
index aea40122..887c77cf 100644
--- a/src/nss/x509.c
+++ b/src/nss/x509.c
@@ -1,4 +1,4 @@
-/**
+/**
* XMLSec library
*
* X509 support
@@ -6,7 +6,7 @@
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (c) 2003 America Online, Inc. All rights reserved.
*/
#include "globals.h"
@@ -45,84 +45,84 @@
/* workaround - NSS exports this but doesn't declare it */
extern CERTCertificate * __CERT_NewTempCertificate(CERTCertDBHandle *handle,
- SECItem *derCert,
- char *nickname,
- PRBool isperm,
- PRBool copyDER);
+ SECItem *derCert,
+ char *nickname,
+ PRBool isperm,
+ PRBool copyDER);
/*************************************************************************
*
* X509 utility functions
*
************************************************************************/
-static int xmlSecNssX509DataNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
- xmlSecKeyPtr key,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-
-static CERTCertificate* xmlSecNssX509CertDerRead (const xmlSecByte* buf,
- xmlSecSize size);
-static CERTCertificate* xmlSecNssX509CertBase64DerRead (xmlChar* buf);
-static xmlChar* xmlSecNssX509CertBase64DerWrite (CERTCertificate* cert,
- int base64LineWrap);
-static CERTSignedCrl* xmlSecNssX509CrlDerRead (xmlSecByte* buf,
- xmlSecSize size,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static CERTSignedCrl* xmlSecNssX509CrlBase64DerRead (xmlChar* buf,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl,
- int base64LineWrap);
-static xmlChar* xmlSecNssX509NameWrite (CERTName* nm);
-static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num);
-static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert);
-static void xmlSecNssX509CertDebugDump (CERTCertificate* cert,
- FILE* output);
-static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert,
- FILE* output);
-static int xmlSecNssX509CertGetTime (PRTime* t,
- time_t* res);
+static int xmlSecNssX509DataNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
+ xmlSecKeyPtr key,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+static CERTCertificate* xmlSecNssX509CertDerRead (const xmlSecByte* buf,
+ xmlSecSize size);
+static CERTCertificate* xmlSecNssX509CertBase64DerRead (xmlChar* buf);
+static xmlChar* xmlSecNssX509CertBase64DerWrite (CERTCertificate* cert,
+ int base64LineWrap);
+static CERTSignedCrl* xmlSecNssX509CrlDerRead (xmlSecByte* buf,
+ xmlSecSize size,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static CERTSignedCrl* xmlSecNssX509CrlBase64DerRead (xmlChar* buf,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl,
+ int base64LineWrap);
+static xmlChar* xmlSecNssX509NameWrite (CERTName* nm);
+static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num);
+static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert);
+static void xmlSecNssX509CertDebugDump (CERTCertificate* cert,
+ FILE* output);
+static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert,
+ FILE* output);
+static int xmlSecNssX509CertGetTime (PRTime* t,
+ time_t* res);
/*************************************************************************
*
* Internal NSS X509 data CTX
*
************************************************************************/
-typedef struct _xmlSecNssX509DataCtx xmlSecNssX509DataCtx,
- *xmlSecNssX509DataCtxPtr;
+typedef struct _xmlSecNssX509DataCtx xmlSecNssX509DataCtx,
+ *xmlSecNssX509DataCtxPtr;
typedef struct _xmlSecNssX509CrlNode xmlSecNssX509CrlNode,
- *xmlSecNssX509CrlNodePtr;
+ *xmlSecNssX509CrlNodePtr;
struct _xmlSecNssX509CrlNode {
xmlSecNssX509CrlNodePtr next;
CERTSignedCrl *crl;
@@ -134,7 +134,7 @@ struct _xmlSecNssX509DataCtx {
CERTCertList* certsList;
unsigned int numCerts;
- xmlSecNssX509CrlNodePtr crlsList;
+ xmlSecNssX509CrlNodePtr crlsList;
unsigned int numCrls;
};
@@ -145,52 +145,52 @@ struct _xmlSecNssX509DataCtx {
*
* The X509Data Element (http://www.w3.org/TR/xmldsig-core/#sec-X509Data)
*
- * An X509Data element within KeyInfo contains one or more identifiers of keys
- * or X509 certificates (or certificates' identifiers or a revocation list).
+ * An X509Data element within KeyInfo contains one or more identifiers of keys
+ * or X509 certificates (or certificates' identifiers or a revocation list).
* The content of X509Data is:
*
* 1. At least one element, from the following set of element types; any of these may appear together or more than once iff (if and only if) each instance describes or is related to the same certificate:
* 2.
- * * The X509IssuerSerial element, which contains an X.509 issuer
- * distinguished name/serial number pair that SHOULD be compliant
- * with RFC2253 [LDAP-DN],
- * * The X509SubjectName element, which contains an X.509 subject
- * distinguished name that SHOULD be compliant with RFC2253 [LDAP-DN],
- * * The X509SKI element, which contains the base64 encoded plain (i.e.
- * non-DER-encoded) value of a X509 V.3 SubjectKeyIdentifier extension.
- * * The X509Certificate element, which contains a base64-encoded [X509v3]
- * certificate, and
- * * Elements from an external namespace which accompanies/complements any
- * of the elements above.
- * * The X509CRL element, which contains a base64-encoded certificate
- * revocation list (CRL) [X509v3].
+ * * The X509IssuerSerial element, which contains an X.509 issuer
+ * distinguished name/serial number pair that SHOULD be compliant
+ * with RFC2253 [LDAP-DN],
+ * * The X509SubjectName element, which contains an X.509 subject
+ * distinguished name that SHOULD be compliant with RFC2253 [LDAP-DN],
+ * * The X509SKI element, which contains the base64 encoded plain (i.e.
+ * non-DER-encoded) value of a X509 V.3 SubjectKeyIdentifier extension.
+ * * The X509Certificate element, which contains a base64-encoded [X509v3]
+ * certificate, and
+ * * Elements from an external namespace which accompanies/complements any
+ * of the elements above.
+ * * The X509CRL element, which contains a base64-encoded certificate
+ * revocation list (CRL) [X509v3].
*
- * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear
+ * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear
* MUST refer to the certificate or certificates containing the validation key.
- * All such elements that refer to a particular individual certificate MUST be
- * grouped inside a single X509Data element and if the certificate to which
+ * All such elements that refer to a particular individual certificate MUST be
+ * grouped inside a single X509Data element and if the certificate to which
* they refer appears, it MUST also be in that X509Data element.
*
- * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that relate to
- * the same key but different certificates MUST be grouped within a single
+ * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that relate to
+ * the same key but different certificates MUST be grouped within a single
* KeyInfo but MAY occur in multiple X509Data elements.
*
- * All certificates appearing in an X509Data element MUST relate to the
- * validation key by either containing it or being part of a certification
+ * All certificates appearing in an X509Data element MUST relate to the
+ * validation key by either containing it or being part of a certification
* chain that terminates in a certificate containing the validation key.
*
* No ordering is implied by the above constraints.
*
- * Note, there is no direct provision for a PKCS#7 encoded "bag" of
- * certificates or CRLs. However, a set of certificates and CRLs can occur
- * within an X509Data element and multiple X509Data elements can occur in a
- * KeyInfo. Whenever multiple certificates occur in an X509Data element, at
- * least one such certificate must contain the public key which verifies the
+ * Note, there is no direct provision for a PKCS#7 encoded "bag" of
+ * certificates or CRLs. However, a set of certificates and CRLs can occur
+ * within an X509Data element and multiple X509Data elements can occur in a
+ * KeyInfo. Whenever multiple certificates occur in an X509Data element, at
+ * least one such certificate must contain the public key which verifies the
* signature.
*
* Schema Definition
*
- * <element name="X509Data" type="ds:X509DataType"/>
+ * <element name="X509Data" type="ds:X509DataType"/>
* <complexType name="X509DataType">
* <sequence maxOccurs="unbounded">
* <choice>
@@ -203,10 +203,10 @@ struct _xmlSecNssX509DataCtx {
* </choice>
* </sequence>
* </complexType>
- * <complexType name="X509IssuerSerialType">
- * <sequence>
- * <element name="X509IssuerName" type="string"/>
- * <element name="X509SerialNumber" type="integer"/>
+ * <complexType name="X509IssuerSerialType">
+ * <sequence>
+ * <element name="X509IssuerName" type="string"/>
+ * <element name="X509SerialNumber" type="integer"/>
* </sequence>
* </complexType>
*
@@ -227,30 +227,30 @@ struct _xmlSecNssX509DataCtx {
* xmlSecNssX509DataCtx is located after xmlSecTransform
*
*************************************************************************/
-#define xmlSecNssX509DataSize \
- (sizeof(xmlSecKeyData) + sizeof(xmlSecNssX509DataCtx))
+#define xmlSecNssX509DataSize \
+ (sizeof(xmlSecKeyData) + sizeof(xmlSecNssX509DataCtx))
#define xmlSecNssX509DataGetCtx(data) \
((xmlSecNssX509DataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData)))
-static int xmlSecNssKeyDataX509Initialize (xmlSecKeyDataPtr data);
-static int xmlSecNssKeyDataX509Duplicate (xmlSecKeyDataPtr dst,
- xmlSecKeyDataPtr src);
-static void xmlSecNssKeyDataX509Finalize (xmlSecKeyDataPtr data);
-static int xmlSecNssKeyDataX509XmlRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecNssKeyDataX509XmlWrite (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static xmlSecKeyDataType xmlSecNssKeyDataX509GetType (xmlSecKeyDataPtr data);
+static int xmlSecNssKeyDataX509Initialize (xmlSecKeyDataPtr data);
+static int xmlSecNssKeyDataX509Duplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecNssKeyDataX509Finalize (xmlSecKeyDataPtr data);
+static int xmlSecNssKeyDataX509XmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssKeyDataX509XmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static xmlSecKeyDataType xmlSecNssKeyDataX509GetType (xmlSecKeyDataPtr data);
static const xmlChar* xmlSecNssKeyDataX509GetIdentifier (xmlSecKeyDataPtr data);
-static void xmlSecNssKeyDataX509DebugDump (xmlSecKeyDataPtr data,
- FILE* output);
-static void xmlSecNssKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data,
- FILE* output);
+static void xmlSecNssKeyDataX509DebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecNssKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data,
+ FILE* output);
@@ -260,55 +260,55 @@ static xmlSecKeyDataKlass xmlSecNssKeyDataX509Klass = {
/* data */
xmlSecNameX509Data,
- xmlSecKeyDataUsageKeyInfoNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefX509Data, /* const xmlChar* href; */
- xmlSecNodeX509Data, /* const xmlChar* dataNodeName; */
- xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyInfoNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefX509Data, /* const xmlChar* href; */
+ xmlSecNodeX509Data, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- xmlSecNssKeyDataX509Initialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecNssKeyDataX509Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecNssKeyDataX509Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- NULL, /* xmlSecKeyDataGenerateMethod generate; */
+ xmlSecNssKeyDataX509Initialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecNssKeyDataX509Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecNssKeyDataX509Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
/* get info */
- xmlSecNssKeyDataX509GetType, /* xmlSecKeyDataGetTypeMethod getType; */
- NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
- xmlSecNssKeyDataX509GetIdentifier, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ xmlSecNssKeyDataX509GetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ xmlSecNssKeyDataX509GetIdentifier, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- xmlSecNssKeyDataX509XmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecNssKeyDataX509XmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- NULL, /* xmlSecKeyDataBinReadMethod binRead; */
- NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ xmlSecNssKeyDataX509XmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecNssKeyDataX509XmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- xmlSecNssKeyDataX509DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecNssKeyDataX509DebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ xmlSecNssKeyDataX509DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecNssKeyDataX509DebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecNssKeyDataX509GetKlass:
- *
+ *
* The NSS X509 key data klass (http://www.w3.org/TR/xmldsig-core/#sec-X509Data).
*
* Returns: the X509 data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecNssKeyDataX509GetKlass(void) {
return(&xmlSecNssKeyDataX509Klass);
}
/**
* xmlSecNssKeyDataX509GetKeyCert:
- * @data: the pointer to X509 key data.
+ * @data: the pointer to X509 key data.
*
- * Gets the certificate from which the key was extracted.
+ * Gets the certificate from which the key was extracted.
*
* Returns: the key's certificate or NULL if key data was not used for key
* extraction or an error occurs.
@@ -316,7 +316,7 @@ xmlSecNssKeyDataX509GetKlass(void) {
CERTCertificate*
xmlSecNssKeyDataX509GetKeyCert(xmlSecKeyDataPtr data) {
xmlSecNssX509DataCtxPtr ctx;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), NULL);
ctx = xmlSecNssX509DataGetCtx(data);
@@ -327,8 +327,8 @@ xmlSecNssKeyDataX509GetKeyCert(xmlSecKeyDataPtr data) {
/**
* xmlSecNssKeyDataX509AdoptKeyCert:
- * @data: the pointer to X509 key data.
- * @cert: the pointer to NSS X509 certificate.
+ * @data: the pointer to X509 key data.
+ * @cert: the pointer to NSS X509 certificate.
*
* Sets the key's certificate in @data.
*
@@ -343,9 +343,9 @@ xmlSecNssKeyDataX509AdoptKeyCert(xmlSecKeyDataPtr data, CERTCertificate* cert) {
ctx = xmlSecNssX509DataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
-
+
if(ctx->keyCert != NULL) {
- CERT_DestroyCertificate(ctx->keyCert);
+ CERT_DestroyCertificate(ctx->keyCert);
}
ctx->keyCert = cert;
return(0);
@@ -353,61 +353,61 @@ xmlSecNssKeyDataX509AdoptKeyCert(xmlSecKeyDataPtr data, CERTCertificate* cert) {
/**
* xmlSecNssKeyDataX509AdoptCert:
- * @data: the pointer to X509 key data.
- * @cert: the pointer to NSS X509 certificate.
+ * @data: the pointer to X509 key data.
+ * @cert: the pointer to NSS X509 certificate.
*
* Adds certificate to the X509 key data.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecNssKeyDataX509AdoptCert(xmlSecKeyDataPtr data, CERTCertificate* cert) {
xmlSecNssX509DataCtxPtr ctx;
SECStatus ret;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
xmlSecAssert2(cert != NULL, -1);
ctx = xmlSecNssX509DataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
-
+
if(ctx->certsList == NULL) {
- ctx->certsList = CERT_NewCertList();
- if(ctx->certsList == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CERT_NewCertList",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(-1);
- }
- }
-
+ ctx->certsList = CERT_NewCertList();
+ if(ctx->certsList == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CERT_NewCertList",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ }
+
ret = CERT_AddCertToListTail(ctx->certsList, cert);
if(ret != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CERT_AddCertToListTail",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CERT_AddCertToListTail",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
}
ctx->numCerts++;
-
+
return(0);
}
/**
* xmlSecNssKeyDataX509GetCert:
- * @data: the pointer to X509 key data.
- * @pos: the desired certificate position.
- *
+ * @data: the pointer to X509 key data.
+ * @pos: the desired certificate position.
+ *
* Gets a certificate from X509 key data.
*
- * Returns: the pointer to certificate or NULL if @pos is larger than the
+ * Returns: the pointer to certificate or NULL if @pos is larger than the
* number of certificates in @data or an error occurs.
*/
-CERTCertificate*
+CERTCertificate*
xmlSecNssKeyDataX509GetCert(xmlSecKeyDataPtr data, xmlSecSize pos) {
xmlSecNssX509DataCtxPtr ctx;
CERTCertListNode* head;
@@ -422,7 +422,7 @@ xmlSecNssKeyDataX509GetCert(xmlSecKeyDataPtr data, xmlSecSize pos) {
head = CERT_LIST_HEAD(ctx->certsList);
while (pos > 0)
{
- head = CERT_LIST_NEXT(head);
+ head = CERT_LIST_NEXT(head);
pos--;
}
@@ -431,13 +431,13 @@ xmlSecNssKeyDataX509GetCert(xmlSecKeyDataPtr data, xmlSecSize pos) {
/**
* xmlSecNssKeyDataX509GetCertsSize:
- * @data: the pointer to X509 key data.
+ * @data: the pointer to X509 key data.
*
* Gets the number of certificates in @data.
*
* Returns: te number of certificates in @data.
*/
-xmlSecSize
+xmlSecSize
xmlSecNssKeyDataX509GetCertsSize(xmlSecKeyDataPtr data) {
xmlSecNssX509DataCtxPtr ctx;
@@ -451,35 +451,35 @@ xmlSecNssKeyDataX509GetCertsSize(xmlSecKeyDataPtr data) {
/**
* xmlSecNssKeyDataX509AdoptCrl:
- * @data: the pointer to X509 key data.
- * @crl: the pointer to NSS X509 CRL.
+ * @data: the pointer to X509 key data.
+ * @crl: the pointer to NSS X509 CRL.
*
* Adds CRL to the X509 key data.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecNssKeyDataX509AdoptCrl(xmlSecKeyDataPtr data, CERTSignedCrl* crl) {
xmlSecNssX509DataCtxPtr ctx;
xmlSecNssX509CrlNodePtr crlnode;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
xmlSecAssert2(crl != NULL, -1);
ctx = xmlSecNssX509DataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
-
+
crlnode = (xmlSecNssX509CrlNodePtr)PR_Malloc(sizeof(xmlSecNssX509CrlNode));
if(crlnode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "PR_Malloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PR_Malloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
memset(crlnode, 0, sizeof(xmlSecNssX509CrlNode));
crlnode->next = ctx->crlsList;
crlnode->crl = crl;
@@ -541,7 +541,7 @@ xmlSecNssKeyDataX509GetCrlsSize(xmlSecKeyDataPtr data) {
return(ctx->numCrls);
}
-static int
+static int
xmlSecNssKeyDataX509Initialize(xmlSecKeyDataPtr data) {
xmlSecNssX509DataCtxPtr ctx;
@@ -565,43 +565,43 @@ xmlSecNssKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecNssKeyDataX509Id), -1);
xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecNssKeyDataX509Id), -1);
-
+
/* copy certsList */
size = xmlSecNssKeyDataX509GetCertsSize(src);
for(pos = 0; pos < size; ++pos) {
- /* TBD: function below does linear scan, eliminate loop within
- * loop
- */
- certSrc = xmlSecNssKeyDataX509GetCert(src, pos);
- if(certSrc == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
- "xmlSecNssKeyDataX509GetCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
-
- certDst = CERT_DupCertificate(certSrc);
- if(certDst == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "CERT_DupCertificate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(-1);
- }
-
- ret = xmlSecNssKeyDataX509AdoptCert(dst, certDst);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "xmlSecNssKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CERT_DestroyCertificate(certDst);
- return(-1);
- }
+ /* TBD: function below does linear scan, eliminate loop within
+ * loop
+ */
+ certSrc = xmlSecNssKeyDataX509GetCert(src, pos);
+ if(certSrc == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
+ "xmlSecNssKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ certDst = CERT_DupCertificate(certSrc);
+ if(certDst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+ ret = xmlSecNssKeyDataX509AdoptCert(dst, certDst);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecNssKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CERT_DestroyCertificate(certDst);
+ return(-1);
+ }
}
/* copy crls */
@@ -617,11 +617,7 @@ xmlSecNssKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
return(-1);
}
- /* TBD: SEC_DupCrl isn't exported by NSS yet */
- /*crlDst = SEC_DupCrl(crlSrc);*/
- crlDst = crlSrc;
- PR_AtomicIncrement(&(crlSrc->referenceCount));
-
+ crlDst = SEC_DupCrl(crlSrc);
if(crlDst == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
@@ -646,25 +642,25 @@ xmlSecNssKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
/* copy key cert if exist */
certSrc = xmlSecNssKeyDataX509GetKeyCert(src);
if(certSrc != NULL) {
- certDst = CERT_DupCertificate(certSrc);
- if(certDst == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "CERT_DupCertificate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(-1);
- }
- ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "xmlSecNssKeyDataX509AdoptKeyCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CERT_DestroyCertificate(certDst);
- return(-1);
- }
+ certDst = CERT_DupCertificate(certSrc);
+ if(certDst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecNssKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CERT_DestroyCertificate(certDst);
+ return(-1);
+ }
}
return(0);
}
@@ -679,25 +675,25 @@ xmlSecNssKeyDataX509Finalize(xmlSecKeyDataPtr data) {
xmlSecAssert(ctx != NULL);
if(ctx->certsList != NULL) {
- CERT_DestroyCertList(ctx->certsList);
+ CERT_DestroyCertList(ctx->certsList);
}
if(ctx->crlsList != NULL) {
- xmlSecNssX509CrlNodePtr head;
- xmlSecNssX509CrlNodePtr tmp;
-
- head = ctx->crlsList;
- while (head)
- {
- tmp = head->next;
- SEC_DestroyCrl(head->crl);
- PR_Free(head);
- head = tmp;
- }
+ xmlSecNssX509CrlNodePtr head;
+ xmlSecNssX509CrlNodePtr tmp;
+
+ head = ctx->crlsList;
+ while (head)
+ {
+ tmp = head->next;
+ SEC_DestroyCrl(head->crl);
+ PR_Free(head);
+ head = tmp;
+ }
}
if(ctx->keyCert != NULL) {
- CERT_DestroyCertificate(ctx->keyCert);
+ CERT_DestroyCertificate(ctx->keyCert);
}
memset(ctx, 0, sizeof(xmlSecNssX509DataCtx));
@@ -705,59 +701,59 @@ xmlSecNssKeyDataX509Finalize(xmlSecKeyDataPtr data) {
static int
xmlSecNssKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data;
int ret;
-
+
xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
-
+
data = xmlSecKeyEnsureData(key, id);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyEnsureData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecNssX509DataNodeRead(data, node, keyInfoCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssX509DataNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssX509DataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) {
ret = xmlSecNssKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssKeyDataX509VerifyAndExtractKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssKeyDataX509VerifyAndExtractKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
}
return(0);
}
-static int
+static int
xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data;
CERTCertificate* cert;
CERTSignedCrl* crl;
xmlSecSize size, pos;
int content = 0;
int ret;
-
+
xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(node != NULL, -1);
@@ -765,110 +761,110 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx);
if (content < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecX509DataGetNodeContent",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "content=%d", content);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecX509DataGetNodeContent",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "content=%d", content);
+ return(-1);
} else if(content == 0) {
- /* by default we are writing certificates and crls */
- content = XMLSEC_X509DATA_DEFAULT;
+ /* by default we are writing certificates and crls */
+ content = XMLSEC_X509DATA_DEFAULT;
}
/* get x509 data */
data = xmlSecKeyGetData(key, id);
if(data == NULL) {
- /* no x509 data in the key */
- return(0);
+ /* no x509 data in the key */
+ return(0);
}
/* write certs */
size = xmlSecNssKeyDataX509GetCertsSize(data);
for(pos = 0; pos < size; ++pos) {
- cert = xmlSecNssKeyDataX509GetCert(data, pos);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssKeyDataX509GetCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
-
- if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
- ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssX509CertificateNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
- }
-
- if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
- ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssX509SubjectNameNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
- }
-
- if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
- ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssX509IssuerSerialNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
- }
-
- if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
- ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssX509SKINodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
- }
- }
+ cert = xmlSecNssKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
+ ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssX509CertificateNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
+ ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssX509SubjectNameNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
+ ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssX509IssuerSerialNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
+ ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssX509SKINodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+ }
/* write crls if needed */
if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
- size = xmlSecNssKeyDataX509GetCrlsSize(data);
- for(pos = 0; pos < size; ++pos) {
- crl = xmlSecNssKeyDataX509GetCrl(data, pos);
- if(crl == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssKeyDataX509GetCrl",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
-
- ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssX509CRLNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
- }
+ size = xmlSecNssKeyDataX509GetCrlsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ crl = xmlSecNssKeyDataX509GetCrl(data, pos);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssKeyDataX509GetCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssX509CRLNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
}
return(0);
@@ -878,19 +874,19 @@ static xmlSecKeyDataType
xmlSecNssKeyDataX509GetType(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), xmlSecKeyDataTypeUnknown);
- /* TODO: return verified/not verified status */
+ /* TODO: return verified/not verified status */
return(xmlSecKeyDataTypeUnknown);
}
static const xmlChar*
xmlSecNssKeyDataX509GetIdentifier(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), NULL);
-
- /* TODO */
+
+ /* TODO */
return(NULL);
}
-static void
+static void
xmlSecNssKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) {
CERTCertificate* cert;
xmlSecSize size, pos;
@@ -901,25 +897,25 @@ xmlSecNssKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) {
fprintf(output, "=== X509 Data:\n");
cert = xmlSecNssKeyDataX509GetKeyCert(data);
if(cert != NULL) {
- fprintf(output, "==== Key Certificate:\n");
- xmlSecNssX509CertDebugDump(cert, output);
+ fprintf(output, "==== Key Certificate:\n");
+ xmlSecNssX509CertDebugDump(cert, output);
}
-
+
size = xmlSecNssKeyDataX509GetCertsSize(data);
for(pos = 0; pos < size; ++pos) {
- cert = xmlSecNssKeyDataX509GetCert(data, pos);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssKeyDataX509GetCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return;
- }
- fprintf(output, "==== Certificate:\n");
- xmlSecNssX509CertDebugDump(cert, output);
- }
-
+ cert = xmlSecNssKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "==== Certificate:\n");
+ xmlSecNssX509CertDebugDump(cert, output);
+ }
+
/* we don't print out crls */
}
@@ -934,78 +930,78 @@ xmlSecNssKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
fprintf(output, "<X509Data>\n");
cert = xmlSecNssKeyDataX509GetKeyCert(data);
if(cert != NULL) {
- fprintf(output, "<KeyCertificate>\n");
- xmlSecNssX509CertDebugXmlDump(cert, output);
- fprintf(output, "</KeyCertificate>\n");
+ fprintf(output, "<KeyCertificate>\n");
+ xmlSecNssX509CertDebugXmlDump(cert, output);
+ fprintf(output, "</KeyCertificate>\n");
}
-
+
size = xmlSecNssKeyDataX509GetCertsSize(data);
for(pos = 0; pos < size; ++pos) {
- cert = xmlSecNssKeyDataX509GetCert(data, pos);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssKeyDataX509GetCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return;
- }
- fprintf(output, "<Certificate>\n");
- xmlSecNssX509CertDebugXmlDump(cert, output);
- fprintf(output, "</Certificate>\n");
- }
-
+ cert = xmlSecNssKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "<Certificate>\n");
+ xmlSecNssX509CertDebugXmlDump(cert, output);
+ fprintf(output, "</Certificate>\n");
+ }
+
/* we don't print out crls */
fprintf(output, "</X509Data>\n");
}
static int
xmlSecNssX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlNodePtr cur;
+ xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
-
+
for(cur = xmlSecGetNextElementNode(node->children);
- cur != NULL;
- cur = xmlSecGetNextElementNode(cur->next)) {
-
- ret = 0;
- if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) {
- ret = xmlSecNssX509CertificateNodeRead(data, cur, keyInfoCtx);
- } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
- ret = xmlSecNssX509SubjectNameNodeRead(data, cur, keyInfoCtx);
- } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
- ret = xmlSecNssX509IssuerSerialNodeRead(data, cur, keyInfoCtx);
- } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
- ret = xmlSecNssX509SKINodeRead(data, cur, keyInfoCtx);
- } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
- ret = xmlSecNssX509CRLNodeRead(data, cur, keyInfoCtx);
- } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) {
- /* laxi schema validation: ignore unknown nodes */
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "read node failed");
- return(-1);
- }
+ cur != NULL;
+ cur = xmlSecGetNextElementNode(cur->next)) {
+
+ ret = 0;
+ if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) {
+ ret = xmlSecNssX509CertificateNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
+ ret = xmlSecNssX509SubjectNameNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
+ ret = xmlSecNssX509IssuerSerialNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
+ ret = xmlSecNssX509SKINodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
+ ret = xmlSecNssX509CRLNodeRead(data, cur, keyInfoCtx);
+ } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) {
+ /* laxi schema validation: ignore unknown nodes */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "read node failed");
+ return(-1);
+ }
}
return(0);
}
static int
-xmlSecNssX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+xmlSecNssX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlChar *content;
CERTCertificate* cert;
int ret;
@@ -1016,77 +1012,77 @@ xmlSecNssX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK
content = xmlNodeGetContent(node);
if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
- if(content != NULL) {
- xmlFree(content);
- }
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- return(0);
+ if(content != NULL) {
+ xmlFree(content);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
}
cert = xmlSecNssX509CertBase64DerRead(content);
if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssX509CertBase64DerRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(content);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssX509CertBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+
ret = xmlSecNssKeyDataX509AdoptCert(data, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CERT_DestroyCertificate(cert);
- xmlFree(content);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CERT_DestroyCertificate(cert);
+ xmlFree(content);
+ return(-1);
+ }
+
xmlFree(content);
return(0);
}
-static int
+static int
xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlChar* buf;
xmlNodePtr cur;
-
+
xmlSecAssert2(cert != NULL, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
-
+
/* set base64 lines size from context */
- buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
+ buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssX509CertBase64DerWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509CertBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
- xmlFree(buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
+ xmlFree(buf);
+ return(-1);
}
/* todo: add \n around base64 data - from context */
@@ -1097,13 +1093,13 @@ xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSec
return(0);
}
-static int
-xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+static int
+xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataStorePtr x509Store;
xmlChar* subject;
CERTCertificate* cert;
int ret;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
@@ -1111,60 +1107,60 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK
x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId);
if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
subject = xmlNodeGetContent(node);
if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) {
- if(subject != NULL) {
- xmlFree(subject);
- }
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- return(0);
+ if(subject != NULL) {
+ xmlFree(subject);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
}
cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
if(cert == NULL){
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_FOUND,
- "subject=%s",
- xmlSecErrorsSafeString(subject));
- xmlFree(subject);
- return(-1);
- }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "subject=%s",
+ xmlSecErrorsSafeString(subject));
+ xmlFree(subject);
+ return(-1);
+ }
- xmlFree(subject);
- return(0);
+ xmlFree(subject);
+ return(0);
}
ret = xmlSecNssKeyDataX509AdoptCert(data, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CERT_DestroyCertificate(cert);
- xmlFree(subject);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CERT_DestroyCertificate(cert);
+ xmlFree(subject);
+ return(-1);
+ }
+
xmlFree(subject);
return(0);
}
@@ -1179,36 +1175,36 @@ xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSec
buf = xmlSecNssX509NameWrite(&(cert->subject));
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssX509NameWrite(&(cert->subject))",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509NameWrite(&(cert->subject))",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
- xmlFree(buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
+ xmlFree(buf);
+ return(-1);
}
xmlSecNodeEncodeAndSetContent(cur, buf);
xmlFree(buf);
return(0);
}
-static int
+static int
xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataStorePtr x509Store;
xmlNodePtr cur;
xmlChar *issuerName;
- xmlChar *issuerSerial;
+ xmlChar *issuerSerial;
CERTCertificate* cert;
int ret;
@@ -1219,118 +1215,118 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec
x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId);
if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
cur = xmlSecGetNextElementNode(node->children);
if(cur == NULL) {
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
- return(0);
- }
-
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ return(0);
+ }
+
/* the first is required node X509IssuerName */
if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
issuerName = xmlNodeGetContent(cur);
if(issuerName == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+ return(-1);
}
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
/* next is required node X509SerialNumber */
if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
- xmlFree(issuerName);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+ xmlFree(issuerName);
+ return(-1);
+ }
issuerSerial = xmlNodeGetContent(cur);
if(issuerSerial == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- xmlFree(issuerName);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ xmlFree(issuerName);
+ return(-1);
}
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(issuerSerial);
- xmlFree(issuerName);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
}
cert = xmlSecNssX509StoreFindCert(x509Store, NULL, issuerName, issuerSerial, NULL, keyInfoCtx);
if(cert == NULL){
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_FOUND,
- "issuerName=%s;issuerSerial=%s",
- xmlSecErrorsSafeString(issuerName),
- xmlSecErrorsSafeString(issuerSerial));
- xmlFree(issuerSerial);
- xmlFree(issuerName);
- return(-1);
- }
-
- xmlFree(issuerSerial);
- xmlFree(issuerName);
- return(0);
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "issuerName=%s;issuerSerial=%s",
+ xmlSecErrorsSafeString(issuerName),
+ xmlSecErrorsSafeString(issuerSerial));
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(0);
}
ret = xmlSecNssKeyDataX509AdoptCert(data, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CERT_DestroyCertificate(cert);
- xmlFree(issuerSerial);
- xmlFree(issuerName);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CERT_DestroyCertificate(cert);
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+
xmlFree(issuerSerial);
xmlFree(issuerName);
return(0);
@@ -1342,65 +1338,65 @@ xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSe
xmlNodePtr issuerNameNode;
xmlNodePtr issuerNumberNode;
xmlChar* buf;
-
+
xmlSecAssert2(cert != NULL, -1);
xmlSecAssert2(node != NULL, -1);
/* create xml nodes */
cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
+ return(-1);
}
issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
if(issuerNameNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+ return(-1);
}
issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
if(issuerNumberNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+ return(-1);
}
/* write data */
buf = xmlSecNssX509NameWrite(&(cert->issuer));
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssX509NameWrite(&(cert->issuer))",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509NameWrite(&(cert->issuer))",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
xmlSecNodeEncodeAndSetContent(issuerNameNode, buf);
xmlFree(buf);
buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber));
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
xmlNodeSetContent(issuerNumberNode, buf);
xmlFree(buf);
@@ -1408,13 +1404,13 @@ xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSe
return(0);
}
-static int
+static int
xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataStorePtr x509Store;
xmlChar* ski;
CERTCertificate* cert;
int ret;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
@@ -1422,59 +1418,59 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt
x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId);
if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ski = xmlNodeGetContent(node);
if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) {
- if(ski != NULL) {
- xmlFree(ski);
- }
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SKI));
- return(-1);
- }
- return(0);
+ if(ski != NULL) {
+ xmlFree(ski);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ return(-1);
+ }
+ return(0);
}
cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
if(cert == NULL){
- xmlFree(ski);
+ xmlFree(ski);
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_FOUND,
- "ski=%s",
- xmlSecErrorsSafeString(ski));
- return(-1);
- }
- return(0);
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "ski=%s",
+ xmlSecErrorsSafeString(ski));
+ return(-1);
+ }
+ return(0);
}
ret = xmlSecNssKeyDataX509AdoptCert(data, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CERT_DestroyCertificate(cert);
- xmlFree(ski);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CERT_DestroyCertificate(cert);
+ xmlFree(ski);
+ return(-1);
+ }
+
xmlFree(ski);
return(0);
}
@@ -1489,24 +1485,24 @@ xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoC
buf = xmlSecNssX509SKIWrite(cert);
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssX509SKIWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509SKIWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "new_node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SKI));
- xmlFree(buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "new_node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ xmlFree(buf);
+ return(-1);
}
xmlSecNodeEncodeAndSetContent(cur, buf);
xmlFree(buf);
@@ -1514,7 +1510,7 @@ xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoC
return(0);
}
-static int
+static int
xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlChar *content;
CERTSignedCrl* crl;
@@ -1525,32 +1521,32 @@ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt
content = xmlNodeGetContent(node);
if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
- if(content != NULL) {
- xmlFree(content);
- }
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- return(0);
+ if(content != NULL) {
+ xmlFree(content);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
}
crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx);
if(crl == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssX509CrlBase64DerRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(content);
- return(-1);
- }
-
- SEC_DestroyCrl(crl);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssX509CrlBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+
+ SEC_DestroyCrl(crl);
xmlFree(content);
return(0);
}
@@ -1565,26 +1561,26 @@ xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxP
xmlSecAssert2(keyInfoCtx != NULL, -1);
/* set base64 lines size from context */
- buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
+ buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssX509CrlBase64DerWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509CrlBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "new_node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509CRL));
- xmlFree(buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "new_node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509CRL));
+ xmlFree(buf);
+ return(-1);
}
/* todo: add \n around base64 data - from context */
/* todo: add errors check */
@@ -1598,13 +1594,13 @@ xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxP
static int
xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecNssX509DataCtxPtr ctx;
xmlSecKeyDataStorePtr x509Store;
int ret;
SECStatus status;
PRTime notBefore, notAfter;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
@@ -1615,101 +1611,101 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId);
if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
if((ctx->keyCert == NULL) && (ctx->certsList != NULL) && (xmlSecKeyGetValue(key) == NULL)) {
- CERTCertificate* cert;
-
- cert = xmlSecNssX509StoreVerify(x509Store, ctx->certsList, keyInfoCtx);
- if(cert != NULL) {
- xmlSecKeyDataPtr keyValue;
-
- ctx->keyCert = CERT_DupCertificate(cert);
- if(ctx->keyCert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CERT_DupCertificate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- keyValue = xmlSecNssX509CertGetKey(ctx->keyCert);
- if(keyValue == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssX509CertGetKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* verify that the key matches our expectations */
- if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeyReqMatchKeyValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(keyValue);
- return(-1);
- }
-
- ret = xmlSecKeySetValue(key, keyValue);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(keyValue);
- return(-1);
- }
-
- status = CERT_GetCertTimes(ctx->keyCert, &notBefore, &notAfter);
- if (status == SECSuccess) {
- ret = xmlSecNssX509CertGetTime(&notBefore, &(key->notValidBefore));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssX509CertGetTime",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "notValidBefore");
- return(-1);
- }
- ret = xmlSecNssX509CertGetTime(&notAfter, &(key->notValidAfter));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssX509CertGetTime",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "notValidAfter");
- return(-1);
- }
- } else {
- key->notValidBefore = key->notValidAfter = 0;
- }
- } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ CERTCertificate* cert;
+
+ cert = xmlSecNssX509StoreVerify(x509Store, ctx->certsList, keyInfoCtx);
+ if(cert != NULL) {
+ xmlSecKeyDataPtr keyValue;
+
+ ctx->keyCert = CERT_DupCertificate(cert);
+ if(ctx->keyCert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ keyValue = xmlSecNssX509CertGetKey(ctx->keyCert);
+ if(keyValue == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssX509CertGetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* verify that the key matches our expectations */
+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeyReqMatchKeyValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyValue);
+ return(-1);
+ }
+
+ ret = xmlSecKeySetValue(key, keyValue);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyValue);
+ return(-1);
+ }
+
+ status = CERT_GetCertTimes(ctx->keyCert, &notBefore, &notAfter);
+ if (status == SECSuccess) {
+ ret = xmlSecNssX509CertGetTime(&notBefore, &(key->notValidBefore));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssX509CertGetTime",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "notValidBefore");
+ return(-1);
+ }
+ ret = xmlSecNssX509CertGetTime(&notAfter, &(key->notValidAfter));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssX509CertGetTime",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "notValidAfter");
+ return(-1);
+ }
+ } else {
+ key->notValidBefore = key->notValidAfter = 0;
+ }
+ } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
return(0);
}
static int
xmlSecNssX509CertGetTime(PRTime* t, time_t* res) {
-
+
PRTime tmp64_1, tmp64_2;
PRUint32 tmp32 = 1000000;
@@ -1729,42 +1725,42 @@ xmlSecNssX509CertGetTime(PRTime* t, time_t* res) {
return(0);
}
-/**
+/**
* xmlSecNssX509CertGetKey:
- * @cert: the certificate.
- *
+ * @cert: the certificate.
+ *
* Extracts public key from the @cert.
*
* Returns: public key value or NULL if an error occurs.
*/
-xmlSecKeyDataPtr
+xmlSecKeyDataPtr
xmlSecNssX509CertGetKey(CERTCertificate* cert) {
xmlSecKeyDataPtr data;
SECKEYPublicKey *pubkey = NULL;
-
+
xmlSecAssert2(cert != NULL, NULL);
pubkey = CERT_ExtractPublicKey(cert);
if(pubkey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CERT_ExtractPublicKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(NULL);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_ExtractPublicKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(NULL);
+ }
data = xmlSecNssPKIAdoptKey(NULL, pubkey);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssPKIAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- SECKEY_DestroyPublicKey(pubkey);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssPKIAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECKEY_DestroyPublicKey(pubkey);
+ return(NULL);
+ }
+
return(data);
}
@@ -1773,18 +1769,18 @@ xmlSecNssX509CertBase64DerRead(xmlChar* buf) {
int ret;
xmlSecAssert2(buf != NULL, NULL);
-
+
/* usual trick with base64 decoding "in-place" */
- ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
+ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Decode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
return(xmlSecNssX509CertDerRead((xmlSecByte*)buf, ret));
}
@@ -1796,7 +1792,7 @@ xmlSecNssX509CertDerRead(const xmlSecByte* buf, xmlSecSize size) {
xmlSecAssert2(buf != NULL, NULL);
xmlSecAssert2(size > 0, NULL);
-
+
derCert.data = (unsigned char *)buf;
derCert.len = size;
@@ -1804,12 +1800,12 @@ xmlSecNssX509CertDerRead(const xmlSecByte* buf, xmlSecSize size) {
cert = __CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &derCert,
NULL, PR_FALSE, PR_TRUE);
if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "__CERT_NewTempCertificate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "__CERT_NewTempCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(NULL);
}
@@ -1823,56 +1819,56 @@ xmlSecNssX509CertBase64DerWrite(CERTCertificate* cert, int base64LineWrap) {
long size;
xmlSecAssert2(cert != NULL, NULL);
-
+
p = cert->derCert.data;
size = cert->derCert.len;
if((size <= 0) || (p == NULL)){
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "cert->derCert",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cert->derCert",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(NULL);
+ }
+
res = xmlSecBase64Encode(p, size, base64LineWrap);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
return(res);
}
static CERTSignedCrl*
-xmlSecNssX509CrlBase64DerRead(xmlChar* buf,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+xmlSecNssX509CrlBase64DerRead(xmlChar* buf,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
int ret;
xmlSecAssert2(buf != NULL, NULL);
-
+
/* usual trick with base64 decoding "in-place" */
- ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
+ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Decode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
return(xmlSecNssX509CrlDerRead((xmlSecByte*)buf, ret, keyInfoCtx));
}
static CERTSignedCrl*
xmlSecNssX509CrlDerRead(xmlSecByte* buf, xmlSecSize size,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
CERTSignedCrl *crl = NULL;
SECItem derCrl;
PK11SlotInfo *slot = NULL;
@@ -1881,7 +1877,7 @@ xmlSecNssX509CrlDerRead(xmlSecByte* buf, xmlSecSize size,
xmlSecAssert2(buf != NULL, NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
xmlSecAssert2(size > 0, NULL);
-
+
derCrl.data = buf;
derCrl.len = size;
@@ -1894,24 +1890,24 @@ xmlSecNssX509CrlDerRead(xmlSecByte* buf, xmlSecSize size,
NULL,
"xmlSecNssGetInternalKeySlot",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return NULL;
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return NULL;
}
if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS) != 0)
- importOptions |= CRL_IMPORT_BYPASS_CHECKS;
+ importOptions |= CRL_IMPORT_BYPASS_CHECKS;
- crl = PK11_ImportCRL(slot, &derCrl, NULL, SEC_CRL_TYPE, NULL,
- importOptions, NULL, CRL_DECODE_DEFAULT_OPTIONS);
+ crl = PK11_ImportCRL(slot, &derCrl, NULL, SEC_CRL_TYPE, NULL,
+ importOptions, NULL, CRL_DECODE_DEFAULT_OPTIONS);
if(crl == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_ImportCRL",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- PK11_FreeSlot(slot);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_ImportCRL",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ PK11_FreeSlot(slot);
+ return(NULL);
}
PK11_FreeSlot(slot);
@@ -1945,7 +1941,7 @@ xmlSecNssX509CrlBase64DerWrite(CERTSignedCrl* crl, int base64LineWrap) {
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
- }
+ }
return(res);
}
@@ -1960,22 +1956,22 @@ xmlSecNssX509NameWrite(CERTName* nm) {
str = CERT_NameToAscii(nm);
if (str == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CERT_NameToAscii",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ NULL,
+ "CERT_NameToAscii",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
res = xmlStrdup(BAD_CAST str);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrdup",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- PORT_Free(str);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ PORT_Free(str);
+ return(NULL);
}
PORT_Free(str);
return(res);
@@ -1984,12 +1980,34 @@ xmlSecNssX509NameWrite(CERTName* nm) {
static xmlChar*
xmlSecNssASN1IntegerWrite(SECItem *num) {
xmlChar *res = NULL;
-
+ int resLen = 64; /* not more than 64 chars */
+ PRUint64 val = 0;
+ unsigned int ii = 0;
+ int shift = 0;
+
xmlSecAssert2(num != NULL, NULL);
+ xmlSecAssert2(num->type == siBuffer, NULL);
+ xmlSecAssert2(num->len <= 9, NULL);
+ xmlSecAssert2(num->data != NULL, NULL);
- /* TODO : to be implemented after
- * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed
+ /* HACK : to be fixed after
+ * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed
*/
+ for(ii = num->len; ii > 0; --ii, shift += 8) {
+ val |= ((PRUint64)num->data[ii - 1]) << shift;
+ }
+
+ res = (xmlChar*)xmlMalloc(resLen + 1);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+ }
+
+ PR_snprintf((char*)res, resLen, "%llu", val);
return(res);
}
@@ -2005,32 +2023,32 @@ xmlSecNssX509SKIWrite(CERTCertificate* cert) {
rv = CERT_FindSubjectKeyIDExtension(cert, &ski);
if (rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CERT_FindSubjectKeyIDExtension",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- SECITEM_FreeItem(&ski, PR_FALSE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_FindSubjectKeyIDExtension",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECITEM_FreeItem(&ski, PR_FALSE);
+ return(NULL);
}
res = xmlSecBase64Encode(ski.data, ski.len, 0);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- SECITEM_FreeItem(&ski, PR_FALSE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECITEM_FreeItem(&ski, PR_FALSE);
+ return(NULL);
}
SECITEM_FreeItem(&ski, PR_FALSE);
-
+
return(res);
}
-static void
+static void
xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) {
SECItem *sn;
unsigned int i;
@@ -2043,17 +2061,17 @@ xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) {
sn = &cert->serialNumber;
for (i = 0; i < sn->len; i++) {
- if (i != sn->len - 1) {
- fprintf(output, "%02x:", sn->data[i]);
- } else {
- fprintf(output, "%02x", sn->data[i]);
- }
+ if (i != sn->len - 1) {
+ fprintf(output, "%02x:", sn->data[i]);
+ } else {
+ fprintf(output, "%02x", sn->data[i]);
+ }
}
fprintf(output, "\n");
}
-static void
+static void
xmlSecNssX509CertDebugXmlDump(CERTCertificate* cert, FILE* output) {
SECItem *sn;
unsigned int i;
@@ -2072,11 +2090,11 @@ xmlSecNssX509CertDebugXmlDump(CERTCertificate* cert, FILE* output) {
fprintf(output, "<SerialNumber>");
sn = &cert->serialNumber;
for (i = 0; i < sn->len; i++) {
- if (i != sn->len - 1) {
- fprintf(output, "%02x:", sn->data[i]);
- } else {
- fprintf(output, "%02x", sn->data[i]);
- }
+ if (i != sn->len - 1) {
+ fprintf(output, "%02x:", sn->data[i]);
+ } else {
+ fprintf(output, "%02x", sn->data[i]);
+ }
}
fprintf(output, "</SerialNumber>\n");
}
@@ -2088,11 +2106,11 @@ xmlSecNssX509CertDebugXmlDump(CERTCertificate* cert, FILE* output) {
*
*
*************************************************************************/
-static int xmlSecNssKeyDataRawX509CertBinRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- const xmlSecByte* buf,
- xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssKeyDataRawX509CertBinRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
static xmlSecKeyDataKlass xmlSecNssKeyDataRawX509CertKlass = {
sizeof(xmlSecKeyDataKlass),
@@ -2100,58 +2118,58 @@ static xmlSecKeyDataKlass xmlSecNssKeyDataRawX509CertKlass = {
/* data */
xmlSecNameRawX509Cert,
- xmlSecKeyDataUsageRetrievalMethodNodeBin,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefRawX509Cert, /* const xmlChar* href; */
- NULL, /* const xmlChar* dataNodeName; */
- xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageRetrievalMethodNodeBin,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefRawX509Cert, /* const xmlChar* href; */
+ NULL, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- NULL, /* xmlSecKeyDataInitializeMethod initialize; */
- NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
- NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
- NULL, /* xmlSecKeyDataGenerateMethod generate; */
+ NULL, /* xmlSecKeyDataInitializeMethod initialize; */
+ NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
/* get info */
- NULL, /* xmlSecKeyDataGetTypeMethod getType; */
- NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ NULL, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- xmlSecNssKeyDataRawX509CertBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
- NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecNssKeyDataRawX509CertBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecNssKeyDataRawX509CertGetKlass:
- *
+ *
* The raw X509 certificates key data klass.
*
* Returns: raw X509 certificates key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecNssKeyDataRawX509CertGetKlass(void) {
return(&xmlSecNssKeyDataRawX509CertKlass);
}
static int
xmlSecNssKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- const xmlSecByte* buf, xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data;
CERTCertificate* cert;
int ret;
-
+
xmlSecAssert2(id == xmlSecNssKeyDataRawX509CertId, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(buf != NULL, -1);
@@ -2160,44 +2178,44 @@ xmlSecNssKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
cert = xmlSecNssX509CertDerRead(buf, bufSize);
if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssX509CertDerRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509CertDerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
data = xmlSecKeyEnsureData(key, xmlSecNssKeyDataX509Id);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyEnsureData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CERT_DestroyCertificate(cert);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CERT_DestroyCertificate(cert);
+ return(-1);
+ }
+
ret = xmlSecNssKeyDataX509AdoptCert(data, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- CERT_DestroyCertificate(cert);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CERT_DestroyCertificate(cert);
+ return(-1);
}
ret = xmlSecNssKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssKeyDataX509VerifyAndExtractKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssKeyDataX509VerifyAndExtractKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
diff --git a/src/nss/x509vfy.c b/src/nss/x509vfy.c
index 25bf5042..fdb866fe 100644
--- a/src/nss/x509vfy.c
+++ b/src/nss/x509vfy.c
@@ -1,4 +1,4 @@
-/**
+/**
* XMLSec library
*
* X509 support
@@ -6,7 +6,7 @@
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (c) 2003 America Online, Inc. All rights reserved.
*/
#include "globals.h"
@@ -40,11 +40,20 @@
* Internal NSS X509 store CTX
*
*************************************************************************/
-typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx,
- *xmlSecNssX509StoreCtxPtr;
+typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx,
+ *xmlSecNssX509StoreCtxPtr;
struct _xmlSecNssX509StoreCtx {
+ /* Two uses:
+ *
+ * 1) Just keeping a reference to destroy later.
+ *
+ * 2) NSS doesn't update it's cache correctly when new certs are added
+ * https://bugzilla.mozilla.org/show_bug.cgi?id=211051
+ * we use this list to perform search ourselves.
+ */
+
CERTCertList* certsList; /* just keeping a reference to destroy later */
-};
+};
/****************************************************************************
*
@@ -55,22 +64,23 @@ struct _xmlSecNssX509StoreCtx {
***************************************************************************/
#define xmlSecNssX509StoreGetCtx(store) \
((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \
- sizeof(xmlSecKeyDataStoreKlass)))
-#define xmlSecNssX509StoreSize \
+ sizeof(xmlSecKeyDataStoreKlass)))
+#define xmlSecNssX509StoreSize \
(sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx))
-
-static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store);
-static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store);
-static int xmlSecNssX509NameStringRead (xmlSecByte **str,
- int *strLen,
- xmlSecByte *res,
- int resLen,
- xmlSecByte delim,
- int ingoreTrailingSpaces);
-static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str,
- int len);
-static void xmlSecNssNumToItem(SECItem *it, unsigned long num);
+static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store);
+static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store);
+static int xmlSecNssX509NameStringRead (xmlSecByte **str,
+ int *strLen,
+ xmlSecByte *res,
+ int resLen,
+ xmlSecByte delim,
+ int ingoreTrailingSpaces);
+static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str,
+ int len);
+
+static int xmlSecNssNumToItem (SECItem *it,
+ PRUint64 num);
static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
@@ -78,43 +88,44 @@ static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
xmlSecNssX509StoreSize,
/* data */
- xmlSecNameX509Store, /* const xmlChar* name; */
-
+ xmlSecNameX509Store, /* const xmlChar* name; */
+
/* constructors/destructor */
- xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */
- xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */
+ xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */
+ xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-static CERTCertificate* xmlSecNssX509FindCert(xmlChar *subjectName,
- xmlChar *issuerName,
- xmlChar *issuerSerial,
- xmlChar *ski);
+static CERTCertificate* xmlSecNssX509FindCert(CERTCertList* certsList,
+ const xmlChar *subjectName,
+ const xmlChar *issuerName,
+ const xmlChar *issuerSerial,
+ xmlChar *ski);
-/**
+/**
* xmlSecNssX509StoreGetKlass:
- *
+ *
* The NSS X509 certificates key data store klass.
*
* Returns: pointer to NSS X509 certificates key data store klass.
*/
-xmlSecKeyDataStoreId
+xmlSecKeyDataStoreId
xmlSecNssX509StoreGetKlass(void) {
return(&xmlSecNssX509StoreKlass);
}
/**
* xmlSecNssX509StoreFindCert:
- * @store: the pointer to X509 key data store klass.
- * @subjectName: the desired certificate name.
- * @issuerName: the desired certificate issuer name.
- * @issuerSerial: the desired certificate issuer serial number.
- * @ski: the desired certificate SKI.
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ * @store: the pointer to X509 key data store klass.
+ * @subjectName: the desired certificate name.
+ * @issuerName: the desired certificate issuer name.
+ * @issuerSerial: the desired certificate issuer serial number.
+ * @ski: the desired certificate SKI.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
*
* Searches @store for a certificate that matches given criteria.
*
@@ -123,32 +134,32 @@ xmlSecNssX509StoreGetKlass(void) {
*/
CERTCertificate *
xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName,
- xmlChar *issuerName, xmlChar *issuerSerial,
- xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) {
+ xmlChar *issuerName, xmlChar *issuerSerial,
+ xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) {
xmlSecNssX509StoreCtxPtr ctx;
-
+
xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
ctx = xmlSecNssX509StoreGetCtx(store);
xmlSecAssert2(ctx != NULL, NULL);
- return(xmlSecNssX509FindCert(subjectName, issuerName, issuerSerial, ski));
+ return xmlSecNssX509FindCert(ctx->certsList, subjectName, issuerName, issuerSerial, ski);
}
/**
* xmlSecNssX509StoreVerify:
- * @store: the pointer to X509 key data store klass.
- * @certs: the untrusted certificates stack.
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ * @store: the pointer to X509 key data store klass.
+ * @certs: the untrusted certificates stack.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
*
* Verifies @certs list.
*
* Returns: pointer to the first verified certificate from @certs.
- */
-CERTCertificate *
+ */
+CERTCertificate *
xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs,
- xmlSecKeyInfoCtx* keyInfoCtx) {
+ xmlSecKeyInfoCtx* keyInfoCtx) {
xmlSecNssX509StoreCtxPtr ctx;
CERTCertListNode* head;
CERTCertificate* cert = NULL;
@@ -169,88 +180,88 @@ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs,
!CERT_LIST_END(head, certs);
head = CERT_LIST_NEXT(head)) {
cert = head->cert;
- if(keyInfoCtx->certsVerificationTime > 0) {
- /* convert the time since epoch in seconds to microseconds */
- LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime);
- tmp1 = (int64)PR_USEC_PER_SEC;
- tmp2 = timeboundary;
- LL_MUL(timeboundary, tmp1, tmp2);
- } else {
- timeboundary = PR_Now();
- }
-
- /* if cert is the issuer of any other cert in the list, then it is
- * to be skipped */
- for (head1 = CERT_LIST_HEAD(certs);
- !CERT_LIST_END(head1, certs);
- head1 = CERT_LIST_NEXT(head1)) {
-
- cert1 = head1->cert;
- if (cert1 == cert) {
- continue;
- }
-
- if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject)
- == SECEqual) {
- break;
- }
- }
-
- if (!CERT_LIST_END(head1, certs)) {
- continue;
- }
-
- status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
- cert, PR_FALSE,
- (SECCertificateUsage)0,
- timeboundary , NULL, NULL, NULL);
- if (status == SECSuccess) {
- break;
- }
+ if(keyInfoCtx->certsVerificationTime > 0) {
+ /* convert the time since epoch in seconds to microseconds */
+ LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime);
+ tmp1 = (int64)PR_USEC_PER_SEC;
+ tmp2 = timeboundary;
+ LL_MUL(timeboundary, tmp1, tmp2);
+ } else {
+ timeboundary = PR_Now();
+ }
+
+ /* if cert is the issuer of any other cert in the list, then it is
+ * to be skipped */
+ for (head1 = CERT_LIST_HEAD(certs);
+ !CERT_LIST_END(head1, certs);
+ head1 = CERT_LIST_NEXT(head1)) {
+
+ cert1 = head1->cert;
+ if (cert1 == cert) {
+ continue;
+ }
+
+ if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject)
+ == SECEqual) {
+ break;
+ }
+ }
+
+ if (!CERT_LIST_END(head1, certs)) {
+ continue;
+ }
+
+ status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
+ cert, PR_FALSE,
+ (SECCertificateUsage)0,
+ timeboundary , NULL, NULL, NULL);
+ if (status == SECSuccess) {
+ break;
+ }
}
if (status == SECSuccess) {
- return (cert);
+ return (cert);
}
-
+
switch(PORT_GetError()) {
- case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
- case SEC_ERROR_CA_CERT_INVALID:
- case SEC_ERROR_UNKNOWN_SIGNER:
+ case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+ case SEC_ERROR_CA_CERT_INVALID:
+ case SEC_ERROR_UNKNOWN_SIGNER:
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
NULL,
XMLSEC_ERRORS_R_CERT_ISSUER_FAILED,
"cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found",
cert->subjectName);
- break;
- case SEC_ERROR_EXPIRED_CERTIFICATE:
+ break;
+ case SEC_ERROR_EXPIRED_CERTIFICATE:
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
NULL,
XMLSEC_ERRORS_R_CERT_HAS_EXPIRED,
"cert with subject name %s has expired",
cert->subjectName);
- break;
- case SEC_ERROR_REVOKED_CERTIFICATE:
+ break;
+ case SEC_ERROR_REVOKED_CERTIFICATE:
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
NULL,
XMLSEC_ERRORS_R_CERT_REVOKED,
"cert with subject name %s has been revoked",
cert->subjectName);
- break;
- default:
+ break;
+ default:
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
NULL,
XMLSEC_ERRORS_R_CERT_VERIFY_FAILED,
- "cert with subject name %s could not be verified, errcode %d",
- cert->subjectName,
- PORT_GetError());
- break;
+ "cert with subject name %s could not be verified, errcode %d",
+ cert->subjectName,
+ PORT_GetError());
+ break;
}
-
+
return (NULL);
}
@@ -282,7 +293,7 @@ xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
"CERT_NewCertList",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
+ "error code=%d", PORT_GetError());
return(-1);
}
}
@@ -293,7 +304,7 @@ xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
"CERT_AddCertToListTail",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
+ "error code=%d", PORT_GetError());
return(-1);
}
@@ -310,7 +321,7 @@ xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) {
memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
- return(0);
+ return(0);
}
static void
@@ -320,10 +331,10 @@ xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) {
ctx = xmlSecNssX509StoreGetCtx(store);
xmlSecAssert(ctx != NULL);
-
+
if (ctx->certsList) {
- CERT_DestroyCertList(ctx->certsList);
- ctx->certsList = NULL;
+ CERT_DestroyCertList(ctx->certsList);
+ ctx->certsList = NULL;
}
memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
@@ -335,126 +346,188 @@ xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) {
* Low-level x509 functions
*
*****************************************************************************/
-static CERTCertificate*
-xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName,
- xmlChar *issuerSerial, xmlChar *ski) {
+static CERTName *
+xmlSecNssGetCertName(const xmlChar * name) {
+ xmlChar *tmp, *name2;
+ xmlChar *p;
+ CERTName *res;
+
+ xmlSecAssert2(name != NULL, NULL);
+
+ /* nss doesn't support emailAddress (see https://bugzilla.mozilla.org/show_bug.cgi?id=561689)
+ * This code is not bullet proof and may produce incorrect results if someone has
+ * "emailAddress=" string in one of the fields, but it is best I can suggest to fix
+ * this problem.
+ */
+ name2 = xmlStrdup(name);
+ if(name2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "xmlStrlen(name)=%d",
+ xmlStrlen(name));
+ return(NULL);
+ }
+ while( (p = (xmlChar*)xmlStrstr(name2, BAD_CAST "emailAddress=")) != NULL) {
+ memcpy(p, " E=", 13);
+ }
+
+ tmp = xmlSecNssX509NameRead(name2, xmlStrlen(name2));
+ if(tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509NameRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name2=\"%s\"",
+ xmlSecErrorsSafeString(name2));
+ xmlFree(name2);
+ return(NULL);
+ }
+
+ res = CERT_AsciiToName((char*)tmp);
+ if (name == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_AsciiToName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ascii=\"%s\", error code=%d",
+ xmlSecErrorsSafeString((char*)tmp),
+ PORT_GetError());
+ PORT_Free(tmp);
+ xmlFree(name2);
+ return(NULL);
+ }
+
+ PORT_Free(tmp);
+ return(res);
+}
+
+static CERTCertificate*
+xmlSecNssX509FindCert(CERTCertList* certsList, const xmlChar *subjectName,
+ const xmlChar *issuerName, const xmlChar *issuerSerial,
+ xmlChar *ski) {
CERTCertificate *cert = NULL;
- xmlChar *p = NULL;
CERTName *name = NULL;
SECItem *nameitem = NULL;
+ CERTCertListNode* head;
+ SECItem tmpitem;
+ SECStatus status;
PRArenaPool *arena = NULL;
+ int rv;
- if (subjectName != NULL) {
- p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName));
- if (p == NULL) {
+ if ((cert == NULL) && (subjectName != NULL)) {
+ name = xmlSecNssGetCertName(subjectName);
+ if (name == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
- "xmlSecNssX509NameRead",
+ "xmlSecNssGetCertName",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"subject=%s",
xmlSecErrorsSafeString(subjectName));
- goto done;
- }
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PORT_NewArena",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
+ goto done;
+ }
- name = CERT_AsciiToName((char*)p);
- if (name == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CERT_AsciiToName",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
+ if(arena == NULL) {
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (arena == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PORT_NewArena",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
- nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
- SEC_ASN1_GET(CERT_NameTemplate));
- if (nameitem == NULL) {
+ nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
+ SEC_ASN1_GET(CERT_NameTemplate));
+ if (nameitem == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"SEC_ASN1EncodeItem",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "error code=%d", PORT_GetError());
- goto done;
- }
+ "error code=%d", PORT_GetError());
+ goto done;
+ }
- cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem);
- goto done;
+ cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem);
}
- if((issuerName != NULL) && (issuerSerial != NULL)) {
- CERTIssuerAndSN issuerAndSN;
+ if((cert == NULL) && (issuerName != NULL) && (issuerSerial != NULL)) {
+ CERTIssuerAndSN issuerAndSN;
+ PRUint64 issuerSN = 0;
- p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName));
- if (p == NULL) {
+ name = xmlSecNssGetCertName(issuerName);
+ if (name == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
- "xmlSecNssX509NameRead",
+ "xmlSecNssGetCertName",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"issuer=%s",
xmlSecErrorsSafeString(issuerName));
- goto done;
- }
+ goto done;
+ }
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == NULL) {
+ if(arena == NULL) {
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (arena == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PORT_NewArena",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+
+ nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
+ SEC_ASN1_GET(CERT_NameTemplate));
+ if (nameitem == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
- "PORT_NewArena",
+ "SEC_ASN1EncodeItem",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
+ "error code=%d", PORT_GetError());
+ goto done;
+ }
+
+ memset(&issuerAndSN, 0, sizeof(issuerAndSN));
+
+ issuerAndSN.derIssuer.data = nameitem->data;
+ issuerAndSN.derIssuer.len = nameitem->len;
- name = CERT_AsciiToName((char*)p);
- if (name == NULL) {
+ /* TBD: serial num can be arbitrarily long */
+ if(PR_sscanf((char *)issuerSerial, "%llu", &issuerSN) != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
- "CERT_AsciiToName",
+ "PR_sscanf",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
+ "error code=%d", PR_GetError());
+ SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE);
+ goto done;
+ }
- nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
- SEC_ASN1_GET(CERT_NameTemplate));
- if (nameitem == NULL) {
+ rv = xmlSecNssNumToItem(&issuerAndSN.serialNumber, issuerSN);
+ if(rv <= 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
- "SEC_ASN1EncodeItem",
+ "xmlSecNssNumToItem",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "error code=%d", PORT_GetError());
- goto done;
- }
-
- memset(&issuerAndSN, 0, sizeof(issuerAndSN));
-
- issuerAndSN.derIssuer.data = nameitem->data;
- issuerAndSN.derIssuer.len = nameitem->len;
-
- /* TBD: serial num can be arbitrarily long */
- xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial));
+ "error code=%d", PR_GetError());
+ SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE);
+ goto done;
+ }
- cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(),
- &issuerAndSN);
- SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE);
- goto done;
+ cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), &issuerAndSN);
+ SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE);
}
- if(ski != NULL) {
- SECItem subjKeyID;
- int len;
+ if((cert == NULL) && (ski != NULL)) {
+ SECItem subjKeyID;
+ int len;
- len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski));
+ len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski));
if(len < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
@@ -462,25 +535,63 @@ xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName,
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"ski=%s",
xmlSecErrorsSafeString(ski));
- goto done;
+ goto done;
}
- memset(&subjKeyID, 0, sizeof(subjKeyID));
- subjKeyID.data = ski;
- subjKeyID.len = xmlStrlen(ski);
- cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(),
- &subjKeyID);
+ memset(&subjKeyID, 0, sizeof(subjKeyID));
+ subjKeyID.data = ski;
+ subjKeyID.len = len;
+ cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(),
+ &subjKeyID);
+
+ /* try to search in our list - NSS doesn't update it's cache correctly
+ * when new certs are added https://bugzilla.mozilla.org/show_bug.cgi?id=211051
+ */
+ if((cert == NULL) && (certsList != NULL)) {
+
+ for(head = CERT_LIST_HEAD(certsList);
+ (cert == NULL) && !CERT_LIST_END(head, certsList) &&
+ (head != NULL) && (head->cert != NULL);
+ head = CERT_LIST_NEXT(head)
+ ) {
+
+ memset(&tmpitem, 0, sizeof(tmpitem));
+ status = CERT_FindSubjectKeyIDExtension(head->cert, &tmpitem);
+ if (status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_FindSubjectKeyIDExtension",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ski");
+ SECITEM_FreeItem(&tmpitem, PR_FALSE);
+ goto done;
+ }
+
+ if((tmpitem.len == subjKeyID.len) &&
+ (memcmp(tmpitem.data, subjKeyID.data, subjKeyID.len) == 0)
+ ) {
+ cert = CERT_DupCertificate(head->cert);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ SECITEM_FreeItem(&tmpitem, PR_FALSE);
+ goto done;
+ }
+ }
+ SECITEM_FreeItem(&tmpitem, PR_FALSE);
+ }
+ }
}
done:
- if (p != NULL) {
- PORT_Free(p);
- }
if (arena != NULL) {
- PORT_FreeArena(arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
}
if (name != NULL) {
- CERT_DestroyName(name);
+ CERT_DestroyName(name);
}
return(cert);
@@ -495,161 +606,161 @@ xmlSecNssX509NameRead(xmlSecByte *str, int len) {
int nameLen, valueLen;
xmlSecAssert2(str != NULL, NULL);
-
+
/* return string should be no longer than input string */
retval = (xmlSecByte *)PORT_Alloc(len+1);
if(retval == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PORT_Alloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PORT_Alloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
p = retval;
-
+
while(len > 0) {
- /* skip spaces after comma or semicolon */
- while((len > 0) && isspace(*str)) {
- ++str; --len;
- }
-
- nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0);
- if(nameLen < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssX509NameStringRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- memcpy(p, name, nameLen);
- p+=nameLen;
- *p++='=';
- if(len > 0) {
- ++str; --len;
- if((*str) == '\"') {
- valueLen = xmlSecNssX509NameStringRead(&str, &len,
- value, sizeof(value), '"', 1);
- if(valueLen < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssX509NameStringRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- /* skip spaces before comma or semicolon */
- while((len > 0) && isspace(*str)) {
- ++str; --len;
- }
- if((len > 0) && ((*str) != ',')) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "comma is expected");
- goto done;
- }
- if(len > 0) {
- ++str; --len;
- }
- *p++='\"';
- memcpy(p, value, valueLen);
- p+=valueLen;
- *p++='\"';
- } else if((*str) == '#') {
- /* TODO: read octect values */
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "reading octect values is not implemented yet");
- goto done;
- } else {
- valueLen = xmlSecNssX509NameStringRead(&str, &len,
- value, sizeof(value), ',', 1);
- if(valueLen < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssX509NameStringRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- memcpy(p, value, valueLen);
- p+=valueLen;
- if (len > 0)
- *p++=',';
- }
- } else {
- valueLen = 0;
- }
- if(len > 0) {
- ++str; --len;
- }
+ /* skip spaces after comma or semicolon */
+ while((len > 0) && isspace(*str)) {
+ ++str; --len;
+ }
+
+ nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0);
+ if(nameLen < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509NameStringRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ memcpy(p, name, nameLen);
+ p+=nameLen;
+ *p++='=';
+ if(len > 0) {
+ ++str; --len;
+ if((*str) == '\"') {
+ valueLen = xmlSecNssX509NameStringRead(&str, &len,
+ value, sizeof(value), '"', 1);
+ if(valueLen < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509NameStringRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ /* skip spaces before comma or semicolon */
+ while((len > 0) && isspace(*str)) {
+ ++str; --len;
+ }
+ if((len > 0) && ((*str) != ',')) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "comma is expected");
+ goto done;
+ }
+ if(len > 0) {
+ ++str; --len;
+ }
+ *p++='\"';
+ memcpy(p, value, valueLen);
+ p+=valueLen;
+ *p++='\"';
+ } else if((*str) == '#') {
+ /* TODO: read octect values */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "reading octect values is not implemented yet");
+ goto done;
+ } else {
+ valueLen = xmlSecNssX509NameStringRead(&str, &len,
+ value, sizeof(value), ',', 1);
+ if(valueLen < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509NameStringRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ memcpy(p, value, valueLen);
+ p+=valueLen;
+ if (len > 0)
+ *p++=',';
+ }
+ } else {
+ valueLen = 0;
+ }
+ if(len > 0) {
+ ++str; --len;
+ }
}
*p = 0;
return(retval);
-
+
done:
PORT_Free(retval);
return (NULL);
}
-static int
-xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen,
- xmlSecByte *res, int resLen,
- xmlSecByte delim, int ingoreTrailingSpaces) {
- xmlSecByte *p, *q, *nonSpace;
+static int
+xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen,
+ xmlSecByte *res, int resLen,
+ xmlSecByte delim, int ingoreTrailingSpaces) {
+ xmlSecByte *p, *q, *nonSpace;
xmlSecAssert2(str != NULL, -1);
xmlSecAssert2(strLen != NULL, -1);
xmlSecAssert2(res != NULL, -1);
-
+
p = (*str);
nonSpace = q = res;
- while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) {
- if((*p) != '\\') {
- if(ingoreTrailingSpaces && !isspace(*p)) {
- nonSpace = q;
- }
- *(q++) = *(p++);
- } else {
- ++p;
- nonSpace = q;
- if(xmlSecIsHex((*p))) {
- if((p - (*str) + 1) >= (*strLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "two hex digits expected");
- return(-1);
- }
- *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]);
- p += 2;
- } else {
- if(((++p) - (*str)) >= (*strLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "escaped symbol missed");
- return(-1);
- }
- *(q++) = *(p++);
- }
- }
+ while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) {
+ if((*p) != '\\') {
+ if(ingoreTrailingSpaces && !isspace(*p)) {
+ nonSpace = q;
+ }
+ *(q++) = *(p++);
+ } else {
+ ++p;
+ nonSpace = q;
+ if(xmlSecIsHex((*p))) {
+ if((p - (*str) + 1) >= (*strLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "two hex digits expected");
+ return(-1);
+ }
+ *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]);
+ p += 2;
+ } else {
+ if(((++p) - (*str)) >= (*strLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "escaped symbol missed");
+ return(-1);
+ }
+ *(q++) = *(p++);
+ }
+ }
}
if(((p - (*str)) < (*strLen)) && ((*p) != delim)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "buffer is too small");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "buffer is too small");
+ return(-1);
}
(*strLen) -= (p - (*str));
(*str) = p;
@@ -657,47 +768,40 @@ xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen,
}
/* code lifted from NSS */
-static void
-xmlSecNssNumToItem(SECItem *it, unsigned long ui)
+static int
+xmlSecNssNumToItem(SECItem *it, PRUint64 ui)
{
- unsigned char bb[5];
- int len;
+ unsigned char bb[9];
+ unsigned int zeros_len;
- bb[0] = 0;
- bb[1] = (unsigned char) (ui >> 24);
- bb[2] = (unsigned char) (ui >> 16);
- bb[3] = (unsigned char) (ui >> 8);
- bb[4] = (unsigned char) (ui);
+ xmlSecAssert2(it != NULL, -1);
+
+ bb[0] = 0; /* important: we should have 0 at the beginning! */
+ bb[1] = (unsigned char) (ui >> 56);
+ bb[2] = (unsigned char) (ui >> 48);
+ bb[3] = (unsigned char) (ui >> 40);
+ bb[4] = (unsigned char) (ui >> 32);
+ bb[5] = (unsigned char) (ui >> 24);
+ bb[6] = (unsigned char) (ui >> 16);
+ bb[7] = (unsigned char) (ui >> 8);
+ bb[8] = (unsigned char) (ui);
/*
** Small integers are encoded in a single byte. Larger integers
- ** require progressively more space.
+ ** require progressively more space. Start from 1 because byte at
+ ** position 0 is zero
*/
- if (ui > 0x7f) {
- if (ui > 0x7fff) {
- if (ui > 0x7fffffL) {
- if (ui >= 0x80000000L) {
- len = 5;
- } else {
- len = 4;
- }
- } else {
- len = 3;
- }
- } else {
- len = 2;
- }
- } else {
- len = 1;
- }
+ for(zeros_len = 1; (zeros_len < sizeof(bb)) && (bb[zeros_len] == 0); ++zeros_len);
- it->data = (unsigned char *)PORT_Alloc(len);
+ it->len = sizeof(bb) - (zeros_len - 1);
+ it->data = (unsigned char *)PORT_Alloc(it->len);
if (it->data == NULL) {
- return;
+ it->len = 0;
+ return (-1);
}
- it->len = len;
- PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len);
+ PORT_Memcpy(it->data, bb + (zeros_len - 1), it->len);
+ return(it->len);
}
#endif /* XMLSEC_NO_X509 */
diff --git a/src/openssl/Makefile.am b/src/openssl/Makefile.am
index db2cd43e..23c225a1 100644
--- a/src/openssl/Makefile.am
+++ b/src/openssl/Makefile.am
@@ -41,10 +41,10 @@ libxmlsec1_openssl_la_SOURCES += ../strings.c
endif
libxmlsec1_openssl_la_LIBADD = \
- ../libxmlsec1.la \
$(OPENSSL_LIBS) \
$(LIBXSLT_LIBS) \
$(LIBXML_LIBS) \
+ ../libxmlsec1.la \
$(NULL)
libxmlsec1_openssl_la_DEPENDENCIES = \
diff --git a/src/openssl/Makefile.in b/src/openssl/Makefile.in
index 1cb63c49..fd16efd0 100644
--- a/src/openssl/Makefile.in
+++ b/src/openssl/Makefile.in
@@ -1,9 +1,9 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.3 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
-# Inc.
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -38,10 +38,13 @@ host_triplet = @host@
subdir = src/openssl
DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/configure.in
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
-mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
@@ -66,6 +69,12 @@ am__nobase_list = $(am__nobase_strip_setup); \
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
am__installdirs = "$(DESTDIR)$(libdir)"
LTLIBRARIES = $(lib_LTLIBRARIES)
am__DEPENDENCIES_1 =
@@ -86,22 +95,39 @@ am_libxmlsec1_openssl_la_OBJECTS = libxmlsec1_openssl_la-app.lo \
libxmlsec1_openssl_la-x509vfy.lo $(am__objects_1) \
$(am__objects_2)
libxmlsec1_openssl_la_OBJECTS = $(am_libxmlsec1_openssl_la_OBJECTS)
-libxmlsec1_openssl_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(libxmlsec1_openssl_la_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+libxmlsec1_openssl_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(libxmlsec1_openssl_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
- $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
SOURCES = $(libxmlsec1_openssl_la_SOURCES)
DIST_SOURCES = $(am__libxmlsec1_openssl_la_SOURCES_DIST)
ETAGS = etags
@@ -109,6 +135,7 @@ CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
@@ -123,6 +150,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -131,6 +159,10 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
GNUTLS_LIBS = @GNUTLS_LIBS@
@@ -161,6 +193,7 @@ LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MAN2HTML = @MAN2HTML@
+MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
@@ -192,8 +225,10 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_ENABLED = @PKG_CONFIG_ENABLED@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
RANLIB = @RANLIB@
RM = @RM@
SED = @SED@
@@ -201,7 +236,6 @@ SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
TAR = @TAR@
-U = @U@
VERSION = @VERSION@
XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
@@ -220,6 +254,8 @@ XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
@@ -229,6 +265,7 @@ XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
XMLSEC_NO_DES = @XMLSEC_NO_DES@
XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
@@ -264,6 +301,7 @@ abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
@@ -296,7 +334,6 @@ libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
-lt_ECHO = @lt_ECHO@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
@@ -335,10 +372,10 @@ libxmlsec1_openssl_la_SOURCES = app.c bn.c ciphers.c crypto.c \
digests.c evp.c hmac.c kw_aes.c kw_des.c kt_rsa.c signatures.c \
symkeys.c x509.c x509vfy.c globals.h $(NULL) $(am__append_1)
libxmlsec1_openssl_la_LIBADD = \
- ../libxmlsec1.la \
$(OPENSSL_LIBS) \
$(LIBXSLT_LIBS) \
$(LIBXML_LIBS) \
+ ../libxmlsec1.la \
$(NULL)
libxmlsec1_openssl_la_DEPENDENCIES = \
@@ -414,8 +451,8 @@ clean-libLTLIBRARIES:
echo "rm -f \"$${dir}/so_locations\""; \
rm -f "$${dir}/so_locations"; \
done
-libxmlsec1-openssl.la: $(libxmlsec1_openssl_la_OBJECTS) $(libxmlsec1_openssl_la_DEPENDENCIES)
- $(libxmlsec1_openssl_la_LINK) -rpath $(libdir) $(libxmlsec1_openssl_la_OBJECTS) $(libxmlsec1_openssl_la_LIBADD) $(LIBS)
+libxmlsec1-openssl.la: $(libxmlsec1_openssl_la_OBJECTS) $(libxmlsec1_openssl_la_DEPENDENCIES) $(EXTRA_libxmlsec1_openssl_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libxmlsec1_openssl_la_LINK) -rpath $(libdir) $(libxmlsec1_openssl_la_OBJECTS) $(libxmlsec1_openssl_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -440,130 +477,130 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-x509vfy.Plo@am__quote@
.c.o:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
.c.obj:
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
libxmlsec1_openssl_la-app.lo: app.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-app.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-app.Tpo -c -o libxmlsec1_openssl_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-app.Tpo $(DEPDIR)/libxmlsec1_openssl_la-app.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='app.c' object='libxmlsec1_openssl_la-app.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-app.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-app.Tpo -c -o libxmlsec1_openssl_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-app.Tpo $(DEPDIR)/libxmlsec1_openssl_la-app.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='app.c' object='libxmlsec1_openssl_la-app.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
libxmlsec1_openssl_la-bn.lo: bn.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-bn.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-bn.Tpo -c -o libxmlsec1_openssl_la-bn.lo `test -f 'bn.c' || echo '$(srcdir)/'`bn.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-bn.Tpo $(DEPDIR)/libxmlsec1_openssl_la-bn.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bn.c' object='libxmlsec1_openssl_la-bn.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-bn.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-bn.Tpo -c -o libxmlsec1_openssl_la-bn.lo `test -f 'bn.c' || echo '$(srcdir)/'`bn.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-bn.Tpo $(DEPDIR)/libxmlsec1_openssl_la-bn.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bn.c' object='libxmlsec1_openssl_la-bn.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-bn.lo `test -f 'bn.c' || echo '$(srcdir)/'`bn.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-bn.lo `test -f 'bn.c' || echo '$(srcdir)/'`bn.c
libxmlsec1_openssl_la-ciphers.lo: ciphers.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-ciphers.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-ciphers.Tpo -c -o libxmlsec1_openssl_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-ciphers.Tpo $(DEPDIR)/libxmlsec1_openssl_la-ciphers.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ciphers.c' object='libxmlsec1_openssl_la-ciphers.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-ciphers.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-ciphers.Tpo -c -o libxmlsec1_openssl_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-ciphers.Tpo $(DEPDIR)/libxmlsec1_openssl_la-ciphers.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ciphers.c' object='libxmlsec1_openssl_la-ciphers.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
libxmlsec1_openssl_la-crypto.lo: crypto.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-crypto.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-crypto.Tpo -c -o libxmlsec1_openssl_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-crypto.Tpo $(DEPDIR)/libxmlsec1_openssl_la-crypto.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto.c' object='libxmlsec1_openssl_la-crypto.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-crypto.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-crypto.Tpo -c -o libxmlsec1_openssl_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-crypto.Tpo $(DEPDIR)/libxmlsec1_openssl_la-crypto.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='crypto.c' object='libxmlsec1_openssl_la-crypto.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
libxmlsec1_openssl_la-digests.lo: digests.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-digests.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-digests.Tpo -c -o libxmlsec1_openssl_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-digests.Tpo $(DEPDIR)/libxmlsec1_openssl_la-digests.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='digests.c' object='libxmlsec1_openssl_la-digests.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-digests.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-digests.Tpo -c -o libxmlsec1_openssl_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-digests.Tpo $(DEPDIR)/libxmlsec1_openssl_la-digests.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='digests.c' object='libxmlsec1_openssl_la-digests.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
libxmlsec1_openssl_la-evp.lo: evp.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-evp.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-evp.Tpo -c -o libxmlsec1_openssl_la-evp.lo `test -f 'evp.c' || echo '$(srcdir)/'`evp.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-evp.Tpo $(DEPDIR)/libxmlsec1_openssl_la-evp.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='evp.c' object='libxmlsec1_openssl_la-evp.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-evp.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-evp.Tpo -c -o libxmlsec1_openssl_la-evp.lo `test -f 'evp.c' || echo '$(srcdir)/'`evp.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-evp.Tpo $(DEPDIR)/libxmlsec1_openssl_la-evp.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp.c' object='libxmlsec1_openssl_la-evp.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-evp.lo `test -f 'evp.c' || echo '$(srcdir)/'`evp.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-evp.lo `test -f 'evp.c' || echo '$(srcdir)/'`evp.c
libxmlsec1_openssl_la-hmac.lo: hmac.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-hmac.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-hmac.Tpo -c -o libxmlsec1_openssl_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-hmac.Tpo $(DEPDIR)/libxmlsec1_openssl_la-hmac.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='hmac.c' object='libxmlsec1_openssl_la-hmac.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-hmac.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-hmac.Tpo -c -o libxmlsec1_openssl_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-hmac.Tpo $(DEPDIR)/libxmlsec1_openssl_la-hmac.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hmac.c' object='libxmlsec1_openssl_la-hmac.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
libxmlsec1_openssl_la-kw_aes.lo: kw_aes.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-kw_aes.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-kw_aes.Tpo -c -o libxmlsec1_openssl_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-kw_aes.Tpo $(DEPDIR)/libxmlsec1_openssl_la-kw_aes.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kw_aes.c' object='libxmlsec1_openssl_la-kw_aes.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-kw_aes.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-kw_aes.Tpo -c -o libxmlsec1_openssl_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-kw_aes.Tpo $(DEPDIR)/libxmlsec1_openssl_la-kw_aes.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kw_aes.c' object='libxmlsec1_openssl_la-kw_aes.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
libxmlsec1_openssl_la-kw_des.lo: kw_des.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-kw_des.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-kw_des.Tpo -c -o libxmlsec1_openssl_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-kw_des.Tpo $(DEPDIR)/libxmlsec1_openssl_la-kw_des.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kw_des.c' object='libxmlsec1_openssl_la-kw_des.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-kw_des.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-kw_des.Tpo -c -o libxmlsec1_openssl_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-kw_des.Tpo $(DEPDIR)/libxmlsec1_openssl_la-kw_des.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kw_des.c' object='libxmlsec1_openssl_la-kw_des.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
libxmlsec1_openssl_la-kt_rsa.lo: kt_rsa.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-kt_rsa.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-kt_rsa.Tpo -c -o libxmlsec1_openssl_la-kt_rsa.lo `test -f 'kt_rsa.c' || echo '$(srcdir)/'`kt_rsa.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-kt_rsa.Tpo $(DEPDIR)/libxmlsec1_openssl_la-kt_rsa.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kt_rsa.c' object='libxmlsec1_openssl_la-kt_rsa.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-kt_rsa.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-kt_rsa.Tpo -c -o libxmlsec1_openssl_la-kt_rsa.lo `test -f 'kt_rsa.c' || echo '$(srcdir)/'`kt_rsa.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-kt_rsa.Tpo $(DEPDIR)/libxmlsec1_openssl_la-kt_rsa.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='kt_rsa.c' object='libxmlsec1_openssl_la-kt_rsa.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-kt_rsa.lo `test -f 'kt_rsa.c' || echo '$(srcdir)/'`kt_rsa.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-kt_rsa.lo `test -f 'kt_rsa.c' || echo '$(srcdir)/'`kt_rsa.c
libxmlsec1_openssl_la-signatures.lo: signatures.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-signatures.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-signatures.Tpo -c -o libxmlsec1_openssl_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-signatures.Tpo $(DEPDIR)/libxmlsec1_openssl_la-signatures.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='signatures.c' object='libxmlsec1_openssl_la-signatures.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-signatures.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-signatures.Tpo -c -o libxmlsec1_openssl_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-signatures.Tpo $(DEPDIR)/libxmlsec1_openssl_la-signatures.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='signatures.c' object='libxmlsec1_openssl_la-signatures.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
libxmlsec1_openssl_la-symkeys.lo: symkeys.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-symkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-symkeys.Tpo -c -o libxmlsec1_openssl_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-symkeys.Tpo $(DEPDIR)/libxmlsec1_openssl_la-symkeys.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='symkeys.c' object='libxmlsec1_openssl_la-symkeys.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-symkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-symkeys.Tpo -c -o libxmlsec1_openssl_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-symkeys.Tpo $(DEPDIR)/libxmlsec1_openssl_la-symkeys.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='symkeys.c' object='libxmlsec1_openssl_la-symkeys.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
libxmlsec1_openssl_la-x509.lo: x509.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-x509.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-x509.Tpo -c -o libxmlsec1_openssl_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-x509.Tpo $(DEPDIR)/libxmlsec1_openssl_la-x509.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='x509.c' object='libxmlsec1_openssl_la-x509.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-x509.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-x509.Tpo -c -o libxmlsec1_openssl_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-x509.Tpo $(DEPDIR)/libxmlsec1_openssl_la-x509.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='x509.c' object='libxmlsec1_openssl_la-x509.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
libxmlsec1_openssl_la-x509vfy.lo: x509vfy.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-x509vfy.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-x509vfy.Tpo -c -o libxmlsec1_openssl_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-x509vfy.Tpo $(DEPDIR)/libxmlsec1_openssl_la-x509vfy.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='x509vfy.c' object='libxmlsec1_openssl_la-x509vfy.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-x509vfy.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-x509vfy.Tpo -c -o libxmlsec1_openssl_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-x509vfy.Tpo $(DEPDIR)/libxmlsec1_openssl_la-x509vfy.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='x509vfy.c' object='libxmlsec1_openssl_la-x509vfy.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
libxmlsec1_openssl_la-strings.lo: ../strings.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-strings.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-strings.Tpo -c -o libxmlsec1_openssl_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-strings.Tpo $(DEPDIR)/libxmlsec1_openssl_la-strings.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='../strings.c' object='libxmlsec1_openssl_la-strings.lo' libtool=yes @AMDEPBACKSLASH@
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-strings.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-strings.Tpo -c -o libxmlsec1_openssl_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-strings.Tpo $(DEPDIR)/libxmlsec1_openssl_la-strings.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='../strings.c' object='libxmlsec1_openssl_la-strings.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
mostlyclean-libtool:
-rm -f *.lo
@@ -670,10 +707,15 @@ install-am: all-am
installcheck: installcheck-am
install-strip:
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- `test -z '$(STRIP)' || \
- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
mostlyclean-generic:
clean-generic:
diff --git a/src/openssl/README b/src/openssl/README
index 462b1842..0f1c625d 100644
--- a/src/openssl/README
+++ b/src/openssl/README
@@ -5,13 +5,13 @@ OpenSSL 0.9.6 is supported but some functionality requires 0.9.7 or greater.
KEYS MANAGER
------------------------------------------------------------------------
-OpenSSL does not have a keys or certificates storage implementation. The
-default xmlsec-openssl key manager uses a simple keys store from xmlsec
+OpenSSL does not have a keys or certificates storage implementation. The
+default xmlsec-openssl key manager uses a simple keys store from xmlsec
core library based on plain keys list. Trusted/untrusted certificates
are stored in STACK_OF(X509) structures.
KNOWN ISSUES.
------------------------------------------------------------------------
-1) One day we might decide to drop OpenSSL 0.9.6 supprot and remove all
+1) One day we might decide to drop OpenSSL 0.9.6 supprot and remove all
these ifdef's to simplify the code.
diff --git a/src/openssl/app.c b/src/openssl/app.c
index 88dbc090..4f8f79e6 100644
--- a/src/openssl/app.c
+++ b/src/openssl/app.c
@@ -1,9 +1,9 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -32,17 +32,27 @@
#include <xmlsec/openssl/evp.h>
#include <xmlsec/openssl/x509.h>
-static int xmlSecOpenSSLAppLoadRANDFile (const char *file);
-static int xmlSecOpenSSLAppSaveRANDFile (const char *file);
-static int xmlSecOpenSSLDefaultPasswordCallback(char *buf, int bufsiz, int verify, void *userdata);
-static int xmlSecOpenSSLDummyPasswordCallback (char *buf, int bufsize, int verify, void *userdata);
+static int xmlSecOpenSSLAppLoadRANDFile (const char *file);
+static int xmlSecOpenSSLAppSaveRANDFile (const char *file);
+static int xmlSecOpenSSLDefaultPasswordCallback (char *buf,
+ int bufsiz,
+ int verify,
+ void *userdata);
+static int xmlSecOpenSSLDummyPasswordCallback (char *buf,
+ int bufsize,
+ int verify,
+ void *userdata);
+
+/* conversion from ptr to func "the right way" */
+XMLSEC_PTR_TO_FUNC_IMPL(pem_password_cb)
+
/**
* xmlSecOpenSSLAppInit:
- * @config: the path to certs.
+ * @config: the path to certs.
*
* General crypto engine initialization. This function is used
- * by XMLSec command line utility and called before
+ * by XMLSec command line utility and called before
* @xmlSecInit function.
*
* Returns: 0 on success or a negative value otherwise.
@@ -54,21 +64,21 @@ xmlSecOpenSSLAppInit(const char* config) {
OpenSSL_add_all_algorithms();
if((RAND_status() != 1) && (xmlSecOpenSSLAppLoadRANDFile(NULL) != 1)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLAppLoadRANDFile",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppLoadRANDFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
if((config != NULL) && (xmlSecOpenSSLSetDefaultTrustedCertsFolder(BAD_CAST config) < 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLSetDefaultTrustedCertsFolder",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLSetDefaultTrustedCertsFolder",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
@@ -76,9 +86,9 @@ xmlSecOpenSSLAppInit(const char* config) {
/**
* xmlSecOpenSSLAppShutdown:
- *
+ *
* General crypto engine shutdown. This function is used
- * by XMLSec command line utility and called after
+ * by XMLSec command line utility and called after
* @xmlSecShutdown function.
*
* Returns: 0 on success or a negative value otherwise.
@@ -87,15 +97,15 @@ int
xmlSecOpenSSLAppShutdown(void) {
xmlSecOpenSSLAppSaveRANDFile(NULL);
RAND_cleanup();
- EVP_cleanup();
+ EVP_cleanup();
#ifndef XMLSEC_NO_X509
X509_TRUST_cleanup();
-#endif /* XMLSEC_NO_X509 */
+#endif /* XMLSEC_NO_X509 */
#ifndef XMLSEC_OPENSSL_096
CRYPTO_cleanup_all_ex_data();
-#endif /* XMLSEC_OPENSSL_096 */
+#endif /* XMLSEC_OPENSSL_096 */
/* finally cleanup errors */
ERR_remove_state(0);
@@ -106,11 +116,11 @@ xmlSecOpenSSLAppShutdown(void) {
/**
* xmlSecOpenSSLAppKeyLoad:
- * @filename: the key filename.
- * @format: the key file format.
- * @pwd: the key file password.
- * @pwdCallback: the key password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @filename: the key filename.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key from the a file.
*
@@ -118,89 +128,89 @@ xmlSecOpenSSLAppShutdown(void) {
*/
xmlSecKeyPtr
xmlSecOpenSSLAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
- const char *pwd, void* pwdCallback,
- void* pwdCallbackCtx) {
+ const char *pwd, void* pwdCallback,
+ void* pwdCallbackCtx) {
BIO* bio;
xmlSecKeyPtr key;
-
+
xmlSecAssert2(filename != NULL, NULL);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
bio = BIO_new_file(filename, "rb");
if(bio == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BIO_new_file",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "filename=%s;errno=%d",
- xmlSecErrorsSafeString(filename),
- errno);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new_file",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "filename=%s;errno=%d",
+ xmlSecErrorsSafeString(filename),
+ errno);
+ return(NULL);
}
key = xmlSecOpenSSLAppKeyLoadBIO (bio, format, pwd, pwdCallback, pwdCallbackCtx);
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLAppKeyLoadBIO",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s;errno=%d",
- xmlSecErrorsSafeString(filename),
- errno);
- BIO_free(bio);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppKeyLoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s;errno=%d",
+ xmlSecErrorsSafeString(filename),
+ errno);
+ BIO_free(bio);
+ return(NULL);
+ }
+
BIO_free(bio);
return(key);
}
/**
* xmlSecOpenSSLAppKeyLoadMemory:
- * @data: the binary key data.
- * @dataSize: the size of binary key.
- * @format: the key file format.
- * @pwd: the key file password.
- * @pwdCallback: the key password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @data: the binary key data.
+ * @dataSize: the size of binary key.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key from the memory buffer.
*
* Returns: pointer to the key or NULL if an error occurs.
*/
xmlSecKeyPtr
-xmlSecOpenSSLAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
- xmlSecKeyDataFormat format, const char *pwd,
- void* pwdCallback, void* pwdCallbackCtx) {
+xmlSecOpenSSLAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecKeyDataFormat format, const char *pwd,
+ void* pwdCallback, void* pwdCallbackCtx) {
BIO* bio;
xmlSecKeyPtr key;
-
+
xmlSecAssert2(data != NULL, NULL);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
-
+
/* this would be a read only BIO, cast from const is ok */
bio = BIO_new_mem_buf((void*)data, dataSize);
if(bio == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BIO_new_mem_buf",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "errno=%d",
- errno);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new_mem_buf",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "errno=%d",
+ errno);
+ return(NULL);
}
key = xmlSecOpenSSLAppKeyLoadBIO (bio, format, pwd, pwdCallback, pwdCallbackCtx);
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLAppKeyLoadBIO",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- BIO_free(bio);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppKeyLoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free(bio);
+ return(NULL);
+ }
+
BIO_free(bio);
return(key);
}
@@ -208,11 +218,11 @@ xmlSecOpenSSLAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
/**
* xmlSecOpenSSLAppKeyLoadBIO:
- * @bio: the key BIO.
- * @format: the key file format.
- * @pwd: the key file password.
- * @pwdCallback: the key password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @bio: the key BIO.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key from the an OpenSSL BIO object.
*
@@ -220,12 +230,12 @@ xmlSecOpenSSLAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
*/
xmlSecKeyPtr
xmlSecOpenSSLAppKeyLoadBIO(BIO* bio, xmlSecKeyDataFormat format,
- const char *pwd, void* pwdCallback,
- void* pwdCallbackCtx) {
+ const char *pwd, void* pwdCallback,
+ void* pwdCallbackCtx) {
xmlSecKeyPtr key = NULL;
xmlSecKeyDataPtr data;
- EVP_PKEY* pKey = NULL;
+ EVP_PKEY* pKey = NULL;
int ret;
xmlSecAssert2(bio != NULL, NULL);
@@ -233,208 +243,220 @@ xmlSecOpenSSLAppKeyLoadBIO(BIO* bio, xmlSecKeyDataFormat format,
switch(format) {
case xmlSecKeyDataFormatPem:
- /* try to read private key first */
- pKey = PEM_read_bio_PrivateKey(bio, NULL,
- (pwd != NULL) ? xmlSecOpenSSLDummyPasswordCallback : (pem_password_cb*)pwdCallback,
- (pwd != NULL) ? pwd : pwdCallbackCtx);
+ /* try to read private key first */
+ if(pwd != NULL) {
+ pKey = PEM_read_bio_PrivateKey(bio, NULL,
+ xmlSecOpenSSLDummyPasswordCallback,
+ (void*)pwd);
+ } else {
+ pKey = PEM_read_bio_PrivateKey(bio, NULL,
+ XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback),
+ pwdCallbackCtx);
+ }
if(pKey == NULL) {
- /* go to start of the file and try to read public key */
- BIO_reset(bio);
- pKey = PEM_read_bio_PUBKEY(bio, NULL, (pem_password_cb*)pwdCallback, pwdCallbackCtx);
- if(pKey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PEM_read_bio_PrivateKey and PEM_read_bio_PUBKEY",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
- }
- break;
+ /* go to start of the file and try to read public key */
+ BIO_reset(bio);
+ pKey = PEM_read_bio_PUBKEY(bio, NULL,
+ XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback),
+ pwdCallbackCtx);
+ if(pKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PEM_read_bio_PrivateKey and PEM_read_bio_PUBKEY",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ }
+ break;
case xmlSecKeyDataFormatDer:
- /* try to read private key first */
- pKey = d2i_PrivateKey_bio(bio, NULL);
+ /* try to read private key first */
+ pKey = d2i_PrivateKey_bio(bio, NULL);
if(pKey == NULL) {
- /* go to start of the file and try to read public key */
- BIO_reset(bio);
- pKey = d2i_PUBKEY_bio(bio, NULL);
- if(pKey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "d2i_PrivateKey_bio and d2i_PUBKEY_bio",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
- }
- break;
+ /* go to start of the file and try to read public key */
+ BIO_reset(bio);
+ pKey = d2i_PUBKEY_bio(bio, NULL);
+ if(pKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "d2i_PrivateKey_bio and d2i_PUBKEY_bio",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ }
+ break;
case xmlSecKeyDataFormatPkcs8Pem:
- /* try to read private key first */
- pKey = PEM_read_bio_PrivateKey(bio, NULL, (pem_password_cb*)pwdCallback, pwdCallbackCtx);
+ /* try to read private key first */
+ pKey = PEM_read_bio_PrivateKey(bio, NULL,
+ XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback),
+ pwdCallbackCtx);
if(pKey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PEM_read_bio_PrivateKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
- break;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PEM_read_bio_PrivateKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ break;
case xmlSecKeyDataFormatPkcs8Der:
- /* try to read private key first */
- pKey = d2i_PKCS8PrivateKey_bio(bio, NULL, (pem_password_cb*)pwdCallback, pwdCallbackCtx);
+ /* try to read private key first */
+ pKey = d2i_PKCS8PrivateKey_bio(bio, NULL,
+ XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback),
+ pwdCallbackCtx);
if(pKey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "d2i_PrivateKey_bio and d2i_PUBKEY_bio",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
- break;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "d2i_PrivateKey_bio and d2i_PUBKEY_bio",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ break;
#ifndef XMLSEC_NO_X509
case xmlSecKeyDataFormatPkcs12:
- key = xmlSecOpenSSLAppPkcs12LoadBIO(bio, pwd, pwdCallback, pwdCallbackCtx);
+ key = xmlSecOpenSSLAppPkcs12LoadBIO(bio, pwd, pwdCallback, pwdCallbackCtx);
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLAppPkcs12LoadBIO",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
- return(key);
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppPkcs12LoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ return(key);
+
case xmlSecKeyDataFormatCertPem:
- case xmlSecKeyDataFormatCertDer:
- key = xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, format);
+ case xmlSecKeyDataFormatCertDer:
+ key = xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, format);
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLAppKeyFromCertLoadBIO",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
- return(key);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppKeyFromCertLoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ return(key);
#endif /* XMLSEC_NO_X509 */
default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_FORMAT,
- "format=%d", format);
- return(NULL);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(NULL);
+ }
data = xmlSecOpenSSLEvpKeyAdopt(pKey);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLEvpKeyAdopt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- EVP_PKEY_free(pKey);
- return(NULL);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLEvpKeyAdopt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ EVP_PKEY_free(pKey);
+ return(NULL);
+ }
key = xmlSecKeyCreate();
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(data);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(NULL);
+ }
+
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
- xmlSecKeyDestroy(key);
- xmlSecKeyDataDestroy(data);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
+ xmlSecKeyDestroy(key);
+ xmlSecKeyDataDestroy(data);
+ return(NULL);
+ }
+
return(key);
}
#ifndef XMLSEC_NO_X509
-static X509* xmlSecOpenSSLAppCertLoadBIO (BIO* bio,
- xmlSecKeyDataFormat format);
+static X509* xmlSecOpenSSLAppCertLoadBIO (BIO* bio,
+ xmlSecKeyDataFormat format);
/**
* xmlSecOpenSSLAppKeyCertLoad:
- * @key: the pointer to key.
- * @filename: the certificate filename.
- * @format: the certificate file format.
+ * @key: the pointer to key.
+ * @filename: the certificate filename.
+ * @format: the certificate file format.
*
* Reads the certificate from $@filename and adds it to key.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecOpenSSLAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, xmlSecKeyDataFormat format) {
BIO* bio;
int ret;
-
+
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
bio = BIO_new_file(filename, "rb");
if(bio == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BIO_new_file",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "filename=%s;errno=%d",
- xmlSecErrorsSafeString(filename),
- errno);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new_file",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "filename=%s;errno=%d",
+ xmlSecErrorsSafeString(filename),
+ errno);
+ return(-1);
}
ret = xmlSecOpenSSLAppKeyCertLoadBIO (key, bio, format);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLAppKeyCertLoadBIO",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s;errno=%d",
- xmlSecErrorsSafeString(filename),
- errno);
- BIO_free(bio);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppKeyCertLoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s;errno=%d",
+ xmlSecErrorsSafeString(filename),
+ errno);
+ BIO_free(bio);
+ return(-1);
+ }
+
BIO_free(bio);
return(0);
}
/**
* xmlSecOpenSSLAppKeyCertLoadMemory:
- * @key: the pointer to key.
- * @data: the certificate binary data.
- * @dataSize: the certificate binary data size.
- * @format: the certificate file format.
+ * @key: the pointer to key.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
*
* Reads the certificate from memory buffer and adds it to key.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
*/
-int
-xmlSecOpenSSLAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSize dataSize,
- xmlSecKeyDataFormat format) {
+int
+xmlSecOpenSSLAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecKeyDataFormat format) {
BIO* bio;
int ret;
-
+
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
@@ -442,106 +464,106 @@ xmlSecOpenSSLAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlS
/* this would be a read only BIO, cast from const is ok */
bio = BIO_new_mem_buf((void*)data, dataSize);
if(bio == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BIO_new_mem_buf",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "errno=%d",
- errno);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new_mem_buf",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "errno=%d",
+ errno);
+ return(-1);
}
ret = xmlSecOpenSSLAppKeyCertLoadBIO (key, bio, format);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLAppKeyCertLoadBIO",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- BIO_free(bio);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppKeyCertLoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free(bio);
+ return(-1);
+ }
+
BIO_free(bio);
return(0);
}
/**
* xmlSecOpenSSLAppKeyCertLoadBIO:
- * @key: the pointer to key.
- * @bio: the certificate bio.
- * @format: the certificate file format.
+ * @key: the pointer to key.
+ * @bio: the certificate bio.
+ * @format: the certificate file format.
*
* Reads the certificate from memory buffer and adds it to key.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecOpenSSLAppKeyCertLoadBIO(xmlSecKeyPtr key, BIO* bio, xmlSecKeyDataFormat format) {
xmlSecKeyDataFormat certFormat;
xmlSecKeyDataPtr data;
X509 *cert;
int ret;
-
+
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(bio != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
-
+
data = xmlSecKeyEnsureData(key, xmlSecOpenSSLKeyDataX509Id);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyEnsureData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecOpenSSLKeyDataX509Id)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecOpenSSLKeyDataX509Id)));
+ return(-1);
}
/* adjust cert format */
switch(format) {
case xmlSecKeyDataFormatPkcs8Pem:
- certFormat = xmlSecKeyDataFormatPem;
- break;
+ certFormat = xmlSecKeyDataFormatPem;
+ break;
case xmlSecKeyDataFormatPkcs8Der:
- certFormat = xmlSecKeyDataFormatDer;
- break;
+ certFormat = xmlSecKeyDataFormatDer;
+ break;
default:
- certFormat = format;
+ certFormat = format;
}
cert = xmlSecOpenSSLAppCertLoadBIO(bio, certFormat);
if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLAppCertLoad",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppCertLoad",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
- X509_free(cert);
- return(-1);
- }
-
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
+ X509_free(cert);
+ return(-1);
+ }
+
+ return(0);
}
/**
* xmlSecOpenSSLAppPkcs12Load:
- * @filename: the PKCS12 key filename.
- * @pwd: the PKCS12 file password.
- * @pwdCallback: the password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @filename: the PKCS12 key filename.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key and all associated certificates from the PKCS12 file.
* For uniformity, call xmlSecOpenSSLAppKeyLoad instead of this function. Pass
@@ -549,50 +571,50 @@ xmlSecOpenSSLAppKeyCertLoadBIO(xmlSecKeyPtr key, BIO* bio, xmlSecKeyDataFormat f
*
* Returns: pointer to the key or NULL if an error occurs.
*/
-xmlSecKeyPtr
+xmlSecKeyPtr
xmlSecOpenSSLAppPkcs12Load(const char *filename, const char *pwd,
- void* pwdCallback, void* pwdCallbackCtx) {
+ void* pwdCallback, void* pwdCallbackCtx) {
BIO* bio;
xmlSecKeyPtr key;
-
+
xmlSecAssert2(filename != NULL, NULL);
bio = BIO_new_file(filename, "rb");
if(bio == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BIO_new_file",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "filename=%s;errno=%d",
- xmlSecErrorsSafeString(filename),
- errno);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new_file",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "filename=%s;errno=%d",
+ xmlSecErrorsSafeString(filename),
+ errno);
+ return(NULL);
}
key = xmlSecOpenSSLAppPkcs12LoadBIO (bio, pwd, pwdCallback, pwdCallbackCtx);
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLAppPkcs12LoadBIO",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s;errno=%d",
- xmlSecErrorsSafeString(filename),
- errno);
- BIO_free(bio);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppPkcs12LoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s;errno=%d",
+ xmlSecErrorsSafeString(filename),
+ errno);
+ BIO_free(bio);
+ return(NULL);
+ }
+
BIO_free(bio);
return(key);
}
/**
* xmlSecOpenSSLAppPkcs12LoadMemory:
- * @data: the PKCS12 binary data.
- * @dataSize: the PKCS12 binary data size.
- * @pwd: the PKCS12 file password.
- * @pwdCallback: the password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @data: the PKCS12 binary data.
+ * @dataSize: the PKCS12 binary data size.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key and all associated certificates from the PKCS12 data in memory buffer.
* For uniformity, call xmlSecOpenSSLAppKeyLoad instead of this function. Pass
@@ -600,48 +622,48 @@ xmlSecOpenSSLAppPkcs12Load(const char *filename, const char *pwd,
*
* Returns: pointer to the key or NULL if an error occurs.
*/
-xmlSecKeyPtr
-xmlSecOpenSSLAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
- const char *pwd, void* pwdCallback,
- void* pwdCallbackCtx) {
+xmlSecKeyPtr
+xmlSecOpenSSLAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+ const char *pwd, void* pwdCallback,
+ void* pwdCallbackCtx) {
BIO* bio;
xmlSecKeyPtr key;
-
+
xmlSecAssert2(data != NULL, NULL);
/* this would be a read only BIO, cast from const is ok */
bio = BIO_new_mem_buf((void*)data, dataSize);
if(bio == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BIO_new_mem_buf",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "errno=%d",
- errno);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new_mem_buf",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "errno=%d",
+ errno);
+ return(NULL);
}
key = xmlSecOpenSSLAppPkcs12LoadBIO (bio, pwd, pwdCallback, pwdCallbackCtx);
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLAppPkcs12LoadBIO",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- BIO_free(bio);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppPkcs12LoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free(bio);
+ return(NULL);
+ }
+
BIO_free(bio);
return(key);
}
/**
* xmlSecOpenSSLAppPkcs12LoadBIO:
- * @bio: the PKCS12 key bio.
- * @pwd: the PKCS12 file password.
- * @pwdCallback: the password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @bio: the PKCS12 key bio.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key and all associated certificates from the PKCS12 data in an OpenSSL BIO object.
* For uniformity, call xmlSecOpenSSLAppKeyLoad instead of this function. Pass
@@ -649,10 +671,10 @@ xmlSecOpenSSLAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
*
* Returns: pointer to the key or NULL if an error occurs.
*/
-xmlSecKeyPtr
+xmlSecKeyPtr
xmlSecOpenSSLAppPkcs12LoadBIO(BIO* bio, const char *pwd,
- void* pwdCallback ATTRIBUTE_UNUSED,
- void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+ void* pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
PKCS12 *p12 = NULL;
EVP_PKEY *pKey = NULL;
@@ -663,206 +685,229 @@ xmlSecOpenSSLAppPkcs12LoadBIO(BIO* bio, const char *pwd,
X509 *cert = NULL;
X509 *tmpcert = NULL;
int i;
+ int has_cert;
int ret;
xmlSecAssert2(bio != NULL, NULL);
-
+
p12 = d2i_PKCS12_bio(bio, NULL);
if(p12 == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "d2i_PKCS12_fp",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "d2i_PKCS12_fp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
ret = PKCS12_verify_mac(p12, pwd, (pwd != NULL) ? strlen(pwd) : 0);
if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PKCS12_verify_mac",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PKCS12_verify_mac",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
ret = PKCS12_parse(p12, pwd, &pKey, &cert, &chain);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PKCS12_parse",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PKCS12_parse",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
data = xmlSecOpenSSLEvpKeyAdopt(pKey);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLEvpKeyAdopt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- EVP_PKEY_free(pKey);
- goto done;
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLEvpKeyAdopt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ EVP_PKEY_free(pKey);
+ goto done;
+ }
x509Data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataX509Id);
if(x509Data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecOpenSSLKeyDataX509Id)));
- goto done;
- }
-
- tmpcert = X509_dup(cert);
- if(tmpcert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "X509_dup",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
-
- /* starting from openssl 1.0.0 the PKCS12_parse() call will not create certs
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecOpenSSLKeyDataX509Id)));
+ goto done;
+ }
+
+ /* starting from openssl 1.0.0 the PKCS12_parse() call will not create certs
chain object if there is no certificates in the pkcs12 file and it will be null
*/
if(chain == NULL) {
- chain = sk_X509_new_null();
- if(chain == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "sk_X509_new_null",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- }
-
- ret = sk_X509_push(chain, tmpcert);
- if(ret < 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "sk_X509_push",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- X509_free(tmpcert);
- goto done;
- }
-
+ chain = sk_X509_new_null();
+ if(chain == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "sk_X509_new_null",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+
+ /*
+ The documentation states (http://www.openssl.org/docs/crypto/PKCS12_parse.html):
+
+ If successful the private key will be written to "*pkey", the
+ corresponding certificate to "*cert" and any additional certificates
+ to "*ca".
+
+ In reality, the function sometime returns in the "ca" the certificates
+ including the one it is already returned in "cert".
+ */
+ has_cert = 0;
+ for(i = 0; i < sk_X509_num(chain); ++i) {
+ xmlSecAssert2(sk_X509_value(chain, i), NULL);
+
+ if(X509_cmp(sk_X509_value(chain, i), cert) == 0) {
+ has_cert = 1;
+ break;
+ }
+ }
+
+ if(has_cert == 0) {
+ tmpcert = X509_dup(cert);
+ if(tmpcert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+
+ ret = sk_X509_push(chain, tmpcert);
+ if(ret < 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "sk_X509_push",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ X509_free(tmpcert);
+ goto done;
+ }
+ }
+
ret = xmlSecOpenSSLKeyDataX509AdoptKeyCert(x509Data, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLKeyDataX509AdoptKeyCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
}
cert = NULL;
for(i = 0; i < sk_X509_num(chain); ++i) {
- xmlSecAssert2(sk_X509_value(chain, i), NULL);
+ xmlSecAssert2(sk_X509_value(chain, i), NULL);
- tmpcert = X509_dup(sk_X509_value(chain, i));
+ tmpcert = X509_dup(sk_X509_value(chain, i));
if(tmpcert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "X509_dup",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- X509_free(tmpcert);
- goto done;
- }
-
- ret = xmlSecOpenSSLKeyDataX509AdoptCert(x509Data, tmpcert);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ X509_free(tmpcert);
+ goto done;
+ }
+
+ ret = xmlSecOpenSSLKeyDataX509AdoptCert(x509Data, tmpcert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ }
+
key = xmlSecKeyCreate();
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- xmlSecKeyDestroy(key);
- key = NULL;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ xmlSecKeyDestroy(key);
+ key = NULL;
+ goto done;
}
data = NULL;
ret = xmlSecKeyAdoptData(key, x509Data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyAdoptData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- xmlSecKeyDestroy(key);
- key = NULL;
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyAdoptData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ xmlSecKeyDestroy(key);
+ key = NULL;
+ goto done;
}
x509Data = NULL;
-
-done:
+
+done:
if(x509Data != NULL) {
- xmlSecKeyDataDestroy(x509Data);
+ xmlSecKeyDataDestroy(x509Data);
}
if(data != NULL) {
- xmlSecKeyDataDestroy(data);
+ xmlSecKeyDataDestroy(data);
}
if(chain != NULL) {
- sk_X509_pop_free(chain, X509_free);
+ sk_X509_pop_free(chain, X509_free);
}
if(cert != NULL) {
- X509_free(cert);
+ X509_free(cert);
}
if(p12 != NULL) {
PKCS12_free(p12);
}
- return(key);
+ return(key);
}
/**
* xmlSecOpenSSLAppKeyFromCertLoadBIO:
- * @bio: the BIO.
- * @format: the cert format.
+ * @bio: the BIO.
+ * @format: the cert format.
*
* Loads public key from cert.
*
* Returns: pointer to key or NULL if an error occurs.
*/
-xmlSecKeyPtr
+xmlSecKeyPtr
xmlSecOpenSSLAppKeyFromCertLoadBIO(BIO* bio, xmlSecKeyDataFormat format) {
xmlSecKeyPtr key;
xmlSecKeyDataPtr keyData;
@@ -872,147 +917,147 @@ xmlSecOpenSSLAppKeyFromCertLoadBIO(BIO* bio, xmlSecKeyDataFormat format) {
xmlSecAssert2(bio != NULL, NULL);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
-
+
/* load cert */
cert = xmlSecOpenSSLAppCertLoadBIO(bio, format);
if(cert == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLAppCertLoadBIO",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ NULL,
+ "xmlSecOpenSSLAppCertLoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
/* get key value */
keyData = xmlSecOpenSSLX509CertGetKey(cert);
if(keyData == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLX509CertGetKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- X509_free(cert);
- return(NULL);
- }
-
+ NULL,
+ "xmlSecOpenSSLX509CertGetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_free(cert);
+ return(NULL);
+ }
+
/* create key */
key = xmlSecKeyCreate();
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(keyData);
- X509_free(cert);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyData);
+ X509_free(cert);
+ return(NULL);
+ }
+
/* set key value */
ret = xmlSecKeySetValue(key, keyData);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDestroy(key);
- xmlSecKeyDataDestroy(keyData);
- X509_free(cert);
- return(NULL);
- }
-
- /* create cert data */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ xmlSecKeyDataDestroy(keyData);
+ X509_free(cert);
+ return(NULL);
+ }
+
+ /* create cert data */
certData = xmlSecKeyEnsureData(key, xmlSecOpenSSLKeyDataX509Id);
if(certData == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyEnsureData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDestroy(key);
- X509_free(cert);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ X509_free(cert);
+ return(NULL);
}
/* put cert in the cert data */
ret = xmlSecOpenSSLKeyDataX509AdoptCert(certData, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDestroy(key);
- X509_free(cert);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ X509_free(cert);
+ return(NULL);
+ }
+
return(key);
}
/**
* xmlSecOpenSSLAppKeysMngrCertLoad:
- * @mngr: the keys manager.
- * @filename: the certificate file.
- * @format: the certificate file format.
- * @type: the flag that indicates is the certificate in @filename
- * trusted or not.
- *
+ * @mngr: the keys manager.
+ * @filename: the certificate file.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate in @filename
+ * trusted or not.
+ *
* Reads cert from @filename and adds to the list of trusted or known
* untrusted certs in @store.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecOpenSSLAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
- xmlSecKeyDataFormat format, xmlSecKeyDataType type) {
+xmlSecOpenSSLAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
+ xmlSecKeyDataFormat format, xmlSecKeyDataType type) {
BIO* bio;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
bio = BIO_new_file(filename, "rb");
if(bio == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BIO_new_file",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "filename=%s;errno=%d",
- xmlSecErrorsSafeString(filename),
- errno);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new_file",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "filename=%s;errno=%d",
+ xmlSecErrorsSafeString(filename),
+ errno);
+ return(-1);
}
ret = xmlSecOpenSSLAppKeysMngrCertLoadBIO(mngr, bio, format, type);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLAppKeysMngrCertLoadBIO",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s;errno=%d",
- xmlSecErrorsSafeString(filename),
- errno);
- BIO_free(bio);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppKeysMngrCertLoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s;errno=%d",
+ xmlSecErrorsSafeString(filename),
+ errno);
+ BIO_free(bio);
+ return(-1);
+ }
+
BIO_free(bio);
return(0);
}
/**
* xmlSecOpenSSLAppKeysMngrCertLoadMemory:
- * @mngr: the keys manager.
- * @data: the certificate binary data.
- * @dataSize: the certificate binary data size.
- * @format: the certificate file format.
- * @type: the flag that indicates is the certificate trusted or not.
- *
+ * @mngr: the keys manager.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate trusted or not.
+ *
* Reads cert from binary buffer @data and adds to the list of trusted or known
* untrusted certs in @store.
*
@@ -1020,11 +1065,11 @@ xmlSecOpenSSLAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
*/
int
xmlSecOpenSSLAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* data,
- xmlSecSize dataSize, xmlSecKeyDataFormat format,
- xmlSecKeyDataType type) {
+ xmlSecSize dataSize, xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type) {
BIO* bio;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
@@ -1032,45 +1077,45 @@ xmlSecOpenSSLAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte*
/* this would be a read only BIO, cast from const is ok */
bio = BIO_new_mem_buf((void*)data, dataSize);
if(bio == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BIO_new_mem_buf",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "errno=%d",
- errno);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new_mem_buf",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "errno=%d",
+ errno);
+ return(-1);
}
ret = xmlSecOpenSSLAppKeysMngrCertLoadBIO(mngr, bio, format, type);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLAppKeysMngrCertLoadBIO",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- BIO_free(bio);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppKeysMngrCertLoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free(bio);
+ return(-1);
+ }
+
BIO_free(bio);
return(0);
}
/**
* xmlSecOpenSSLAppKeysMngrCertLoadBIO:
- * @mngr: the keys manager.
- * @bio: the certificate BIO.
- * @format: the certificate file format.
- * @type: the flag that indicates is the certificate trusted or not.
- *
+ * @mngr: the keys manager.
+ * @bio: the certificate BIO.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate trusted or not.
+ *
* Reads cert from an OpenSSL BIO object and adds to the list of trusted or known
* untrusted certs in @store.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecOpenSSLAppKeysMngrCertLoadBIO(xmlSecKeysMngrPtr mngr, BIO* bio,
- xmlSecKeyDataFormat format, xmlSecKeyDataType type) {
+xmlSecOpenSSLAppKeysMngrCertLoadBIO(xmlSecKeysMngrPtr mngr, BIO* bio,
+ xmlSecKeyDataFormat format, xmlSecKeyDataType type) {
xmlSecKeyDataStorePtr x509Store;
X509* cert;
int ret;
@@ -1078,46 +1123,46 @@ xmlSecOpenSSLAppKeysMngrCertLoadBIO(xmlSecKeysMngrPtr mngr, BIO* bio,
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(bio != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
-
+
x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecOpenSSLX509StoreId);
if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecOpenSSLX509StoreId");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecOpenSSLX509StoreId");
+ return(-1);
}
cert = xmlSecOpenSSLAppCertLoadBIO(bio, format);
if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLAppCertLoadBIO",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppCertLoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecOpenSSLX509StoreAdoptCert(x509Store, cert, type);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLX509StoreAdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- X509_free(cert);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509StoreAdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_free(cert);
+ return(-1);
+ }
+
return(0);
}
/**
* xmlSecOpenSSLAppKeysMngrAddCertsPath:
- * @mngr: the keys manager.
- * @path: the path to trusted certificates.
- *
+ * @mngr: the keys manager.
+ * @path: the path to trusted certificates.
+ *
* Reads cert from @path and adds to the list of trusted certificates.
*
* Returns: 0 on success or a negative value otherwise.
@@ -1129,27 +1174,27 @@ xmlSecOpenSSLAppKeysMngrAddCertsPath(xmlSecKeysMngrPtr mngr, const char *path) {
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(path != NULL, -1);
-
+
x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecOpenSSLX509StoreId);
if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecOpenSSLX509StoreId");
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecOpenSSLX509StoreId");
+ return(-1);
+ }
+
ret = xmlSecOpenSSLX509StoreAddCertsPath(x509Store, path);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLX509StoreAddCertsPath",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "path=%s", xmlSecErrorsSafeString(path));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509StoreAddCertsPath",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "path=%s", xmlSecErrorsSafeString(path));
+ return(-1);
+ }
+
return(0);
}
@@ -1194,47 +1239,47 @@ xmlSecOpenSSLAppKeysMngrAddCertsFile(xmlSecKeysMngrPtr mngr, const char *file) {
return(0);
}
-static X509*
+static X509*
xmlSecOpenSSLAppCertLoadBIO(BIO* bio, xmlSecKeyDataFormat format) {
X509 *cert;
-
+
xmlSecAssert2(bio != NULL, NULL);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
switch(format) {
case xmlSecKeyDataFormatPem:
case xmlSecKeyDataFormatCertPem:
- cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PEM_read_bio_X509_AUX",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
- break;
+ cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PEM_read_bio_X509_AUX",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ break;
case xmlSecKeyDataFormatDer:
case xmlSecKeyDataFormatCertDer:
- cert = d2i_X509_bio(bio, NULL);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "d2i_X509_bio",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
- break;
+ cert = d2i_X509_bio(bio, NULL);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "d2i_X509_bio",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ break;
default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_FORMAT,
- "format=%d", format);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(NULL);
+ }
+
return(cert);
}
@@ -1242,55 +1287,55 @@ xmlSecOpenSSLAppCertLoadBIO(BIO* bio, xmlSecKeyDataFormat format) {
/**
* xmlSecOpenSSLAppDefaultKeysMngrInit:
- * @mngr: the pointer to keys manager.
+ * @mngr: the pointer to keys manager.
*
* Initializes @mngr with simple keys store #xmlSecSimpleKeysStoreId
* and a default OpenSSL crypto key data stores.
*
* Returns: 0 on success or a negative value otherwise.
- */
+ */
int
xmlSecOpenSSLAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) {
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
- /* create simple keys store if needed */
+ /* create simple keys store if needed */
if(xmlSecKeysMngrGetKeysStore(mngr) == NULL) {
- xmlSecKeyStorePtr keysStore;
-
- keysStore = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
- if(keysStore == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyStoreCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecSimpleKeysStoreId");
- return(-1);
- }
-
- ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrAdoptKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyStoreDestroy(keysStore);
- return(-1);
- }
- }
-
- ret = xmlSecOpenSSLKeysMngrInit(mngr);
+ xmlSecKeyStorePtr keysStore;
+
+ keysStore = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
+ if(keysStore == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecSimpleKeysStoreId");
+ return(-1);
+ }
+
+ ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrAdoptKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyStoreDestroy(keysStore);
+ return(-1);
+ }
+ }
+
+ ret = xmlSecOpenSSLKeysMngrInit(mngr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLKeysMngrInit",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLKeysMngrInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
/* TODO */
mngr->getKey = xmlSecKeysMngrGetKey;
return(0);
@@ -1298,185 +1343,185 @@ xmlSecOpenSSLAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) {
/**
* xmlSecOpenSSLAppDefaultKeysMngrAdoptKey:
- * @mngr: the pointer to keys manager.
- * @key: the pointer to key.
+ * @mngr: the pointer to keys manager.
+ * @key: the pointer to key.
*
* Adds @key to the keys manager @mngr created with #xmlSecOpenSSLAppDefaultKeysMngrInit
* function.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecOpenSSLAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) {
xmlSecKeyStorePtr store;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(key != NULL, -1);
-
+
store = xmlSecKeysMngrGetKeysStore(mngr);
if(store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecSimpleKeysStoreAdoptKey(store, key);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSimpleKeysStoreAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
return(0);
}
/**
* xmlSecOpenSSLAppDefaultKeysMngrLoad:
- * @mngr: the pointer to keys manager.
- * @uri: the uri.
+ * @mngr: the pointer to keys manager.
+ * @uri: the uri.
*
- * Loads XML keys file from @uri to the keys manager @mngr created
+ * Loads XML keys file from @uri to the keys manager @mngr created
* with #xmlSecOpenSSLAppDefaultKeysMngrInit function.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecOpenSSLAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) {
xmlSecKeyStorePtr store;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(uri != NULL, -1);
-
+
store = xmlSecKeysMngrGetKeysStore(mngr);
if(store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecSimpleKeysStoreLoad(store, uri, mngr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSimpleKeysStoreLoad",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "uri=%s", xmlSecErrorsSafeString(uri));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreLoad",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s", xmlSecErrorsSafeString(uri));
+ return(-1);
+ }
+
return(0);
}
/**
* xmlSecOpenSSLAppDefaultKeysMngrSave:
- * @mngr: the pointer to keys manager.
- * @filename: the destination filename.
- * @type: the type of keys to save (public/private/symmetric).
+ * @mngr: the pointer to keys manager.
+ * @filename: the destination filename.
+ * @type: the type of keys to save (public/private/symmetric).
*
* Saves keys from @mngr to XML keys file.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
-xmlSecOpenSSLAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename,
- xmlSecKeyDataType type) {
+ */
+int
+xmlSecOpenSSLAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename,
+ xmlSecKeyDataType type) {
xmlSecKeyStorePtr store;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
-
+
store = xmlSecKeysMngrGetKeysStore(mngr);
if(store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecSimpleKeysStoreSave(store, filename, type);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSimpleKeysStoreSave",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename%s", xmlSecErrorsSafeString(filename));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreSave",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename%s", xmlSecErrorsSafeString(filename));
+ return(-1);
+ }
+
return(0);
}
-/**
+/*
* Random numbers initialization from openssl (apps/app_rand.c)
*/
static int seeded = 0;
static int egdsocket = 0;
-static int
+static int
xmlSecOpenSSLAppLoadRANDFile(const char *file) {
char buffer[1024];
-
+
if(file == NULL) {
- file = RAND_file_name(buffer, sizeof(buffer));
+ file = RAND_file_name(buffer, sizeof(buffer));
}else if(RAND_egd(file) > 0) {
- /* we try if the given filename is an EGD socket.
- * if it is, we don't write anything back to the file. */
- egdsocket = 1;
- return 1;
+ /* we try if the given filename is an EGD socket.
+ * if it is, we don't write anything back to the file. */
+ egdsocket = 1;
+ return 1;
}
if((file == NULL) || !RAND_load_file(file, -1)) {
- if(RAND_status() == 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "RAND_load_file",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "file=%s", xmlSecErrorsSafeString(file));
- return 0;
- }
+ if(RAND_status() == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "RAND_load_file",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "file=%s", xmlSecErrorsSafeString(file));
+ return 0;
+ }
}
seeded = 1;
return 1;
}
-static int
+static int
xmlSecOpenSSLAppSaveRANDFile(const char *file) {
char buffer[1024];
-
+
if(egdsocket || !seeded) {
- /* If we did not manage to read the seed file,
- * we should not write a low-entropy seed file back --
- * it would suppress a crucial warning the next time
- * we want to use it. */
- return 0;
+ /* If we did not manage to read the seed file,
+ * we should not write a low-entropy seed file back --
+ * it would suppress a crucial warning the next time
+ * we want to use it. */
+ return 0;
}
-
+
if(file == NULL) {
- file = RAND_file_name(buffer, sizeof(buffer));
+ file = RAND_file_name(buffer, sizeof(buffer));
}
if((file == NULL) || !RAND_write_file(file)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "RAND_write_file",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "file=%s",
- xmlSecErrorsSafeString(file));
- return 0;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "RAND_write_file",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "file=%s",
+ xmlSecErrorsSafeString(file));
+ return 0;
}
return 1;
@@ -1491,7 +1536,7 @@ xmlSecOpenSSLAppSaveRANDFile(const char *file) {
*/
void*
xmlSecOpenSSLAppGetDefaultPwdCallback(void) {
- return((void*)xmlSecOpenSSLDefaultPasswordCallback);
+ return XMLSEC_FUNC_TO_PTR(pem_password_cb, xmlSecOpenSSLDefaultPasswordCallback);
}
static int
@@ -1500,81 +1545,83 @@ xmlSecOpenSSLDefaultPasswordCallback(char *buf, int bufsize, int verify, void *u
char* buf2;
xmlChar prompt[2048];
int i, ret;
-
+
xmlSecAssert2(buf != NULL, -1);
/* try 3 times */
for(i = 0; i < 3; i++) {
if(filename != NULL) {
- xmlSecStrPrintf(prompt, sizeof(prompt), BAD_CAST "Enter password for \"%s\" file: ", filename);
- } else {
- xmlSecStrPrintf(prompt, sizeof(prompt), BAD_CAST "Enter password: ");
+ xmlSecStrPrintf(prompt, sizeof(prompt), BAD_CAST "Enter password for \"%s\" file: ", filename);
+ } else {
+ xmlSecStrPrintf(prompt, sizeof(prompt), BAD_CAST "Enter password: ");
}
- ret = EVP_read_pw_string(buf, bufsize, (char*)prompt, 0);
+ ret = EVP_read_pw_string(buf, bufsize, (char*)prompt, 0);
if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "EVP_read_pw_string",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* if we don't need to verify password then we are done */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EVP_read_pw_string",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* if we don't need to verify password then we are done */
if(verify == 0) {
- return(strlen(buf));
+ return(strlen(buf));
+ }
+
+ if(filename != NULL) {
+ xmlSecStrPrintf(prompt, sizeof(prompt), BAD_CAST "Enter password for \"%s\" file again: ", filename);
+ } else {
+ xmlSecStrPrintf(prompt, sizeof(prompt), BAD_CAST "Enter password again: ");
+ }
+
+ buf2 = (char*)xmlMalloc(bufsize);
+ if(buf2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", bufsize);
+ return(-1);
+ }
+ ret = EVP_read_pw_string(buf2, bufsize, (char*)prompt, 0);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EVP_read_pw_string",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ memset(buf2, 0, bufsize);
+ xmlFree(buf2);
+ return(-1);
}
- if(filename != NULL) {
- xmlSecStrPrintf(prompt, sizeof(prompt), BAD_CAST "Enter password for \"%s\" file again: ", filename);
- } else {
- xmlSecStrPrintf(prompt, sizeof(prompt), BAD_CAST "Enter password again: ");
- }
-
- buf2 = (char*)xmlMalloc(bufsize);
- if(buf2 == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", bufsize);
- return(-1);
- }
- ret = EVP_read_pw_string(buf2, bufsize, (char*)prompt, 0);
- if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "EVP_read_pw_string",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- memset(buf2, 0, bufsize);
- xmlFree(buf2);
- return(-1);
- }
-
- /* check if passwords match */
- if(strcmp(buf, buf2) == 0) {
- memset(buf2, 0, bufsize);
- xmlFree(buf2);
- return(strlen(buf));
- }
-
- /* try again */
- memset(buf2, 0, bufsize);
- xmlFree(buf2);
- }
-
+ /* check if passwords match */
+ if(strcmp(buf, buf2) == 0) {
+ memset(buf2, 0, bufsize);
+ xmlFree(buf2);
+ return(strlen(buf));
+ }
+
+ /* try again */
+ memset(buf2, 0, bufsize);
+ xmlFree(buf2);
+ }
+
return(-1);
}
static int
-xmlSecOpenSSLDummyPasswordCallback(char *buf, int bufsize, int verify, void *userdata) {
+xmlSecOpenSSLDummyPasswordCallback(char *buf, int bufsize,
+ int verify ATTRIBUTE_UNUSED,
+ void *userdata) {
char* password = (char*)userdata;
-
- if((password == NULL) || (strlen(password) + 1 > bufsize)) {
+
+ if((password == NULL) || ((int)strlen(password) + 1 > bufsize)) {
return(-1);
}
-
+
strcpy(buf, password);
return (strlen(buf));
}
diff --git a/src/openssl/bn.c b/src/openssl/bn.c
index 28025d14..dfeae6ea 100644
--- a/src/openssl/bn.c
+++ b/src/openssl/bn.c
@@ -1,11 +1,11 @@
-/**
+/**
* XMLSec library
- *
+ *
* Reading/writing BIGNUM values
- *
+ *
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -13,7 +13,7 @@
#include <stdlib.h>
#include <string.h>
-#include <libxml/tree.h>
+#include <libxml/tree.h>
#include <xmlsec/xmlsec.h>
#include <xmlsec/buffer.h>
@@ -28,8 +28,8 @@
* @cur: the poitner to an XML node.
* @a: the BIGNUM buffer.
*
- * Converts the node content from CryptoBinary format
- * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * Converts the node content from CryptoBinary format
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
* to a BIGNUM. If no BIGNUM buffer provided then a new
* BIGNUM is created (caller is responsible for freeing it).
*
@@ -45,34 +45,34 @@ xmlSecOpenSSLNodeGetBNValue(const xmlNodePtr cur, BIGNUM **a) {
ret = xmlSecBufferInitialize(&buf, 128);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
ret = xmlSecBufferBase64NodeContentRead(&buf, cur);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferBase64NodeContentRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBufferFinalize(&buf);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferBase64NodeContentRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(NULL);
+ }
+
(*a) = BN_bin2bn(xmlSecBufferGetData(&buf), xmlSecBufferGetSize(&buf), (*a));
- if( (*a) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BN_bin2bn",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBufferFinalize(&buf);
- return(NULL);
+ if( (*a) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BN_bin2bn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(NULL);
}
xmlSecBufferFinalize(&buf);
return(*a);
@@ -82,16 +82,16 @@ xmlSecOpenSSLNodeGetBNValue(const xmlNodePtr cur, BIGNUM **a) {
* xmlSecOpenSSLNodeSetBNValue:
* @cur: the pointer to an XML node.
* @a: the BIGNUM.
- * @addLineBreaks: if the flag is equal to 1 then
- * linebreaks will be added before and after
- * new buffer content.
+ * @addLineBreaks: if the flag is equal to 1 then
+ * linebreaks will be added before and after
+ * new buffer content.
*
* Converts BIGNUM to CryptoBinary string
- * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
- * and sets it as the content of the given node. If the
- * addLineBreaks is set then line breaks are added
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * and sets it as the content of the given node. If the
+ * addLineBreaks is set then line breaks are added
* before and after the CryptoBinary string.
- *
+ *
* Returns: 0 on success or -1 otherwise.
*/
int
@@ -99,62 +99,62 @@ xmlSecOpenSSLNodeSetBNValue(xmlNodePtr cur, const BIGNUM *a, int addLineBreaks)
xmlSecBuffer buf;
xmlSecSize size;
int ret;
-
+
xmlSecAssert2(a != NULL, -1);
xmlSecAssert2(cur != NULL, -1);
ret = xmlSecBufferInitialize(&buf, BN_num_bytes(a) + 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", BN_num_bytes(a) + 1);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", BN_num_bytes(a) + 1);
+ return(-1);
+ }
ret = BN_bn2bin(a, xmlSecBufferGetData(&buf));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BN_bn2bin",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BN_bn2bin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
size = ret;
-
+
ret = xmlSecBufferSetSize(&buf, size);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", size);
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
if(addLineBreaks) {
- xmlNodeSetContent(cur, xmlSecStringCR);
+ xmlNodeSetContent(cur, xmlSecStringCR);
} else {
- xmlNodeSetContent(cur, xmlSecStringEmpty);
+ xmlNodeSetContent(cur, xmlSecStringEmpty);
}
-
+
ret = xmlSecBufferBase64NodeContentWrite(&buf, cur, xmlSecBase64GetDefaultLineSize());
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferBase64NodeContentWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBufferFinalize(&buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferBase64NodeContentWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
}
if(addLineBreaks) {
- xmlNodeAddContent(cur, xmlSecStringCR);
+ xmlNodeAddContent(cur, xmlSecStringCR);
}
xmlSecBufferFinalize(&buf);
diff --git a/src/openssl/ciphers.c b/src/openssl/ciphers.c
index 4799cb52..1b600625 100644
--- a/src/openssl/ciphers.c
+++ b/src/openssl/ciphers.c
@@ -1,9 +1,9 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -23,7 +23,7 @@
/* this is not defined in OpenSSL 0.9.6 */
#ifndef EVP_MAX_BLOCK_LENGTH
-#define EVP_MAX_BLOCK_LENGTH 32
+#define EVP_MAX_BLOCK_LENGTH 32
#endif /* EVP_MAX_BLOCK_LENGTH */
/**************************************************************************
@@ -31,39 +31,39 @@
* Internal OpenSSL Block cipher CTX
*
*****************************************************************************/
-typedef struct _xmlSecOpenSSLEvpBlockCipherCtx xmlSecOpenSSLEvpBlockCipherCtx,
- *xmlSecOpenSSLEvpBlockCipherCtxPtr;
+typedef struct _xmlSecOpenSSLEvpBlockCipherCtx xmlSecOpenSSLEvpBlockCipherCtx,
+ *xmlSecOpenSSLEvpBlockCipherCtxPtr;
struct _xmlSecOpenSSLEvpBlockCipherCtx {
- const EVP_CIPHER* cipher;
- xmlSecKeyDataId keyId;
- EVP_CIPHER_CTX cipherCtx;
- int keyInitialized;
- int ctxInitialized;
- xmlSecByte key[EVP_MAX_KEY_LENGTH];
- xmlSecByte iv[EVP_MAX_IV_LENGTH];
- xmlSecByte pad[EVP_MAX_BLOCK_LENGTH];
+ const EVP_CIPHER* cipher;
+ xmlSecKeyDataId keyId;
+ EVP_CIPHER_CTX cipherCtx;
+ int keyInitialized;
+ int ctxInitialized;
+ xmlSecByte key[EVP_MAX_KEY_LENGTH];
+ xmlSecByte iv[EVP_MAX_IV_LENGTH];
+ xmlSecByte pad[EVP_MAX_BLOCK_LENGTH];
};
-static int xmlSecOpenSSLEvpBlockCipherCtxInit (xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecOpenSSLEvpBlockCipherCtxUpdate (xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecOpenSSLEvpBlockCipherCtxFinal (xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
- xmlSecBufferPtr out,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx);
-static int
+static int xmlSecOpenSSLEvpBlockCipherCtxInit (xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLEvpBlockCipherCtxUpdate (xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLEvpBlockCipherCtxFinal (xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr out,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int
xmlSecOpenSSLEvpBlockCipherCtxInit(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in, xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx) {
+ xmlSecBufferPtr in, xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
int ivLen;
int ret;
@@ -78,88 +78,88 @@ xmlSecOpenSSLEvpBlockCipherCtxInit(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
ivLen = EVP_CIPHER_iv_length(ctx->cipher);
xmlSecAssert2(ivLen > 0, -1);
xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1);
-
+
if(encrypt) {
/* generate random iv */
ret = RAND_bytes(ctx->iv, ivLen);
- if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "RAND_bytes",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "size=%d", ivLen);
- return(-1);
- }
-
- /* write iv to the output */
- ret = xmlSecBufferAppend(out, ctx->iv, ivLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", ivLen);
- return(-1);
- }
-
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "RAND_bytes",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", ivLen);
+ return(-1);
+ }
+
+ /* write iv to the output */
+ ret = xmlSecBufferAppend(out, ctx->iv, ivLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", ivLen);
+ return(-1);
+ }
+
} else {
- /* if we don't have enough data, exit and hope that
- * we'll have iv next time */
- if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) {
- return(0);
- }
-
- /* copy iv to our buffer*/
- xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
- memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen);
-
- /* and remove from input */
- ret = xmlSecBufferRemoveHead(in, ivLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", ivLen);
- return(-1);
- }
+ /* if we don't have enough data, exit and hope that
+ * we'll have iv next time */
+ if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) {
+ return(0);
+ }
+
+ /* copy iv to our buffer*/
+ xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
+ memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen);
+
+ /* and remove from input */
+ ret = xmlSecBufferRemoveHead(in, ivLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", ivLen);
+ return(-1);
+ }
}
/* set iv */
ret = EVP_CipherInit(&(ctx->cipherCtx), ctx->cipher, ctx->key, ctx->iv, encrypt);
if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "EVP_CipherInit",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "EVP_CipherInit",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ctx->ctxInitialized = 1;
-
+
/*
* The padding used in XML Enc does not follow RFC 1423
* and is not supported by OpenSSL. In the case of OpenSSL 0.9.7
* it is possible to disable padding and do it by yourself
* For OpenSSL 0.9.6 you have interop problems
*/
-#ifndef XMLSEC_OPENSSL_096
- EVP_CIPHER_CTX_set_padding(&(ctx->cipherCtx), 0);
-#endif /* XMLSEC_OPENSSL_096 */
+#ifndef XMLSEC_OPENSSL_096
+ EVP_CIPHER_CTX_set_padding(&(ctx->cipherCtx), 0);
+#endif /* XMLSEC_OPENSSL_096 */
return(0);
}
-static int
+static int
xmlSecOpenSSLEvpBlockCipherCtxUpdate(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in, xmlSecBufferPtr out,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx) {
+ xmlSecBufferPtr in, xmlSecBufferPtr out,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
int blockLen, fixLength = 0, outLen = 0;
xmlSecSize inSize, outSize;
xmlSecByte* outBuf;
int ret;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->keyInitialized != 0, -1);
xmlSecAssert2(ctx->ctxInitialized != 0, -1);
@@ -174,25 +174,25 @@ xmlSecOpenSSLEvpBlockCipherCtxUpdate(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
outSize = xmlSecBufferGetSize(out);
if(inSize == 0) {
- /* wait for more data */
- return(0);
+ /* wait for more data */
+ return(0);
}
- /* OpenSSL docs: The amount of data written depends on the block
- * alignment of the encrypted data: as a result the amount of data
+ /* OpenSSL docs: The amount of data written depends on the block
+ * alignment of the encrypted data: as a result the amount of data
* written may be anything from zero bytes to (inl + cipher_block_size - 1).
*/
ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + inSize + blockLen);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + inSize + blockLen);
+ return(-1);
}
outBuf = xmlSecBufferGetData(out) + outSize;
-
+
/*
* The padding used in XML Enc does not follow RFC 1423
* and is not supported by OpenSSL. In the case of OpenSSL 0.9.7
@@ -206,82 +206,82 @@ xmlSecOpenSSLEvpBlockCipherCtxUpdate(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
*/
#ifndef XMLSEC_OPENSSL_096
if(!ctx->cipherCtx.encrypt) {
- if(ctx->cipherCtx.final_used) {
- memcpy(outBuf, ctx->cipherCtx.final, blockLen);
- outBuf += blockLen;
- fixLength = 1;
- } else {
- fixLength = 0;
- }
+ if(ctx->cipherCtx.final_used) {
+ memcpy(outBuf, ctx->cipherCtx.final, blockLen);
+ outBuf += blockLen;
+ fixLength = 1;
+ } else {
+ fixLength = 0;
+ }
}
#endif /* XMLSEC_OPENSSL_096 */
/* encrypt/decrypt */
ret = EVP_CipherUpdate(&(ctx->cipherCtx), outBuf, &outLen, xmlSecBufferGetData(in), inSize);
if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "EVP_CipherUpdate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "EVP_CipherUpdate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
#ifndef XMLSEC_OPENSSL_096
if(!ctx->cipherCtx.encrypt) {
- /*
- * The logic below is copied from EVP_DecryptUpdate() function.
- * This is a hack but it's the only way I can provide binary
- * compatibility with previous versions of xmlsec.
- * This needs to be fixed in the next XMLSEC API refresh.
- */
- if (blockLen > 1 && !ctx->cipherCtx.buf_len) {
- outLen -= blockLen;
- ctx->cipherCtx.final_used = 1;
- memcpy(ctx->cipherCtx.final, &outBuf[outLen], blockLen);
- } else {
- ctx->cipherCtx.final_used = 0;
- }
- if (fixLength) {
- outLen += blockLen;
- }
+ /*
+ * The logic below is copied from EVP_DecryptUpdate() function.
+ * This is a hack but it's the only way I can provide binary
+ * compatibility with previous versions of xmlsec.
+ * This needs to be fixed in the next XMLSEC API refresh.
+ */
+ if (blockLen > 1 && !ctx->cipherCtx.buf_len) {
+ outLen -= blockLen;
+ ctx->cipherCtx.final_used = 1;
+ memcpy(ctx->cipherCtx.final, &outBuf[outLen], blockLen);
+ } else {
+ ctx->cipherCtx.final_used = 0;
+ }
+ if (fixLength) {
+ outLen += blockLen;
+ }
}
#endif /* XMLSEC_OPENSSL_096 */
-
+
/* set correct output buffer size */
ret = xmlSecBufferSetSize(out, outSize + outLen);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + outLen);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
}
-
+
/* remove the processed block from input */
ret = xmlSecBufferRemoveHead(in, inSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
}
return(0);
}
-static int
+static int
xmlSecOpenSSLEvpBlockCipherCtxFinal(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
- xmlSecBufferPtr out,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx) {
+ xmlSecBufferPtr out,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
int blockLen, outLen = 0, outLen2 = 0;
xmlSecSize outSize;
xmlSecByte* outBuf;
int ret;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->keyInitialized != 0, -1);
xmlSecAssert2(ctx->ctxInitialized != 0, -1);
@@ -292,22 +292,22 @@ xmlSecOpenSSLEvpBlockCipherCtxFinal(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
xmlSecAssert2(blockLen > 0, -1);
outSize = xmlSecBufferGetSize(out);
-
- /* OpenSSL docs: The encrypted final data is written to out which should
- * have sufficient space for one cipher block. We might have to write
+
+ /* OpenSSL docs: The encrypted final data is written to out which should
+ * have sufficient space for one cipher block. We might have to write
* one more block with padding
*/
ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + 2 * blockLen);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + 2 * blockLen);
+ return(-1);
}
outBuf = xmlSecBufferGetData(out) + outSize;
-
+
/*
* The padding used in XML Enc does not follow RFC 1423
* and is not supported by OpenSSL. In the case of OpenSSL 0.9.7
@@ -321,50 +321,50 @@ xmlSecOpenSSLEvpBlockCipherCtxFinal(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
*/
#ifndef XMLSEC_OPENSSL_096
if(ctx->cipherCtx.encrypt) {
- int padLen;
-
+ int padLen;
+
xmlSecAssert2(blockLen <= EVP_MAX_BLOCK_LENGTH, -1);
-
- padLen = blockLen - ctx->cipherCtx.buf_len;
- xmlSecAssert2(padLen > 0, -1);
-
- /* generate random padding */
- if(padLen > 1) {
- ret = RAND_bytes(ctx->pad, padLen - 1);
- if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "RAND_bytes",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "size=%d", padLen - 1);
- return(-1);
- }
- }
- ctx->pad[padLen - 1] = padLen;
-
- /* write padding */
- ret = EVP_CipherUpdate(&(ctx->cipherCtx), outBuf, &outLen, ctx->pad, padLen);
- if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "EVP_CipherUpdate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- outBuf += outLen;
+
+ padLen = blockLen - ctx->cipherCtx.buf_len;
+ xmlSecAssert2(padLen > 0, -1);
+
+ /* generate random padding */
+ if(padLen > 1) {
+ ret = RAND_bytes(ctx->pad, padLen - 1);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "RAND_bytes",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", padLen - 1);
+ return(-1);
+ }
+ }
+ ctx->pad[padLen - 1] = padLen;
+
+ /* write padding */
+ ret = EVP_CipherUpdate(&(ctx->cipherCtx), outBuf, &outLen, ctx->pad, padLen);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "EVP_CipherUpdate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outBuf += outLen;
}
-#endif /* XMLSEC_OPENSSL_096 */
+#endif /* XMLSEC_OPENSSL_096 */
/* finalize transform */
ret = EVP_CipherFinal(&(ctx->cipherCtx), outBuf, &outLen2);
if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "EVP_CipherFinal",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "EVP_CipherFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/*
@@ -380,39 +380,39 @@ xmlSecOpenSSLEvpBlockCipherCtxFinal(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
*/
#ifndef XMLSEC_OPENSSL_096
if(!ctx->cipherCtx.encrypt) {
- /* we instructed openssl to do not use padding so there
- * should be no final block
- */
- xmlSecAssert2(outLen2 == 0, -1);
- xmlSecAssert2(ctx->cipherCtx.buf_len == 0, -1);
- xmlSecAssert2(ctx->cipherCtx.final_used, -1);
-
+ /* we instructed openssl to do not use padding so there
+ * should be no final block
+ */
+ xmlSecAssert2(outLen2 == 0, -1);
+ xmlSecAssert2(ctx->cipherCtx.buf_len == 0, -1);
+ xmlSecAssert2(ctx->cipherCtx.final_used, -1);
+
if(blockLen > 1) {
- outLen2 = blockLen - ctx->cipherCtx.final[blockLen - 1];
- if(outLen2 > 0) {
- memcpy(outBuf, ctx->cipherCtx.final, outLen2);
- } else if(outLen2 < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "padding=%d;buffer=%d",
- ctx->cipherCtx.final[blockLen - 1], blockLen);
- return(-1);
- }
- }
- }
-#endif /* XMLSEC_OPENSSL_096 */
+ outLen2 = blockLen - ctx->cipherCtx.final[blockLen - 1];
+ if(outLen2 > 0) {
+ memcpy(outBuf, ctx->cipherCtx.final, outLen2);
+ } else if(outLen2 < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "padding=%d;buffer=%d",
+ ctx->cipherCtx.final[blockLen - 1], blockLen);
+ return(-1);
+ }
+ }
+ }
+#endif /* XMLSEC_OPENSSL_096 */
/* set correct output buffer size */
ret = xmlSecBufferSetSize(out, outSize + outLen + outLen2);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + outLen + outLen2);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen + outLen2);
+ return(-1);
}
return(0);
@@ -424,31 +424,31 @@ xmlSecOpenSSLEvpBlockCipherCtxFinal(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
* EVP Block Cipher transforms
*
* xmlSecOpenSSLEvpBlockCipherCtx block is located after xmlSecTransform structure
- *
+ *
*****************************************************************************/
-#define xmlSecOpenSSLEvpBlockCipherSize \
+#define xmlSecOpenSSLEvpBlockCipherSize \
(sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLEvpBlockCipherCtx))
#define xmlSecOpenSSLEvpBlockCipherGetCtx(transform) \
((xmlSecOpenSSLEvpBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-static int xmlSecOpenSSLEvpBlockCipherInitialize (xmlSecTransformPtr transform);
-static void xmlSecOpenSSLEvpBlockCipherFinalize (xmlSecTransformPtr transform);
-static int xmlSecOpenSSLEvpBlockCipherSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecOpenSSLEvpBlockCipherSetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecOpenSSLEvpBlockCipherExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecOpenSSLEvpBlockCipherCheckId (xmlSecTransformPtr transform);
-
+static int xmlSecOpenSSLEvpBlockCipherInitialize (xmlSecTransformPtr transform);
+static void xmlSecOpenSSLEvpBlockCipherFinalize (xmlSecTransformPtr transform);
+static int xmlSecOpenSSLEvpBlockCipherSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecOpenSSLEvpBlockCipherSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecOpenSSLEvpBlockCipherExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLEvpBlockCipherCheckId (xmlSecTransformPtr transform);
+
static int
xmlSecOpenSSLEvpBlockCipherCheckId(xmlSecTransformPtr transform) {
#ifndef XMLSEC_NO_DES
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformDes3CbcId)) {
- return(1);
+ return(1);
}
#endif /* XMLSEC_NO_DES */
@@ -456,60 +456,60 @@ xmlSecOpenSSLEvpBlockCipherCheckId(xmlSecTransformPtr transform) {
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformAes128CbcId) ||
xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformAes192CbcId) ||
xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformAes256CbcId)) {
-
+
return(1);
}
#endif /* XMLSEC_NO_AES */
-
+
return(0);
}
-static int
+static int
xmlSecOpenSSLEvpBlockCipherInitialize(xmlSecTransformPtr transform) {
xmlSecOpenSSLEvpBlockCipherCtxPtr ctx;
-
+
xmlSecAssert2(xmlSecOpenSSLEvpBlockCipherCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpBlockCipherSize), -1);
ctx = xmlSecOpenSSLEvpBlockCipherGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
-
+
memset(ctx, 0, sizeof(xmlSecOpenSSLEvpBlockCipherCtx));
#ifndef XMLSEC_NO_DES
if(transform->id == xmlSecOpenSSLTransformDes3CbcId) {
- ctx->cipher = EVP_des_ede3_cbc();
- ctx->keyId = xmlSecOpenSSLKeyDataDesId;
- } else
+ ctx->cipher = EVP_des_ede3_cbc();
+ ctx->keyId = xmlSecOpenSSLKeyDataDesId;
+ } else
#endif /* XMLSEC_NO_DES */
#ifndef XMLSEC_NO_AES
if(transform->id == xmlSecOpenSSLTransformAes128CbcId) {
- ctx->cipher = EVP_aes_128_cbc();
- ctx->keyId = xmlSecOpenSSLKeyDataAesId;
+ ctx->cipher = EVP_aes_128_cbc();
+ ctx->keyId = xmlSecOpenSSLKeyDataAesId;
} else if(transform->id == xmlSecOpenSSLTransformAes192CbcId) {
- ctx->cipher = EVP_aes_192_cbc();
- ctx->keyId = xmlSecOpenSSLKeyDataAesId;
+ ctx->cipher = EVP_aes_192_cbc();
+ ctx->keyId = xmlSecOpenSSLKeyDataAesId;
} else if(transform->id == xmlSecOpenSSLTransformAes256CbcId) {
- ctx->cipher = EVP_aes_256_cbc();
- ctx->keyId = xmlSecOpenSSLKeyDataAesId;
- } else
+ ctx->cipher = EVP_aes_256_cbc();
+ ctx->keyId = xmlSecOpenSSLKeyDataAesId;
+ } else
#endif /* XMLSEC_NO_AES */
if(1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
EVP_CIPHER_CTX_init(&(ctx->cipherCtx));
return(0);
}
-static void
+static void
xmlSecOpenSSLEvpBlockCipherFinalize(xmlSecTransformPtr transform) {
xmlSecOpenSSLEvpBlockCipherCtxPtr ctx;
@@ -518,12 +518,12 @@ xmlSecOpenSSLEvpBlockCipherFinalize(xmlSecTransformPtr transform) {
ctx = xmlSecOpenSSLEvpBlockCipherGetCtx(transform);
xmlSecAssert(ctx != NULL);
-
+
EVP_CIPHER_CTX_cleanup(&(ctx->cipherCtx));
memset(ctx, 0, sizeof(xmlSecOpenSSLEvpBlockCipherCtx));
}
-static int
+static int
xmlSecOpenSSLEvpBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecOpenSSLEvpBlockCipherCtxPtr ctx;
int cipherKeyLen;
@@ -538,12 +538,12 @@ xmlSecOpenSSLEvpBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReq
xmlSecAssert2(ctx->cipher != NULL, -1);
xmlSecAssert2(ctx->keyId != NULL, -1);
- keyReq->keyId = ctx->keyId;
+ keyReq->keyId = ctx->keyId;
keyReq->keyType = xmlSecKeyDataTypeSymmetric;
if(transform->operation == xmlSecTransformOperationEncrypt) {
- keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
} else {
- keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
}
cipherKeyLen = EVP_CIPHER_key_length(ctx->cipher);
@@ -558,7 +558,7 @@ xmlSecOpenSSLEvpBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key
xmlSecOpenSSLEvpBlockCipherCtxPtr ctx;
xmlSecBufferPtr buffer;
int cipherKeyLen;
-
+
xmlSecAssert2(xmlSecOpenSSLEvpBlockCipherCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpBlockCipherSize), -1);
@@ -570,7 +570,7 @@ xmlSecOpenSSLEvpBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key
xmlSecAssert2(ctx->keyInitialized == 0, -1);
xmlSecAssert2(ctx->keyId != NULL, -1);
xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
-
+
cipherKeyLen = EVP_CIPHER_key_length(ctx->cipher);
xmlSecAssert2(cipherKeyLen > 0, -1);
xmlSecAssert2((xmlSecSize)cipherKeyLen <= sizeof(ctx->key), -1);
@@ -579,28 +579,28 @@ xmlSecOpenSSLEvpBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key
xmlSecAssert2(buffer != NULL, -1);
if(xmlSecBufferGetSize(buffer) < (xmlSecSize)cipherKeyLen) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
- "keySize=%d;expected=%d",
- xmlSecBufferGetSize(buffer), cipherKeyLen);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "keySize=%d;expected=%d",
+ xmlSecBufferGetSize(buffer), cipherKeyLen);
+ return(-1);
}
-
+
xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
memcpy(ctx->key, xmlSecBufferGetData(buffer), cipherKeyLen);
-
+
ctx->keyInitialized = 1;
return(0);
}
-static int
+static int
xmlSecOpenSSLEvpBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLEvpBlockCipherCtxPtr ctx;
xmlSecBufferPtr in, out;
int ret;
-
+
xmlSecAssert2(xmlSecOpenSSLEvpBlockCipherCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpBlockCipherSize), -1);
@@ -613,77 +613,77 @@ xmlSecOpenSSLEvpBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSe
xmlSecAssert2(ctx != NULL, -1);
if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
+ transform->status = xmlSecTransformStatusWorking;
}
- if(transform->status == xmlSecTransformStatusWorking) {
- if(ctx->ctxInitialized == 0) {
- ret = xmlSecOpenSSLEvpBlockCipherCtxInit(ctx, in, out,
- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
- xmlSecTransformGetName(transform), transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecOpenSSLEvpBlockCipherCtxInit",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
- if((ctx->ctxInitialized == 0) && (last != 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "not enough data to initialize transform");
- return(-1);
- }
-
- if(ctx->ctxInitialized != 0) {
- ret = xmlSecOpenSSLEvpBlockCipherCtxUpdate(ctx, in, out,
- xmlSecTransformGetName(transform),
- transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecOpenSSLEvpBlockCipherCtxUpdate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
- if(last != 0) {
- /* by now there should be no input */
- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
- ret = xmlSecOpenSSLEvpBlockCipherCtxFinal(ctx, out,
- xmlSecTransformGetName(transform),
- transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecOpenSSLEvpBlockCipherCtxFinal",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- transform->status = xmlSecTransformStatusFinished;
- }
+ if(transform->status == xmlSecTransformStatusWorking) {
+ if(ctx->ctxInitialized == 0) {
+ ret = xmlSecOpenSSLEvpBlockCipherCtxInit(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLEvpBlockCipherCtxInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ if((ctx->ctxInitialized == 0) && (last != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "not enough data to initialize transform");
+ return(-1);
+ }
+
+ if(ctx->ctxInitialized != 0) {
+ ret = xmlSecOpenSSLEvpBlockCipherCtxUpdate(ctx, in, out,
+ xmlSecTransformGetName(transform),
+ transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLEvpBlockCipherCtxUpdate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ if(last != 0) {
+ /* by now there should be no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ ret = xmlSecOpenSSLEvpBlockCipherCtxFinal(ctx, out,
+ xmlSecTransformGetName(transform),
+ transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLEvpBlockCipherCtxFinal",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
} else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
} else if(transform->status == xmlSecTransformStatusNone) {
- /* the only way we can get here is if there is no enough data in the input */
- xmlSecAssert2(last == 0, -1);
+ /* the only way we can get here is if there is no enough data in the input */
+ xmlSecAssert2(last == 0, -1);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
-
+
return(0);
}
@@ -696,117 +696,117 @@ xmlSecOpenSSLEvpBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSe
********************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLAes128CbcKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLEvpBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameAes128Cbc, /* const xmlChar* name; */
- xmlSecHrefAes128Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecOpenSSLEvpBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLEvpBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLEvpBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecOpenSSLEvpBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLEvpBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes128Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes128Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLEvpBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLEvpBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecOpenSSLTransformAes128CbcGetKlass:
- *
+ *
* AES 128 CBC encryption transform klass.
- *
+ *
* Returns: pointer to AES 128 CBC encryption transform.
- */
-xmlSecTransformId
+ */
+xmlSecTransformId
xmlSecOpenSSLTransformAes128CbcGetKlass(void) {
return(&xmlSecOpenSSLAes128CbcKlass);
}
static xmlSecTransformKlass xmlSecOpenSSLAes192CbcKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLEvpBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameAes192Cbc, /* const xmlChar* name; */
- xmlSecHrefAes192Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecOpenSSLEvpBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLEvpBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLEvpBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecOpenSSLEvpBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLEvpBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes192Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes192Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLEvpBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLEvpBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecOpenSSLTransformAes192CbcGetKlass:
- *
+ *
* AES 192 CBC encryption transform klass.
- *
+ *
* Returns: pointer to AES 192 CBC encryption transform.
- */
-xmlSecTransformId
+ */
+xmlSecTransformId
xmlSecOpenSSLTransformAes192CbcGetKlass(void) {
return(&xmlSecOpenSSLAes192CbcKlass);
}
static xmlSecTransformKlass xmlSecOpenSSLAes256CbcKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLEvpBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameAes256Cbc, /* const xmlChar* name; */
- xmlSecHrefAes256Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecOpenSSLEvpBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLEvpBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLEvpBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecOpenSSLEvpBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLEvpBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes256Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes256Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLEvpBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLEvpBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecOpenSSLTransformAes256CbcGetKlass:
- *
+ *
* AES 256 CBC encryption transform klass.
- *
+ *
* Returns: pointer to AES 256 CBC encryption transform.
- */
-xmlSecTransformId
+ */
+xmlSecTransformId
xmlSecOpenSSLTransformAes256CbcGetKlass(void) {
return(&xmlSecOpenSSLAes256CbcKlass);
}
@@ -816,39 +816,39 @@ xmlSecOpenSSLTransformAes256CbcGetKlass(void) {
#ifndef XMLSEC_NO_DES
static xmlSecTransformKlass xmlSecOpenSSLDes3CbcKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLEvpBlockCipherSize, /* xmlSecSize objSize */
-
- xmlSecNameDes3Cbc, /* const xmlChar* name; */
- xmlSecHrefDes3Cbc, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecOpenSSLEvpBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLEvpBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLEvpBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecOpenSSLEvpBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLEvpBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameDes3Cbc, /* const xmlChar* name; */
+ xmlSecHrefDes3Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLEvpBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLEvpBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLTransformDes3CbcGetKlass:
*
* Triple DES CBC encryption transform klass.
- *
+ *
* Returns: pointer to Triple DES encryption transform.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformDes3CbcGetKlass(void) {
return(&xmlSecOpenSSLDes3CbcKlass);
}
diff --git a/src/openssl/crypto.c b/src/openssl/crypto.c
index fa226620..eba1a323 100644
--- a/src/openssl/crypto.c
+++ b/src/openssl/crypto.c
@@ -1,9 +1,9 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -25,7 +25,7 @@
#include <xmlsec/openssl/crypto.h>
#include <xmlsec/openssl/x509.h>
-static int xmlSecOpenSSLErrorsInit (void);
+static int xmlSecOpenSSLErrorsInit (void);
static xmlSecCryptoDLFunctionsPtr gXmlSecOpenSSLFunctions = NULL;
static xmlChar* gXmlSecOpenSSLTrustedCertsFolder = NULL;
@@ -40,250 +40,313 @@ static xmlChar* gXmlSecOpenSSLTrustedCertsFolder = NULL;
xmlSecCryptoDLFunctionsPtr
xmlSecCryptoGetFunctions_openssl(void) {
static xmlSecCryptoDLFunctions functions;
-
+
if(gXmlSecOpenSSLFunctions != NULL) {
- return(gXmlSecOpenSSLFunctions);
+ return(gXmlSecOpenSSLFunctions);
}
memset(&functions, 0, sizeof(functions));
gXmlSecOpenSSLFunctions = &functions;
- /**
+ /********************************************************************
+ *
* Crypto Init/shutdown
- */
- gXmlSecOpenSSLFunctions->cryptoInit = xmlSecOpenSSLInit;
- gXmlSecOpenSSLFunctions->cryptoShutdown = xmlSecOpenSSLShutdown;
- gXmlSecOpenSSLFunctions->cryptoKeysMngrInit = xmlSecOpenSSLKeysMngrInit;
-
- /**
+ *
+ ********************************************************************/
+ gXmlSecOpenSSLFunctions->cryptoInit = xmlSecOpenSSLInit;
+ gXmlSecOpenSSLFunctions->cryptoShutdown = xmlSecOpenSSLShutdown;
+ gXmlSecOpenSSLFunctions->cryptoKeysMngrInit = xmlSecOpenSSLKeysMngrInit;
+
+ /********************************************************************
+ *
* Key data ids
- */
-#ifndef XMLSEC_NO_AES
- gXmlSecOpenSSLFunctions->keyDataAesGetKlass = xmlSecOpenSSLKeyDataAesGetKlass;
+ *
+ ********************************************************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecOpenSSLFunctions->keyDataAesGetKlass = xmlSecOpenSSLKeyDataAesGetKlass;
#endif /* XMLSEC_NO_AES */
-#ifndef XMLSEC_NO_DES
- gXmlSecOpenSSLFunctions->keyDataDesGetKlass = xmlSecOpenSSLKeyDataDesGetKlass;
+#ifndef XMLSEC_NO_DES
+ gXmlSecOpenSSLFunctions->keyDataDesGetKlass = xmlSecOpenSSLKeyDataDesGetKlass;
#endif /* XMLSEC_NO_DES */
#ifndef XMLSEC_NO_DSA
- gXmlSecOpenSSLFunctions->keyDataDsaGetKlass = xmlSecOpenSSLKeyDataDsaGetKlass;
-#endif /* XMLSEC_NO_DSA */
+ gXmlSecOpenSSLFunctions->keyDataDsaGetKlass = xmlSecOpenSSLKeyDataDsaGetKlass;
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_ECDSA
+ gXmlSecOpenSSLFunctions->keyDataEcdsaGetKlass = xmlSecOpenSSLKeyDataEcdsaGetKlass;
+#endif /* XMLSEC_NO_ECDSA */
-#ifndef XMLSEC_NO_HMAC
- gXmlSecOpenSSLFunctions->keyDataHmacGetKlass = xmlSecOpenSSLKeyDataHmacGetKlass;
-#endif /* XMLSEC_NO_HMAC */
+#ifndef XMLSEC_NO_GOST
+ gXmlSecOpenSSLFunctions->keyDataGost2001GetKlass = xmlSecOpenSSLKeyDataGost2001GetKlass;
+#endif /* XMLSEC_NO_GOST*/
+
+#ifndef XMLSEC_NO_HMAC
+ gXmlSecOpenSSLFunctions->keyDataHmacGetKlass = xmlSecOpenSSLKeyDataHmacGetKlass;
+#endif /* XMLSEC_NO_HMAC */
#ifndef XMLSEC_NO_RSA
- gXmlSecOpenSSLFunctions->keyDataRsaGetKlass = xmlSecOpenSSLKeyDataRsaGetKlass;
+ gXmlSecOpenSSLFunctions->keyDataRsaGetKlass = xmlSecOpenSSLKeyDataRsaGetKlass;
#endif /* XMLSEC_NO_RSA */
#ifndef XMLSEC_NO_X509
- gXmlSecOpenSSLFunctions->keyDataX509GetKlass = xmlSecOpenSSLKeyDataX509GetKlass;
+ gXmlSecOpenSSLFunctions->keyDataX509GetKlass = xmlSecOpenSSLKeyDataX509GetKlass;
gXmlSecOpenSSLFunctions->keyDataRawX509CertGetKlass = xmlSecOpenSSLKeyDataRawX509CertGetKlass;
#endif /* XMLSEC_NO_X509 */
- /**
+ /********************************************************************
+ *
* Key data store ids
- */
+ *
+ ********************************************************************/
#ifndef XMLSEC_NO_X509
- gXmlSecOpenSSLFunctions->x509StoreGetKlass = xmlSecOpenSSLX509StoreGetKlass;
+ gXmlSecOpenSSLFunctions->x509StoreGetKlass = xmlSecOpenSSLX509StoreGetKlass;
#endif /* XMLSEC_NO_X509 */
- /**
+ /********************************************************************
+ *
* Crypto transforms ids
- */
+ *
+ ********************************************************************/
+
/******************************* AES ********************************/
-#ifndef XMLSEC_NO_AES
- gXmlSecOpenSSLFunctions->transformAes128CbcGetKlass = xmlSecOpenSSLTransformAes128CbcGetKlass;
- gXmlSecOpenSSLFunctions->transformAes192CbcGetKlass = xmlSecOpenSSLTransformAes192CbcGetKlass;
- gXmlSecOpenSSLFunctions->transformAes256CbcGetKlass = xmlSecOpenSSLTransformAes256CbcGetKlass;
- gXmlSecOpenSSLFunctions->transformKWAes128GetKlass = xmlSecOpenSSLTransformKWAes128GetKlass;
- gXmlSecOpenSSLFunctions->transformKWAes192GetKlass = xmlSecOpenSSLTransformKWAes192GetKlass;
- gXmlSecOpenSSLFunctions->transformKWAes256GetKlass = xmlSecOpenSSLTransformKWAes256GetKlass;
+#ifndef XMLSEC_NO_AES
+ gXmlSecOpenSSLFunctions->transformAes128CbcGetKlass = xmlSecOpenSSLTransformAes128CbcGetKlass;
+ gXmlSecOpenSSLFunctions->transformAes192CbcGetKlass = xmlSecOpenSSLTransformAes192CbcGetKlass;
+ gXmlSecOpenSSLFunctions->transformAes256CbcGetKlass = xmlSecOpenSSLTransformAes256CbcGetKlass;
+ gXmlSecOpenSSLFunctions->transformKWAes128GetKlass = xmlSecOpenSSLTransformKWAes128GetKlass;
+ gXmlSecOpenSSLFunctions->transformKWAes192GetKlass = xmlSecOpenSSLTransformKWAes192GetKlass;
+ gXmlSecOpenSSLFunctions->transformKWAes256GetKlass = xmlSecOpenSSLTransformKWAes256GetKlass;
#endif /* XMLSEC_NO_AES */
/******************************* DES ********************************/
-#ifndef XMLSEC_NO_DES
- gXmlSecOpenSSLFunctions->transformDes3CbcGetKlass = xmlSecOpenSSLTransformDes3CbcGetKlass;
- gXmlSecOpenSSLFunctions->transformKWDes3GetKlass = xmlSecOpenSSLTransformKWDes3GetKlass;
+#ifndef XMLSEC_NO_DES
+ gXmlSecOpenSSLFunctions->transformDes3CbcGetKlass = xmlSecOpenSSLTransformDes3CbcGetKlass;
+ gXmlSecOpenSSLFunctions->transformKWDes3GetKlass = xmlSecOpenSSLTransformKWDes3GetKlass;
#endif /* XMLSEC_NO_DES */
-
/******************************* DSA ********************************/
#ifndef XMLSEC_NO_DSA
-#ifndef XMLSEC_NO_SHA1
- gXmlSecOpenSSLFunctions->transformDsaSha1GetKlass = xmlSecOpenSSLTransformDsaSha1GetKlass;
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecOpenSSLFunctions->transformDsaSha1GetKlass = xmlSecOpenSSLTransformDsaSha1GetKlass;
#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecOpenSSLFunctions->transformDsaSha256GetKlass = xmlSecOpenSSLTransformDsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
#endif /* XMLSEC_NO_DSA */
+ /******************************* ECDSA ********************************/
+#ifndef XMLSEC_NO_ECDSA
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecOpenSSLFunctions->transformEcdsaSha1GetKlass = xmlSecOpenSSLTransformEcdsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+ gXmlSecOpenSSLFunctions->transformEcdsaSha224GetKlass = xmlSecOpenSSLTransformEcdsaSha224GetKlass;
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecOpenSSLFunctions->transformEcdsaSha256GetKlass = xmlSecOpenSSLTransformEcdsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecOpenSSLFunctions->transformEcdsaSha384GetKlass = xmlSecOpenSSLTransformEcdsaSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecOpenSSLFunctions->transformEcdsaSha512GetKlass = xmlSecOpenSSLTransformEcdsaSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_ECDSA */
+
+ /******************************* GOST ********************************/
+#ifndef XMLSEC_NO_GOST
+ gXmlSecOpenSSLFunctions->transformGost2001GostR3411_94GetKlass = xmlSecOpenSSLTransformGost2001GostR3411_94GetKlass;
+#endif /* XMLSEC_NO_GOST */
+
+#ifndef XMLSEC_NO_GOST
+ gXmlSecOpenSSLFunctions->transformGostR3411_94GetKlass = xmlSecOpenSSLTransformGostR3411_94GetKlass;
+#endif /* XMLSEC_NO_GOST */
+
/******************************* HMAC ********************************/
#ifndef XMLSEC_NO_HMAC
+
#ifndef XMLSEC_NO_MD5
- gXmlSecOpenSSLFunctions->transformHmacMd5GetKlass = xmlSecOpenSSLTransformHmacMd5GetKlass;
+ gXmlSecOpenSSLFunctions->transformHmacMd5GetKlass = xmlSecOpenSSLTransformHmacMd5GetKlass;
#endif /* XMLSEC_NO_MD5 */
#ifndef XMLSEC_NO_RIPEMD160
- gXmlSecOpenSSLFunctions->transformHmacRipemd160GetKlass = xmlSecOpenSSLTransformHmacRipemd160GetKlass;
+ gXmlSecOpenSSLFunctions->transformHmacRipemd160GetKlass = xmlSecOpenSSLTransformHmacRipemd160GetKlass;
#endif /* XMLSEC_NO_RIPEMD160 */
-#ifndef XMLSEC_NO_SHA1
- gXmlSecOpenSSLFunctions->transformHmacSha1GetKlass = xmlSecOpenSSLTransformHmacSha1GetKlass;
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecOpenSSLFunctions->transformHmacSha1GetKlass = xmlSecOpenSSLTransformHmacSha1GetKlass;
#endif /* XMLSEC_NO_SHA1 */
#ifndef XMLSEC_NO_SHA224
- gXmlSecOpenSSLFunctions->transformHmacSha224GetKlass = xmlSecOpenSSLTransformHmacSha224GetKlass;
+ gXmlSecOpenSSLFunctions->transformHmacSha224GetKlass = xmlSecOpenSSLTransformHmacSha224GetKlass;
#endif /* XMLSEC_NO_SHA224 */
#ifndef XMLSEC_NO_SHA256
- gXmlSecOpenSSLFunctions->transformHmacSha256GetKlass = xmlSecOpenSSLTransformHmacSha256GetKlass;
+ gXmlSecOpenSSLFunctions->transformHmacSha256GetKlass = xmlSecOpenSSLTransformHmacSha256GetKlass;
#endif /* XMLSEC_NO_SHA256 */
#ifndef XMLSEC_NO_SHA384
- gXmlSecOpenSSLFunctions->transformHmacSha384GetKlass = xmlSecOpenSSLTransformHmacSha384GetKlass;
+ gXmlSecOpenSSLFunctions->transformHmacSha384GetKlass = xmlSecOpenSSLTransformHmacSha384GetKlass;
#endif /* XMLSEC_NO_SHA384 */
#ifndef XMLSEC_NO_SHA512
- gXmlSecOpenSSLFunctions->transformHmacSha512GetKlass = xmlSecOpenSSLTransformHmacSha512GetKlass;
+ gXmlSecOpenSSLFunctions->transformHmacSha512GetKlass = xmlSecOpenSSLTransformHmacSha512GetKlass;
#endif /* XMLSEC_NO_SHA512 */
-
#endif /* XMLSEC_NO_HMAC */
/******************************* MD5 ********************************/
#ifndef XMLSEC_NO_MD5
- gXmlSecOpenSSLFunctions->transformMd5GetKlass = xmlSecOpenSSLTransformMd5GetKlass;
+ gXmlSecOpenSSLFunctions->transformMd5GetKlass = xmlSecOpenSSLTransformMd5GetKlass;
#endif /* XMLSEC_NO_MD5 */
/******************************* RIPEMD160 ********************************/
#ifndef XMLSEC_NO_RIPEMD160
- gXmlSecOpenSSLFunctions->transformRipemd160GetKlass = xmlSecOpenSSLTransformRipemd160GetKlass;
+ gXmlSecOpenSSLFunctions->transformRipemd160GetKlass = xmlSecOpenSSLTransformRipemd160GetKlass;
#endif /* XMLSEC_NO_RIPEMD160 */
/******************************* RSA ********************************/
#ifndef XMLSEC_NO_RSA
+
#ifndef XMLSEC_NO_MD5
- gXmlSecOpenSSLFunctions->transformRsaMd5GetKlass = xmlSecOpenSSLTransformRsaMd5GetKlass;
+ gXmlSecOpenSSLFunctions->transformRsaMd5GetKlass = xmlSecOpenSSLTransformRsaMd5GetKlass;
#endif /* XMLSEC_NO_MD5 */
#ifndef XMLSEC_NO_RIPEMD160
- gXmlSecOpenSSLFunctions->transformRsaRipemd160GetKlass = xmlSecOpenSSLTransformRsaRipemd160GetKlass;
+ gXmlSecOpenSSLFunctions->transformRsaRipemd160GetKlass = xmlSecOpenSSLTransformRsaRipemd160GetKlass;
#endif /* XMLSEC_NO_RIPEMD160 */
-#ifndef XMLSEC_NO_SHA1
- gXmlSecOpenSSLFunctions->transformRsaSha1GetKlass = xmlSecOpenSSLTransformRsaSha1GetKlass;
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecOpenSSLFunctions->transformRsaSha1GetKlass = xmlSecOpenSSLTransformRsaSha1GetKlass;
#endif /* XMLSEC_NO_SHA1 */
-#ifndef XMLSEC_NO_SHA224
- gXmlSecOpenSSLFunctions->transformRsaSha224GetKlass = xmlSecOpenSSLTransformRsaSha224GetKlass;
+#ifndef XMLSEC_NO_SHA224
+ gXmlSecOpenSSLFunctions->transformRsaSha224GetKlass = xmlSecOpenSSLTransformRsaSha224GetKlass;
#endif /* XMLSEC_NO_SHA224 */
-#ifndef XMLSEC_NO_SHA256
- gXmlSecOpenSSLFunctions->transformRsaSha256GetKlass = xmlSecOpenSSLTransformRsaSha256GetKlass;
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecOpenSSLFunctions->transformRsaSha256GetKlass = xmlSecOpenSSLTransformRsaSha256GetKlass;
#endif /* XMLSEC_NO_SHA256 */
-#ifndef XMLSEC_NO_SHA384
- gXmlSecOpenSSLFunctions->transformRsaSha384GetKlass = xmlSecOpenSSLTransformRsaSha384GetKlass;
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecOpenSSLFunctions->transformRsaSha384GetKlass = xmlSecOpenSSLTransformRsaSha384GetKlass;
#endif /* XMLSEC_NO_SHA384 */
#ifndef XMLSEC_NO_SHA512
- gXmlSecOpenSSLFunctions->transformRsaSha512GetKlass = xmlSecOpenSSLTransformRsaSha512GetKlass;
+ gXmlSecOpenSSLFunctions->transformRsaSha512GetKlass = xmlSecOpenSSLTransformRsaSha512GetKlass;
#endif /* XMLSEC_NO_SHA512 */
- gXmlSecOpenSSLFunctions->transformRsaPkcs1GetKlass = xmlSecOpenSSLTransformRsaPkcs1GetKlass;
- gXmlSecOpenSSLFunctions->transformRsaOaepGetKlass = xmlSecOpenSSLTransformRsaOaepGetKlass;
+ gXmlSecOpenSSLFunctions->transformRsaPkcs1GetKlass = xmlSecOpenSSLTransformRsaPkcs1GetKlass;
+ gXmlSecOpenSSLFunctions->transformRsaOaepGetKlass = xmlSecOpenSSLTransformRsaOaepGetKlass;
#endif /* XMLSEC_NO_RSA */
/******************************* SHA ********************************/
-#ifndef XMLSEC_NO_SHA1
- gXmlSecOpenSSLFunctions->transformSha1GetKlass = xmlSecOpenSSLTransformSha1GetKlass;
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecOpenSSLFunctions->transformSha1GetKlass = xmlSecOpenSSLTransformSha1GetKlass;
#endif /* XMLSEC_NO_SHA1 */
+
#ifndef XMLSEC_NO_SHA224
- gXmlSecOpenSSLFunctions->transformSha224GetKlass = xmlSecOpenSSLTransformSha224GetKlass;
+ gXmlSecOpenSSLFunctions->transformSha224GetKlass = xmlSecOpenSSLTransformSha224GetKlass;
#endif /* XMLSEC_NO_SHA224 */
+
#ifndef XMLSEC_NO_SHA256
- gXmlSecOpenSSLFunctions->transformSha256GetKlass = xmlSecOpenSSLTransformSha256GetKlass;
+ gXmlSecOpenSSLFunctions->transformSha256GetKlass = xmlSecOpenSSLTransformSha256GetKlass;
#endif /* XMLSEC_NO_SHA256 */
+
#ifndef XMLSEC_NO_SHA384
- gXmlSecOpenSSLFunctions->transformSha384GetKlass = xmlSecOpenSSLTransformSha384GetKlass;
+ gXmlSecOpenSSLFunctions->transformSha384GetKlass = xmlSecOpenSSLTransformSha384GetKlass;
#endif /* XMLSEC_NO_SHA384 */
+
#ifndef XMLSEC_NO_SHA512
- gXmlSecOpenSSLFunctions->transformSha512GetKlass = xmlSecOpenSSLTransformSha512GetKlass;
+ gXmlSecOpenSSLFunctions->transformSha512GetKlass = xmlSecOpenSSLTransformSha512GetKlass;
#endif /* XMLSEC_NO_SHA512 */
- /**
+ /********************************************************************
+ *
* High level routines form xmlsec command line utility
- */
- gXmlSecOpenSSLFunctions->cryptoAppInit = xmlSecOpenSSLAppInit;
- gXmlSecOpenSSLFunctions->cryptoAppShutdown = xmlSecOpenSSLAppShutdown;
- gXmlSecOpenSSLFunctions->cryptoAppDefaultKeysMngrInit = xmlSecOpenSSLAppDefaultKeysMngrInit;
- gXmlSecOpenSSLFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecOpenSSLAppDefaultKeysMngrAdoptKey;
- gXmlSecOpenSSLFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecOpenSSLAppDefaultKeysMngrLoad;
- gXmlSecOpenSSLFunctions->cryptoAppDefaultKeysMngrSave = xmlSecOpenSSLAppDefaultKeysMngrSave;
+ *
+ ********************************************************************/
+ gXmlSecOpenSSLFunctions->cryptoAppInit = xmlSecOpenSSLAppInit;
+ gXmlSecOpenSSLFunctions->cryptoAppShutdown = xmlSecOpenSSLAppShutdown;
+ gXmlSecOpenSSLFunctions->cryptoAppDefaultKeysMngrInit = xmlSecOpenSSLAppDefaultKeysMngrInit;
+ gXmlSecOpenSSLFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecOpenSSLAppDefaultKeysMngrAdoptKey;
+ gXmlSecOpenSSLFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecOpenSSLAppDefaultKeysMngrLoad;
+ gXmlSecOpenSSLFunctions->cryptoAppDefaultKeysMngrSave = xmlSecOpenSSLAppDefaultKeysMngrSave;
#ifndef XMLSEC_NO_X509
- gXmlSecOpenSSLFunctions->cryptoAppKeysMngrCertLoad = xmlSecOpenSSLAppKeysMngrCertLoad;
- gXmlSecOpenSSLFunctions->cryptoAppKeysMngrCertLoadMemory = xmlSecOpenSSLAppKeysMngrCertLoadMemory;
- gXmlSecOpenSSLFunctions->cryptoAppPkcs12Load = xmlSecOpenSSLAppPkcs12Load;
- gXmlSecOpenSSLFunctions->cryptoAppPkcs12LoadMemory = xmlSecOpenSSLAppPkcs12LoadMemory;
- gXmlSecOpenSSLFunctions->cryptoAppKeyCertLoad = xmlSecOpenSSLAppKeyCertLoad;
- gXmlSecOpenSSLFunctions->cryptoAppKeyCertLoadMemory = xmlSecOpenSSLAppKeyCertLoadMemory;
+ gXmlSecOpenSSLFunctions->cryptoAppKeysMngrCertLoad = xmlSecOpenSSLAppKeysMngrCertLoad;
+ gXmlSecOpenSSLFunctions->cryptoAppKeysMngrCertLoadMemory = xmlSecOpenSSLAppKeysMngrCertLoadMemory;
+ gXmlSecOpenSSLFunctions->cryptoAppPkcs12Load = xmlSecOpenSSLAppPkcs12Load;
+ gXmlSecOpenSSLFunctions->cryptoAppPkcs12LoadMemory = xmlSecOpenSSLAppPkcs12LoadMemory;
+ gXmlSecOpenSSLFunctions->cryptoAppKeyCertLoad = xmlSecOpenSSLAppKeyCertLoad;
+ gXmlSecOpenSSLFunctions->cryptoAppKeyCertLoadMemory = xmlSecOpenSSLAppKeyCertLoadMemory;
#endif /* XMLSEC_NO_X509 */
- gXmlSecOpenSSLFunctions->cryptoAppKeyLoad = xmlSecOpenSSLAppKeyLoad;
- gXmlSecOpenSSLFunctions->cryptoAppKeyLoadMemory = xmlSecOpenSSLAppKeyLoadMemory;
- gXmlSecOpenSSLFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecOpenSSLAppGetDefaultPwdCallback();
+ gXmlSecOpenSSLFunctions->cryptoAppKeyLoad = xmlSecOpenSSLAppKeyLoad;
+ gXmlSecOpenSSLFunctions->cryptoAppKeyLoadMemory = xmlSecOpenSSLAppKeyLoadMemory;
+ gXmlSecOpenSSLFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecOpenSSLAppGetDefaultPwdCallback();
return(gXmlSecOpenSSLFunctions);
}
/**
* xmlSecOpenSSLInit:
- *
- * XMLSec library specific crypto engine initialization.
+ *
+ * XMLSec library specific crypto engine initialization.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecOpenSSLInit (void) {
/* Check loaded xmlsec library version */
if(xmlSecCheckVersionExact() != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecCheckVersionExact",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCheckVersionExact",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
if(xmlSecOpenSSLErrorsInit() < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLErrorsInit",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLErrorsInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* register our klasses */
if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_openssl()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
return(0);
}
/**
* xmlSecOpenSSLShutdown:
- *
- * XMLSec library specific crypto engine shutdown.
+ *
+ * XMLSec library specific crypto engine shutdown.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecOpenSSLShutdown(void) {
xmlSecOpenSSLSetDefaultTrustedCertsFolder(NULL);
return(0);
@@ -291,7 +354,7 @@ xmlSecOpenSSLShutdown(void) {
/**
* xmlSecOpenSSLKeysMngrInit:
- * @mngr: the pointer to keys manager.
+ * @mngr: the pointer to keys manager.
*
* Adds OpenSSL specific key data stores in keys manager.
*
@@ -300,172 +363,172 @@ xmlSecOpenSSLShutdown(void) {
int
xmlSecOpenSSLKeysMngrInit(xmlSecKeysMngrPtr mngr) {
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
#ifndef XMLSEC_NO_X509
/* create x509 store if needed */
if(xmlSecKeysMngrGetDataStore(mngr, xmlSecOpenSSLX509StoreId) == NULL) {
- xmlSecKeyDataStorePtr x509Store;
+ xmlSecKeyDataStorePtr x509Store;
x509Store = xmlSecKeyDataStoreCreate(xmlSecOpenSSLX509StoreId);
- if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataStoreCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecOpenSSLX509StoreId");
- return(-1);
- }
-
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecOpenSSLX509StoreId");
+ return(-1);
+ }
+
ret = xmlSecKeysMngrAdoptDataStore(mngr, x509Store);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrAdoptDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataStoreDestroy(x509Store);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrAdoptDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataStoreDestroy(x509Store);
+ return(-1);
+ }
}
-#endif /* XMLSEC_NO_X509 */
+#endif /* XMLSEC_NO_X509 */
return(0);
}
/**
* xmlSecOpenSSLGenerateRandom:
- * @buffer: the destination buffer.
- * @size: the numer of bytes to generate.
+ * @buffer: the destination buffer.
+ * @size: the numer of bytes to generate.
*
* Generates @size random bytes and puts result in @buffer.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecOpenSSLGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) {
+xmlSecOpenSSLGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) {
int ret;
-
+
xmlSecAssert2(buffer != NULL, -1);
xmlSecAssert2(size > 0, -1);
ret = xmlSecBufferSetSize(buffer, size);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", size);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return(-1);
}
-
+
/* get random data */
ret = RAND_bytes((xmlSecByte*)xmlSecBufferGetData(buffer), size);
if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "RAND_bytes",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "size=%d", size);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "RAND_bytes",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", size);
+ return(-1);
+ }
return(0);
}
/**
* xmlSecOpenSSLErrorsDefaultCallback:
- * @file: the error location file name (__FILE__ macro).
- * @line: the error location line number (__LINE__ macro).
- * @func: the error location function name (__FUNCTION__ macro).
- * @errorObject: the error specific error object
- * @errorSubject: the error specific error subject.
- * @reason: the error code.
- * @msg: the additional error message.
+ * @file: the error location file name (__FILE__ macro).
+ * @line: the error location line number (__LINE__ macro).
+ * @func: the error location function name (__FUNCTION__ macro).
+ * @errorObject: the error specific error object
+ * @errorSubject: the error specific error subject.
+ * @reason: the error code.
+ * @msg: the additional error message.
*
* The default OpenSSL errors reporting callback function.
*/
-void
+void
xmlSecOpenSSLErrorsDefaultCallback(const char* file, int line, const char* func,
- const char* errorObject, const char* errorSubject,
- int reason, const char* msg) {
-
- ERR_put_error(XMLSEC_OPENSSL_ERRORS_LIB,
- XMLSEC_OPENSSL_ERRORS_FUNCTION,
- reason, file, line);
- xmlSecErrorsDefaultCallback(file, line, func,
- errorObject, errorSubject,
- reason, msg);
+ const char* errorObject, const char* errorSubject,
+ int reason, const char* msg) {
+
+ ERR_put_error(XMLSEC_OPENSSL_ERRORS_LIB,
+ XMLSEC_OPENSSL_ERRORS_FUNCTION,
+ reason, file, line);
+ xmlSecErrorsDefaultCallback(file, line, func,
+ errorObject, errorSubject,
+ reason, msg);
}
-static int
+static int
xmlSecOpenSSLErrorsInit(void) {
static ERR_STRING_DATA xmlSecOpenSSLStrReasons[XMLSEC_ERRORS_MAX_NUMBER + 1];
static ERR_STRING_DATA xmlSecOpenSSLStrLib[]= {
- { ERR_PACK(XMLSEC_OPENSSL_ERRORS_LIB,0,0), "xmlsec routines"},
- { 0, NULL}
- };
+ { ERR_PACK(XMLSEC_OPENSSL_ERRORS_LIB,0,0), "xmlsec routines"},
+ { 0, NULL}
+ };
static ERR_STRING_DATA xmlSecOpenSSLStrDefReason[]= {
- { XMLSEC_OPENSSL_ERRORS_LIB, "xmlsec lib"},
- { 0, NULL}
+ { XMLSEC_OPENSSL_ERRORS_LIB, "xmlsec lib"},
+ { 0, NULL}
};
xmlSecSize pos;
/* initialize reasons array */
memset(xmlSecOpenSSLStrReasons, 0, sizeof(xmlSecOpenSSLStrReasons));
for(pos = 0; (pos < XMLSEC_ERRORS_MAX_NUMBER) && (xmlSecErrorsGetMsg(pos) != NULL); ++pos) {
- xmlSecOpenSSLStrReasons[pos].error = xmlSecErrorsGetCode(pos);
- xmlSecOpenSSLStrReasons[pos].string = xmlSecErrorsGetMsg(pos);
+ xmlSecOpenSSLStrReasons[pos].error = xmlSecErrorsGetCode(pos);
+ xmlSecOpenSSLStrReasons[pos].string = xmlSecErrorsGetMsg(pos);
}
-
+
/* finally load xmlsec strings in OpenSSL */
ERR_load_strings(XMLSEC_OPENSSL_ERRORS_LIB, xmlSecOpenSSLStrLib); /* define xmlsec lib name */
ERR_load_strings(XMLSEC_OPENSSL_ERRORS_LIB, xmlSecOpenSSLStrDefReason); /* define default reason */
- ERR_load_strings(XMLSEC_OPENSSL_ERRORS_LIB, xmlSecOpenSSLStrReasons);
-
+ ERR_load_strings(XMLSEC_OPENSSL_ERRORS_LIB, xmlSecOpenSSLStrReasons);
+
/* and set default errors callback for xmlsec to us */
xmlSecErrorsSetCallback(xmlSecOpenSSLErrorsDefaultCallback);
-
+
return(0);
}
/**
* xmlSecOpenSSLSetDefaultTrustedCertsFolder:
- * @path: the default trusted certs path.
+ * @path: the default trusted certs path.
*
* Sets the default trusted certs folder.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecOpenSSLSetDefaultTrustedCertsFolder(const xmlChar* path) {
if(gXmlSecOpenSSLTrustedCertsFolder != NULL) {
- xmlFree(gXmlSecOpenSSLTrustedCertsFolder);
- gXmlSecOpenSSLTrustedCertsFolder = NULL;
+ xmlFree(gXmlSecOpenSSLTrustedCertsFolder);
+ gXmlSecOpenSSLTrustedCertsFolder = NULL;
}
if(path != NULL) {
- gXmlSecOpenSSLTrustedCertsFolder = xmlStrdup(BAD_CAST path);
- if(gXmlSecOpenSSLTrustedCertsFolder == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrdup",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ gXmlSecOpenSSLTrustedCertsFolder = xmlStrdup(BAD_CAST path);
+ if(gXmlSecOpenSSLTrustedCertsFolder == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
-
+
return(0);
}
/**
* xmlSecOpenSSLGetDefaultTrustedCertsFolder:
- *
+ *
* Gets the default trusted certs folder.
*
* Returns: the default trusted cert folder.
*/
-const xmlChar*
+const xmlChar*
xmlSecOpenSSLGetDefaultTrustedCertsFolder(void) {
return(gXmlSecOpenSSLTrustedCertsFolder);
}
diff --git a/src/openssl/digests.c b/src/openssl/digests.c
index c681e857..fa26fa65 100644
--- a/src/openssl/digests.c
+++ b/src/openssl/digests.c
@@ -1,9 +1,9 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -25,13 +25,13 @@
* Internal OpenSSL Digest CTX
*
*****************************************************************************/
-typedef struct _xmlSecOpenSSLDigestCtx xmlSecOpenSSLDigestCtx, *xmlSecOpenSSLDigestCtxPtr;
+typedef struct _xmlSecOpenSSLDigestCtx xmlSecOpenSSLDigestCtx, *xmlSecOpenSSLDigestCtxPtr;
struct _xmlSecOpenSSLDigestCtx {
- const EVP_MD* digest;
- EVP_MD_CTX digestCtx;
- xmlSecByte dgst[EVP_MAX_MD_SIZE];
- xmlSecSize dgstSize; /* dgst size in bytes */
-};
+ const EVP_MD* digest;
+ EVP_MD_CTX digestCtx;
+ xmlSecByte dgst[EVP_MAX_MD_SIZE];
+ xmlSecSize dgstSize; /* dgst size in bytes */
+};
/******************************************************************************
*
@@ -40,80 +40,86 @@ struct _xmlSecOpenSSLDigestCtx {
* xmlSecOpenSSLDigestCtx is located after xmlSecTransform
*
*****************************************************************************/
-#define xmlSecOpenSSLEvpDigestSize \
- (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLDigestCtx))
+#define xmlSecOpenSSLEvpDigestSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLDigestCtx))
#define xmlSecOpenSSLEvpDigestGetCtx(transform) \
((xmlSecOpenSSLDigestCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-static int xmlSecOpenSSLEvpDigestInitialize (xmlSecTransformPtr transform);
-static void xmlSecOpenSSLEvpDigestFinalize (xmlSecTransformPtr transform);
-static int xmlSecOpenSSLEvpDigestVerify (xmlSecTransformPtr transform,
- const xmlSecByte* data,
- xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecOpenSSLEvpDigestExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecOpenSSLEvpDigestCheckId (xmlSecTransformPtr transform);
+static int xmlSecOpenSSLEvpDigestInitialize (xmlSecTransformPtr transform);
+static void xmlSecOpenSSLEvpDigestFinalize (xmlSecTransformPtr transform);
+static int xmlSecOpenSSLEvpDigestVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLEvpDigestExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLEvpDigestCheckId (xmlSecTransformPtr transform);
static int
xmlSecOpenSSLEvpDigestCheckId(xmlSecTransformPtr transform) {
#ifndef XMLSEC_NO_MD5
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformMd5Id)) {
- return(1);
+ return(1);
} else
-#endif /* XMLSEC_NO_MD5 */
+#endif /* XMLSEC_NO_MD5 */
#ifndef XMLSEC_NO_RIPEMD160
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRipemd160Id)) {
- return(1);
+ return(1);
} else
-#endif /* XMLSEC_NO_RIPEMD160 */
+#endif /* XMLSEC_NO_RIPEMD160 */
#ifndef XMLSEC_NO_SHA1
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha1Id)) {
- return(1);
+ return(1);
} else
-#endif /* XMLSEC_NO_SHA1 */
+#endif /* XMLSEC_NO_SHA1 */
#ifndef XMLSEC_NO_SHA224
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha224Id)) {
- return(1);
+ return(1);
} else
-#endif /* XMLSEC_NO_SHA224 */
-
+#endif /* XMLSEC_NO_SHA224 */
+
#ifndef XMLSEC_NO_SHA256
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha256Id)) {
- return(1);
+ return(1);
} else
-#endif /* XMLSEC_NO_SHA256 */
+#endif /* XMLSEC_NO_SHA256 */
#ifndef XMLSEC_NO_SHA384
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha384Id)) {
- return(1);
+ return(1);
} else
-#endif /* XMLSEC_NO_SHA384 */
+#endif /* XMLSEC_NO_SHA384 */
#ifndef XMLSEC_NO_SHA512
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha512Id)) {
- return(1);
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_GOST
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGostR3411_94Id)) {
+ return(1);
} else
-#endif /* XMLSEC_NO_SHA512 */
+#endif /* XMLSEC_NO_GOST*/
{
- return(0);
+ return(0);
}
-
+
return(0);
}
-static int
+static int
xmlSecOpenSSLEvpDigestInitialize(xmlSecTransformPtr transform) {
xmlSecOpenSSLDigestCtxPtr ctx;
-
+
xmlSecAssert2(xmlSecOpenSSLEvpDigestCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpDigestSize), -1);
@@ -126,62 +132,77 @@ xmlSecOpenSSLEvpDigestInitialize(xmlSecTransformPtr transform) {
#ifndef XMLSEC_NO_MD5
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformMd5Id)) {
ctx->digest = EVP_md5();
- } else
+ } else
#endif /* XMLSEC_NO_MD5 */
-
-#ifndef XMLSEC_NO_RIPEMD160
+
+#ifndef XMLSEC_NO_RIPEMD160
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRipemd160Id)) {
ctx->digest = EVP_ripemd160();
- } else
+ } else
#endif /* XMLSEC_NO_RIPEMD160 */
-
+
#ifndef XMLSEC_NO_SHA1
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha1Id)) {
ctx->digest = EVP_sha1();
- } else
-#endif /* XMLSEC_NO_SHA1 */
+ } else
+#endif /* XMLSEC_NO_SHA1 */
#ifndef XMLSEC_NO_SHA224
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha224Id)) {
ctx->digest = EVP_sha224();
- } else
-#endif /* XMLSEC_NO_SHA224 */
+ } else
+#endif /* XMLSEC_NO_SHA224 */
#ifndef XMLSEC_NO_SHA256
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha256Id)) {
ctx->digest = EVP_sha256();
- } else
-#endif /* XMLSEC_NO_SHA256 */
-
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
#ifndef XMLSEC_NO_SHA384
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha384Id)) {
ctx->digest = EVP_sha384();
- } else
-#endif /* XMLSEC_NO_SHA384 */
+ } else
+#endif /* XMLSEC_NO_SHA384 */
#ifndef XMLSEC_NO_SHA512
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha512Id)) {
ctx->digest = EVP_sha512();
- } else
-#endif /* XMLSEC_NO_SHA512 */
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_GOST
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGostR3411_94Id)) {
+ ctx->digest = EVP_get_digestbyname("md_gost94");
+ if (!ctx->digest)
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else
+#endif /* XMLSEC_NO_GOST*/
{
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
#ifndef XMLSEC_OPENSSL_096
EVP_MD_CTX_init(&(ctx->digestCtx));
#endif /* XMLSEC_OPENSSL_096 */
-
+
return(0);
}
-static void
+static void
xmlSecOpenSSLEvpDigestFinalize(xmlSecTransformPtr transform) {
xmlSecOpenSSLDigestCtxPtr ctx;
@@ -190,7 +211,7 @@ xmlSecOpenSSLEvpDigestFinalize(xmlSecTransformPtr transform) {
ctx = xmlSecOpenSSLEvpDigestGetCtx(transform);
xmlSecAssert(ctx != NULL);
-
+
#ifndef XMLSEC_OPENSSL_096
EVP_MD_CTX_cleanup(&(ctx->digestCtx));
#endif /* XMLSEC_OPENSSL_096 */
@@ -198,11 +219,11 @@ xmlSecOpenSSLEvpDigestFinalize(xmlSecTransformPtr transform) {
}
static int
-xmlSecOpenSSLEvpDigestVerify(xmlSecTransformPtr transform,
- const xmlSecByte* data, xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx) {
+xmlSecOpenSSLEvpDigestVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLDigestCtxPtr ctx;
-
+
xmlSecAssert2(xmlSecOpenSSLEvpDigestCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpDigestSize), -1);
xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
@@ -213,38 +234,38 @@ xmlSecOpenSSLEvpDigestVerify(xmlSecTransformPtr transform,
ctx = xmlSecOpenSSLEvpDigestGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->dgstSize > 0, -1);
-
+
if(dataSize != ctx->dgstSize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "data_size=%d;dgst_size=%d",
- dataSize, ctx->dgstSize);
- transform->status = xmlSecTransformStatusFail;
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "data_size=%d;dgst_size=%d",
+ dataSize, ctx->dgstSize);
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
}
-
+
if(memcmp(ctx->dgst, data, ctx->dgstSize) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "data and digest do not match");
- transform->status = xmlSecTransformStatusFail;
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data and digest do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
}
-
+
transform->status = xmlSecTransformStatusOk;
return(0);
}
-static int
+static int
xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLDigestCtxPtr ctx;
xmlSecBufferPtr in, out;
int ret;
-
+
xmlSecAssert2(xmlSecOpenSSLEvpDigestCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpDigestSize), -1);
@@ -259,97 +280,100 @@ xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTran
ctx = xmlSecOpenSSLEvpDigestGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->digest != NULL, -1);
-
+
if(transform->status == xmlSecTransformStatusNone) {
#ifndef XMLSEC_OPENSSL_096
- ret = EVP_DigestInit(&(ctx->digestCtx), ctx->digest);
- if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "EVP_DigestInit",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ ret = EVP_DigestInit(&(ctx->digestCtx), ctx->digest);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "EVP_DigestInit",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
#else /* XMLSEC_OPENSSL_096 */
- EVP_DigestInit(&(ctx->digestCtx), ctx->digest);
+ EVP_DigestInit(&(ctx->digestCtx), ctx->digest);
#endif /* XMLSEC_OPENSSL_096 */
- transform->status = xmlSecTransformStatusWorking;
+ transform->status = xmlSecTransformStatusWorking;
}
-
+
if(transform->status == xmlSecTransformStatusWorking) {
- xmlSecSize inSize;
-
- inSize = xmlSecBufferGetSize(in);
- if(inSize > 0) {
+ xmlSecSize inSize;
+
+ inSize = xmlSecBufferGetSize(in);
+ if(inSize > 0) {
#ifndef XMLSEC_OPENSSL_096
- ret = EVP_DigestUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
- if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "EVP_DigestUpdate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "size=%d", inSize);
- return(-1);
- }
+ ret = EVP_DigestUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "EVP_DigestUpdate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
#else /* XMLSEC_OPENSSL_096 */
- EVP_DigestUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
+ EVP_DigestUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
#endif /* XMLSEC_OPENSSL_096 */
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
- }
- if(last) {
- xmlSecAssert2((xmlSecSize)EVP_MD_size(ctx->digest) <= sizeof(ctx->dgst), -1);
-
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+ if(last) {
+ unsigned int dgstSize;
+
+ xmlSecAssert2((xmlSecSize)EVP_MD_size(ctx->digest) <= sizeof(ctx->dgst), -1);
+
#ifndef XMLSEC_OPENSSL_096
- ret = EVP_DigestFinal(&(ctx->digestCtx), ctx->dgst, &ctx->dgstSize);
- if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "EVP_DigestFinal",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ ret = EVP_DigestFinal(&(ctx->digestCtx), ctx->dgst, &dgstSize);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "EVP_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
#else /* XMLSEC_OPENSSL_096 */
- EVP_DigestFinal(&(ctx->digestCtx), ctx->dgst, &ctx->dgstSize);
+ EVP_DigestFinal(&(ctx->digestCtx), ctx->dgst, &dgstSize);
#endif /* XMLSEC_OPENSSL_096 */
- xmlSecAssert2(ctx->dgstSize > 0, -1);
-
- /* copy result to output */
- if(transform->operation == xmlSecTransformOperationSign) {
- ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", ctx->dgstSize);
- return(-1);
- }
- }
- transform->status = xmlSecTransformStatusFinished;
- }
+ xmlSecAssert2(dgstSize > 0, -1);
+ ctx->dgstSize = XMLSEC_SIZE_BAD_CAST(dgstSize);
+
+ /* copy result to output */
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", ctx->dgstSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
} else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
-
+
return(0);
}
@@ -362,39 +386,39 @@ xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTran
*****************************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLMd5Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLEvpDigestSize, /* xmlSecSize objSize */
-
- xmlSecNameMd5, /* const xmlChar* name; */
- xmlSecHrefMd5, /* const xmlChar* href; */
- xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpDigestSize, /* xmlSecSize objSize */
+
+ xmlSecNameMd5, /* const xmlChar* name; */
+ xmlSecHrefMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLTransformMd5GetKlass:
*
* MD5 digest transform klass.
*
* Returns: pointer to MD5 digest transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformMd5GetKlass(void) {
return(&xmlSecOpenSSLMd5Klass);
}
@@ -408,39 +432,39 @@ xmlSecOpenSSLTransformMd5GetKlass(void) {
*****************************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLRipemd160Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLEvpDigestSize, /* xmlSecSize objSize */
-
- xmlSecNameRipemd160, /* const xmlChar* name; */
- xmlSecHrefRipemd160, /* const xmlChar* href; */
- xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpDigestSize, /* xmlSecSize objSize */
+
+ xmlSecNameRipemd160, /* const xmlChar* name; */
+ xmlSecHrefRipemd160, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLTransformRipemd160GetKlass:
*
* RIPEMD-160 digest transform klass.
*
* Returns: pointer to RIPEMD-160 digest transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformRipemd160GetKlass(void) {
return(&xmlSecOpenSSLRipemd160Klass);
}
@@ -455,39 +479,39 @@ xmlSecOpenSSLTransformRipemd160GetKlass(void) {
*****************************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLSha1Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLEvpDigestSize, /* xmlSecSize objSize */
-
- xmlSecNameSha1, /* const xmlChar* name; */
- xmlSecHrefSha1, /* const xmlChar* href; */
- xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpDigestSize, /* xmlSecSize objSize */
+
+ xmlSecNameSha1, /* const xmlChar* name; */
+ xmlSecHrefSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLTransformSha1GetKlass:
*
* SHA-1 digest transform klass.
*
* Returns: pointer to SHA-1 digest transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformSha1GetKlass(void) {
return(&xmlSecOpenSSLSha1Klass);
}
@@ -501,39 +525,39 @@ xmlSecOpenSSLTransformSha1GetKlass(void) {
*****************************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLSha224Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLEvpDigestSize, /* xmlSecSize objSize */
-
- xmlSecNameSha224, /* const xmlChar* name; */
- xmlSecHrefSha224, /* const xmlChar* href; */
- xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpDigestSize, /* xmlSecSize objSize */
+
+ xmlSecNameSha224, /* const xmlChar* name; */
+ xmlSecHrefSha224, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLTransformSha224GetKlass:
*
* SHA-224 digest transform klass.
*
* Returns: pointer to SHA-224 digest transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformSha224GetKlass(void) {
return(&xmlSecOpenSSLSha224Klass);
}
@@ -547,39 +571,39 @@ xmlSecOpenSSLTransformSha224GetKlass(void) {
*****************************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLSha256Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLEvpDigestSize, /* xmlSecSize objSize */
-
- xmlSecNameSha256, /* const xmlChar* name; */
- xmlSecHrefSha256, /* const xmlChar* href; */
- xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpDigestSize, /* xmlSecSize objSize */
+
+ xmlSecNameSha256, /* const xmlChar* name; */
+ xmlSecHrefSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLTransformSha256GetKlass:
*
* SHA-256 digest transform klass.
*
* Returns: pointer to SHA-256 digest transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformSha256GetKlass(void) {
return(&xmlSecOpenSSLSha256Klass);
}
@@ -593,39 +617,39 @@ xmlSecOpenSSLTransformSha256GetKlass(void) {
*****************************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLSha384Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLEvpDigestSize, /* xmlSecSize objSize */
-
- xmlSecNameSha384, /* const xmlChar* name; */
- xmlSecHrefSha384, /* const xmlChar* href; */
- xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpDigestSize, /* xmlSecSize objSize */
+
+ xmlSecNameSha384, /* const xmlChar* name; */
+ xmlSecHrefSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLTransformSha384GetKlass:
*
* SHA-384 digest transform klass.
*
* Returns: pointer to SHA-384 digest transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformSha384GetKlass(void) {
return(&xmlSecOpenSSLSha384Klass);
}
@@ -639,41 +663,85 @@ xmlSecOpenSSLTransformSha384GetKlass(void) {
*****************************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLSha512Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLEvpDigestSize, /* xmlSecSize objSize */
-
- xmlSecNameSha512, /* const xmlChar* name; */
- xmlSecHrefSha512, /* const xmlChar* href; */
- xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpDigestSize, /* xmlSecSize objSize */
+
+ xmlSecNameSha512, /* const xmlChar* name; */
+ xmlSecHrefSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLTransformSha512GetKlass:
*
* SHA-512 digest transform klass.
*
* Returns: pointer to SHA-512 digest transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformSha512GetKlass(void) {
return(&xmlSecOpenSSLSha512Klass);
}
#endif /* XMLSEC_NO_SHA512 */
+#ifndef XMLSEC_NO_GOST
+/******************************************************************************
+ *
+ * GOSTR3411_94
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLGostR3411_94Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecOpenSSLEvpDigestSize, /* size_t objSize */
+
+ xmlSecNameGostR3411_94, /* const xmlChar* name; */
+ xmlSecHrefGostR3411_94, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+ xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformGostR3411_94GetKlass:
+ *
+ * GOSTR3411_94 digest transform klass.
+ *
+ * Returns: pointer to GOSTR3411_94 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformGostR3411_94GetKlass(void) {
+ return(&xmlSecOpenSSLGostR3411_94Klass);
+}
+#endif /* XMLSEC_NO_GOST*/
+
diff --git a/src/openssl/evp.c b/src/openssl/evp.c
index e9d87295..9cb52dc2 100644
--- a/src/openssl/evp.c
+++ b/src/openssl/evp.c
@@ -1,9 +1,9 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -29,11 +29,11 @@
* Internal OpenSSL EVP key CTX
*
*************************************************************************/
-typedef struct _xmlSecOpenSSLEvpKeyDataCtx xmlSecOpenSSLEvpKeyDataCtx,
- *xmlSecOpenSSLEvpKeyDataCtxPtr;
+typedef struct _xmlSecOpenSSLEvpKeyDataCtx xmlSecOpenSSLEvpKeyDataCtx,
+ *xmlSecOpenSSLEvpKeyDataCtxPtr;
struct _xmlSecOpenSSLEvpKeyDataCtx {
- EVP_PKEY* pKey;
-};
+ EVP_PKEY* pKey;
+};
/******************************************************************************
*
@@ -42,38 +42,38 @@ struct _xmlSecOpenSSLEvpKeyDataCtx {
* xmlSecOpenSSLEvpKeyDataCtx is located after xmlSecTransform
*
*****************************************************************************/
-#define xmlSecOpenSSLEvpKeyDataSize \
- (sizeof(xmlSecKeyData) + sizeof(xmlSecOpenSSLEvpKeyDataCtx))
+#define xmlSecOpenSSLEvpKeyDataSize \
+ (sizeof(xmlSecKeyData) + sizeof(xmlSecOpenSSLEvpKeyDataCtx))
#define xmlSecOpenSSLEvpKeyDataGetCtx(data) \
((xmlSecOpenSSLEvpKeyDataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData)))
-static int xmlSecOpenSSLEvpKeyDataInitialize (xmlSecKeyDataPtr data);
-static int xmlSecOpenSSLEvpKeyDataDuplicate (xmlSecKeyDataPtr dst,
- xmlSecKeyDataPtr src);
-static void xmlSecOpenSSLEvpKeyDataFinalize (xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLEvpKeyDataInitialize (xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLEvpKeyDataDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecOpenSSLEvpKeyDataFinalize (xmlSecKeyDataPtr data);
/**
* xmlSecOpenSSLEvpKeyDataAdoptEvp:
- * @data: the pointer to OpenSSL EVP key data.
- * @pKey: the pointer to EVP key.
+ * @data: the pointer to OpenSSL EVP key data.
+ * @pKey: the pointer to EVP key.
*
* Sets the value of key data.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecOpenSSLEvpKeyDataAdoptEvp(xmlSecKeyDataPtr data, EVP_PKEY* pKey) {
xmlSecOpenSSLEvpKeyDataCtxPtr ctx;
xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecOpenSSLEvpKeyDataSize), -1);
xmlSecAssert2(pKey != NULL, -1);
-
+
ctx = xmlSecOpenSSLEvpKeyDataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
-
+
if(ctx->pKey != NULL) {
- EVP_PKEY_free(ctx->pKey);
+ EVP_PKEY_free(ctx->pKey);
}
ctx->pKey = pKey;
return(0);
@@ -81,13 +81,13 @@ xmlSecOpenSSLEvpKeyDataAdoptEvp(xmlSecKeyDataPtr data, EVP_PKEY* pKey) {
/**
* xmlSecOpenSSLEvpKeyDataGetEvp:
- * @data: the pointer to OpenSSL EVP data.
+ * @data: the pointer to OpenSSL EVP data.
*
* Gets the EVP_PKEY from the key data.
*
* Returns: pointer to EVP_PKEY or NULL if an error occurs.
*/
-EVP_PKEY*
+EVP_PKEY*
xmlSecOpenSSLEvpKeyDataGetEvp(xmlSecKeyDataPtr data) {
xmlSecOpenSSLEvpKeyDataCtxPtr ctx;
@@ -133,16 +133,16 @@ xmlSecOpenSSLEvpKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
xmlSecAssert2(ctxSrc != NULL, -1);
if(ctxSrc->pKey != NULL) {
- ctxDst->pKey = xmlSecOpenSSLEvpKeyDup(ctxSrc->pKey);
- if(ctxDst->pKey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "xmlSecOpenSSLEvpKeyDup",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
+ ctxDst->pKey = xmlSecOpenSSLEvpKeyDup(ctxSrc->pKey);
+ if(ctxDst->pKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecOpenSSLEvpKeyDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
return(0);
}
@@ -150,15 +150,15 @@ xmlSecOpenSSLEvpKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
static void
xmlSecOpenSSLEvpKeyDataFinalize(xmlSecKeyDataPtr data) {
xmlSecOpenSSLEvpKeyDataCtxPtr ctx;
-
+
xmlSecAssert(xmlSecKeyDataIsValid(data));
xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecOpenSSLEvpKeyDataSize));
ctx = xmlSecOpenSSLEvpKeyDataGetCtx(data);
xmlSecAssert(ctx != NULL);
-
+
if(ctx->pKey != NULL) {
- EVP_PKEY_free(ctx->pKey);
+ EVP_PKEY_free(ctx->pKey);
}
memset(ctx, 0, sizeof(xmlSecOpenSSLEvpKeyDataCtx));
}
@@ -170,34 +170,34 @@ xmlSecOpenSSLEvpKeyDataFinalize(xmlSecKeyDataPtr data) {
*****************************************************************************/
/**
* xmlSecOpenSSLEvpKeyDup:
- * @pKey: the pointer to EVP_PKEY.
+ * @pKey: the pointer to EVP_PKEY.
*
* Duplicates @pKey.
*
* Returns: pointer to newly created EVP_PKEY object or NULL if an error occurs.
*/
-EVP_PKEY*
+EVP_PKEY*
xmlSecOpenSSLEvpKeyDup(EVP_PKEY* pKey) {
int ret;
xmlSecAssert2(pKey != NULL, NULL);
-
+
ret = CRYPTO_add(&pKey->references,1,CRYPTO_LOCK_EVP_PKEY);
if(ret <= 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CRYPTO_add",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CRYPTO_add",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
return(pKey);
}
/**
* xmlSecOpenSSLEvpKeyAdopt:
- * @pKey: the pointer to EVP_PKEY.
+ * @pKey: the pointer to EVP_PKEY.
*
* Creates xmlsec key object from OpenSSL key object.
*
@@ -207,60 +207,86 @@ xmlSecKeyDataPtr
xmlSecOpenSSLEvpKeyAdopt(EVP_PKEY *pKey) {
xmlSecKeyDataPtr data = NULL;
int ret;
-
+
xmlSecAssert2(pKey != NULL, NULL);
- switch(pKey->type) {
-#ifndef XMLSEC_NO_RSA
+ switch(pKey->type) {
+#ifndef XMLSEC_NO_RSA
case EVP_PKEY_RSA:
- data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataRsaId);
- if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecOpenSSLKeyDataRsaId");
- return(NULL);
- }
- break;
-#endif /* XMLSEC_NO_RSA */
-#ifndef XMLSEC_NO_DSA
+ data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataRsaId);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecOpenSSLKeyDataRsaId");
+ return(NULL);
+ }
+ break;
+#endif /* XMLSEC_NO_RSA */
+#ifndef XMLSEC_NO_DSA
case EVP_PKEY_DSA:
- data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataDsaId);
- if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecOpenSSLKeyDataDsaId");
- return(NULL);
- }
- break;
-#endif /* XMLSEC_NO_DSA */
- default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_TYPE,
- "evp key type %d not supported", pKey->type);
- return(NULL);
- }
-
- xmlSecAssert2(data != NULL, NULL);
+ data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataDsaId);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecOpenSSLKeyDataDsaId");
+ return(NULL);
+ }
+ break;
+#endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_ECDSA
+ case EVP_PKEY_EC:
+ data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataEcdsaId);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecOpenSSLKeyDataEcdsaId");
+ return(NULL);
+ }
+ break;
+#endif /* XMLSEC_NO_ECDSA */
+#ifndef XMLSEC_NO_GOST
+ case NID_id_GostR3410_2001:
+ data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataGost2001Id);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecOpenSSLKeyDataGost2001Id");
+ return(NULL);
+ }
+ break;
+#endif /* XMLSEC_NO_GOST */
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TYPE,
+ "evp key type %d not supported", pKey->type);
+ return(NULL);
+ }
+
+ xmlSecAssert2(data != NULL, NULL);
ret = xmlSecOpenSSLEvpKeyDataAdoptEvp(data, pKey);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLEvpKeyDataAdoptEvp",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(data);
- return(NULL);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLEvpKeyDataAdoptEvp",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(NULL);
}
return(data);
}
-#ifndef XMLSEC_NO_DSA
+#ifndef XMLSEC_NO_DSA
/**************************************************************************
*
* <dsig:DSAKeyValue> processing
@@ -268,57 +294,57 @@ xmlSecOpenSSLEvpKeyAdopt(EVP_PKEY *pKey) {
*
* The DSAKeyValue Element (http://www.w3.org/TR/xmldsig-core/#sec-DSAKeyValue)
*
- * DSA keys and the DSA signature algorithm are specified in [DSS].
+ * DSA keys and the DSA signature algorithm are specified in [DSS].
* DSA public key values can have the following fields:
- *
- * * P - a prime modulus meeting the [DSS] requirements
- * * Q - an integer in the range 2**159 < Q < 2**160 which is a prime
- * divisor of P-1
- * * G - an integer with certain properties with respect to P and Q
- * * Y - G**X mod P (where X is part of the private key and not made
- * public)
- * * J - (P - 1) / Q
- * * seed - a DSA prime generation seed
+ *
+ * * P - a prime modulus meeting the [DSS] requirements
+ * * Q - an integer in the range 2**159 < Q < 2**160 which is a prime
+ * divisor of P-1
+ * * G - an integer with certain properties with respect to P and Q
+ * * Y - G**X mod P (where X is part of the private key and not made
+ * public)
+ * * J - (P - 1) / Q
+ * * seed - a DSA prime generation seed
* * pgenCounter - a DSA prime generation counter
*
- * Parameter J is available for inclusion solely for efficiency as it is
- * calculatable from P and Q. Parameters seed and pgenCounter are used in the
- * DSA prime number generation algorithm specified in [DSS]. As such, they are
- * optional but must either both be present or both be absent. This prime
- * generation algorithm is designed to provide assurance that a weak prime is
- * not being used and it yields a P and Q value. Parameters P, Q, and G can be
- * public and common to a group of users. They might be known from application
- * context. As such, they are optional but P and Q must either both appear or
- * both be absent. If all of P, Q, seed, and pgenCounter are present,
- * implementations are not required to check if they are consistent and are
- * free to use either P and Q or seed and pgenCounter. All parameters are
+ * Parameter J is available for inclusion solely for efficiency as it is
+ * calculatable from P and Q. Parameters seed and pgenCounter are used in the
+ * DSA prime number generation algorithm specified in [DSS]. As such, they are
+ * optional but must either both be present or both be absent. This prime
+ * generation algorithm is designed to provide assurance that a weak prime is
+ * not being used and it yields a P and Q value. Parameters P, Q, and G can be
+ * public and common to a group of users. They might be known from application
+ * context. As such, they are optional but P and Q must either both appear or
+ * both be absent. If all of P, Q, seed, and pgenCounter are present,
+ * implementations are not required to check if they are consistent and are
+ * free to use either P and Q or seed and pgenCounter. All parameters are
* encoded as base64 [MIME] values.
- *
- * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ *
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
* represented in XML as octet strings as defined by the ds:CryptoBinary type.
- *
+ *
* Schema Definition:
- *
- * <element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
- * <complexType name="DSAKeyValueType">
+ *
+ * <element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+ * <complexType name="DSAKeyValueType">
* <sequence>
* <sequence minOccurs="0">
- * <element name="P" type="ds:CryptoBinary"/>
+ * <element name="P" type="ds:CryptoBinary"/>
* <element name="Q" type="ds:CryptoBinary"/>
* </sequence>
- * <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
- * <element name="Y" type="ds:CryptoBinary"/>
+ * <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ * <element name="Y" type="ds:CryptoBinary"/>
* <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
* <sequence minOccurs="0">
- * <element name="Seed" type="ds:CryptoBinary"/>
- * <element name="PgenCounter" type="ds:CryptoBinary"/>
+ * <element name="Seed" type="ds:CryptoBinary"/>
+ * <element name="PgenCounter" type="ds:CryptoBinary"/>
* </sequence>
* </sequence>
* </complexType>
- *
+ *
* DTD Definition:
- *
- * <!ELEMENT DSAKeyValue ((P, Q)?, G?, Y, J?, (Seed, PgenCounter)?) >
+ *
+ * <!ELEMENT DSAKeyValue ((P, Q)?, G?, Y, J?, (Seed, PgenCounter)?) >
* <!ELEMENT P (#PCDATA) >
* <!ELEMENT Q (#PCDATA) >
* <!ELEMENT G (#PCDATA) >
@@ -328,34 +354,34 @@ xmlSecOpenSSLEvpKeyAdopt(EVP_PKEY *pKey) {
* <!ELEMENT PgenCounter (#PCDATA) >
*
* ============================================================================
- *
+ *
* To support reading/writing private keys an X element added (before Y).
* todo: The current implementation does not support Seed and PgenCounter!
* by this the P, Q and G are *required*!
*
*************************************************************************/
-static int xmlSecOpenSSLKeyDataDsaInitialize (xmlSecKeyDataPtr data);
-static int xmlSecOpenSSLKeyDataDsaDuplicate (xmlSecKeyDataPtr dst,
- xmlSecKeyDataPtr src);
-static void xmlSecOpenSSLKeyDataDsaFinalize (xmlSecKeyDataPtr data);
-static int xmlSecOpenSSLKeyDataDsaXmlRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecOpenSSLKeyDataDsaXmlWrite (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecOpenSSLKeyDataDsaGenerate (xmlSecKeyDataPtr data,
- xmlSecSize sizeBits,
- xmlSecKeyDataType type);
-
-static xmlSecKeyDataType xmlSecOpenSSLKeyDataDsaGetType (xmlSecKeyDataPtr data);
-static xmlSecSize xmlSecOpenSSLKeyDataDsaGetSize (xmlSecKeyDataPtr data);
-static void xmlSecOpenSSLKeyDataDsaDebugDump (xmlSecKeyDataPtr data,
- FILE* output);
-static void xmlSecOpenSSLKeyDataDsaDebugXmlDump (xmlSecKeyDataPtr data,
- FILE* output);
+static int xmlSecOpenSSLKeyDataDsaInitialize (xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLKeyDataDsaDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecOpenSSLKeyDataDsaFinalize (xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLKeyDataDsaXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLKeyDataDsaXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLKeyDataDsaGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecOpenSSLKeyDataDsaGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecOpenSSLKeyDataDsaGetSize (xmlSecKeyDataPtr data);
+static void xmlSecOpenSSLKeyDataDsaDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecOpenSSLKeyDataDsaDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataDsaKlass = {
sizeof(xmlSecKeyDataKlass),
@@ -363,151 +389,151 @@ static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataDsaKlass = {
/* data */
xmlSecNameDSAKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefDSAKeyValue, /* const xmlChar* href; */
- xmlSecNodeDSAKeyValue, /* const xmlChar* dataNodeName; */
- xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefDSAKeyValue, /* const xmlChar* href; */
+ xmlSecNodeDSAKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- xmlSecOpenSSLKeyDataDsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecOpenSSLKeyDataDsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecOpenSSLKeyDataDsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- xmlSecOpenSSLKeyDataDsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
+ xmlSecOpenSSLKeyDataDsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecOpenSSLKeyDataDsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecOpenSSLKeyDataDsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecOpenSSLKeyDataDsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
/* get info */
- xmlSecOpenSSLKeyDataDsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
- xmlSecOpenSSLKeyDataDsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ xmlSecOpenSSLKeyDataDsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecOpenSSLKeyDataDsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- xmlSecOpenSSLKeyDataDsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecOpenSSLKeyDataDsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- NULL, /* xmlSecKeyDataBinReadMethod binRead; */
- NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ xmlSecOpenSSLKeyDataDsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecOpenSSLKeyDataDsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- xmlSecOpenSSLKeyDataDsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecOpenSSLKeyDataDsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ xmlSecOpenSSLKeyDataDsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecOpenSSLKeyDataDsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecOpenSSLKeyDataDsaGetKlass:
- *
+ *
* The DSA key data klass.
*
* Returns: pointer to DSA key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecOpenSSLKeyDataDsaGetKlass(void) {
return(&xmlSecOpenSSLKeyDataDsaKlass);
}
/**
* xmlSecOpenSSLKeyDataDsaAdoptDsa:
- * @data: the pointer to DSA key data.
- * @dsa: the pointer to OpenSSL DSA key.
+ * @data: the pointer to DSA key data.
+ * @dsa: the pointer to OpenSSL DSA key.
*
* Sets the value of DSA key data.
*
* Returns: 0 on success or a negative value otherwise.
- */
+ */
int
xmlSecOpenSSLKeyDataDsaAdoptDsa(xmlSecKeyDataPtr data, DSA* dsa) {
EVP_PKEY* pKey = NULL;
int ret;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId), -1);
-
+
/* construct new EVP_PKEY */
if(dsa != NULL) {
- pKey = EVP_PKEY_new();
- if(pKey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "EVP_PKEY_new",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- ret = EVP_PKEY_assign_DSA(pKey, dsa);
- if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "EVP_PKEY_assign_DSA",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
+ pKey = EVP_PKEY_new();
+ if(pKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "EVP_PKEY_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = EVP_PKEY_assign_DSA(pKey, dsa);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "EVP_PKEY_assign_DSA",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
ret = xmlSecOpenSSLKeyDataDsaAdoptEvp(data, pKey);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecOpenSSLKeyDataDsaAdoptEvp",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- if(pKey != NULL) {
- EVP_PKEY_free(pKey);
- }
- return(-1);
- }
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataDsaAdoptEvp",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ if(pKey != NULL) {
+ EVP_PKEY_free(pKey);
+ }
+ return(-1);
+ }
+ return(0);
}
/**
* xmlSecOpenSSLKeyDataDsaGetDsa:
- * @data: the pointer to DSA key data.
+ * @data: the pointer to DSA key data.
*
* Gets the OpenSSL DSA key from DSA key data.
*
* Returns: pointer to OpenSSL DSA key or NULL if an error occurs.
*/
-DSA*
+DSA*
xmlSecOpenSSLKeyDataDsaGetDsa(xmlSecKeyDataPtr data) {
EVP_PKEY* pKey;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId), NULL);
-
+
pKey = xmlSecOpenSSLKeyDataDsaGetEvp(data);
xmlSecAssert2((pKey == NULL) || (pKey->type == EVP_PKEY_DSA), NULL);
-
+
return((pKey != NULL) ? pKey->pkey.dsa : (DSA*)NULL);
}
-/**
+/**
* xmlSecOpenSSLKeyDataDsaAdoptEvp:
- * @data: the pointer to DSA key data.
- * @pKey: the pointer to OpenSSL EVP key.
+ * @data: the pointer to DSA key data.
+ * @pKey: the pointer to OpenSSL EVP key.
*
* Sets the DSA key data value to OpenSSL EVP key.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecOpenSSLKeyDataDsaAdoptEvp(xmlSecKeyDataPtr data, EVP_PKEY* pKey) {
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId), -1);
xmlSecAssert2(pKey != NULL, -1);
xmlSecAssert2(pKey->type == EVP_PKEY_DSA, -1);
-
+
return(xmlSecOpenSSLEvpKeyDataAdoptEvp(data, pKey));
}
/**
* xmlSecOpenSSLKeyDataDsaGetEvp:
- * @data: the pointer to DSA key data.
+ * @data: the pointer to DSA key data.
*
* Gets the OpenSSL EVP key from DSA key data.
*
* Returns: pointer to OpenSSL EVP key or NULL if an error occurs.
*/
-EVP_PKEY*
+EVP_PKEY*
xmlSecOpenSSLKeyDataDsaGetEvp(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId), NULL);
@@ -532,13 +558,13 @@ xmlSecOpenSSLKeyDataDsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
static void
xmlSecOpenSSLKeyDataDsaFinalize(xmlSecKeyDataPtr data) {
xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId));
-
+
xmlSecOpenSSLEvpKeyDataFinalize(data);
}
static int
xmlSecOpenSSLKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data;
xmlNodePtr cur;
DSA *dsa;
@@ -550,202 +576,202 @@ xmlSecOpenSSLKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
xmlSecAssert2(keyInfoCtx != NULL, -1);
if(xmlSecKeyGetValue(key) != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
dsa = DSA_new();
if(dsa == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "DSA_new",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "DSA_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
cur = xmlSecGetNextElementNode(node->children);
/* first is P node. It is REQUIRED because we do not support Seed and PgenCounter*/
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAP, xmlSecDSigNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAP));
- DSA_free(dsa);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ DSA_free(dsa);
+ return(-1);
}
if(xmlSecOpenSSLNodeGetBNValue(cur, &(dsa->p)) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLNodeGetBNValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAP));
- DSA_free(dsa);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeGetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ DSA_free(dsa);
+ return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
/* next is Q node. It is REQUIRED because we do not support Seed and PgenCounter*/
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAQ, xmlSecDSigNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAQ));
- DSA_free(dsa);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ DSA_free(dsa);
+ return(-1);
}
if(xmlSecOpenSSLNodeGetBNValue(cur, &(dsa->q)) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLNodeGetBNValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAQ));
- DSA_free(dsa);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeGetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ DSA_free(dsa);
+ return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
/* next is G node. It is REQUIRED because we do not support Seed and PgenCounter*/
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAG, xmlSecDSigNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAG));
- DSA_free(dsa);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ DSA_free(dsa);
+ return(-1);
}
if(xmlSecOpenSSLNodeGetBNValue(cur, &(dsa->g)) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLNodeGetBNValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAG));
- DSA_free(dsa);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeGetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ DSA_free(dsa);
+ return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAX, xmlSecNs))) {
/* next is X node. It is REQUIRED for private key but
- * we are not sure exactly what do we read */
- if(xmlSecOpenSSLNodeGetBNValue(cur, &(dsa->priv_key)) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLNodeGetBNValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAX));
- DSA_free(dsa);
- return(-1);
- }
- cur = xmlSecGetNextElementNode(cur->next);
+ * we are not sure exactly what do we read */
+ if(xmlSecOpenSSLNodeGetBNValue(cur, &(dsa->priv_key)) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeGetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAX));
+ DSA_free(dsa);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
}
/* next is Y node. */
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAY, xmlSecDSigNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAY));
- DSA_free(dsa);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ DSA_free(dsa);
+ return(-1);
}
if(xmlSecOpenSSLNodeGetBNValue(cur, &(dsa->pub_key)) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLNodeGetBNValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY));
- DSA_free(dsa);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeGetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ DSA_free(dsa);
+ return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
/* todo: add support for J */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAJ, xmlSecDSigNs))) {
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
}
-
+
/* todo: add support for seed */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSASeed, xmlSecDSigNs))) {
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
}
/* todo: add support for pgencounter */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAPgenCounter, xmlSecDSigNs))) {
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- DSA_free(dsa);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ DSA_free(dsa);
+ return(-1);
}
data = xmlSecKeyDataCreate(id);
if(data == NULL ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- DSA_free(dsa);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ DSA_free(dsa);
+ return(-1);
}
ret = xmlSecOpenSSLKeyDataDsaAdoptDsa(data, dsa);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecOpenSSLKeyDataDsaAdoptDsa",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(data);
- DSA_free(dsa);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataDsaAdoptDsa",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ DSA_free(dsa);
+ return(-1);
}
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(data);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(-1);
}
return(0);
}
-static int
+static int
xmlSecOpenSSLKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlNodePtr cur;
DSA* dsa;
int ret;
-
+
xmlSecAssert2(id == xmlSecOpenSSLKeyDataDsaId, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecOpenSSLKeyDataDsaId), -1);
@@ -754,126 +780,126 @@ xmlSecOpenSSLKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
dsa = xmlSecOpenSSLKeyDataDsaGetDsa(xmlSecKeyGetValue(key));
xmlSecAssert2(dsa != NULL, -1);
-
+
if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
- /* we can have only private key or public key */
- return(0);
- }
-
+ /* we can have only private key or public key */
+ return(0);
+ }
+
/* first is P node */
xmlSecAssert2(dsa->p != NULL, -1);
cur = xmlSecAddChild(node, xmlSecNodeDSAP, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAP));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ return(-1);
}
ret = xmlSecOpenSSLNodeSetBNValue(cur, dsa->p, 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLNodeSetBNValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAP));
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeSetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ return(-1);
+ }
/* next is Q node. */
xmlSecAssert2(dsa->q != NULL, -1);
cur = xmlSecAddChild(node, xmlSecNodeDSAQ, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAQ));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ return(-1);
}
ret = xmlSecOpenSSLNodeSetBNValue(cur, dsa->q, 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLNodeSetBNValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAQ));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeSetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ return(-1);
}
/* next is G node. */
xmlSecAssert2(dsa->g != NULL, -1);
cur = xmlSecAddChild(node, xmlSecNodeDSAG, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAG));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ return(-1);
}
ret = xmlSecOpenSSLNodeSetBNValue(cur, dsa->g, 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLNodeSetBNValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAG));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeSetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ return(-1);
}
/* next is X node: write it ONLY for private keys and ONLY if it is requested */
if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (dsa->priv_key != NULL)) {
- cur = xmlSecAddChild(node, xmlSecNodeDSAX, xmlSecNs);
- if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAX));
- return(-1);
- }
- ret = xmlSecOpenSSLNodeSetBNValue(cur, dsa->priv_key, 1);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLNodeSetBNValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAX));
- return(-1);
- }
+ cur = xmlSecAddChild(node, xmlSecNodeDSAX, xmlSecNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAX));
+ return(-1);
+ }
+ ret = xmlSecOpenSSLNodeSetBNValue(cur, dsa->priv_key, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeSetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAX));
+ return(-1);
+ }
}
/* next is Y node. */
xmlSecAssert2(dsa->pub_key != NULL, -1);
cur = xmlSecAddChild(node, xmlSecNodeDSAY, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAY));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ return(-1);
}
ret = xmlSecOpenSSLNodeSetBNValue(cur, dsa->pub_key, 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLNodeSetBNValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDSAY));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeSetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ return(-1);
}
return(0);
}
@@ -884,40 +910,40 @@ xmlSecOpenSSLKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlS
int counter_ret;
unsigned long h_ret;
int ret;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId), -1);
xmlSecAssert2(sizeBits > 0, -1);
- dsa = DSA_generate_parameters(sizeBits, NULL, 0, &counter_ret, &h_ret, NULL, NULL);
+ dsa = DSA_generate_parameters(sizeBits, NULL, 0, &counter_ret, &h_ret, NULL, NULL);
if(dsa == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "DSA_generate_parameters",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "size=%d", sizeBits);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "DSA_generate_parameters",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", sizeBits);
+ return(-1);
}
ret = DSA_generate_key(dsa);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "DSA_generate_key",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- DSA_free(dsa);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "DSA_generate_key",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ DSA_free(dsa);
+ return(-1);
}
ret = xmlSecOpenSSLKeyDataDsaAdoptDsa(data, dsa);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecOpenSSLKeyDataDsaAdoptDsa",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- DSA_free(dsa);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataDsaAdoptDsa",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ DSA_free(dsa);
+ return(-1);
}
return(0);
@@ -926,32 +952,32 @@ xmlSecOpenSSLKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlS
static xmlSecKeyDataType
xmlSecOpenSSLKeyDataDsaGetType(xmlSecKeyDataPtr data) {
DSA* dsa;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId), xmlSecKeyDataTypeUnknown);
-
+
dsa = xmlSecOpenSSLKeyDataDsaGetDsa(data);
- if((dsa != NULL) && (dsa->p != NULL) && (dsa->q != NULL) &&
+ if((dsa != NULL) && (dsa->p != NULL) && (dsa->q != NULL) &&
(dsa->g != NULL) && (dsa->pub_key != NULL)) {
-
+
if(dsa->priv_key != NULL) {
- return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
- } else if(dsa->engine != NULL) {
- /*
- * !!! HACK !!! Also see RSA key
- * We assume here that engine *always* has private key.
- * This might be incorrect but it seems that there is no
- * way to ask engine if given key is private or not.
- */
- return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
- } else {
- return(xmlSecKeyDataTypePublic);
- }
+ return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+ } else if(dsa->engine != NULL) {
+ /*
+ * !!! HACK !!! Also see RSA key
+ * We assume here that engine *always* has private key.
+ * This might be incorrect but it seems that there is no
+ * way to ask engine if given key is private or not.
+ */
+ return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+ } else {
+ return(xmlSecKeyDataTypePublic);
+ }
}
return(xmlSecKeyDataTypeUnknown);
}
-static xmlSecSize
+static xmlSecSize
xmlSecOpenSSLKeyDataDsaGetSize(xmlSecKeyDataPtr data) {
DSA* dsa;
@@ -959,31 +985,297 @@ xmlSecOpenSSLKeyDataDsaGetSize(xmlSecKeyDataPtr data) {
dsa = xmlSecOpenSSLKeyDataDsaGetDsa(data);
if((dsa != NULL) && (dsa->p != NULL)) {
- return(BN_num_bits(dsa->p));
- }
+ return(BN_num_bits(dsa->p));
+ }
return(0);
}
-static void
+static void
xmlSecOpenSSLKeyDataDsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId));
xmlSecAssert(output != NULL);
-
- fprintf(output, "=== dsa key: size = %d\n",
- xmlSecOpenSSLKeyDataDsaGetSize(data));
+
+ fprintf(output, "=== dsa key: size = %d\n",
+ xmlSecOpenSSLKeyDataDsaGetSize(data));
}
static void
xmlSecOpenSSLKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId));
xmlSecAssert(output != NULL);
-
- fprintf(output, "<DSAKeyValue size=\"%d\" />\n",
- xmlSecOpenSSLKeyDataDsaGetSize(data));
+
+ fprintf(output, "<DSAKeyValue size=\"%d\" />\n",
+ xmlSecOpenSSLKeyDataDsaGetSize(data));
}
#endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_ECDSA
+/**************************************************************************
+ *
+ * ECDSA XML key representation processing.
+ *
+ * http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST-IR-7802
+ *
+ * RFC 4050 [RFC4050] describes a possible <dsig:KeyValue> representation
+ * for an ECDSA key. The representation and processing instructions
+ * described in [RFC4050] are not completely compatible with [XMLDSIG-11];
+ * therefore, ECDSA keys SHOULD NOT be provided through a <dsig:KeyValue>
+ * element.
+ *
+ *************************************************************************/
+static int xmlSecOpenSSLKeyDataEcdsaInitialize(xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLKeyDataEcdsaDuplicate(xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecOpenSSLKeyDataEcdsaFinalize(xmlSecKeyDataPtr data);
+
+static xmlSecKeyDataType xmlSecOpenSSLKeyDataEcdsaGetType(xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecOpenSSLKeyDataEcdsaGetSize(xmlSecKeyDataPtr data);
+static void xmlSecOpenSSLKeyDataEcdsaDebugDump(xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecOpenSSLKeyDataEcdsaDebugXmlDump(xmlSecKeyDataPtr data,
+ FILE* output);
+
+static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataEcdsaKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecOpenSSLEvpKeyDataSize,
+
+ /* data */
+ xmlSecNameECDSAKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefECDSAKeyValue, /* const xmlChar* href; */
+ xmlSecNodeECDSAKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecOpenSSLKeyDataEcdsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecOpenSSLKeyDataEcdsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecOpenSSLKeyDataEcdsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecOpenSSLKeyDataEcdsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecOpenSSLKeyDataEcdsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecOpenSSLKeyDataEcdsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecOpenSSLKeyDataEcdsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLKeyDataEcdsaGetKlass:
+ *
+ * The ECDSA key data klass.
+ *
+ * Returns: pointer to ECDSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecOpenSSLKeyDataEcdsaGetKlass(void) {
+ return(&xmlSecOpenSSLKeyDataEcdsaKlass);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataEcdsaAdoptEcdsa:
+ * @data: the pointer to ECDSA key data.
+ * @ecdsa: the pointer to OpenSSL ECDSA key.
+ *
+ * Sets the value of ECDSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLKeyDataEcdsaAdoptEcdsa(xmlSecKeyDataPtr data, EC_KEY* ecdsa) {
+ EVP_PKEY* pKey = NULL;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), -1);
+
+ /* construct new EVP_PKEY */
+ if(ecdsa != NULL) {
+ pKey = EVP_PKEY_new();
+ if(pKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "EVP_PKEY_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = EVP_PKEY_assign_EC_KEY(pKey, ecdsa);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "EVP_PKEY_assign_EC_KEY",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ ret = xmlSecOpenSSLKeyDataEcdsaAdoptEvp(data, pKey);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataEcdsaAdoptEvp",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ if(pKey != NULL) {
+ EVP_PKEY_free(pKey);
+ }
+ return(-1);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataEcdsaGetEcdsa:
+ * @data: the pointer to ECDSA key data.
+ *
+ * Gets the OpenSSL ECDSA key from ECDSA key data.
+ *
+ * Returns: pointer to OpenSSL ECDSA key or NULL if an error occurs.
+ */
+EC_KEY*
+xmlSecOpenSSLKeyDataEcdsaGetEcdsa(xmlSecKeyDataPtr data) {
+ EVP_PKEY* pKey;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), NULL);
+
+ pKey = xmlSecOpenSSLKeyDataEcdsaGetEvp(data);
+ xmlSecAssert2((pKey == NULL) || (pKey->type == EVP_PKEY_EC), NULL);
+
+ return((pKey != NULL) ? pKey->pkey.ec : (EC_KEY*)NULL);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataEcdsaAdoptEvp:
+ * @data: the pointer to ECDSA key data.
+ * @pKey: the pointer to OpenSSL EVP key.
+ *
+ * Sets the ECDSA key data value to OpenSSL EVP key.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLKeyDataEcdsaAdoptEvp(xmlSecKeyDataPtr data, EVP_PKEY* pKey) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), -1);
+ xmlSecAssert2(pKey != NULL, -1);
+ xmlSecAssert2(pKey->type == EVP_PKEY_EC, -1);
+
+ return(xmlSecOpenSSLEvpKeyDataAdoptEvp(data, pKey));
+}
+
+/**
+ * xmlSecOpenSSLKeyDataEcdsaGetEvp:
+ * @data: the pointer to ECDSA key data.
+ *
+ * Gets the OpenSSL EVP key from ECDSA key data.
+ *
+ * Returns: pointer to OpenSSL EVP key or NULL if an error occurs.
+ */
+EVP_PKEY*
+xmlSecOpenSSLKeyDataEcdsaGetEvp(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), NULL);
+
+ return(xmlSecOpenSSLEvpKeyDataGetEvp(data));
+}
+
+static int
+xmlSecOpenSSLKeyDataEcdsaInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), -1);
+
+ return(xmlSecOpenSSLEvpKeyDataInitialize(data));
+}
+
+static int
+xmlSecOpenSSLKeyDataEcdsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecOpenSSLKeyDataEcdsaId), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecOpenSSLKeyDataEcdsaId), -1);
+
+ return(xmlSecOpenSSLEvpKeyDataDuplicate(dst, src));
+}
+
+static void
+xmlSecOpenSSLKeyDataEcdsaFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId));
+
+ xmlSecOpenSSLEvpKeyDataFinalize(data);
+}
+
+static xmlSecKeyDataType
+xmlSecOpenSSLKeyDataEcdsaGetType(xmlSecKeyDataPtr data ATTRIBUTE_UNUSED) {
+ /* XXX-MAK: Fix this. */
+ return(xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate);
+}
+
+static xmlSecSize
+xmlSecOpenSSLKeyDataEcdsaGetSize(xmlSecKeyDataPtr data) {
+ const EC_GROUP *group;
+ const EC_KEY *ecdsa;
+ BIGNUM order;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), 0);
+
+ ecdsa = xmlSecOpenSSLKeyDataEcdsaGetEcdsa(data);
+ if((ecdsa == NULL)) {
+ return(0);
+ }
+
+ group = EC_KEY_get0_group(ecdsa);
+ if(group == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EC_KEY_get0_group",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
+ }
+
+ if(EC_GROUP_get_order(group, &order, NULL) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EC_GROUP_get_order",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
+ }
+
+ return(BN_num_bytes(&order));
+}
+
+static void
+xmlSecOpenSSLKeyDataEcdsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== ecdsa key: size = %d\n",
+ xmlSecOpenSSLKeyDataEcdsaGetSize(data));
+}
+
+static void
+xmlSecOpenSSLKeyDataEcdsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<ECDSAKeyValue size=\"%d\" />\n",
+ xmlSecOpenSSLKeyDataEcdsaGetSize(data));
+}
+
+#endif /* XMLSEC_NO_ECDSA */
+
#ifndef XMLSEC_NO_RSA
/**************************************************************************
*
@@ -997,210 +1289,210 @@ xmlSecOpenSSLKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
* <RSAKeyValue>
* <Modulus>xA7SEU+e0yQH5rm9kbCDN9o3aPIo7HbP7tX6WOocLZAtNfyxSZDU16ksL6W
* jubafOqNEpcwR3RdFsT7bCqnXPBe5ELh5u4VEy19MzxkXRgrMvavzyBpVRgBUwUlV
- * 5foK5hhmbktQhyNdy/6LpQRhDUDsTvK+g9Ucj47es9AQJ3U=
+ * 5foK5hhmbktQhyNdy/6LpQRhDUDsTvK+g9Ucj47es9AQJ3U=
* </Modulus>
* <Exponent>AQAB</Exponent>
* </RSAKeyValue>
*
- * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
* represented in XML as octet strings as defined by the ds:CryptoBinary type.
*
* Schema Definition:
- *
+ *
* <element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
* <complexType name="RSAKeyValueType">
* <sequence>
- * <element name="Modulus" type="ds:CryptoBinary"/>
+ * <element name="Modulus" type="ds:CryptoBinary"/>
* <element name="Exponent" type="ds:CryptoBinary"/>
* </sequence>
* </complexType>
*
* DTD Definition:
- *
- * <!ELEMENT RSAKeyValue (Modulus, Exponent) >
+ *
+ * <!ELEMENT RSAKeyValue (Modulus, Exponent) >
* <!ELEMENT Modulus (#PCDATA) >
* <!ELEMENT Exponent (#PCDATA) >
*
* ============================================================================
- *
+ *
* To support reading/writing private keys an PrivateExponent element is added
* to the end
*
*************************************************************************/
-static int xmlSecOpenSSLKeyDataRsaInitialize (xmlSecKeyDataPtr data);
-static int xmlSecOpenSSLKeyDataRsaDuplicate (xmlSecKeyDataPtr dst,
- xmlSecKeyDataPtr src);
-static void xmlSecOpenSSLKeyDataRsaFinalize (xmlSecKeyDataPtr data);
-static int xmlSecOpenSSLKeyDataRsaXmlRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecOpenSSLKeyDataRsaXmlWrite (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecOpenSSLKeyDataRsaGenerate (xmlSecKeyDataPtr data,
- xmlSecSize sizeBits,
- xmlSecKeyDataType type);
-
-static xmlSecKeyDataType xmlSecOpenSSLKeyDataRsaGetType (xmlSecKeyDataPtr data);
-static xmlSecSize xmlSecOpenSSLKeyDataRsaGetSize (xmlSecKeyDataPtr data);
-static void xmlSecOpenSSLKeyDataRsaDebugDump (xmlSecKeyDataPtr data,
- FILE* output);
-static void xmlSecOpenSSLKeyDataRsaDebugXmlDump (xmlSecKeyDataPtr data,
- FILE* output);
+static int xmlSecOpenSSLKeyDataRsaInitialize (xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLKeyDataRsaDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecOpenSSLKeyDataRsaFinalize (xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLKeyDataRsaXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLKeyDataRsaXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLKeyDataRsaGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecOpenSSLKeyDataRsaGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecOpenSSLKeyDataRsaGetSize (xmlSecKeyDataPtr data);
+static void xmlSecOpenSSLKeyDataRsaDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecOpenSSLKeyDataRsaDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataRsaKlass = {
sizeof(xmlSecKeyDataKlass),
xmlSecOpenSSLEvpKeyDataSize,
/* data */
xmlSecNameRSAKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefRSAKeyValue, /* const xmlChar* href; */
- xmlSecNodeRSAKeyValue, /* const xmlChar* dataNodeName; */
- xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefRSAKeyValue, /* const xmlChar* href; */
+ xmlSecNodeRSAKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- xmlSecOpenSSLKeyDataRsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecOpenSSLKeyDataRsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecOpenSSLKeyDataRsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- xmlSecOpenSSLKeyDataRsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
+ xmlSecOpenSSLKeyDataRsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecOpenSSLKeyDataRsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecOpenSSLKeyDataRsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecOpenSSLKeyDataRsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
/* get info */
- xmlSecOpenSSLKeyDataRsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
- xmlSecOpenSSLKeyDataRsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ xmlSecOpenSSLKeyDataRsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecOpenSSLKeyDataRsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- xmlSecOpenSSLKeyDataRsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecOpenSSLKeyDataRsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- NULL, /* xmlSecKeyDataBinReadMethod binRead; */
- NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ xmlSecOpenSSLKeyDataRsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecOpenSSLKeyDataRsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- xmlSecOpenSSLKeyDataRsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecOpenSSLKeyDataRsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ xmlSecOpenSSLKeyDataRsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecOpenSSLKeyDataRsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLKeyDataRsaGetKlass:
*
* The OpenSSL RSA key data klass.
*
* Returns: pointer to OpenSSL RSA key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecOpenSSLKeyDataRsaGetKlass(void) {
return(&xmlSecOpenSSLKeyDataRsaKlass);
}
/**
* xmlSecOpenSSLKeyDataRsaAdoptRsa:
- * @data: the pointer to RSA key data.
- * @rsa: the pointer to OpenSSL RSA key.
+ * @data: the pointer to RSA key data.
+ * @rsa: the pointer to OpenSSL RSA key.
*
* Sets the value of RSA key data.
*
* Returns: 0 on success or a negative value otherwise.
- */
+ */
int
xmlSecOpenSSLKeyDataRsaAdoptRsa(xmlSecKeyDataPtr data, RSA* rsa) {
EVP_PKEY* pKey = NULL;
int ret;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), -1);
-
+
/* construct new EVP_PKEY */
if(rsa != NULL) {
- pKey = EVP_PKEY_new();
- if(pKey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "EVP_PKEY_new",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- ret = EVP_PKEY_assign_RSA(pKey, rsa);
- if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "EVP_PKEY_assign_RSA",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
+ pKey = EVP_PKEY_new();
+ if(pKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "EVP_PKEY_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = EVP_PKEY_assign_RSA(pKey, rsa);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "EVP_PKEY_assign_RSA",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
ret = xmlSecOpenSSLKeyDataRsaAdoptEvp(data, pKey);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecOpenSSLKeyDataRsaAdoptEvp",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- if(pKey != NULL) {
- EVP_PKEY_free(pKey);
- }
- return(-1);
- }
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataRsaAdoptEvp",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ if(pKey != NULL) {
+ EVP_PKEY_free(pKey);
+ }
+ return(-1);
+ }
+ return(0);
}
/**
* xmlSecOpenSSLKeyDataRsaGetRsa:
- * @data: the pointer to RSA key data.
+ * @data: the pointer to RSA key data.
*
* Gets the OpenSSL RSA key from RSA key data.
*
* Returns: pointer to OpenSSL RSA key or NULL if an error occurs.
*/
-RSA*
+RSA*
xmlSecOpenSSLKeyDataRsaGetRsa(xmlSecKeyDataPtr data) {
EVP_PKEY* pKey;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), NULL);
-
+
pKey = xmlSecOpenSSLKeyDataRsaGetEvp(data);
xmlSecAssert2((pKey == NULL) || (pKey->type == EVP_PKEY_RSA), NULL);
-
+
return((pKey != NULL) ? pKey->pkey.rsa : (RSA*)NULL);
}
-/**
+/**
* xmlSecOpenSSLKeyDataRsaAdoptEvp:
- * @data: the pointer to RSA key data.
- * @pKey: the pointer to OpenSSL EVP key.
+ * @data: the pointer to RSA key data.
+ * @pKey: the pointer to OpenSSL EVP key.
*
* Sets the RSA key data value to OpenSSL EVP key.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecOpenSSLKeyDataRsaAdoptEvp(xmlSecKeyDataPtr data, EVP_PKEY* pKey) {
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), -1);
xmlSecAssert2(pKey != NULL, -1);
xmlSecAssert2(pKey->type == EVP_PKEY_RSA, -1);
-
+
return(xmlSecOpenSSLEvpKeyDataAdoptEvp(data, pKey));
}
/**
* xmlSecOpenSSLKeyDataRsaGetEvp:
- * @data: the pointer to RSA key data.
+ * @data: the pointer to RSA key data.
*
* Gets the OpenSSL EVP key from RSA key data.
*
* Returns: pointer to OpenSSL EVP key or NULL if an error occurs.
*/
-EVP_PKEY*
+EVP_PKEY*
xmlSecOpenSSLKeyDataRsaGetEvp(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), NULL);
@@ -1231,7 +1523,7 @@ xmlSecOpenSSLKeyDataRsaFinalize(xmlSecKeyDataPtr data) {
static int
xmlSecOpenSSLKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data;
xmlNodePtr cur;
RSA *rsa;
@@ -1243,142 +1535,142 @@ xmlSecOpenSSLKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
xmlSecAssert2(keyInfoCtx != NULL, -1);
if(xmlSecKeyGetValue(key) != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA,
- "key already has a value");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+ "key already has a value");
+ return(-1);
}
rsa = RSA_new();
if(rsa == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "RSA_new",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "RSA_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
cur = xmlSecGetNextElementNode(node->children);
-
+
/* first is Modulus node. It is REQUIRED because we do not support Seed and PgenCounter*/
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAModulus, xmlSecDSigNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
- RSA_free(rsa);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ RSA_free(rsa);
+ return(-1);
}
if(xmlSecOpenSSLNodeGetBNValue(cur, &(rsa->n)) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLNodeGetBNValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
- RSA_free(rsa);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeGetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ RSA_free(rsa);
+ return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
/* next is Exponent node. It is REQUIRED because we do not support Seed and PgenCounter*/
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAExponent, xmlSecDSigNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
- RSA_free(rsa);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ RSA_free(rsa);
+ return(-1);
}
if(xmlSecOpenSSLNodeGetBNValue(cur, &(rsa->e)) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLNodeGetBNValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
- RSA_free(rsa);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeGetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ RSA_free(rsa);
+ return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeRSAPrivateExponent, xmlSecNs))) {
/* next is X node. It is REQUIRED for private key but
- * we are not sure exactly what do we read */
- if(xmlSecOpenSSLNodeGetBNValue(cur, &(rsa->d)) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLNodeGetBNValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
- RSA_free(rsa);
- return(-1);
- }
- cur = xmlSecGetNextElementNode(cur->next);
+ * we are not sure exactly what do we read */
+ if(xmlSecOpenSSLNodeGetBNValue(cur, &(rsa->d)) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeGetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
+ RSA_free(rsa);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "no nodes expected");
- RSA_free(rsa);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "no nodes expected");
+ RSA_free(rsa);
+ return(-1);
}
data = xmlSecKeyDataCreate(id);
if(data == NULL ) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- RSA_free(rsa);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ RSA_free(rsa);
+ return(-1);
}
ret = xmlSecOpenSSLKeyDataRsaAdoptRsa(data, rsa);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLKeyDataRsaAdoptRsa",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(data);
- RSA_free(rsa);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLKeyDataRsaAdoptRsa",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ RSA_free(rsa);
+ return(-1);
}
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(data);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(-1);
}
return(0);
}
-static int
+static int
xmlSecOpenSSLKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlNodePtr cur;
RSA* rsa;
int ret;
-
+
xmlSecAssert2(id == xmlSecOpenSSLKeyDataRsaId, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecOpenSSLKeyDataRsaId), -1);
@@ -1387,80 +1679,80 @@ xmlSecOpenSSLKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
rsa = xmlSecOpenSSLKeyDataRsaGetRsa(xmlSecKeyGetValue(key));
xmlSecAssert2(rsa != NULL, -1);
-
+
if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
- /* we can have only private key or public key */
- return(0);
- }
+ /* we can have only private key or public key */
+ return(0);
+ }
/* first is Modulus node */
cur = xmlSecAddChild(node, xmlSecNodeRSAModulus, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ return(-1);
}
ret = xmlSecOpenSSLNodeSetBNValue(cur, rsa->n, 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLNodeSetBNValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeSetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ return(-1);
+ }
/* next is Exponent node. */
cur = xmlSecAddChild(node, xmlSecNodeRSAExponent, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ return(-1);
}
ret = xmlSecOpenSSLNodeSetBNValue(cur, rsa->e, 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLNodeSetBNValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeSetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ return(-1);
}
/* next is PrivateExponent node: write it ONLY for private keys and ONLY if it is requested */
if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (rsa->d != NULL)) {
- cur = xmlSecAddChild(node, xmlSecNodeRSAPrivateExponent, xmlSecNs);
- if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
- return(-1);
- }
- ret = xmlSecOpenSSLNodeSetBNValue(cur, rsa->d, 1);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLNodeSetBNValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
- return(-1);
- }
- }
-
+ cur = xmlSecAddChild(node, xmlSecNodeRSAPrivateExponent, xmlSecNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
+ return(-1);
+ }
+ ret = xmlSecOpenSSLNodeSetBNValue(cur, rsa->d, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeSetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
+ return(-1);
+ }
+ }
+
return(0);
}
@@ -1468,29 +1760,29 @@ static int
xmlSecOpenSSLKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
RSA* rsa;
int ret;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), -1);
xmlSecAssert2(sizeBits > 0, -1);
- rsa = RSA_generate_key(sizeBits, 3, NULL, NULL);
+ rsa = RSA_generate_key(sizeBits, 3, NULL, NULL);
if(rsa == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "RSA_generate_key",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "sizeBits=%d", sizeBits);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "RSA_generate_key",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "sizeBits=%d", sizeBits);
+ return(-1);
}
ret = xmlSecOpenSSLKeyDataRsaAdoptRsa(data, rsa);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecOpenSSLKeyDataRsaAdoptRsa",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- RSA_free(rsa);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataRsaAdoptRsa",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ RSA_free(rsa);
+ return(-1);
}
return(0);
@@ -1499,30 +1791,30 @@ xmlSecOpenSSLKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlS
static xmlSecKeyDataType
xmlSecOpenSSLKeyDataRsaGetType(xmlSecKeyDataPtr data) {
RSA* rsa;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), xmlSecKeyDataTypeUnknown);
-
+
rsa = xmlSecOpenSSLKeyDataRsaGetRsa(data);
if((rsa != NULL) && (rsa->n != NULL) && (rsa->e != NULL)) {
- if(rsa->d != NULL) {
- return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
- } else if(rsa->engine != NULL) {
- /*
- * !!! HACK !!! Also see DSA key
- * We assume here that engine *always* has private key.
- * This might be incorrect but it seems that there is no
- * way to ask engine if given key is private or not.
- */
- return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
- } else {
- return(xmlSecKeyDataTypePublic);
- }
+ if(rsa->d != NULL) {
+ return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+ } else if(rsa->engine != NULL) {
+ /*
+ * !!! HACK !!! Also see DSA key
+ * We assume here that engine *always* has private key.
+ * This might be incorrect but it seems that there is no
+ * way to ask engine if given key is private or not.
+ */
+ return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+ } else {
+ return(xmlSecKeyDataTypePublic);
+ }
}
return(xmlSecKeyDataTypeUnknown);
}
-static xmlSecSize
+static xmlSecSize
xmlSecOpenSSLKeyDataRsaGetSize(xmlSecKeyDataPtr data) {
RSA* rsa;
@@ -1530,30 +1822,154 @@ xmlSecOpenSSLKeyDataRsaGetSize(xmlSecKeyDataPtr data) {
rsa = xmlSecOpenSSLKeyDataRsaGetRsa(data);
if((rsa != NULL) && (rsa->n != NULL)) {
- return(BN_num_bits(rsa->n));
- }
+ return(BN_num_bits(rsa->n));
+ }
return(0);
}
-static void
+static void
xmlSecOpenSSLKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId));
xmlSecAssert(output != NULL);
-
- fprintf(output, "=== rsa key: size = %d\n",
- xmlSecOpenSSLKeyDataRsaGetSize(data));
+
+ fprintf(output, "=== rsa key: size = %d\n",
+ xmlSecOpenSSLKeyDataRsaGetSize(data));
}
static void
xmlSecOpenSSLKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId));
xmlSecAssert(output != NULL);
-
- fprintf(output, "<RSAKeyValue size=\"%d\" />\n",
- xmlSecOpenSSLKeyDataRsaGetSize(data));
+
+ fprintf(output, "<RSAKeyValue size=\"%d\" />\n",
+ xmlSecOpenSSLKeyDataRsaGetSize(data));
}
-
+
#endif /* XMLSEC_NO_RSA */
+#ifndef XMLSEC_NO_GOST
+/**************************************************************************
+ *
+ * GOST2001 xml key representation processing. Contain errors.
+ *
+ *************************************************************************/
+static int xmlSecOpenSSLKeyDataGost2001Initialize(xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLKeyDataGost2001Duplicate(xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecOpenSSLKeyDataGost2001Finalize(xmlSecKeyDataPtr data);
+
+static xmlSecKeyDataType xmlSecOpenSSLKeyDataGost2001GetType(xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecOpenSSLKeyDataGost2001GetSize(xmlSecKeyDataPtr data);
+static void xmlSecOpenSSLKeyDataGost2001DebugDump(xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecOpenSSLKeyDataGost2001DebugXmlDump(xmlSecKeyDataPtr data,
+ FILE* output);
+
+static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataGost2001Klass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecOpenSSLEvpKeyDataSize,
+
+ /* data */
+ xmlSecNameGOST2001KeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefGOST2001KeyValue, /* const xmlChar* href; */
+ xmlSecNodeGOST2001KeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecOpenSSLKeyDataGost2001Initialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecOpenSSLKeyDataGost2001Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecOpenSSLKeyDataGost2001Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecOpenSSLKeyDataGost2001Generate,*/ /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecOpenSSLKeyDataGost2001GetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecOpenSSLKeyDataGost2001GetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecOpenSSLKeyDataGost2001DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecOpenSSLKeyDataGost2001DebugXmlDump,/* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLKeyDataGost2001GetKlass:
+ *
+ * The GOST2001 key data klass.
+ *
+ * Returns: pointer to GOST2001 key data klass.
+ */
+xmlSecKeyDataId
+xmlSecOpenSSLKeyDataGost2001GetKlass(void) {
+ return(&xmlSecOpenSSLKeyDataGost2001Klass);
+}
+
+
+static int
+xmlSecOpenSSLKeyDataGost2001Initialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataGost2001Id), -1);
+
+ return(xmlSecOpenSSLEvpKeyDataInitialize(data));
+}
+
+static int
+xmlSecOpenSSLKeyDataGost2001Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecOpenSSLKeyDataGost2001Id), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecOpenSSLKeyDataGost2001Id), -1);
+
+ return(xmlSecOpenSSLEvpKeyDataDuplicate(dst, src));
+}
+
+static void
+xmlSecOpenSSLKeyDataGost2001Finalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataGost2001Id));
+
+ xmlSecOpenSSLEvpKeyDataFinalize(data);
+}
+
+static xmlSecKeyDataType
+xmlSecOpenSSLKeyDataGost2001GetType(xmlSecKeyDataPtr data) {
+ /* Now I don't know how to find whether we have both private and public key
+ or the public only*/
+ return(xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate);
+}
+
+static xmlSecSize
+xmlSecOpenSSLKeyDataGost2001GetSize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataGost2001Id), 0);
+
+ return 512;
+}
+
+static void
+xmlSecOpenSSLKeyDataGost2001DebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataGost2001Id));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== gost key: size = %d\n",
+ xmlSecOpenSSLKeyDataGost2001GetSize(data));
+}
+
+static void
+xmlSecOpenSSLKeyDataGost2001DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataGost2001Id));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<GOST2001KeyValue size=\"%d\" />\n",
+ xmlSecOpenSSLKeyDataGost2001GetSize(data));
+}
+
+#endif /* XMLSEC_NO_GOST*/
diff --git a/src/openssl/globals.h b/src/openssl/globals.h
index 272a27b8..770b6dba 100644
--- a/src/openssl/globals.h
+++ b/src/openssl/globals.h
@@ -5,14 +5,14 @@
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#ifndef __XMLSEC_GLOBALS_H__
#define __XMLSEC_GLOBALS_H__
/**
- * Use autoconf defines if present.
+ * Use autoconf defines if present.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
diff --git a/src/openssl/hmac.c b/src/openssl/hmac.c
index 0b6605b8..bad1ac03 100644
--- a/src/openssl/hmac.c
+++ b/src/openssl/hmac.c
@@ -1,18 +1,18 @@
-/**
+/**
*
* XMLSec library
- *
+ *
* HMAC Algorithm support (http://www.w3.org/TR/xmldsig-core/#sec-HMAC):
- * The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits
- * as a parameter; if the parameter is not specified then all the bits of the
- * hash are output. An example of an HMAC SignatureMethod element:
+ * The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits
+ * as a parameter; if the parameter is not specified then all the bits of the
+ * hash are output. An example of an HMAC SignatureMethod element:
* <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
* <HMACOutputLength>128</HMACOutputLength>
* </SignatureMethod>
- *
+ *
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#ifndef XMLSEC_NO_HMAC
@@ -34,8 +34,8 @@
#include <xmlsec/openssl/crypto.h>
/* sizes in bits */
-#define XMLSEC_OPENSSL_MIN_HMAC_SIZE 80
-#define XMLSEC_OPENSSL_MAX_HMAC_SIZE (EVP_MAX_MD_SIZE * 8)
+#define XMLSEC_OPENSSL_MIN_HMAC_SIZE 80
+#define XMLSEC_OPENSSL_MAX_HMAC_SIZE (EVP_MAX_MD_SIZE * 8)
/**************************************************************************
*
@@ -45,10 +45,10 @@
static int g_xmlsec_openssl_hmac_min_length = XMLSEC_OPENSSL_MIN_HMAC_SIZE;
/**
- * xmlSecOpenSSLHmacGetMinOutputLength:
- *
+ * xmlSecOpenSSLHmacGetMinOutputLength:
+ *
* Gets the value of min HMAC length.
- *
+ *
* Returns: the min HMAC output length
*/
int xmlSecOpenSSLHmacGetMinOutputLength(void)
@@ -57,9 +57,9 @@ int xmlSecOpenSSLHmacGetMinOutputLength(void)
}
/**
- * xmlSecOpenSSLHmacSetMinOutputLength:
- * @min_length: the new min length
- *
+ * xmlSecOpenSSLHmacSetMinOutputLength:
+ * @min_length: the new min length
+ *
* Sets the min HMAC output length
*/
void xmlSecOpenSSLHmacSetMinOutputLength(int min_length)
@@ -72,14 +72,14 @@ void xmlSecOpenSSLHmacSetMinOutputLength(int min_length)
* Internal OpenSSL HMAC CTX
*
*****************************************************************************/
-typedef struct _xmlSecOpenSSLHmacCtx xmlSecOpenSSLHmacCtx, *xmlSecOpenSSLHmacCtxPtr;
+typedef struct _xmlSecOpenSSLHmacCtx xmlSecOpenSSLHmacCtx, *xmlSecOpenSSLHmacCtxPtr;
struct _xmlSecOpenSSLHmacCtx {
- const EVP_MD* hmacDgst;
- HMAC_CTX hmacCtx;
- int ctxInitialized;
- xmlSecByte dgst[XMLSEC_OPENSSL_MAX_HMAC_SIZE];
- xmlSecSize dgstSize; /* dgst size in bits */
-};
+ const EVP_MD* hmacDgst;
+ HMAC_CTX hmacCtx;
+ int ctxInitialized;
+ xmlSecByte dgst[XMLSEC_OPENSSL_MAX_HMAC_SIZE];
+ xmlSecSize dgstSize; /* dgst size in bits */
+};
/**************************************************************************
*
@@ -90,26 +90,26 @@ struct _xmlSecOpenSSLHmacCtx {
*****************************************************************************/
#define xmlSecOpenSSLHmacGetCtx(transform) \
((xmlSecOpenSSLHmacCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-#define xmlSecOpenSSLHmacSize \
+#define xmlSecOpenSSLHmacSize \
(sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLHmacCtx))
-static int xmlSecOpenSSLHmacCheckId (xmlSecTransformPtr transform);
-static int xmlSecOpenSSLHmacInitialize (xmlSecTransformPtr transform);
-static void xmlSecOpenSSLHmacFinalize (xmlSecTransformPtr transform);
-static int xmlSecOpenSSLHmacNodeRead (xmlSecTransformPtr transform,
- xmlNodePtr node,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecOpenSSLHmacSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecOpenSSLHmacSetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecOpenSSLHmacVerify (xmlSecTransformPtr transform,
- const xmlSecByte* data,
- xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecOpenSSLHmacExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLHmacCheckId (xmlSecTransformPtr transform);
+static int xmlSecOpenSSLHmacInitialize (xmlSecTransformPtr transform);
+static void xmlSecOpenSSLHmacFinalize (xmlSecTransformPtr transform);
+static int xmlSecOpenSSLHmacNodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLHmacSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecOpenSSLHmacSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecOpenSSLHmacVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLHmacExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
static int
@@ -117,117 +117,119 @@ xmlSecOpenSSLHmacCheckId(xmlSecTransformPtr transform) {
#ifndef XMLSEC_NO_SHA1
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha1Id)) {
- return(1);
+ return(1);
} else
-#endif /* XMLSEC_NO_SHA1 */
+#endif /* XMLSEC_NO_SHA1 */
#ifndef XMLSEC_NO_SHA224
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha224Id)) {
- return(1);
+ return(1);
} else
-#endif /* XMLSEC_NO_SHA224 */
-
+#endif /* XMLSEC_NO_SHA224 */
+
#ifndef XMLSEC_NO_SHA256
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha256Id)) {
- return(1);
+ return(1);
} else
-#endif /* XMLSEC_NO_SHA256 */
+#endif /* XMLSEC_NO_SHA256 */
#ifndef XMLSEC_NO_SHA384
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha384Id)) {
- return(1);
+ return(1);
} else
-#endif /* XMLSEC_NO_SHA384 */
+#endif /* XMLSEC_NO_SHA384 */
#ifndef XMLSEC_NO_SHA512
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha512Id)) {
- return(1);
+ return(1);
} else
-#endif /* XMLSEC_NO_SHA512 */
+#endif /* XMLSEC_NO_SHA512 */
#ifndef XMLSEC_NO_RIPEMD160
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacRipemd160Id)) {
- return(1);
+ return(1);
} else
-#endif /* XMLSEC_NO_RIPEMD160 */
+#endif /* XMLSEC_NO_RIPEMD160 */
#ifndef XMLSEC_NO_MD5
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacMd5Id)) {
- return(1);
+ return(1);
} else
-#endif /* XMLSEC_NO_MD5 */
+#endif /* XMLSEC_NO_MD5 */
+ /* not found */
{
- return(0);
+ return(0);
}
-
+
+ /* just in case */
return(0);
}
-static int
+static int
xmlSecOpenSSLHmacInitialize(xmlSecTransformPtr transform) {
xmlSecOpenSSLHmacCtxPtr ctx;
-
+
xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
-
+
/* initialize context */
memset(ctx, 0, sizeof(xmlSecOpenSSLHmacCtx));
#ifndef XMLSEC_NO_SHA1
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha1Id)) {
ctx->hmacDgst = EVP_sha1();
- } else
-#endif /* XMLSEC_NO_SHA1 */
+ } else
+#endif /* XMLSEC_NO_SHA1 */
#ifndef XMLSEC_NO_SHA224
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha224Id)) {
ctx->hmacDgst = EVP_sha224();
- } else
-#endif /* XMLSEC_NO_SHA224 */
+ } else
+#endif /* XMLSEC_NO_SHA224 */
#ifndef XMLSEC_NO_SHA256
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha256Id)) {
ctx->hmacDgst = EVP_sha256();
- } else
-#endif /* XMLSEC_NO_SHA256 */
-
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
#ifndef XMLSEC_NO_SHA384
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha384Id)) {
ctx->hmacDgst = EVP_sha384();
- } else
-#endif /* XMLSEC_NO_SHA384 */
+ } else
+#endif /* XMLSEC_NO_SHA384 */
#ifndef XMLSEC_NO_SHA512
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha512Id)) {
ctx->hmacDgst = EVP_sha512();
- } else
-#endif /* XMLSEC_NO_SHA512 */
+ } else
+#endif /* XMLSEC_NO_SHA512 */
-#ifndef XMLSEC_NO_RIPEMD160
+#ifndef XMLSEC_NO_RIPEMD160
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacRipemd160Id)) {
ctx->hmacDgst = EVP_ripemd160();
- } else
+ } else
#endif /* XMLSEC_NO_RIPEMD160 */
#ifndef XMLSEC_NO_MD5
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacMd5Id)) {
ctx->hmacDgst = EVP_md5();
- } else
+ } else
#endif /* XMLSEC_NO_MD5 */
-
+
{
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
#ifndef XMLSEC_OPENSSL_096
@@ -236,7 +238,7 @@ xmlSecOpenSSLHmacInitialize(xmlSecTransformPtr transform) {
return(0);
}
-static void
+static void
xmlSecOpenSSLHmacFinalize(xmlSecTransformPtr transform) {
xmlSecOpenSSLHmacCtxPtr ctx;
@@ -245,7 +247,7 @@ xmlSecOpenSSLHmacFinalize(xmlSecTransformPtr transform) {
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert(ctx != NULL);
-
+
#ifndef XMLSEC_OPENSSL_096
HMAC_CTX_cleanup(&(ctx->hmacCtx));
#endif /* XMLSEC_OPENSSL_096 */
@@ -265,44 +267,44 @@ xmlSecOpenSSLHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecT
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
- cur = xmlSecGetNextElementNode(node->children);
- if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
- xmlChar *content;
-
- content = xmlNodeGetContent(cur);
- if(content != NULL) {
- ctx->dgstSize = atoi((char*)content);
- xmlFree(content);
- }
-
- /* Ensure that HMAC length is greater than min specified.
- Otherwise, an attacker can set this lenght to 0 or very
- small value
- */
- if((int)ctx->dgstSize < xmlSecOpenSSLHmacGetMinOutputLength()) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
- "HMAC output length is too small");
- return(-1);
- }
-
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(node->children);
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
+ xmlChar *content;
+
+ content = xmlNodeGetContent(cur);
+ if(content != NULL) {
+ ctx->dgstSize = atoi((char*)content);
+ xmlFree(content);
+ }
+
+ /* Ensure that HMAC length is greater than min specified.
+ Otherwise, an attacker can set this length to 0 or very
+ small value
+ */
+ if((int)ctx->dgstSize < xmlSecOpenSSLHmacGetMinOutputLength()) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "HMAC output length is too small");
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(cur->next);
}
-
+
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
- return(0);
+ return(0);
}
-static int
+static int
xmlSecOpenSSLHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
@@ -312,11 +314,11 @@ xmlSecOpenSSLHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq
keyReq->keyId = xmlSecOpenSSLKeyDataHmacId;
keyReq->keyType = xmlSecKeyDataTypeSymmetric;
if(transform->operation == xmlSecTransformOperationSign) {
- keyReq->keyUsage = xmlSecKeyUsageSign;
+ keyReq->keyUsage = xmlSecKeyUsageSign;
} else {
- keyReq->keyUsage = xmlSecKeyUsageVerify;
+ keyReq->keyUsage = xmlSecKeyUsageVerify;
}
-
+
return(0);
}
@@ -335,7 +337,7 @@ xmlSecOpenSSLHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->hmacDgst != NULL, -1);
xmlSecAssert2(ctx->ctxInitialized == 0, -1);
-
+
value = xmlSecKeyGetValue(key);
xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecOpenSSLKeyDataHmacId), -1);
@@ -343,33 +345,33 @@ xmlSecOpenSSLHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecAssert2(buffer != NULL, -1);
if(xmlSecBufferGetSize(buffer) == 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
- "keySize=0");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "keySize=0");
+ return(-1);
}
-
+
xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
- HMAC_Init(&(ctx->hmacCtx),
- xmlSecBufferGetData(buffer),
- xmlSecBufferGetSize(buffer),
- ctx->hmacDgst);
+ HMAC_Init(&(ctx->hmacCtx),
+ xmlSecBufferGetData(buffer),
+ xmlSecBufferGetSize(buffer),
+ ctx->hmacDgst);
ctx->ctxInitialized = 1;
return(0);
}
static int
-xmlSecOpenSSLHmacVerify(xmlSecTransformPtr transform,
- const xmlSecByte* data, xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx) {
- static xmlSecByte last_byte_masks[] =
- { 0xFF, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
+xmlSecOpenSSLHmacVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ static xmlSecByte last_byte_masks[] =
+ { 0xFF, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
xmlSecOpenSSLHmacCtxPtr ctx;
xmlSecByte mask;
-
+
xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
@@ -380,61 +382,61 @@ xmlSecOpenSSLHmacVerify(xmlSecTransformPtr transform,
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->dgstSize > 0, -1);
-
+
/* compare the digest size in bytes */
if(dataSize != ((ctx->dgstSize + 7) / 8)){
- /* NO COMMIT */
- xmlChar* a;
- mask = last_byte_masks[ctx->dgstSize % 8];
- ctx->dgst[dataSize - 1] &= mask;
- a = xmlSecBase64Encode(ctx->dgst, (ctx->dgstSize + 7) / 8, -1);
- fprintf(stderr, "%s\n", a);
- xmlFree(a);
-
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "data=%d;dgst=%d",
- dataSize, ((ctx->dgstSize + 7) / 8));
- transform->status = xmlSecTransformStatusFail;
- return(0);
+ /* NO COMMIT */
+ xmlChar* a;
+ mask = last_byte_masks[ctx->dgstSize % 8];
+ ctx->dgst[dataSize - 1] &= mask;
+ a = xmlSecBase64Encode(ctx->dgst, (ctx->dgstSize + 7) / 8, -1);
+ fprintf(stderr, "%s\n", a);
+ xmlFree(a);
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "data=%d;dgst=%d",
+ dataSize, ((ctx->dgstSize + 7) / 8));
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
}
/* we check the last byte separatelly */
xmlSecAssert2(dataSize > 0, -1);
mask = last_byte_masks[ctx->dgstSize % 8];
if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_DATA_NOT_MATCH,
- "data and digest do not match (last byte)");
- transform->status = xmlSecTransformStatusFail;
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "data and digest do not match (last byte)");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
}
/* now check the rest of the digest */
if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_DATA_NOT_MATCH,
- "data and digest do not match");
- transform->status = xmlSecTransformStatusFail;
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "data and digest do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
}
-
+
transform->status = xmlSecTransformStatusOk;
return(0);
}
-static int
+static int
xmlSecOpenSSLHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLHmacCtxPtr ctx;
xmlSecBufferPtr in, out;
int ret;
-
+
xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
@@ -446,120 +448,122 @@ xmlSecOpenSSLHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransform
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->ctxInitialized != 0, -1);
-
+
if(transform->status == xmlSecTransformStatusNone) {
- /* we should be already initialized when we set key */
- transform->status = xmlSecTransformStatusWorking;
+ /* we should be already initialized when we set key */
+ transform->status = xmlSecTransformStatusWorking;
}
-
+
if(transform->status == xmlSecTransformStatusWorking) {
- xmlSecSize inSize;
-
- inSize = xmlSecBufferGetSize(in);
- if(inSize > 0) {
- HMAC_Update(&(ctx->hmacCtx), xmlSecBufferGetData(in), inSize);
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
- }
-
- if(last) {
- xmlSecSize dgstSize;
-
- HMAC_Final(&(ctx->hmacCtx), ctx->dgst, &dgstSize);
- xmlSecAssert2(dgstSize > 0, -1);
-
- /* check/set the result digest size */
- if(ctx->dgstSize == 0) {
- ctx->dgstSize = dgstSize * 8; /* no dgst size specified, use all we have */
- } else if(ctx->dgstSize <= 8 * dgstSize) {
- dgstSize = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "result-bits=%d;required-bits=%d",
- 8 * dgstSize, ctx->dgstSize);
- return(-1);
- }
-
- /* finally write result to output */
- if(transform->operation == xmlSecTransformOperationSign) {
- ret = xmlSecBufferAppend(out, ctx->dgst, dgstSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", dgstSize);
- return(-1);
- }
- }
- transform->status = xmlSecTransformStatusFinished;
- }
+ xmlSecSize inSize;
+
+ inSize = xmlSecBufferGetSize(in);
+ if(inSize > 0) {
+ HMAC_Update(&(ctx->hmacCtx), xmlSecBufferGetData(in), inSize);
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+
+ if(last) {
+ unsigned int dgstSize;
+
+ HMAC_Final(&(ctx->hmacCtx), ctx->dgst, &dgstSize);
+ xmlSecAssert2(dgstSize > 0, -1);
+
+ /* check/set the result digest size */
+ if(ctx->dgstSize == 0) {
+ ctx->dgstSize = XMLSEC_SIZE_BAD_CAST(dgstSize * 8); /* no dgst size specified, use all we have */
+ } else if(ctx->dgstSize <= XMLSEC_SIZE_BAD_CAST(8 * dgstSize)) {
+ dgstSize = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "result-bits=%d;required-bits=%d",
+ 8 * dgstSize, ctx->dgstSize);
+ return(-1);
+ }
+
+ /* finally write result to output */
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = xmlSecBufferAppend(out, ctx->dgst, dgstSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", dgstSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
} else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
-
+
return(0);
}
-#ifndef XMLSEC_NO_MD5
+#ifndef XMLSEC_NO_MD5
-/**
+/********************************************************************
+ *
* HMAC MD5
- */
+ *
+ ********************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLHmacMd5Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLHmacSize, /* xmlSecSize objSize */
-
- xmlSecNameHmacMd5, /* const xmlChar* name; */
- xmlSecHrefHmacMd5, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecOpenSSLHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecOpenSSLHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLHmacVerify, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLHmacExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacMd5, /* const xmlChar* name; */
+ xmlSecHrefHmacMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecOpenSSLHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLTransformHmacMd5GetKlass:
*
* The HMAC-MD5 transform klass.
*
* Returns: the HMAC-MD5 transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformHmacMd5GetKlass(void) {
return(&xmlSecOpenSSLHmacMd5Klass);
}
@@ -567,89 +571,93 @@ xmlSecOpenSSLTransformHmacMd5GetKlass(void) {
#endif /* XMLSEC_NO_MD5 */
-#ifndef XMLSEC_NO_RIPEMD160
-/**
- * HMAC RIPEMD160
- */
+#ifndef XMLSEC_NO_RIPEMD160
+/********************************************************************
+ *
+ * HMAC RIPEMD160
+ *
+ ********************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLHmacRipemd160Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLHmacSize, /* xmlSecSize objSize */
-
- xmlSecNameHmacRipemd160, /* const xmlChar* name; */
- xmlSecHrefHmacRipemd160, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecOpenSSLHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecOpenSSLHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLHmacVerify, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLHmacExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacRipemd160, /* const xmlChar* name; */
+ xmlSecHrefHmacRipemd160, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecOpenSSLHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLTransformHmacRipemd160GetKlass:
*
* The HMAC-RIPEMD160 transform klass.
*
* Returns: the HMAC-RIPEMD160 transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformHmacRipemd160GetKlass(void) {
return(&xmlSecOpenSSLHmacRipemd160Klass);
}
#endif /* XMLSEC_NO_RIPEMD160 */
#ifndef XMLSEC_NO_SHA1
-/**
+/********************************************************************
+ *
* HMAC SHA1
- */
+ *
+ ********************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLHmacSha1Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLHmacSize, /* xmlSecSize objSize */
-
- xmlSecNameHmacSha1, /* const xmlChar* name; */
- xmlSecHrefHmacSha1, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecOpenSSLHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecOpenSSLHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLHmacVerify, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLHmacExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha1, /* const xmlChar* name; */
+ xmlSecHrefHmacSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecOpenSSLHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLTransformHmacSha1GetKlass:
*
* The HMAC-SHA1 transform klass.
*
* Returns: the HMAC-SHA1 transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformHmacSha1GetKlass(void) {
return(&xmlSecOpenSSLHmacSha1Klass);
}
@@ -657,44 +665,46 @@ xmlSecOpenSSLTransformHmacSha1GetKlass(void) {
#endif /* XMLSEC_NO_SHA1 */
#ifndef XMLSEC_NO_SHA224
-/**
+/********************************************************************
+ *
* HMAC SHA224
- */
+ *
+ ********************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLHmacSha224Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLHmacSize, /* xmlSecSize objSize */
-
- xmlSecNameHmacSha224, /* const xmlChar* name; */
- xmlSecHrefHmacSha224, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecOpenSSLHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecOpenSSLHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLHmacVerify, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLHmacExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha224, /* const xmlChar* name; */
+ xmlSecHrefHmacSha224, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecOpenSSLHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLTransformHmacSha224GetKlass:
*
* The HMAC-SHA224 transform klass.
*
* Returns: the HMAC-SHA224 transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformHmacSha224GetKlass(void) {
return(&xmlSecOpenSSLHmacSha224Klass);
}
@@ -702,44 +712,46 @@ xmlSecOpenSSLTransformHmacSha224GetKlass(void) {
#endif /* XMLSEC_NO_SHA224 */
#ifndef XMLSEC_NO_SHA256
-/**
+/********************************************************************
+ *
* HMAC SHA256
- */
+ *
+ ********************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLHmacSha256Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLHmacSize, /* xmlSecSize objSize */
-
- xmlSecNameHmacSha256, /* const xmlChar* name; */
- xmlSecHrefHmacSha256, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecOpenSSLHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecOpenSSLHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLHmacVerify, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLHmacExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha256, /* const xmlChar* name; */
+ xmlSecHrefHmacSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecOpenSSLHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLTransformHmacSha256GetKlass:
*
* The HMAC-SHA256 transform klass.
*
* Returns: the HMAC-SHA256 transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformHmacSha256GetKlass(void) {
return(&xmlSecOpenSSLHmacSha256Klass);
}
@@ -747,44 +759,46 @@ xmlSecOpenSSLTransformHmacSha256GetKlass(void) {
#endif /* XMLSEC_NO_SHA256 */
#ifndef XMLSEC_NO_SHA384
-/**
+/********************************************************************
+ *
* HMAC SHA384
- */
+ *
+ ********************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLHmacSha384Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLHmacSize, /* xmlSecSize objSize */
-
- xmlSecNameHmacSha384, /* const xmlChar* name; */
- xmlSecHrefHmacSha384, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecOpenSSLHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecOpenSSLHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLHmacVerify, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLHmacExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha384, /* const xmlChar* name; */
+ xmlSecHrefHmacSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecOpenSSLHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLTransformHmacSha384GetKlass:
*
* The HMAC-SHA384 transform klass.
*
* Returns: the HMAC-SHA384 transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformHmacSha384GetKlass(void) {
return(&xmlSecOpenSSLHmacSha384Klass);
}
@@ -792,44 +806,46 @@ xmlSecOpenSSLTransformHmacSha384GetKlass(void) {
#endif /* XMLSEC_NO_SHA384 */
#ifndef XMLSEC_NO_SHA512
-/**
+/********************************************************************
+ *
* HMAC SHA512
- */
+ *
+ ********************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLHmacSha512Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLHmacSize, /* xmlSecSize objSize */
-
- xmlSecNameHmacSha512, /* const xmlChar* name; */
- xmlSecHrefHmacSha512, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecOpenSSLHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecOpenSSLHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLHmacVerify, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLHmacExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha512, /* const xmlChar* name; */
+ xmlSecHrefHmacSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecOpenSSLHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLTransformHmacSha512GetKlass:
*
* The HMAC-SHA512 transform klass.
*
* Returns: the HMAC-SHA512 transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformHmacSha512GetKlass(void) {
return(&xmlSecOpenSSLHmacSha512Klass);
}
diff --git a/src/openssl/kt_rsa.c b/src/openssl/kt_rsa.c
index 1ed3685e..1cf1aba1 100644
--- a/src/openssl/kt_rsa.c
+++ b/src/openssl/kt_rsa.c
@@ -1,12 +1,12 @@
-/**
+/**
*
* XMLSec library
- *
+ *
* RSA Algorithms support
- *
+ *
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -40,11 +40,11 @@
* Internal OpenSSL RSA PKCS1 CTX
*
*************************************************************************/
-typedef struct _xmlSecOpenSSLRsaPkcs1Ctx xmlSecOpenSSLRsaPkcs1Ctx,
- *xmlSecOpenSSLRsaPkcs1CtxPtr;
+typedef struct _xmlSecOpenSSLRsaPkcs1Ctx xmlSecOpenSSLRsaPkcs1Ctx,
+ *xmlSecOpenSSLRsaPkcs1CtxPtr;
struct _xmlSecOpenSSLRsaPkcs1Ctx {
- EVP_PKEY* pKey;
-};
+ EVP_PKEY* pKey;
+};
/*********************************************************************
*
@@ -53,77 +53,77 @@ struct _xmlSecOpenSSLRsaPkcs1Ctx {
* xmlSecOpenSSLRsaPkcs1Ctx is located after xmlSecTransform
*
********************************************************************/
-#define xmlSecOpenSSLRsaPkcs1Size \
- (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLRsaPkcs1Ctx))
+#define xmlSecOpenSSLRsaPkcs1Size \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLRsaPkcs1Ctx))
#define xmlSecOpenSSLRsaPkcs1GetCtx(transform) \
((xmlSecOpenSSLRsaPkcs1CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-static int xmlSecOpenSSLRsaPkcs1Initialize (xmlSecTransformPtr transform);
-static void xmlSecOpenSSLRsaPkcs1Finalize (xmlSecTransformPtr transform);
-static int xmlSecOpenSSLRsaPkcs1SetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecOpenSSLRsaPkcs1SetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecOpenSSLRsaPkcs1Execute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecOpenSSLRsaPkcs1Process (xmlSecTransformPtr transform,
- xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLRsaPkcs1Initialize (xmlSecTransformPtr transform);
+static void xmlSecOpenSSLRsaPkcs1Finalize (xmlSecTransformPtr transform);
+static int xmlSecOpenSSLRsaPkcs1SetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecOpenSSLRsaPkcs1SetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecOpenSSLRsaPkcs1Execute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLRsaPkcs1Process (xmlSecTransformPtr transform,
+ xmlSecTransformCtxPtr transformCtx);
static xmlSecTransformKlass xmlSecOpenSSLRsaPkcs1Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLRsaPkcs1Size, /* xmlSecSize objSize */
-
- xmlSecNameRsaPkcs1, /* const xmlChar* name; */
- xmlSecHrefRsaPkcs1, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecOpenSSLRsaPkcs1Initialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLRsaPkcs1Finalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLRsaPkcs1SetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecOpenSSLRsaPkcs1SetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLRsaPkcs1Execute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLRsaPkcs1Size, /* xmlSecSize objSize */
+
+ xmlSecNameRsaPkcs1, /* const xmlChar* name; */
+ xmlSecHrefRsaPkcs1, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLRsaPkcs1Initialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLRsaPkcs1Finalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLRsaPkcs1SetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLRsaPkcs1SetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLRsaPkcs1Execute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLTransformRsaPkcs1GetKlass:
*
* The RSA-PKCS1 key transport transform klass.
*
* Returns: RSA-PKCS1 key transport transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformRsaPkcs1GetKlass(void) {
return(&xmlSecOpenSSLRsaPkcs1Klass);
}
-static int
+static int
xmlSecOpenSSLRsaPkcs1Initialize(xmlSecTransformPtr transform) {
xmlSecOpenSSLRsaPkcs1CtxPtr ctx;
-
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaPkcs1Id), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaPkcs1Size), -1);
ctx = xmlSecOpenSSLRsaPkcs1GetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
-
+
memset(ctx, 0, sizeof(xmlSecOpenSSLRsaPkcs1Ctx));
return(0);
}
-static void
+static void
xmlSecOpenSSLRsaPkcs1Finalize(xmlSecTransformPtr transform) {
xmlSecOpenSSLRsaPkcs1CtxPtr ctx;
@@ -132,14 +132,14 @@ xmlSecOpenSSLRsaPkcs1Finalize(xmlSecTransformPtr transform) {
ctx = xmlSecOpenSSLRsaPkcs1GetCtx(transform);
xmlSecAssert(ctx != NULL);
-
+
if(ctx->pKey != NULL) {
- EVP_PKEY_free(ctx->pKey);
+ EVP_PKEY_free(ctx->pKey);
}
memset(ctx, 0, sizeof(xmlSecOpenSSLRsaPkcs1Ctx));
}
-static int
+static int
xmlSecOpenSSLRsaPkcs1SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecOpenSSLRsaPkcs1CtxPtr ctx;
@@ -151,22 +151,22 @@ xmlSecOpenSSLRsaPkcs1SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr ke
ctx = xmlSecOpenSSLRsaPkcs1GetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
- keyReq->keyId = xmlSecOpenSSLKeyDataRsaId;
+ keyReq->keyId = xmlSecOpenSSLKeyDataRsaId;
if(transform->operation == xmlSecTransformOperationEncrypt) {
keyReq->keyType = xmlSecKeyDataTypePublic;
- keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
} else {
keyReq->keyType = xmlSecKeyDataTypePrivate;
- keyReq->keyUsage = xmlSecKeyUsageDecrypt;
- }
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
return(0);
}
-static int
+static int
xmlSecOpenSSLRsaPkcs1SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecOpenSSLRsaPkcs1CtxPtr ctx;
EVP_PKEY* pKey;
-
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaPkcs1Id), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaPkcs1Size), -1);
@@ -179,30 +179,30 @@ xmlSecOpenSSLRsaPkcs1SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
pKey = xmlSecOpenSSLKeyDataRsaGetEvp(xmlSecKeyGetValue(key));
if(pKey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecOpenSSLKeyDataRsaGetEvp",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLKeyDataRsaGetEvp",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
- xmlSecAssert2(pKey->type == EVP_PKEY_RSA, -1);
- xmlSecAssert2(pKey->pkey.rsa != NULL, -1);
-
- ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey);
+ xmlSecAssert2(pKey->type == EVP_PKEY_RSA, -1);
+ xmlSecAssert2(pKey->pkey.rsa != NULL, -1);
+
+ ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey);
if(ctx->pKey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecOpenSSLEvpKeyDup",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLEvpKeyDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
-static int
+static int
xmlSecOpenSSLRsaPkcs1Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLRsaPkcs1CtxPtr ctx;
int ret;
@@ -217,37 +217,37 @@ xmlSecOpenSSLRsaPkcs1Execute(xmlSecTransformPtr transform, int last, xmlSecTrans
xmlSecAssert2(ctx->pKey != NULL, -1);
if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
- }
-
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
- /* just do nothing */
+ /* just do nothing */
} else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
- ret = xmlSecOpenSSLRsaPkcs1Process(transform, transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecOpenSSLRsaPkcs1Process",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- transform->status = xmlSecTransformStatusFinished;
+ ret = xmlSecOpenSSLRsaPkcs1Process(transform, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLRsaPkcs1Process",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished;
} else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
return(0);
}
-static int
+static int
xmlSecOpenSSLRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLRsaPkcs1CtxPtr ctx;
xmlSecBufferPtr in, out;
@@ -263,110 +263,110 @@ xmlSecOpenSSLRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPtr
ctx = xmlSecOpenSSLRsaPkcs1GetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->pKey != NULL, -1);
- xmlSecAssert2(ctx->pKey->type == EVP_PKEY_RSA, -1);
- xmlSecAssert2(ctx->pKey->pkey.rsa != NULL, -1);
-
+ xmlSecAssert2(ctx->pKey->type == EVP_PKEY_RSA, -1);
+ xmlSecAssert2(ctx->pKey->pkey.rsa != NULL, -1);
+
keySize = RSA_size(ctx->pKey->pkey.rsa);
xmlSecAssert2(keySize > 0, -1);
-
+
in = &(transform->inBuf);
out = &(transform->outBuf);
-
+
inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
+ outSize = xmlSecBufferGetSize(out);
xmlSecAssert2(outSize == 0, -1);
/* the encoded size is equal to the keys size so we could not
* process more than that */
if((transform->operation == xmlSecTransformOperationEncrypt) && (inSize >= keySize)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "%d when expected less than %d", inSize, keySize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "%d when expected less than %d", inSize, keySize);
+ return(-1);
} else if((transform->operation == xmlSecTransformOperationDecrypt) && (inSize != keySize)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "%d when expected %d", inSize, keySize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "%d when expected %d", inSize, keySize);
+ return(-1);
}
-
- outSize = keySize;
+
+ outSize = keySize;
ret = xmlSecBufferSetMaxSize(out, outSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
}
if(transform->operation == xmlSecTransformOperationEncrypt) {
- ret = RSA_public_encrypt(inSize, xmlSecBufferGetData(in),
- xmlSecBufferGetData(out),
- ctx->pKey->pkey.rsa, RSA_PKCS1_PADDING);
- if(ret <= 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "RSA_public_encrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "size=%d", inSize);
- return(-1);
- }
- outSize = ret;
+ ret = RSA_public_encrypt(inSize, xmlSecBufferGetData(in),
+ xmlSecBufferGetData(out),
+ ctx->pKey->pkey.rsa, RSA_PKCS1_PADDING);
+ if(ret <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "RSA_public_encrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ outSize = ret;
} else {
- ret = RSA_private_decrypt(inSize, xmlSecBufferGetData(in),
- xmlSecBufferGetData(out),
- ctx->pKey->pkey.rsa, RSA_PKCS1_PADDING);
- if(ret <= 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "RSA_private_decrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "size=%d", inSize);
- return(-1);
- }
- outSize = ret;
+ ret = RSA_private_decrypt(inSize, xmlSecBufferGetData(in),
+ xmlSecBufferGetData(out),
+ ctx->pKey->pkey.rsa, RSA_PKCS1_PADDING);
+ if(ret <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "RSA_private_decrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ outSize = ret;
}
ret = xmlSecBufferSetSize(out, outSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
}
-
+
ret = xmlSecBufferRemoveHead(in, inSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
}
-
+
return(0);
}
/**************************************************************************
*
- * Internal OpenSSL RSA OAPE CTX
+ * Internal OpenSSL RSA OAEP CTX
*
*************************************************************************/
-typedef struct _xmlSecOpenSSLRsaOaepCtx xmlSecOpenSSLRsaOaepCtx,
- *xmlSecOpenSSLRsaOaepCtxPtr;
+typedef struct _xmlSecOpenSSLRsaOaepCtx xmlSecOpenSSLRsaOaepCtx,
+ *xmlSecOpenSSLRsaOaepCtxPtr;
struct _xmlSecOpenSSLRsaOaepCtx {
- EVP_PKEY* pKey;
- xmlSecBuffer oaepParams;
-};
+ EVP_PKEY* pKey;
+ xmlSecBuffer oaepParams;
+};
/*********************************************************************
*
@@ -375,91 +375,91 @@ struct _xmlSecOpenSSLRsaOaepCtx {
* xmlSecOpenSSLRsaOaepCtx is located after xmlSecTransform
*
********************************************************************/
-#define xmlSecOpenSSLRsaOaepSize \
- (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLRsaOaepCtx))
+#define xmlSecOpenSSLRsaOaepSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLRsaOaepCtx))
#define xmlSecOpenSSLRsaOaepGetCtx(transform) \
((xmlSecOpenSSLRsaOaepCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-static int xmlSecOpenSSLRsaOaepInitialize (xmlSecTransformPtr transform);
-static void xmlSecOpenSSLRsaOaepFinalize (xmlSecTransformPtr transform);
-static int xmlSecOpenSSLRsaOaepNodeRead (xmlSecTransformPtr transform,
- xmlNodePtr node,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecOpenSSLRsaOaepSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecOpenSSLRsaOaepSetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecOpenSSLRsaOaepExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecOpenSSLRsaOaepProcess (xmlSecTransformPtr transform,
- xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLRsaOaepInitialize (xmlSecTransformPtr transform);
+static void xmlSecOpenSSLRsaOaepFinalize (xmlSecTransformPtr transform);
+static int xmlSecOpenSSLRsaOaepNodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLRsaOaepSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecOpenSSLRsaOaepSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecOpenSSLRsaOaepExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLRsaOaepProcess (xmlSecTransformPtr transform,
+ xmlSecTransformCtxPtr transformCtx);
static xmlSecTransformKlass xmlSecOpenSSLRsaOaepKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLRsaOaepSize, /* xmlSecSize objSize */
-
- xmlSecNameRsaOaep, /* const xmlChar* name; */
- xmlSecHrefRsaOaep, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecOpenSSLRsaOaepInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLRsaOaepFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecOpenSSLRsaOaepNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLRsaOaepSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecOpenSSLRsaOaepSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLRsaOaepExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLRsaOaepSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaOaep, /* const xmlChar* name; */
+ xmlSecHrefRsaOaep, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLRsaOaepInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLRsaOaepFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecOpenSSLRsaOaepNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLRsaOaepSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLRsaOaepSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLRsaOaepExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLTransformRsaOaepGetKlass:
*
* The RSA-OAEP key transport transform klass.
*
* Returns: RSA-OAEP key transport transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformRsaOaepGetKlass(void) {
return(&xmlSecOpenSSLRsaOaepKlass);
}
-static int
+static int
xmlSecOpenSSLRsaOaepInitialize(xmlSecTransformPtr transform) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
int ret;
-
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
- memset(ctx, 0, sizeof(xmlSecOpenSSLRsaOaepCtx));
+ memset(ctx, 0, sizeof(xmlSecOpenSSLRsaOaepCtx));
ret = xmlSecBufferInitialize(&(ctx->oaepParams), 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
-static void
+static void
xmlSecOpenSSLRsaOaepFinalize(xmlSecTransformPtr transform) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
@@ -468,20 +468,20 @@ xmlSecOpenSSLRsaOaepFinalize(xmlSecTransformPtr transform) {
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert(ctx != NULL);
-
+
if(ctx->pKey != NULL) {
- EVP_PKEY_free(ctx->pKey);
+ EVP_PKEY_free(ctx->pKey);
}
xmlSecBufferFinalize(&(ctx->oaepParams));
- memset(ctx, 0, sizeof(xmlSecOpenSSLRsaOaepCtx));
+ memset(ctx, 0, sizeof(xmlSecOpenSSLRsaOaepCtx));
}
-static int
+static int
xmlSecOpenSSLRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
xmlSecAssert2(node != NULL, -1);
@@ -490,64 +490,63 @@ xmlSecOpenSSLRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlS
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(xmlSecBufferGetSize(&(ctx->oaepParams)) == 0, -1);
-
+
cur = xmlSecGetNextElementNode(node->children);
- if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeRsaOAEPparams, xmlSecEncNs)) {
- ret = xmlSecBufferBase64NodeContentRead(&(ctx->oaepParams), cur);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferBase64NodeContentRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- cur = xmlSecGetNextElementNode(cur->next);
- }
-
- if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs)) {
- xmlChar* algorithm;
-
- /* Algorithm attribute is required */
- algorithm = xmlGetProp(cur, xmlSecAttrAlgorithm);
- if(algorithm == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
- XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
+ while(cur != NULL) {
+ if(xmlSecCheckNodeName(cur, xmlSecNodeRsaOAEPparams, xmlSecEncNs)) {
+ ret = xmlSecBufferBase64NodeContentRead(&(ctx->oaepParams), cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferBase64NodeContentRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs)) {
+ xmlChar* algorithm;
+
+ /* Algorithm attribute is required */
+ algorithm = xmlGetProp(cur, xmlSecAttrAlgorithm);
+ if(algorithm == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+
+ /* for now we support only sha1 */
+ if(xmlStrcmp(algorithm, xmlSecHrefSha1) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(algorithm),
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ "digest algorithm is not supported for rsa/oaep");
+ xmlFree(algorithm);
+ return(-1);
+ }
+ xmlFree(algorithm);
+ } else {
+ /* not found */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
- /* for now we support only sha1 */
- if(xmlStrcmp(algorithm, xmlSecHrefSha1) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(algorithm),
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- "digest algorithm is not supported for rsa/oaep");
- xmlFree(algorithm);
- return(-1);
- }
- xmlFree(algorithm);
-
- cur = xmlSecGetNextElementNode(cur->next);
+ /* next node */
+ cur = xmlSecGetNextElementNode(cur->next);
}
- if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
return(0);
}
-static int
+static int
xmlSecOpenSSLRsaOaepSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
@@ -559,23 +558,23 @@ xmlSecOpenSSLRsaOaepSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr key
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
- keyReq->keyId = xmlSecOpenSSLKeyDataRsaId;
+ keyReq->keyId = xmlSecOpenSSLKeyDataRsaId;
if(transform->operation == xmlSecTransformOperationEncrypt) {
keyReq->keyType = xmlSecKeyDataTypePublic;
- keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
} else {
keyReq->keyType = xmlSecKeyDataTypePrivate;
- keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
}
-
+
return(0);
}
-static int
+static int
xmlSecOpenSSLRsaOaepSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
EVP_PKEY* pKey;
-
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
@@ -588,30 +587,30 @@ xmlSecOpenSSLRsaOaepSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
pKey = xmlSecOpenSSLKeyDataRsaGetEvp(xmlSecKeyGetValue(key));
if(pKey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecOpenSSLKeyDataRsaGetEvp",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLKeyDataRsaGetEvp",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
- xmlSecAssert2(pKey->type == EVP_PKEY_RSA, -1);
- xmlSecAssert2(pKey->pkey.rsa != NULL, -1);
-
- ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey);
+ xmlSecAssert2(pKey->type == EVP_PKEY_RSA, -1);
+ xmlSecAssert2(pKey->pkey.rsa != NULL, -1);
+
+ ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey);
if(ctx->pKey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecOpenSSLEvpKeyDup",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLEvpKeyDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
-static int
+static int
xmlSecOpenSSLRsaOaepExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
int ret;
@@ -626,37 +625,37 @@ xmlSecOpenSSLRsaOaepExecute(xmlSecTransformPtr transform, int last, xmlSecTransf
xmlSecAssert2(ctx->pKey != NULL, -1);
if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
- }
-
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
- /* just do nothing */
+ /* just do nothing */
} else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
- ret = xmlSecOpenSSLRsaOaepProcess(transform, transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecOpenSSLRsaOaepProcess",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- transform->status = xmlSecTransformStatusFinished;
+ ret = xmlSecOpenSSLRsaOaepProcess(transform, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLRsaOaepProcess",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished;
} else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
return(0);
}
-static int
+static int
xmlSecOpenSSLRsaOaepProcess(xmlSecTransformPtr transform, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
xmlSecSize paramsSize;
@@ -673,203 +672,203 @@ xmlSecOpenSSLRsaOaepProcess(xmlSecTransformPtr transform, xmlSecTransformCtxPtr
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->pKey != NULL, -1);
- xmlSecAssert2(ctx->pKey->type == EVP_PKEY_RSA, -1);
- xmlSecAssert2(ctx->pKey->pkey.rsa != NULL, -1);
-
+ xmlSecAssert2(ctx->pKey->type == EVP_PKEY_RSA, -1);
+ xmlSecAssert2(ctx->pKey->pkey.rsa != NULL, -1);
+
keySize = RSA_size(ctx->pKey->pkey.rsa);
xmlSecAssert2(keySize > 0, -1);
-
+
in = &(transform->inBuf);
out = &(transform->outBuf);
-
+
inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
+ outSize = xmlSecBufferGetSize(out);
xmlSecAssert2(outSize == 0, -1);
/* the encoded size is equal to the keys size so we could not
* process more than that */
if((transform->operation == xmlSecTransformOperationEncrypt) && (inSize >= keySize)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "%d when expected less than %d", inSize, keySize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "%d when expected less than %d", inSize, keySize);
+ return(-1);
} else if((transform->operation == xmlSecTransformOperationDecrypt) && (inSize != keySize)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "%d when expected %d", inSize, keySize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "%d when expected %d", inSize, keySize);
+ return(-1);
}
-
- outSize = keySize;
+
+ outSize = keySize;
ret = xmlSecBufferSetMaxSize(out, outSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
}
paramsSize = xmlSecBufferGetSize(&(ctx->oaepParams));
if((transform->operation == xmlSecTransformOperationEncrypt) && (paramsSize == 0)) {
- /* encode w/o OAEPParams --> simple */
- ret = RSA_public_encrypt(inSize, xmlSecBufferGetData(in),
- xmlSecBufferGetData(out),
- ctx->pKey->pkey.rsa, RSA_PKCS1_OAEP_PADDING);
- if(ret <= 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "RSA_public_encrypt(RSA_PKCS1_OAEP_PADDING)",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- outSize = ret;
+ /* encode w/o OAEPParams --> simple */
+ ret = RSA_public_encrypt(inSize, xmlSecBufferGetData(in),
+ xmlSecBufferGetData(out),
+ ctx->pKey->pkey.rsa, RSA_PKCS1_OAEP_PADDING);
+ if(ret <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "RSA_public_encrypt(RSA_PKCS1_OAEP_PADDING)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
} else if((transform->operation == xmlSecTransformOperationEncrypt) && (paramsSize > 0)) {
- xmlSecAssert2(xmlSecBufferGetData(&(ctx->oaepParams)) != NULL, -1);
-
- /* add space for padding */
- ret = xmlSecBufferSetMaxSize(in, keySize);
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->oaepParams)) != NULL, -1);
+
+ /* add space for padding */
+ ret = xmlSecBufferSetMaxSize(in, keySize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", keySize);
- return(-1);
- }
-
- /* add padding */
- ret = RSA_padding_add_PKCS1_OAEP(xmlSecBufferGetData(in), keySize,
- xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(&(ctx->oaepParams)),
- paramsSize);
- if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "RSA_padding_add_PKCS1_OAEP",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- inSize = keySize;
-
- /* encode with OAEPParams */
- ret = RSA_public_encrypt(inSize, xmlSecBufferGetData(in),
- xmlSecBufferGetData(out),
- ctx->pKey->pkey.rsa, RSA_NO_PADDING);
- if(ret <= 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "RSA_public_encrypt(RSA_NO_PADDING)",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- outSize = ret;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", keySize);
+ return(-1);
+ }
+
+ /* add padding */
+ ret = RSA_padding_add_PKCS1_OAEP(xmlSecBufferGetData(in), keySize,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(&(ctx->oaepParams)),
+ paramsSize);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "RSA_padding_add_PKCS1_OAEP",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ inSize = keySize;
+
+ /* encode with OAEPParams */
+ ret = RSA_public_encrypt(inSize, xmlSecBufferGetData(in),
+ xmlSecBufferGetData(out),
+ ctx->pKey->pkey.rsa, RSA_NO_PADDING);
+ if(ret <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "RSA_public_encrypt(RSA_NO_PADDING)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
} else if((transform->operation == xmlSecTransformOperationDecrypt) && (paramsSize == 0)) {
- ret = RSA_private_decrypt(inSize, xmlSecBufferGetData(in),
- xmlSecBufferGetData(out),
- ctx->pKey->pkey.rsa, RSA_PKCS1_OAEP_PADDING);
- if(ret <= 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "RSA_private_decrypt(RSA_PKCS1_OAEP_PADDING)",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- outSize = ret;
+ ret = RSA_private_decrypt(inSize, xmlSecBufferGetData(in),
+ xmlSecBufferGetData(out),
+ ctx->pKey->pkey.rsa, RSA_PKCS1_OAEP_PADDING);
+ if(ret <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "RSA_private_decrypt(RSA_PKCS1_OAEP_PADDING)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
} else if((transform->operation == xmlSecTransformOperationDecrypt) && (paramsSize != 0)) {
- BIGNUM bn;
-
- ret = RSA_private_decrypt(inSize, xmlSecBufferGetData(in),
- xmlSecBufferGetData(out),
- ctx->pKey->pkey.rsa, RSA_NO_PADDING);
- if(ret <= 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "RSA_private_decrypt(RSA_NO_PADDING)",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- outSize = ret;
-
- /*
- * the private decrypt w/o padding adds '0's at the begginning.
- * it's not clear for me can I simply skip all '0's from the
- * beggining so I have to do decode it back to BIGNUM and dump
- * buffer again
- */
- BN_init(&bn);
- if(BN_bin2bn(xmlSecBufferGetData(out), outSize, &bn) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "BN_bin2bn",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "size=%d", outSize);
- BN_clear_free(&bn);
- return(-1);
- }
-
- ret = BN_bn2bin(&bn, xmlSecBufferGetData(out));
- if(ret <= 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "BN_bn2bin",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- BN_clear_free(&bn);
- return(-1);
- }
- BN_clear_free(&bn);
- outSize = ret;
-
- ret = RSA_padding_check_PKCS1_OAEP(xmlSecBufferGetData(out), outSize,
- xmlSecBufferGetData(out), outSize,
- keySize,
- xmlSecBufferGetData(&(ctx->oaepParams)),
- paramsSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "RSA_padding_check_PKCS1_OAEP",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- outSize = ret;
+ BIGNUM bn;
+
+ ret = RSA_private_decrypt(inSize, xmlSecBufferGetData(in),
+ xmlSecBufferGetData(out),
+ ctx->pKey->pkey.rsa, RSA_NO_PADDING);
+ if(ret <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "RSA_private_decrypt(RSA_NO_PADDING)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+
+ /*
+ * the private decrypt w/o padding adds '0's at the begginning.
+ * it's not clear for me can I simply skip all '0's from the
+ * beggining so I have to do decode it back to BIGNUM and dump
+ * buffer again
+ */
+ BN_init(&bn);
+ if(BN_bin2bn(xmlSecBufferGetData(out), outSize, &bn) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "BN_bin2bn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", outSize);
+ BN_clear_free(&bn);
+ return(-1);
+ }
+
+ ret = BN_bn2bin(&bn, xmlSecBufferGetData(out));
+ if(ret <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "BN_bn2bin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BN_clear_free(&bn);
+ return(-1);
+ }
+ BN_clear_free(&bn);
+ outSize = ret;
+
+ ret = RSA_padding_check_PKCS1_OAEP(xmlSecBufferGetData(out), outSize,
+ xmlSecBufferGetData(out), outSize,
+ keySize,
+ xmlSecBufferGetData(&(ctx->oaepParams)),
+ paramsSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "RSA_padding_check_PKCS1_OAEP",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
} else {
- xmlSecAssert2("we could not be here" == NULL, -1);
- return(-1);
+ xmlSecAssert2("we could not be here" == NULL, -1);
+ return(-1);
}
ret = xmlSecBufferSetSize(out, outSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
}
-
+
ret = xmlSecBufferRemoveHead(in, inSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
}
-
+
return(0);
}
diff --git a/src/openssl/kw_aes.c b/src/openssl/kw_aes.c
index 94cfeddb..573fb985 100644
--- a/src/openssl/kw_aes.c
+++ b/src/openssl/kw_aes.c
@@ -1,12 +1,12 @@
-/**
+/**
*
* XMLSec library
- *
+ *
* AES Algorithm support
- *
+ *
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#ifndef XMLSEC_NO_AES
@@ -28,269 +28,193 @@
#include <xmlsec/openssl/crypto.h>
-#define XMLSEC_OPENSSL_AES128_KEY_SIZE 16
-#define XMLSEC_OPENSSL_AES192_KEY_SIZE 24
-#define XMLSEC_OPENSSL_AES256_KEY_SIZE 32
-#define XMLSEC_OPENSSL_AES_IV_SIZE 16
-#define XMLSEC_OPENSSL_AES_BLOCK_SIZE 16
+#include "../kw_aes_des.h"
/*********************************************************************
*
- * AES KW transforms
- *
- * key (xmlSecBuffer) is located after xmlSecTransform structure
+ * AES KW implementation
*
- ********************************************************************/
-#define xmlSecOpenSSLKWAesGetKey(transform) \
- ((xmlSecBufferPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-#define xmlSecOpenSSLKWAesSize \
- (sizeof(xmlSecTransform) + sizeof(xmlSecBuffer))
-
-static int xmlSecOpenSSLKWAesInitialize (xmlSecTransformPtr transform);
-static void xmlSecOpenSSLKWAesFinalize (xmlSecTransformPtr transform);
-static int xmlSecOpenSSLKWAesSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecOpenSSLKWAesSetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecOpenSSLKWAesExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static xmlSecSize xmlSecOpenSSLKWAesGetKeySize (xmlSecTransformPtr transform);
-static int xmlSecOpenSSLKWAesEncode (const xmlSecByte *key,
- xmlSecSize keySize,
- const xmlSecByte* in,
- xmlSecSize inSize,
- xmlSecByte* out,
- xmlSecSize outSize);
-static int xmlSecOpenSSLKWAesDecode (const xmlSecByte *key,
- xmlSecSize keySize,
- const xmlSecByte* in,
- xmlSecSize inSize,
- xmlSecByte* out,
- xmlSecSize outSize);
-
-static xmlSecTransformKlass xmlSecOpenSSLKWAes128Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLKWAesSize, /* xmlSecSize objSize */
-
- xmlSecNameKWAes128, /* const xmlChar* name; */
- xmlSecHrefKWAes128, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecOpenSSLKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecOpenSSLKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ *********************************************************************/
+static int xmlSecOpenSSLKWAesBlockEncrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+static int xmlSecOpenSSLKWAesBlockDecrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+static xmlSecKWAesKlass xmlSecOpenSSLKWAesKlass = {
+ /* callbacks */
+ xmlSecOpenSSLKWAesBlockEncrypt, /* xmlSecKWAesBlockEncryptMethod encrypt; */
+ xmlSecOpenSSLKWAesBlockDecrypt, /* xmlSecKWAesBlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL /* void* reserved1; */
};
-static xmlSecTransformKlass xmlSecOpenSSLKWAes192Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLKWAesSize, /* xmlSecSize objSize */
-
- xmlSecNameKWAes192, /* const xmlChar* name; */
- xmlSecHrefKWAes192, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecOpenSSLKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecOpenSSLKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-static xmlSecTransformKlass xmlSecOpenSSLKWAes256Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLKWAesSize, /* xmlSecSize objSize */
-
- xmlSecNameKWAes256, /* const xmlChar* name; */
- xmlSecHrefKWAes256, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecOpenSSLKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecOpenSSLKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+/*********************************************************************
+ *
+ * AES KW transforms
+ *
+ ********************************************************************/
+typedef struct _xmlSecOpenSSLKWAesCtx xmlSecOpenSSLKWAesCtx,
+ *xmlSecOpenSSLKWAesCtxPtr;
+struct _xmlSecOpenSSLKWAesCtx {
+ xmlSecBuffer keyBuffer;
+ xmlSecSize keyExpectedSize;
};
-
-#define XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE 8
-
+#define xmlSecOpenSSLKWAesSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLKWAesCtx))
+#define xmlSecOpenSSLKWAesGetCtx(transform) \
+ ((xmlSecOpenSSLKWAesCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
#define xmlSecOpenSSLKWAesCheckId(transform) \
(xmlSecTransformCheckId((transform), xmlSecOpenSSLTransformKWAes128Id) || \
xmlSecTransformCheckId((transform), xmlSecOpenSSLTransformKWAes192Id) || \
xmlSecTransformCheckId((transform), xmlSecOpenSSLTransformKWAes256Id))
-/**
- * xmlSecOpenSSLTransformKWAes128GetKlass:
- *
- * The AES-128 kew wrapper transform klass.
- *
- * Returns: AES-128 kew wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecOpenSSLTransformKWAes128GetKlass(void) {
- return(&xmlSecOpenSSLKWAes128Klass);
-}
-
-/**
- * xmlSecOpenSSLTransformKWAes192GetKlass:
- *
- * The AES-192 kew wrapper transform klass.
- *
- * Returns: AES-192 kew wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecOpenSSLTransformKWAes192GetKlass(void) {
- return(&xmlSecOpenSSLKWAes192Klass);
-}
-
-/**
- * xmlSecOpenSSLTransformKWAes256GetKlass:
- *
- * The AES-256 kew wrapper transform klass.
- *
- * Returns: AES-256 kew wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecOpenSSLTransformKWAes256GetKlass(void) {
- return(&xmlSecOpenSSLKWAes256Klass);
-}
-
-static int
+static int xmlSecOpenSSLKWAesInitialize (xmlSecTransformPtr transform);
+static void xmlSecOpenSSLKWAesFinalize (xmlSecTransformPtr transform);
+static int xmlSecOpenSSLKWAesSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecOpenSSLKWAesSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecOpenSSLKWAesExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+static int
xmlSecOpenSSLKWAesInitialize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLKWAesCtxPtr ctx;
int ret;
-
+
xmlSecAssert2(xmlSecOpenSSLKWAesCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWAesSize), -1);
-
- ret = xmlSecBufferInitialize(xmlSecOpenSSLKWAesGetKey(transform), 0);
+
+ ctx = xmlSecOpenSSLKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes128Id)) {
+ ctx->keyExpectedSize = XMLSEC_KW_AES128_KEY_SIZE;
+ } else if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes192Id)) {
+ ctx->keyExpectedSize = XMLSEC_KW_AES192_KEY_SIZE;
+ } else if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes256Id)) {
+ ctx->keyExpectedSize = XMLSEC_KW_AES256_KEY_SIZE;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecOpenSSLKWAesGetKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLKWAesGetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
return(0);
}
-static void
+static void
xmlSecOpenSSLKWAesFinalize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLKWAesCtxPtr ctx;
+
xmlSecAssert(xmlSecOpenSSLKWAesCheckId(transform));
xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWAesSize));
-
- if(xmlSecOpenSSLKWAesGetKey(transform) != NULL) {
- xmlSecBufferFinalize(xmlSecOpenSSLKWAesGetKey(transform));
- }
+
+ ctx = xmlSecOpenSSLKWAesGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecBufferFinalize(&(ctx->keyBuffer));
}
-static int
+static int
xmlSecOpenSSLKWAesSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecOpenSSLKWAesCtxPtr ctx;
+
xmlSecAssert2(xmlSecOpenSSLKWAesCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWAesSize), -1);
xmlSecAssert2(keyReq != NULL, -1);
- keyReq->keyId = xmlSecOpenSSLKeyDataAesId;
+ ctx = xmlSecOpenSSLKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecOpenSSLKeyDataAesId;
keyReq->keyType = xmlSecKeyDataTypeSymmetric;
if(transform->operation == xmlSecTransformOperationEncrypt) {
- keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
} else {
- keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
}
- keyReq->keyBitsSize = 8 * xmlSecOpenSSLKWAesGetKeySize(transform);
-
+ keyReq->keyBitsSize = 8 * ctx->keyExpectedSize;
+
return(0);
}
-static int
+static int
xmlSecOpenSSLKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecOpenSSLKWAesCtxPtr ctx;
xmlSecBufferPtr buffer;
xmlSecSize keySize;
- xmlSecSize expectedKeySize;
int ret;
-
+
xmlSecAssert2(xmlSecOpenSSLKWAesCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWAesSize), -1);
- xmlSecAssert2(xmlSecOpenSSLKWAesGetKey(transform) != NULL, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecOpenSSLKeyDataAesId), -1);
-
+
+ ctx = xmlSecOpenSSLKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
xmlSecAssert2(buffer != NULL, -1);
keySize = xmlSecBufferGetSize(buffer);
- expectedKeySize = xmlSecOpenSSLKWAesGetKeySize(transform);
- if(keySize < expectedKeySize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
- "key=%d;expected=%d",
- keySize, expectedKeySize);
- return(-1);
+ if(keySize < ctx->keyExpectedSize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key=%d;expected=%d",
+ keySize, ctx->keyExpectedSize);
+ return(-1);
}
-
- ret = xmlSecBufferSetData(xmlSecOpenSSLKWAesGetKey(transform),
- xmlSecBufferGetData(buffer),
- expectedKeySize);
+
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer),
+ xmlSecBufferGetData(buffer),
+ ctx->keyExpectedSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "expected-size=%d", expectedKeySize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "expected-size=%d",
+ ctx->keyExpectedSize);
+ return(-1);
}
return(0);
}
-static int
+static int
xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecBufferPtr in, out, key;
- xmlSecSize inSize, outSize, keySize, expectedKeySize;
+ xmlSecOpenSSLKWAesCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize, keySize;
+ AES_KEY aesKey;
int ret;
xmlSecAssert2(xmlSecOpenSSLKWAesCheckId(transform), -1);
@@ -298,325 +222,292 @@ xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWAesSize), -1);
xmlSecAssert2(transformCtx != NULL, -1);
- key = xmlSecOpenSSLKWAesGetKey(transform);
- xmlSecAssert2(key != NULL, -1);
+ ctx = xmlSecOpenSSLKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+ xmlSecAssert2(keySize == ctx->keyExpectedSize, -1);
- keySize = xmlSecBufferGetSize(key);
- expectedKeySize = xmlSecOpenSSLKWAesGetKeySize(transform);
- xmlSecAssert2(keySize == expectedKeySize, -1);
-
in = &(transform->inBuf);
out = &(transform->outBuf);
inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
+ outSize = xmlSecBufferGetSize(out);
xmlSecAssert2(outSize == 0, -1);
-
+
if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
+ transform->status = xmlSecTransformStatusWorking;
}
-
+
if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
- /* just do nothing */
+ /* just do nothing */
} else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
- if((inSize % 8) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "size=%d(not 8 bytes aligned)", inSize);
- return(-1);
- }
-
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- /* the encoded key might be 8 bytes longer plus 8 bytes just in case */
- outSize = inSize + XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE +
- XMLSEC_OPENSSL_AES_BLOCK_SIZE;
- } else {
- outSize = inSize + XMLSEC_OPENSSL_AES_BLOCK_SIZE;
- }
-
- ret = xmlSecBufferSetMaxSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "outSize=%d", outSize);
- return(-1);
- }
-
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- ret = xmlSecOpenSSLKWAesEncode(xmlSecBufferGetData(key), keySize,
- xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(out), outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecOpenSSLKWAesEncode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- outSize = ret;
- } else {
- ret = xmlSecOpenSSLKWAesDecode(xmlSecBufferGetData(key), keySize,
- xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(out), outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecOpenSSLKWAesDecode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- outSize = ret;
- }
-
- ret = xmlSecBufferSetSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "outSize=%d", outSize);
- return(-1);
- }
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "inSize%d", inSize);
- return(-1);
- }
-
- transform->status = xmlSecTransformStatusFinished;
+ if((inSize % 8) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size=%d(not 8 bytes aligned)", inSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* the encoded key might be 8 bytes longer plus 8 bytes just in case */
+ outSize = inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE +
+ XMLSEC_KW_AES_BLOCK_SIZE;
+ } else {
+ outSize = inSize + XMLSEC_KW_AES_BLOCK_SIZE;
+ }
+
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* prepare key */
+ ret = AES_set_encrypt_key(xmlSecBufferGetData(&(ctx->keyBuffer)),
+ 8 * keySize,
+ &aesKey);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "AES_set_decrypt_key",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecKWAesEncode(&xmlSecOpenSSLKWAesKlass, &aesKey,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWAesEncode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+ } else {
+ /* prepare key */
+ ret = AES_set_decrypt_key(xmlSecBufferGetData(&(ctx->keyBuffer)),
+ 8 * keySize,
+ &aesKey);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "AES_set_decrypt_key",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecKWAesDecode(&xmlSecOpenSSLKWAesKlass, &aesKey,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWAesEncode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "inSize%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
} else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
return(0);
}
-static xmlSecSize
-xmlSecOpenSSLKWAesGetKeySize(xmlSecTransformPtr transform) {
- if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes128Id)) {
- return(XMLSEC_OPENSSL_AES128_KEY_SIZE);
- } else if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes192Id)) {
- return(XMLSEC_OPENSSL_AES192_KEY_SIZE);
- } else if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes256Id)) {
- return(XMLSEC_OPENSSL_AES256_KEY_SIZE);
- }
- return(0);
-}
+static xmlSecTransformKlass xmlSecOpenSSLKWAes128Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes128, /* const xmlChar* name; */
+ xmlSecHrefKWAes128, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
/**
- * http://www.w3.org/TR/xmlenc-core/#sec-Alg-SymmetricKeyWrap:
- *
- * Assume that the data to be wrapped consists of N 64-bit data blocks
- * denoted P(1), P(2), P(3) ... P(N). The result of wrapping will be N+1
- * 64-bit blocks denoted C(0), C(1), C(2), ... C(N). The key encrypting
- * key is represented by K. Assume integers i, j, and t and intermediate
- * 64-bit register A, 128-bit register B, and array of 64-bit quantities
- * R(1) through R(N).
+ * xmlSecOpenSSLTransformKWAes128GetKlass:
*
- * "|" represents concatentation so x|y, where x and y and 64-bit quantities,
- * is the 128-bit quantity with x in the most significant bits and y in the
- * least significant bits. AES(K)enc(x) is the operation of AES encrypting
- * the 128-bit quantity x under the key K. AES(K)dec(x) is the corresponding
- * decryption opteration. XOR(x,y) is the bitwise exclusive or of x and y.
- * MSB(x) and LSB(y) are the most significant 64 bits and least significant
- * 64 bits of x and y respectively.
+ * The AES-128 kew wrapper transform klass.
*
- * If N is 1, a single AES operation is performed for wrap or unwrap.
- * If N>1, then 6*N AES operations are performed for wrap or unwrap.
+ * Returns: AES-128 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformKWAes128GetKlass(void) {
+ return(&xmlSecOpenSSLKWAes128Klass);
+}
+
+static xmlSecTransformKlass xmlSecOpenSSLKWAes192Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes192, /* const xmlChar* name; */
+ xmlSecHrefKWAes192, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+
+/**
+ * xmlSecOpenSSLTransformKWAes192GetKlass:
*
- * The key wrap algorithm is as follows:
+ * The AES-192 kew wrapper transform klass.
*
- * 1. If N is 1:
- * * B=AES(K)enc(0xA6A6A6A6A6A6A6A6|P(1))
- * * C(0)=MSB(B)
- * * C(1)=LSB(B)
- * If N>1, perform the following steps:
- * 2. Initialize variables:
- * * Set A to 0xA6A6A6A6A6A6A6A6
- * * Fori=1 to N,
- * R(i)=P(i)
- * 3. Calculate intermediate values:
- * * Forj=0 to 5,
- * o For i=1 to N,
- * t= i + j*N
- * B=AES(K)enc(A|R(i))
- * A=XOR(t,MSB(B))
- * R(i)=LSB(B)
- * 4. Output the results:
- * * Set C(0)=A
- * * For i=1 to N,
- * C(i)=R(i)
+ * Returns: AES-192 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformKWAes192GetKlass(void) {
+ return(&xmlSecOpenSSLKWAes192Klass);
+}
+
+static xmlSecTransformKlass xmlSecOpenSSLKWAes256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes256, /* const xmlChar* name; */
+ xmlSecHrefKWAes256, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformKWAes256GetKlass:
*
- * The key unwrap algorithm is as follows:
+ * The AES-256 kew wrapper transform klass.
*
- * 1. If N is 1:
- * * B=AES(K)dec(C(0)|C(1))
- * * P(1)=LSB(B)
- * * If MSB(B) is 0xA6A6A6A6A6A6A6A6, return success. Otherwise,
- * return an integrity check failure error.
- * If N>1, perform the following steps:
- * 2. Initialize the variables:
- * * A=C(0)
- * * For i=1 to N,
- * R(i)=C(i)
- * 3. Calculate intermediate values:
- * * For j=5 to 0,
- * o For i=N to 1,
- * t= i + j*N
- * B=AES(K)dec(XOR(t,A)|R(i))
- * A=MSB(B)
- * R(i)=LSB(B)
- * 4. Output the results:
- * * For i=1 to N,
- * P(i)=R(i)
- * * If A is 0xA6A6A6A6A6A6A6A6, return success. Otherwise, return
- * an integrity check failure error.
+ * Returns: AES-256 kew wrapper transform klass.
*/
-static const xmlSecByte xmlSecOpenSSLKWAesMagicBlock[XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE] = {
- 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6
-};
-
-static int
-xmlSecOpenSSLKWAesEncode(const xmlSecByte *key, xmlSecSize keySize,
- const xmlSecByte *in, xmlSecSize inSize,
- xmlSecByte *out, xmlSecSize outSize) {
- AES_KEY aesKey;
- xmlSecByte block[XMLSEC_OPENSSL_AES_BLOCK_SIZE];
- xmlSecByte *p;
- int N, i, j, t;
- int ret;
-
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(keySize > 0, -1);
+xmlSecTransformId
+xmlSecOpenSSLTransformKWAes256GetKlass(void) {
+ return(&xmlSecOpenSSLKWAes256Klass);
+}
+
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ *********************************************************************/
+static int
+xmlSecOpenSSLKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(inSize >= AES_BLOCK_SIZE, -1);
xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= inSize + 8, -1);
-
- ret = AES_set_encrypt_key(key, 8 * keySize, &aesKey);
- if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "AES_set_encrypt_key",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecAssert2(outSize >= AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(context != NULL, -1);
- /* prepend magic block */
- if(in != out) {
- memcpy(out + XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE, in, inSize);
- } else {
- memmove(out + XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE, out, inSize);
- }
- memcpy(out, xmlSecOpenSSLKWAesMagicBlock, XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE);
-
- N = (inSize / 8);
- if(N == 1) {
- AES_encrypt(out, out, &aesKey);
- } else {
- for(j = 0; j <= 5; ++j) {
- for(i = 1; i <= N; ++i) {
- t = i + (j * N);
- p = out + i * 8;
-
- memcpy(block, out, 8);
- memcpy(block + 8, p, 8);
-
- AES_encrypt(block, block, &aesKey);
- block[7] ^= t;
- memcpy(out, block, 8);
- memcpy(p, block + 8, 8);
- }
- }
- }
-
- return(inSize + 8);
+ AES_encrypt(in, out, (AES_KEY*)context);
+ return(AES_BLOCK_SIZE);
}
-static int
-xmlSecOpenSSLKWAesDecode(const xmlSecByte *key, xmlSecSize keySize,
- const xmlSecByte *in, xmlSecSize inSize,
- xmlSecByte *out, xmlSecSize outSize) {
- AES_KEY aesKey;
- xmlSecByte block[XMLSEC_OPENSSL_AES_BLOCK_SIZE];
- xmlSecByte *p;
- int N, i, j, t;
- int ret;
-
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(keySize > 0, -1);
+static int
+xmlSecOpenSSLKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
xmlSecAssert2(in != NULL, -1);
- xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(inSize >= AES_BLOCK_SIZE, -1);
xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= inSize, -1);
-
- ret = AES_set_decrypt_key(key, 8 * keySize, &aesKey);
- if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "AES_set_decrypt_key",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* copy input */
- if(in != out) {
- memcpy(out, in, inSize);
- }
-
- N = (inSize / 8) - 1;
- if(N == 1) {
- AES_decrypt(out, out, &aesKey);
- } else {
- for(j = 5; j >= 0; --j) {
- for(i = N; i > 0; --i) {
- t = i + (j * N);
- p = out + i * 8;
-
- memcpy(block, out, 8);
- memcpy(block + 8, p, 8);
- block[7] ^= t;
-
- AES_decrypt(block, block, &aesKey);
- memcpy(out, block, 8);
- memcpy(p, block + 8, 8);
- }
- }
- }
- /* do not left data in memory */
- memset(block, 0, sizeof(block));
-
- if(memcmp(xmlSecOpenSSLKWAesMagicBlock, out, XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "bad magic block");
- return(-1);
- }
-
- memmove(out, out + XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE, inSize - XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE);
- return(inSize - XMLSEC_OPENSSL_KW_AES_MAGIC_BLOCK_SIZE);
+ xmlSecAssert2(outSize >= AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(context != NULL, -1);
+
+ AES_decrypt(in, out, (AES_KEY*)context);
+ return(AES_BLOCK_SIZE);
}
+
#endif /* XMLSEC_OPENSSL_096 */
#endif /* XMLSEC_NO_AES */
diff --git a/src/openssl/kw_des.c b/src/openssl/kw_des.c
index f5ebf435..9d55e107 100644
--- a/src/openssl/kw_des.c
+++ b/src/openssl/kw_des.c
@@ -1,13 +1,13 @@
-/**
+/**
*
* XMLSec library
- *
+ *
* DES Algorithm support
- *
+ *
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
- * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ *
+ * Copyright (C) 2002-2010 Aleksey Sanin <aleksey@aleksey.com>
*/
#ifndef XMLSEC_NO_DES
#include "globals.h"
@@ -28,9 +28,58 @@
#include <xmlsec/openssl/crypto.h>
-#define XMLSEC_OPENSSL_DES3_KEY_LENGTH 24
-#define XMLSEC_OPENSSL_DES3_IV_LENGTH 8
-#define XMLSEC_OPENSSL_DES3_BLOCK_LENGTH 8
+#include "../kw_aes_des.h"
+
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int xmlSecOpenSSLKWDes3GenerateRandom (void * context,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecOpenSSLKWDes3Sha1 (void * context,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecOpenSSLKWDes3BlockEncrypt (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecOpenSSLKWDes3BlockDecrypt (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+
+static xmlSecKWDes3Klass xmlSecOpenSSLKWDes3ImplKlass = {
+ /* callbacks */
+ xmlSecOpenSSLKWDes3GenerateRandom, /* xmlSecKWDes3GenerateRandomMethod generateRandom; */
+ xmlSecOpenSSLKWDes3Sha1, /* xmlSecKWDes3Sha1Method sha1; */
+ xmlSecOpenSSLKWDes3BlockEncrypt, /* xmlSecKWDes3BlockEncryptMethod encrypt; */
+ xmlSecOpenSSLKWDes3BlockDecrypt, /* xmlSecKWDes3BlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+static int xmlSecOpenSSLKWDes3Encrypt (const xmlSecByte *key,
+ xmlSecSize keySize,
+ const xmlSecByte *iv,
+ xmlSecSize ivSize,
+ const xmlSecByte *in,
+ xmlSecSize inSize,
+ xmlSecByte *out,
+ xmlSecSize outSize,
+ int enc);
+
/*********************************************************************
*
@@ -39,176 +88,171 @@
* key (xmlSecBuffer) is located after xmlSecTransform structure
*
********************************************************************/
-#define xmlSecOpenSSLKWDes3GetKey(transform) \
- ((xmlSecBufferPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-#define xmlSecOpenSSLKWDes3Size \
- (sizeof(xmlSecTransform) + sizeof(xmlSecBuffer))
-
-static int xmlSecOpenSSLKWDes3Initialize (xmlSecTransformPtr transform);
-static void xmlSecOpenSSLKWDes3Finalize (xmlSecTransformPtr transform);
-static int xmlSecOpenSSLKWDes3SetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecOpenSSLKWDes3SetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecOpenSSLKWDes3Execute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecOpenSSLKWDes3Encode (const xmlSecByte *key,
- xmlSecSize keySize,
- const xmlSecByte *in,
- xmlSecSize inSize,
- xmlSecByte *out,
- xmlSecSize outSize);
-static int xmlSecOpenSSLKWDes3Decode (const xmlSecByte *key,
- xmlSecSize keySize,
- const xmlSecByte *in,
- xmlSecSize inSize,
- xmlSecByte *out,
- xmlSecSize outSize);
-static int xmlSecOpenSSLKWDes3Encrypt (const xmlSecByte *key,
- xmlSecSize keySize,
- const xmlSecByte *iv,
- xmlSecSize ivSize,
- const xmlSecByte *in,
- xmlSecSize inSize,
- xmlSecByte *out,
- xmlSecSize outSize,
- int enc);
-static int xmlSecOpenSSLKWDes3BufferReverse (xmlSecByte *buf,
- xmlSecSize size);
-
+typedef struct _xmlSecOpenSSLKWDes3Ctx xmlSecOpenSSLKWDes3Ctx,
+ *xmlSecOpenSSLKWDes3CtxPtr;
+struct _xmlSecOpenSSLKWDes3Ctx {
+ xmlSecBuffer keyBuffer;
+};
+#define xmlSecOpenSSLKWDes3Size \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLKWDes3Ctx))
+#define xmlSecOpenSSLKWDes3GetCtx(transform) \
+ ((xmlSecOpenSSLKWDes3CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecOpenSSLKWDes3Initialize (xmlSecTransformPtr transform);
+static void xmlSecOpenSSLKWDes3Finalize (xmlSecTransformPtr transform);
+static int xmlSecOpenSSLKWDes3SetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecOpenSSLKWDes3SetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecOpenSSLKWDes3Execute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
static xmlSecTransformKlass xmlSecOpenSSLKWDes3Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLKWDes3Size, /* xmlSecSize objSize */
-
- xmlSecNameKWDes3, /* const xmlChar* name; */
- xmlSecHrefKWDes3, /* const xmlChar* href; */
- xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecOpenSSLKWDes3Initialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLKWDes3Finalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLKWDes3SetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
- xmlSecOpenSSLKWDes3SetKey, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLKWDes3Execute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLKWDes3Size, /* xmlSecSize objSize */
+
+ xmlSecNameKWDes3, /* const xmlChar* name; */
+ xmlSecHrefKWDes3, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLKWDes3Initialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLKWDes3Finalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLKWDes3SetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLKWDes3SetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLKWDes3Execute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLTransformKWDes3GetKlass:
- *
+ *
* The Triple DES key wrapper transform klass.
*
* Returns: Triple DES key wrapper transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformKWDes3GetKlass(void) {
return(&xmlSecOpenSSLKWDes3Klass);
}
-static int
+static int
xmlSecOpenSSLKWDes3Initialize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLKWDes3CtxPtr ctx;
int ret;
-
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWDes3Id), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWDes3Size), -1);
-
- ret = xmlSecBufferInitialize(xmlSecOpenSSLKWDes3GetKey(transform), 0);
+
+ ctx = xmlSecOpenSSLKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
return(0);
}
-static void
+static void
xmlSecOpenSSLKWDes3Finalize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLKWDes3CtxPtr ctx;
+
xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWDes3Id));
xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWDes3Size));
-
- if(xmlSecOpenSSLKWDes3GetKey(transform) != NULL) {
- xmlSecBufferFinalize(xmlSecOpenSSLKWDes3GetKey(transform));
- }
+
+ ctx = xmlSecOpenSSLKWDes3GetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecBufferFinalize(&(ctx->keyBuffer));
}
-static int
+static int
xmlSecOpenSSLKWDes3SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecOpenSSLKWDes3CtxPtr ctx;
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWDes3Id), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWDes3Size), -1);
xmlSecAssert2(keyReq != NULL, -1);
- keyReq->keyId = xmlSecOpenSSLKeyDataDesId;
- keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ ctx = xmlSecOpenSSLKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecOpenSSLKeyDataDesId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
if(transform->operation == xmlSecTransformOperationEncrypt) {
- keyReq->keyUsage= xmlSecKeyUsageEncrypt;
+ keyReq->keyUsage= xmlSecKeyUsageEncrypt;
} else {
- keyReq->keyUsage= xmlSecKeyUsageDecrypt;
+ keyReq->keyUsage= xmlSecKeyUsageDecrypt;
}
- keyReq->keyBitsSize = 8 * XMLSEC_OPENSSL_DES3_KEY_LENGTH;
+ keyReq->keyBitsSize = 8 * XMLSEC_KW_DES3_KEY_LENGTH;
return(0);
}
-static int
+static int
xmlSecOpenSSLKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecOpenSSLKWDes3CtxPtr ctx;
xmlSecBufferPtr buffer;
xmlSecSize keySize;
int ret;
-
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWDes3Id), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWDes3Size), -1);
- xmlSecAssert2(xmlSecOpenSSLKWDes3GetKey(transform) != NULL, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecOpenSSLKeyDataDesId), -1);
-
+
+ ctx = xmlSecOpenSSLKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
xmlSecAssert2(buffer != NULL, -1);
keySize = xmlSecBufferGetSize(buffer);
- if(keySize < XMLSEC_OPENSSL_DES3_KEY_LENGTH) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
- "key length %d is not enough (%d expected)",
- keySize, XMLSEC_OPENSSL_DES3_KEY_LENGTH);
- return(-1);
+ if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key length %d is not enough (%d expected)",
+ keySize, XMLSEC_KW_DES3_KEY_LENGTH);
+ return(-1);
}
-
- ret = xmlSecBufferSetData(xmlSecOpenSSLKWDes3GetKey(transform),
- xmlSecBufferGetData(buffer),
- XMLSEC_OPENSSL_DES3_KEY_LENGTH);
+
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", XMLSEC_OPENSSL_DES3_KEY_LENGTH);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", XMLSEC_KW_DES3_KEY_LENGTH);
+ return(-1);
}
return(0);
}
-static int
+static int
xmlSecOpenSSLKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecBufferPtr in, out, key;
+ xmlSecOpenSSLKWDes3CtxPtr ctx;
+ xmlSecBufferPtr in, out;
xmlSecSize inSize, outSize, keySize;
int ret;
@@ -217,347 +261,255 @@ xmlSecOpenSSLKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransfo
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWDes3Size), -1);
xmlSecAssert2(transformCtx != NULL, -1);
- key = xmlSecOpenSSLKWDes3GetKey(transform);
- xmlSecAssert2(key != NULL, -1);
+ ctx = xmlSecOpenSSLKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+ xmlSecAssert2(keySize == XMLSEC_KW_DES3_KEY_LENGTH, -1);
- keySize = xmlSecBufferGetSize(key);
- xmlSecAssert2(keySize == XMLSEC_OPENSSL_DES3_KEY_LENGTH, -1);
-
in = &(transform->inBuf);
out = &(transform->outBuf);
inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
+ outSize = xmlSecBufferGetSize(out);
xmlSecAssert2(outSize == 0, -1);
-
+
if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
+ transform->status = xmlSecTransformStatusWorking;
}
-
+
if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
- /* just do nothing */
+ /* just do nothing */
} else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
- if((inSize % XMLSEC_OPENSSL_DES3_BLOCK_LENGTH) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "%d bytes - not %d bytes aligned",
- inSize, XMLSEC_OPENSSL_DES3_BLOCK_LENGTH);
- return(-1);
- }
-
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- /* the encoded key might be 16 bytes longer plus one block just in case */
- outSize = inSize + XMLSEC_OPENSSL_DES3_IV_LENGTH +
- XMLSEC_OPENSSL_DES3_BLOCK_LENGTH +
- XMLSEC_OPENSSL_DES3_BLOCK_LENGTH;
- } else {
- outSize = inSize + XMLSEC_OPENSSL_DES3_BLOCK_LENGTH;
- }
-
- ret = xmlSecBufferSetMaxSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- return(-1);
- }
-
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- ret = xmlSecOpenSSLKWDes3Encode(xmlSecBufferGetData(key), keySize,
- xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(out), outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecOpenSSLKWDes3Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "key=%d,in=%d,out=%d",
- keySize, inSize, outSize);
- return(-1);
- }
- outSize = ret;
- } else {
- ret = xmlSecOpenSSLKWDes3Decode(xmlSecBufferGetData(key), keySize,
- xmlSecBufferGetData(in), inSize,
- xmlSecBufferGetData(out), outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecOpenSSLKWDes3Decode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "key=%d,in=%d,out=%d",
- keySize, inSize, outSize);
- return(-1);
- }
- outSize = ret;
- }
-
- ret = xmlSecBufferSetSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- return(-1);
- }
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
-
- transform->status = xmlSecTransformStatusFinished;
+ if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "%d bytes - not %d bytes aligned",
+ inSize, XMLSEC_KW_DES3_BLOCK_LENGTH);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* the encoded key might be 16 bytes longer plus one block just in case */
+ outSize = inSize + XMLSEC_KW_DES3_IV_LENGTH +
+ XMLSEC_KW_DES3_BLOCK_LENGTH +
+ XMLSEC_KW_DES3_BLOCK_LENGTH;
+ } else {
+ /* just in case, add a block */
+ outSize = inSize + XMLSEC_KW_DES3_BLOCK_LENGTH;
+ }
+
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ ret = xmlSecKWDes3Encode(&xmlSecOpenSSLKWDes3ImplKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWDes3Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "key=%d,in=%d,out=%d",
+ keySize, inSize, outSize);
+ return(-1);
+ }
+ outSize = ret;
+ } else {
+ ret = xmlSecKWDes3Decode(&xmlSecOpenSSLKWDes3ImplKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWDes3Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "key=%d,in=%d,out=%d",
+ keySize, inSize, outSize);
+ return(-1);
+ }
+ outSize = ret;
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
} else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
+
return(0);
}
-static xmlSecByte xmlSecOpenSSLKWDes3Iv[XMLSEC_OPENSSL_DES3_IV_LENGTH] = {
- 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
-};
-/**
- * CMS Triple DES Key Wrap
- *
- * http://www.w3.org/TR/xmlenc-core/#sec-Alg-SymmetricKeyWrap
- *
- * The following algorithm wraps (encrypts) a key (the wrapped key, WK)
- * under a TRIPLEDES key-encryption-key (KEK) as specified in [CMS-Algorithms]:
+/*********************************************************************
*
- * 1. Represent the key being wrapped as an octet sequence. If it is a
- * TRIPLEDES key, this is 24 octets (192 bits) with odd parity bit as
- * the bottom bit of each octet.
- * 2. Compute the CMS key checksum (section 5.6.1) call this CKS.
- * 3. Let WKCKS = WK || CKS, where || is concatenation.
- * 4. Generate 8 random octets [RANDOM] and call this IV.
- * 5. Encrypt WKCKS in CBC mode using KEK as the key and IV as the
- * initialization vector. Call the results TEMP1.
- * 6. Left TEMP2 = IV || TEMP1.
- * 7. Reverse the order of the octets in TEMP2 and call the result TEMP3.
- * 8. Encrypt TEMP3 in CBC mode using the KEK and an initialization vector
- * of 0x4adda22c79e82105. The resulting cipher text is the desired result.
- * It is 40 octets long if a 168 bit key is being wrapped.
+ * DES KW implementation
*
- */
-static int
-xmlSecOpenSSLKWDes3Encode(const xmlSecByte *key, xmlSecSize keySize,
- const xmlSecByte *in, xmlSecSize inSize,
- xmlSecByte *out, xmlSecSize outSize) {
- xmlSecByte sha1[SHA_DIGEST_LENGTH];
- xmlSecByte iv[XMLSEC_OPENSSL_DES3_IV_LENGTH];
- xmlSecSize s;
- int ret;
+ *********************************************************************/
+static int
+xmlSecOpenSSLKWDes3Sha1(void * context,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecOpenSSLKWDes3CtxPtr ctx = (xmlSecOpenSSLKWDes3CtxPtr)context;
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(keySize == XMLSEC_OPENSSL_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(in != NULL, -1);
xmlSecAssert2(inSize > 0, -1);
xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(outSize >= inSize + 16, -1);
-
- /* step 2: calculate sha1 and CMS */
- if(SHA1(in, inSize, sha1) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "SHA1",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecAssert2(outSize >= SHA_DIGEST_LENGTH, -1);
+
+ if(SHA1(in, inSize, out) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SHA1",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
+ return(SHA_DIGEST_LENGTH);
+}
+
+static int
+xmlSecOpenSSLKWDes3GenerateRandom(void * context,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecOpenSSLKWDes3CtxPtr ctx = (xmlSecOpenSSLKWDes3CtxPtr)context;
+ int ret;
- /* step 3: construct WKCKS */
- memcpy(out, in, inSize);
- memcpy(out + inSize, sha1, XMLSEC_OPENSSL_DES3_BLOCK_LENGTH);
-
- /* step 4: generate random iv */
- ret = RAND_bytes(iv, XMLSEC_OPENSSL_DES3_IV_LENGTH);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize > 0, -1);
+
+ ret = RAND_bytes(out, outSize);
if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "RAND_bytes",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "ret=%d", ret);
- return(-1);
- }
-
- /* step 5: first encryption, result is TEMP1 */
- ret = xmlSecOpenSSLKWDes3Encrypt(key, keySize,
- iv, XMLSEC_OPENSSL_DES3_IV_LENGTH,
- out, inSize + XMLSEC_OPENSSL_DES3_BLOCK_LENGTH,
- out, outSize, 1);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLKWDes3Encrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "RAND_bytes",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
}
- /* step 6: construct TEMP2=IV || TEMP1 */
- memmove(out + XMLSEC_OPENSSL_DES3_IV_LENGTH, out,
- inSize + XMLSEC_OPENSSL_DES3_IV_LENGTH);
- memcpy(out, iv, XMLSEC_OPENSSL_DES3_IV_LENGTH);
- s = ret + XMLSEC_OPENSSL_DES3_IV_LENGTH;
-
- /* step 7: reverse octets order, result is TEMP3 */
- ret = xmlSecOpenSSLKWDes3BufferReverse(out, s);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLKWDes3BufferReverse",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ return((int)outSize);
+}
- /* step 8: second encryption with static IV */
- ret = xmlSecOpenSSLKWDes3Encrypt(key, keySize,
- xmlSecOpenSSLKWDes3Iv, XMLSEC_OPENSSL_DES3_IV_LENGTH,
- out, s, out, outSize, 1);
+static int
+xmlSecOpenSSLKWDes3BlockEncrypt(void * context,
+ const xmlSecByte * iv, xmlSecSize ivSize,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecOpenSSLKWDes3CtxPtr ctx = (xmlSecOpenSSLKWDes3CtxPtr)context;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ ret = xmlSecOpenSSLKWDes3Encrypt(xmlSecBufferGetData(&(ctx->keyBuffer)), XMLSEC_KW_DES3_KEY_LENGTH,
+ iv, XMLSEC_KW_DES3_IV_LENGTH,
+ in, inSize,
+ out, outSize,
+ 1); /* encrypt */
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLKWDes3Encrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
- s = ret;
- return(s);
+
+ return(ret);
}
-/**
- * CMS Triple DES Key Wrap
- *
- * http://www.w3.org/TR/xmlenc-core/#sec-Alg-SymmetricKeyWrap
- *
- * The following algorithm unwraps (decrypts) a key as specified in
- * [CMS-Algorithms]:
- *
- * 1. Check if the length of the cipher text is reasonable given the key type.
- * It must be 40 bytes for a 168 bit key and either 32, 40, or 48 bytes for
- * a 128, 192, or 256 bit key. If the length is not supported or inconsistent
- * with the algorithm for which the key is intended, return error.
- * 2. Decrypt the cipher text with TRIPLEDES in CBC mode using the KEK and
- * an initialization vector (IV) of 0x4adda22c79e82105. Call the output TEMP3.
- * 3. Reverse the order of the octets in TEMP3 and call the result TEMP2.
- * 4. Decompose TEMP2 into IV, the first 8 octets, and TEMP1, the remaining
- * octets.
- * 5. Decrypt TEMP1 using TRIPLEDES in CBC mode using the KEK and the IV found
- * in the previous step. Call the result WKCKS.
- * 6. Decompose WKCKS. CKS is the last 8 octets and WK, the wrapped key, are
- * those octets before the CKS.
- * 7. Calculate a CMS key checksum (section 5.6.1) over the WK and compare
- * with the CKS extracted in the above step. If they are not equal, return
- * error.
- * 8. WK is the wrapped key, now extracted for use in data decryption.
- */
-static int
-xmlSecOpenSSLKWDes3Decode(const xmlSecByte *key, xmlSecSize keySize,
- const xmlSecByte *in, xmlSecSize inSize,
- xmlSecByte *out, xmlSecSize outSize) {
- xmlSecByte sha1[SHA_DIGEST_LENGTH];
- xmlSecSize s;
+static int
+xmlSecOpenSSLKWDes3BlockDecrypt(void * context,
+ const xmlSecByte * iv, xmlSecSize ivSize,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecOpenSSLKWDes3CtxPtr ctx = (xmlSecOpenSSLKWDes3CtxPtr)context;
int ret;
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(keySize == XMLSEC_OPENSSL_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
xmlSecAssert2(in != NULL, -1);
xmlSecAssert2(inSize > 0, -1);
xmlSecAssert2(out != NULL, -1);
xmlSecAssert2(outSize >= inSize, -1);
- /* step 2: first decryption with static IV, result is TEMP3 */
- ret = xmlSecOpenSSLKWDes3Encrypt(key, keySize,
- xmlSecOpenSSLKWDes3Iv, XMLSEC_OPENSSL_DES3_IV_LENGTH,
- in, inSize, out, outSize, 0);
- if((ret < 0) || (ret < XMLSEC_OPENSSL_DES3_IV_LENGTH)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLKWDes3Encrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- s = ret;
-
- /* step 3: reverse octets order in TEMP3, result is TEMP2 */
- ret = xmlSecOpenSSLKWDes3BufferReverse(out, s);
+ ret = xmlSecOpenSSLKWDes3Encrypt(xmlSecBufferGetData(&(ctx->keyBuffer)), XMLSEC_KW_DES3_KEY_LENGTH,
+ iv, XMLSEC_KW_DES3_IV_LENGTH,
+ in, inSize,
+ out, outSize,
+ 0); /* decrypt */
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLKWDes3BufferReverse",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */
- ret = xmlSecOpenSSLKWDes3Encrypt(key, keySize,
- out, XMLSEC_OPENSSL_DES3_IV_LENGTH,
- out + XMLSEC_OPENSSL_DES3_IV_LENGTH,
- s - XMLSEC_OPENSSL_DES3_IV_LENGTH,
- out, outSize, 0);
- if((ret < 0) || (ret < XMLSEC_OPENSSL_DES3_BLOCK_LENGTH)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLKWDes3Encrypt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- s = ret - XMLSEC_OPENSSL_DES3_BLOCK_LENGTH;
-
- /* steps 6 and 7: calculate SHA1 and validate it */
- if(SHA1(out, s, sha1) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "SHA1",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
- if(memcmp(sha1, out + s, XMLSEC_OPENSSL_DES3_BLOCK_LENGTH) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "SHA1 does not match");
- return(-1);
- }
-
- return(s);
+ return(ret);
}
+
+
static int
xmlSecOpenSSLKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize,
- const xmlSecByte *iv, xmlSecSize ivSize,
- const xmlSecByte *in, xmlSecSize inSize,
- xmlSecByte *out, xmlSecSize outSize, int enc) {
+ const xmlSecByte *iv, xmlSecSize ivSize,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize,
+ int enc) {
EVP_CIPHER_CTX cipherCtx;
int updateLen;
int finalLen;
int ret;
-
+
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(keySize == (xmlSecSize)EVP_CIPHER_key_length(EVP_des_ede3_cbc()), -1);
xmlSecAssert2(iv != NULL, -1);
@@ -566,63 +518,46 @@ xmlSecOpenSSLKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize,
xmlSecAssert2(inSize > 0, -1);
xmlSecAssert2(out != NULL, -1);
xmlSecAssert2(outSize >= inSize, -1);
-
+
EVP_CIPHER_CTX_init(&cipherCtx);
- ret = EVP_CipherInit(&cipherCtx, EVP_des_ede3_cbc(), key, iv, enc);
+ ret = EVP_CipherInit(&cipherCtx, EVP_des_ede3_cbc(), key, iv, enc);
if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "EVP_CipherInit",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EVP_CipherInit",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
#ifndef XMLSEC_OPENSSL_096
- EVP_CIPHER_CTX_set_padding(&cipherCtx, 0);
-#endif /* XMLSEC_OPENSSL_096 */
-
+ EVP_CIPHER_CTX_set_padding(&cipherCtx, 0);
+#endif /* XMLSEC_OPENSSL_096 */
+
ret = EVP_CipherUpdate(&cipherCtx, out, &updateLen, in, inSize);
if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "EVP_CipherUpdate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EVP_CipherUpdate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
ret = EVP_CipherFinal(&cipherCtx, out + updateLen, &finalLen);
if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "EVP_CipherFinal",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EVP_CipherFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
EVP_CIPHER_CTX_cleanup(&cipherCtx);
return(updateLen + finalLen);
-}
-
-static int
-xmlSecOpenSSLKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) {
- xmlSecSize s;
- xmlSecSize i;
- xmlSecByte c;
-
- xmlSecAssert2(buf != NULL, -1);
-
- s = size / 2;
- --size;
- for(i = 0; i < s; ++i) {
- c = buf[i];
- buf[i] = buf[size - i];
- buf[size - i] = c;
- }
- return(0);
}
+
#endif /* XMLSEC_NO_DES */
diff --git a/src/openssl/signatures.c b/src/openssl/signatures.c
index 2a16983a..7e3dbc7d 100644
--- a/src/openssl/signatures.c
+++ b/src/openssl/signatures.c
@@ -1,9 +1,9 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -23,24 +23,61 @@
#include <xmlsec/openssl/evp.h>
#ifndef XMLSEC_NO_DSA
-#define XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE 40
-static const EVP_MD *xmlSecOpenSSLDsaSha1Evp (void);
+
+#define XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE (20 * 2)
+
+#ifndef XMLSEC_NO_SHA1
+static const EVP_MD *xmlSecOpenSSLDsaSha1Evp (void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+#ifdef XMLSEC_OPENSSL_100
+static const EVP_MD *xmlSecOpenSSLDsaSha256Evp (void);
+#endif /* XMLSEC_OPENSSL_100 */
+#endif /* XMLSEC_NO_SHA256 */
+
#endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_ECDSA
+
+#define XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE ((512 / 8) * 2)
+
+#ifndef XMLSEC_NO_SHA1
+static const EVP_MD *xmlSecOpenSSLEcdsaSha1Evp (void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+static const EVP_MD *xmlSecOpenSSLEcdsaSha224Evp (void);
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+static const EVP_MD *xmlSecOpenSSLEcdsaSha256Evp (void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+static const EVP_MD *xmlSecOpenSSLEcdsaSha384Evp (void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+static const EVP_MD *xmlSecOpenSSLEcdsaSha512Evp (void);
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_ECDSA */
+
/**************************************************************************
*
* Internal OpenSSL evp signatures ctx
*
*****************************************************************************/
-typedef struct _xmlSecOpenSSLEvpSignatureCtx xmlSecOpenSSLEvpSignatureCtx,
- *xmlSecOpenSSLEvpSignatureCtxPtr;
+typedef struct _xmlSecOpenSSLEvpSignatureCtx xmlSecOpenSSLEvpSignatureCtx,
+ *xmlSecOpenSSLEvpSignatureCtxPtr;
struct _xmlSecOpenSSLEvpSignatureCtx {
- const EVP_MD* digest;
- EVP_MD_CTX digestCtx;
- xmlSecKeyDataId keyId;
- EVP_PKEY* pKey;
-};
+ const EVP_MD* digest;
+ EVP_MD_CTX digestCtx;
+ xmlSecKeyDataId keyId;
+ EVP_PKEY* pKey;
+};
/******************************************************************************
*
@@ -49,25 +86,25 @@ struct _xmlSecOpenSSLEvpSignatureCtx {
* xmlSecOpenSSLEvpSignatureCtx is located after xmlSecTransform
*
*****************************************************************************/
-#define xmlSecOpenSSLEvpSignatureSize \
+#define xmlSecOpenSSLEvpSignatureSize \
(sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLEvpSignatureCtx))
#define xmlSecOpenSSLEvpSignatureGetCtx(transform) \
((xmlSecOpenSSLEvpSignatureCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-static int xmlSecOpenSSLEvpSignatureCheckId (xmlSecTransformPtr transform);
-static int xmlSecOpenSSLEvpSignatureInitialize (xmlSecTransformPtr transform);
-static void xmlSecOpenSSLEvpSignatureFinalize (xmlSecTransformPtr transform);
-static int xmlSecOpenSSLEvpSignatureSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecOpenSSLEvpSignatureSetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecOpenSSLEvpSignatureVerify (xmlSecTransformPtr transform,
- const xmlSecByte* data,
- xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecOpenSSLEvpSignatureExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLEvpSignatureCheckId (xmlSecTransformPtr transform);
+static int xmlSecOpenSSLEvpSignatureInitialize (xmlSecTransformPtr transform);
+static void xmlSecOpenSSLEvpSignatureFinalize (xmlSecTransformPtr transform);
+static int xmlSecOpenSSLEvpSignatureSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecOpenSSLEvpSignatureSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecOpenSSLEvpSignatureVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLEvpSignatureExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
static int
xmlSecOpenSSLEvpSignatureCheckId(xmlSecTransformPtr transform) {
@@ -75,148 +112,258 @@ xmlSecOpenSSLEvpSignatureCheckId(xmlSecTransformPtr transform) {
#ifndef XMLSEC_NO_SHA1
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformDsaSha1Id)) {
- return(1);
+ return(1);
} else
#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformDsaSha256Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
#endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_ECDSA
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha1Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha224Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha256Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha384Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha512Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_ECDSA */
+
#ifndef XMLSEC_NO_RSA
#ifndef XMLSEC_NO_MD5
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaMd5Id)) {
- return(1);
- } else
+ return(1);
+ } else
#endif /* XMLSEC_NO_MD5 */
#ifndef XMLSEC_NO_RIPEMD160
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaRipemd160Id)) {
- return(1);
- } else
+ return(1);
+ } else
#endif /* XMLSEC_NO_RIPEMD160 */
#ifndef XMLSEC_NO_SHA1
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha1Id)) {
- return(1);
- } else
+ return(1);
+ } else
#endif /* XMLSEC_NO_SHA1 */
#ifndef XMLSEC_NO_SHA224
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha224Id)) {
- return(1);
- } else
+ return(1);
+ } else
#endif /* XMLSEC_NO_SHA224 */
#ifndef XMLSEC_NO_SHA256
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha256Id)) {
- return(1);
- } else
+ return(1);
+ } else
#endif /* XMLSEC_NO_SHA256 */
#ifndef XMLSEC_NO_SHA384
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha384Id)) {
- return(1);
- } else
+ return(1);
+ } else
#endif /* XMLSEC_NO_SHA384 */
#ifndef XMLSEC_NO_SHA512
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha512Id)) {
- return(1);
- } else
+ return(1);
+ } else
#endif /* XMLSEC_NO_SHA512 */
#endif /* XMLSEC_NO_RSA */
-
+
+#ifndef XMLSEC_NO_GOST
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGost2001GostR3411_94Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_GOST*/
+
{
- return(0);
+ return(0);
}
-
+
return(0);
}
-static int
+static int
xmlSecOpenSSLEvpSignatureInitialize(xmlSecTransformPtr transform) {
xmlSecOpenSSLEvpSignatureCtxPtr ctx;
-
+
xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1);
ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
- memset(ctx, 0, sizeof(xmlSecOpenSSLEvpSignatureCtx));
+ memset(ctx, 0, sizeof(xmlSecOpenSSLEvpSignatureCtx));
#ifndef XMLSEC_NO_DSA
#ifndef XMLSEC_NO_SHA1
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformDsaSha1Id)) {
- ctx->digest = xmlSecOpenSSLDsaSha1Evp();
- ctx->keyId = xmlSecOpenSSLKeyDataDsaId;
- } else
+ ctx->digest = xmlSecOpenSSLDsaSha1Evp();
+ ctx->keyId = xmlSecOpenSSLKeyDataDsaId;
+ } else
#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+#ifdef XMLSEC_OPENSSL_100
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformDsaSha256Id)) {
+ ctx->digest = xmlSecOpenSSLDsaSha256Evp();
+ ctx->keyId = xmlSecOpenSSLKeyDataDsaId;
+ } else
+#endif /* XMLSEC_OPENSSL_100 */
+#endif /* XMLSEC_NO_SHA256 */
+
#endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_ECDSA
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha1Id)) {
+ ctx->digest = xmlSecOpenSSLEcdsaSha1Evp();
+ ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha224Id)) {
+ ctx->digest = xmlSecOpenSSLEcdsaSha224Evp();
+ ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId;
+ } else
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha256Id)) {
+ ctx->digest = xmlSecOpenSSLEcdsaSha256Evp();
+ ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha384Id)) {
+ ctx->digest = xmlSecOpenSSLEcdsaSha384Evp();
+ ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha512Id)) {
+ ctx->digest = xmlSecOpenSSLEcdsaSha512Evp();
+ ctx->keyId = xmlSecOpenSSLKeyDataEcdsaId;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_ECDSA */
+
#ifndef XMLSEC_NO_RSA
#ifndef XMLSEC_NO_MD5
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaMd5Id)) {
- ctx->digest = EVP_md5();
- ctx->keyId = xmlSecOpenSSLKeyDataRsaId;
- } else
+ ctx->digest = EVP_md5();
+ ctx->keyId = xmlSecOpenSSLKeyDataRsaId;
+ } else
#endif /* XMLSEC_NO_MD5 */
#ifndef XMLSEC_NO_RIPEMD160
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaRipemd160Id)) {
- ctx->digest = EVP_ripemd160();
- ctx->keyId = xmlSecOpenSSLKeyDataRsaId;
- } else
+ ctx->digest = EVP_ripemd160();
+ ctx->keyId = xmlSecOpenSSLKeyDataRsaId;
+ } else
#endif /* XMLSEC_NO_RIPEMD160 */
#ifndef XMLSEC_NO_SHA1
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha1Id)) {
- ctx->digest = EVP_sha1();
- ctx->keyId = xmlSecOpenSSLKeyDataRsaId;
- } else
+ ctx->digest = EVP_sha1();
+ ctx->keyId = xmlSecOpenSSLKeyDataRsaId;
+ } else
#endif /* XMLSEC_NO_SHA1 */
#ifndef XMLSEC_NO_SHA224
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha224Id)) {
- ctx->digest = EVP_sha224();
- ctx->keyId = xmlSecOpenSSLKeyDataRsaId;
- } else
+ ctx->digest = EVP_sha224();
+ ctx->keyId = xmlSecOpenSSLKeyDataRsaId;
+ } else
#endif /* XMLSEC_NO_SHA224 */
#ifndef XMLSEC_NO_SHA256
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha256Id)) {
- ctx->digest = EVP_sha256();
- ctx->keyId = xmlSecOpenSSLKeyDataRsaId;
- } else
+ ctx->digest = EVP_sha256();
+ ctx->keyId = xmlSecOpenSSLKeyDataRsaId;
+ } else
#endif /* XMLSEC_NO_SHA256 */
#ifndef XMLSEC_NO_SHA384
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha384Id)) {
- ctx->digest = EVP_sha384();
- ctx->keyId = xmlSecOpenSSLKeyDataRsaId;
- } else
+ ctx->digest = EVP_sha384();
+ ctx->keyId = xmlSecOpenSSLKeyDataRsaId;
+ } else
#endif /* XMLSEC_NO_SHA384 */
#ifndef XMLSEC_NO_SHA512
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha512Id)) {
- ctx->digest = EVP_sha512();
- ctx->keyId = xmlSecOpenSSLKeyDataRsaId;
- } else
+ ctx->digest = EVP_sha512();
+ ctx->keyId = xmlSecOpenSSLKeyDataRsaId;
+ } else
#endif /* XMLSEC_NO_SHA512 */
#endif /* XMLSEC_NO_RSA */
+#ifndef XMLSEC_NO_GOST
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGost2001GostR3411_94Id)) {
+ ctx->keyId = xmlSecOpenSSLKeyDataGost2001Id;
+ ctx->digest = EVP_get_digestbyname("md_gost94");
+ if (!ctx->digest)
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else
+#endif /* XMLSEC_NO_GOST*/
+
if(1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
#ifndef XMLSEC_OPENSSL_096
@@ -225,7 +372,7 @@ xmlSecOpenSSLEvpSignatureInitialize(xmlSecTransformPtr transform) {
return(0);
}
-static void
+static void
xmlSecOpenSSLEvpSignatureFinalize(xmlSecTransformPtr transform) {
xmlSecOpenSSLEvpSignatureCtxPtr ctx;
@@ -234,18 +381,18 @@ xmlSecOpenSSLEvpSignatureFinalize(xmlSecTransformPtr transform) {
ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform);
xmlSecAssert(ctx != NULL);
-
+
if(ctx->pKey != NULL) {
- EVP_PKEY_free(ctx->pKey);
+ EVP_PKEY_free(ctx->pKey);
}
#ifndef XMLSEC_OPENSSL_096
EVP_MD_CTX_cleanup(&(ctx->digestCtx));
#endif /* XMLSEC_OPENSSL_096 */
- memset(ctx, 0, sizeof(xmlSecOpenSSLEvpSignatureCtx));
+ memset(ctx, 0, sizeof(xmlSecOpenSSLEvpSignatureCtx));
}
-static int
+static int
xmlSecOpenSSLEvpSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecOpenSSLEvpSignatureCtxPtr ctx;
xmlSecKeyDataPtr value;
@@ -264,35 +411,35 @@ xmlSecOpenSSLEvpSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key)
value = xmlSecKeyGetValue(key);
xmlSecAssert2(value != NULL, -1);
-
+
pKey = xmlSecOpenSSLEvpKeyDataGetEvp(value);
if(pKey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecOpenSSLEvpKeyDataGetEvp",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLEvpKeyDataGetEvp",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
if(ctx->pKey != NULL) {
- EVP_PKEY_free(ctx->pKey);
+ EVP_PKEY_free(ctx->pKey);
}
ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey);
if(ctx->pKey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecOpenSSLEvpKeyDup",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLEvpKeyDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
-static int
+static int
xmlSecOpenSSLEvpSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecOpenSSLEvpSignatureCtxPtr ctx;
@@ -308,22 +455,22 @@ xmlSecOpenSSLEvpSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPt
keyReq->keyId = ctx->keyId;
if(transform->operation == xmlSecTransformOperationSign) {
keyReq->keyType = xmlSecKeyDataTypePrivate;
- keyReq->keyUsage = xmlSecKeyUsageSign;
+ keyReq->keyUsage = xmlSecKeyUsageSign;
} else {
keyReq->keyType = xmlSecKeyDataTypePublic;
- keyReq->keyUsage = xmlSecKeyUsageVerify;
+ keyReq->keyUsage = xmlSecKeyUsageVerify;
}
return(0);
}
static int
-xmlSecOpenSSLEvpSignatureVerify(xmlSecTransformPtr transform,
- const xmlSecByte* data, xmlSecSize dataSize,
- xmlSecTransformCtxPtr transformCtx) {
+xmlSecOpenSSLEvpSignatureVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLEvpSignatureCtxPtr ctx;
int ret;
-
+
xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1);
xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1);
@@ -336,33 +483,34 @@ xmlSecOpenSSLEvpSignatureVerify(xmlSecTransformPtr transform,
ret = EVP_VerifyFinal(&(ctx->digestCtx), (xmlSecByte*)data, dataSize, ctx->pKey);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "EVP_VerifyFinal",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "EVP_VerifyFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
} else if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "EVP_VerifyFinal",
- XMLSEC_ERRORS_R_DATA_NOT_MATCH,
- "signature do not match");
- transform->status = xmlSecTransformStatusFail;
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "EVP_VerifyFinal",
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "signature do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
}
-
+
transform->status = xmlSecTransformStatusOk;
return(0);
}
-static int
+static int
xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLEvpSignatureCtxPtr ctx;
xmlSecBufferPtr in, out;
- xmlSecSize inSize, outSize;
+ xmlSecSize inSize;
+ xmlSecSize outSize;
int ret;
-
+
xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1);
@@ -374,274 +522,213 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT
in = &(transform->inBuf);
out = &(transform->outBuf);
inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
-
+ outSize = xmlSecBufferGetSize(out);
+
ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->digest != NULL, -1);
xmlSecAssert2(ctx->pKey != NULL, -1);
if(transform->status == xmlSecTransformStatusNone) {
- xmlSecAssert2(outSize == 0, -1);
-
- if(transform->operation == xmlSecTransformOperationSign) {
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->operation == xmlSecTransformOperationSign) {
#ifndef XMLSEC_OPENSSL_096
- ret = EVP_SignInit(&(ctx->digestCtx), ctx->digest);
- if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "EVP_SignInit",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ ret = EVP_SignInit(&(ctx->digestCtx), ctx->digest);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "EVP_SignInit",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
#else /* XMLSEC_OPENSSL_096 */
- EVP_SignInit(&(ctx->digestCtx), ctx->digest);
+ EVP_SignInit(&(ctx->digestCtx), ctx->digest);
#endif /* XMLSEC_OPENSSL_096 */
- } else {
+ } else {
#ifndef XMLSEC_OPENSSL_096
- ret = EVP_VerifyInit(&(ctx->digestCtx), ctx->digest);
- if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "EVP_VerifyInit",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ ret = EVP_VerifyInit(&(ctx->digestCtx), ctx->digest);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "EVP_VerifyInit",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
#else /* XMLSEC_OPENSSL_096 */
- EVP_VerifyInit(&(ctx->digestCtx), ctx->digest);
+ EVP_VerifyInit(&(ctx->digestCtx), ctx->digest);
#endif /* XMLSEC_OPENSSL_096 */
- }
- transform->status = xmlSecTransformStatusWorking;
+ }
+ transform->status = xmlSecTransformStatusWorking;
}
-
+
if((transform->status == xmlSecTransformStatusWorking) && (inSize > 0)) {
- xmlSecAssert2(outSize == 0, -1);
+ xmlSecAssert2(outSize == 0, -1);
- if(transform->operation == xmlSecTransformOperationSign) {
+ if(transform->operation == xmlSecTransformOperationSign) {
#ifndef XMLSEC_OPENSSL_096
- ret = EVP_SignUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
- if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "EVP_SignUpdate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ ret = EVP_SignUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "EVP_SignUpdate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
#else /* XMLSEC_OPENSSL_096 */
- EVP_SignUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
+ EVP_SignUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
#endif /* XMLSEC_OPENSSL_096 */
- } else {
+ } else {
#ifndef XMLSEC_OPENSSL_096
- ret = EVP_VerifyUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
- if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "EVP_VerifyUpdate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ ret = EVP_VerifyUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "EVP_VerifyUpdate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
#else /* XMLSEC_OPENSSL_096 */
- EVP_VerifyUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
+ EVP_VerifyUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
#endif /* XMLSEC_OPENSSL_096 */
- }
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
- xmlSecAssert2(outSize == 0, -1);
- if(transform->operation == xmlSecTransformOperationSign) {
- /* this is a hack: for rsa signatures
- * we get size from EVP_PKEY_size(),
- * for dsa signature we use a fixed constant */
- outSize = EVP_PKEY_size(ctx->pKey);
-#ifndef XMLSEC_NO_DSA
- if(outSize < XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE) {
- outSize = XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE;
- }
-#endif /* XMLSEC_NO_DSA */
-
- ret = xmlSecBufferSetMaxSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- return(-1);
- }
-
- ret = EVP_SignFinal(&(ctx->digestCtx), xmlSecBufferGetData(out), &outSize, ctx->pKey);
- if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "EVP_SignFinal",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- ret = xmlSecBufferSetSize(out, outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- return(-1);
- }
- }
- transform->status = xmlSecTransformStatusFinished;
+ xmlSecAssert2(outSize == 0, -1);
+ if(transform->operation == xmlSecTransformOperationSign) {
+ unsigned int signSize;
+
+ /* this is a hack: for rsa signatures
+ * we get size from EVP_PKEY_size(),
+ * for dsa signature we use a fixed constant */
+ signSize = EVP_PKEY_size(ctx->pKey);
+#ifndef XMLSEC_NO_DSA
+ if(signSize < XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE) {
+ signSize = XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE;
+ }
+#endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_ECDSA
+ if(signSize < XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE) {
+ signSize = XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE;
+ }
+#endif /* XMLSEC_NO_ECDSA */
+
+ ret = xmlSecBufferSetMaxSize(out, signSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%u", signSize);
+ return(-1);
+ }
+
+ ret = EVP_SignFinal(&(ctx->digestCtx), xmlSecBufferGetData(out), &signSize, ctx->pKey);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "EVP_SignFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetSize(out, signSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%u", signSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
}
-
+
if((transform->status == xmlSecTransformStatusWorking) || (transform->status == xmlSecTransformStatusFinished)) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
-
+
return(0);
}
#ifndef XMLSEC_NO_DSA
-
-#ifndef XMLSEC_NO_SHA1
-/****************************************************************************
- *
- * DSA-SHA1 signature transform
- *
- ***************************************************************************/
-
-static xmlSecTransformKlass xmlSecOpenSSLDsaSha1Klass = {
- /* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
-
- xmlSecNameDsaSha1, /* const xmlChar* name; */
- xmlSecHrefDsaSha1, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-/**
- * xmlSecOpenSSLTransformDsaSha1GetKlass:
- *
- * The DSA-SHA1 signature transform klass.
- *
- * Returns: DSA-SHA1 signature transform klass.
- */
-xmlSecTransformId
-xmlSecOpenSSLTransformDsaSha1GetKlass(void) {
- return(&xmlSecOpenSSLDsaSha1Klass);
-}
-
/****************************************************************************
*
- * DSA-SHA1 EVP
+ * DSA EVP
*
- * XMLDSig specifies dsa signature packing not supported by OpenSSL so
+ * XMLDSig specifies DSA signature packing not supported by OpenSSL so
* we created our own EVP_MD.
*
* http://www.w3.org/TR/xmldsig-core/#sec-SignatureAlg:
- *
- * The output of the DSA algorithm consists of a pair of integers
- * usually referred by the pair (r, s). The signature value consists of
- * the base64 encoding of the concatenation of two octet-streams that
- * respectively result from the octet-encoding of the values r and s in
- * that order. Integer to octet-stream conversion must be done according
- * to the I2OSP operation defined in the RFC 2437 [PKCS1] specification
- * with a l parameter equal to 20. For example, the SignatureValue element
+ *
+ * The output of the DSA algorithm consists of a pair of integers
+ * usually referred by the pair (r, s). The signature value consists of
+ * the base64 encoding of the concatenation of two octet-streams that
+ * respectively result from the octet-encoding of the values r and s in
+ * that order. Integer to octet-stream conversion must be done according
+ * to the I2OSP operation defined in the RFC 2437 [PKCS1] specification
+ * with a l parameter equal to 20. For example, the SignatureValue element
* for a DSA signature (r, s) with values specified in hexadecimal:
*
- * r = 8BAC1AB6 6410435C B7181F95 B16AB97C 92B341C0
+ * r = 8BAC1AB6 6410435C B7181F95 B16AB97C 92B341C0
* s = 41E2345F 1F56DF24 58F426D1 55B4BA2D B6DCD8C8
- *
+ *
* from the example in Appendix 5 of the DSS standard would be
- *
+ *
* <SignatureValue>i6watmQQQ1y3GB+VsWq5fJKzQcBB4jRfH1bfJFj0JtFVtLotttzYyA==</SignatureValue>
*
***************************************************************************/
-#ifndef XMLSEC_OPENSSL_096
-static int
-xmlSecOpenSSLDsaSha1EvpInit(EVP_MD_CTX *ctx)
-{
- return SHA1_Init(ctx->md_data);
-}
-
-static int
-xmlSecOpenSSLDsaSha1EvpUpdate(EVP_MD_CTX *ctx,const void *data,unsigned long count)
-{
- return SHA1_Update(ctx->md_data,data,count);
-}
-
-static int
-xmlSecOpenSSLDsaSha1EvpFinal(EVP_MD_CTX *ctx,xmlSecByte *md)
-{
- return SHA1_Final(md,ctx->md_data);
-}
-#endif /* XMLSEC_OPENSSL_096 */
-
-static int
-xmlSecOpenSSLDsaSha1EvpSign(int type ATTRIBUTE_UNUSED,
- const xmlSecByte *dgst, int dlen,
- xmlSecByte *sig, unsigned int *siglen, DSA *dsa) {
+static int
+xmlSecOpenSSLDsaEvpSign(int type ATTRIBUTE_UNUSED,
+ const unsigned char *dgst, unsigned int dlen,
+ unsigned char *sig, unsigned int *siglen, void *dsa) {
DSA_SIG *s;
int rSize, sSize;
s = DSA_do_sign(dgst, dlen, dsa);
if(s == NULL) {
- *siglen=0;
- return(0);
+ *siglen=0;
+ return(0);
}
rSize = BN_num_bytes(s->r);
sSize = BN_num_bytes(s->s);
if((rSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2)) ||
(sSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2))) {
-
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "size(r)=%d or size(s)=%d > %d",
- rSize, sSize, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2);
- DSA_SIG_free(s);
- return(0);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size(r)=%d or size(s)=%d > %d",
+ rSize, sSize, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2);
+ DSA_SIG_free(s);
+ return(0);
+ }
memset(sig, 0, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE);
BN_bn2bin(s->r, sig + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2) - rSize);
@@ -649,51 +736,118 @@ xmlSecOpenSSLDsaSha1EvpSign(int type ATTRIBUTE_UNUSED,
*siglen = XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE;
DSA_SIG_free(s);
- return(1);
+ return(1);
}
-static int
-xmlSecOpenSSLDsaSha1EvpVerify(int type ATTRIBUTE_UNUSED,
- const xmlSecByte *dgst, int dgst_len,
- const xmlSecByte *sigbuf, int siglen, DSA *dsa) {
- DSA_SIG *s;
+static int
+xmlSecOpenSSLDsaEvpVerify(int type ATTRIBUTE_UNUSED,
+ const unsigned char *dgst, unsigned int dgst_len,
+ const unsigned char *sigbuf, unsigned int siglen,
+ void *dsa) {
+ DSA_SIG *s;
int ret = -1;
s = DSA_SIG_new();
if (s == NULL) {
- return(ret);
+ return(ret);
}
if(siglen != XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "invalid length %d (%d expected)",
- siglen, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE);
- goto err;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "invalid length %d (%d expected)",
+ siglen, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE);
+ goto done;
}
s->r = BN_bin2bn(sigbuf, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL);
- s->s = BN_bin2bn(sigbuf + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2),
- XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL);
+ s->s = BN_bin2bn(sigbuf + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2),
+ XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL);
if((s->r == NULL) || (s->s == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BN_bin2bn",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto err;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BN_bin2bn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
ret = DSA_do_verify(dgst, dgst_len, s, dsa);
-err:
+done:
DSA_SIG_free(s);
return(ret);
}
-static const EVP_MD xmlSecOpenSSLDsaMdEvp = {
+#ifndef XMLSEC_NO_SHA1
+/****************************************************************************
+ *
+ * DSA-SHA1 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLDsaSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameDsaSha1, /* const xmlChar* name; */
+ xmlSecHrefDsaSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformDsaSha1GetKlass:
+ *
+ * The DSA-SHA1 signature transform klass.
+ *
+ * Returns: DSA-SHA1 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformDsaSha1GetKlass(void) {
+ return(&xmlSecOpenSSLDsaSha1Klass);
+}
+
+#ifndef XMLSEC_OPENSSL_096
+static int
+xmlSecOpenSSLDsaSha1EvpInit(EVP_MD_CTX *ctx)
+{
+ return SHA1_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLDsaSha1EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA1_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLDsaSha1EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA1_Final(md,ctx->md_data);
+}
+#endif /* XMLSEC_OPENSSL_096 */
+
+static const EVP_MD xmlSecOpenSSLDsaSha1MdEvp = {
NID_dsaWithSHA,
NID_dsaWithSHA,
SHA_DIGEST_LENGTH,
@@ -709,21 +863,799 @@ static const EVP_MD xmlSecOpenSSLDsaMdEvp = {
SHA1_Update,
SHA1_Final,
#endif /* XMLSEC_OPENSSL_096 */
- xmlSecOpenSSLDsaSha1EvpSign,
- xmlSecOpenSSLDsaSha1EvpVerify,
+ xmlSecOpenSSLDsaEvpSign,
+ xmlSecOpenSSLDsaEvpVerify,
{EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,EVP_PKEY_DSA4,0},
SHA_CBLOCK,
- sizeof(EVP_MD *)+sizeof(SHA_CTX),
+ sizeof(EVP_MD *)+sizeof(SHA_CTX)
+#ifdef XMLSEC_OPENSSL_100
+ , NULL
+#endif /* XMLSEC_OPENSSL_100 */
};
static const EVP_MD *xmlSecOpenSSLDsaSha1Evp(void)
{
- return(&xmlSecOpenSSLDsaMdEvp);
+ return(&xmlSecOpenSSLDsaSha1MdEvp);
}
+
#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+/****************************************************************************
+ *
+ * DSA-SHA256 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLDsaSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameDsaSha256, /* const xmlChar* name; */
+ xmlSecHrefDsaSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformDsaSha256GetKlass:
+ *
+ * The DSA-SHA256 signature transform klass.
+ *
+ * Returns: DSA-SHA256 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformDsaSha256GetKlass(void) {
+ return(&xmlSecOpenSSLDsaSha256Klass);
+}
+
+#ifdef XMLSEC_OPENSSL_100
+static int
+xmlSecOpenSSLDsaSha256EvpInit(EVP_MD_CTX *ctx)
+{
+ return SHA256_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLDsaSha256EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA256_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLDsaSha256EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA256_Final(md,ctx->md_data);
+}
+
+static const EVP_MD xmlSecOpenSSLDsaSha256MdEvp = {
+ NID_dsa_with_SHA256,
+ NID_dsa_with_SHA256,
+ SHA256_DIGEST_LENGTH,
+ 0,
+ xmlSecOpenSSLDsaSha256EvpInit,
+ xmlSecOpenSSLDsaSha256EvpUpdate,
+ xmlSecOpenSSLDsaSha256EvpFinal,
+ NULL,
+ NULL,
+ xmlSecOpenSSLDsaEvpSign,
+ xmlSecOpenSSLDsaEvpVerify,
+ /* XXX-MAK: This worries me, not sure that the keys are right. */
+ {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,EVP_PKEY_DSA4,0},
+ SHA256_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+ NULL
+};
+
+static const EVP_MD *xmlSecOpenSSLDsaSha256Evp(void)
+{
+ return(&xmlSecOpenSSLDsaSha256MdEvp);
+}
+#endif /* XMLSEC_OPENSSL_100 */
+
+#endif /* XMLSEC_NO_SHA256 */
+
#endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_ECDSA
+/****************************************************************************
+ *
+ * ECDSA EVP
+ *
+ * NIST-IR-7802 (TMSAD) specifies ECDSA signature packing not supported by
+ * OpenSSL so we created our own EVP_MD.
+ *
+ * http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST-IR-7802
+ *
+ * The ECDSA algorithm signature is a pair of integers referred to as (r, s).
+ * The <dsig:SignatureValue> consists of the base64 [RFC2045] encoding of the
+ * concatenation of two octet-streams that respectively result from the
+ * octet-encoding of the values r and s, in that order. Integer to
+ * octet-stream conversion MUST be done according to the I2OSP operation
+ * defined in Section 4.1 of RFC 3447 [PKCS1] with the xLen parameter equal
+ * to the size of the base point order of the curve in bytes (32 for the
+ * P-256 curve).
+ *
+ ***************************************************************************/
+static int
+xmlSecOpenSSLEcdsaEvpSign(int type ATTRIBUTE_UNUSED,
+ const unsigned char *dgst, unsigned int dlen,
+ unsigned char *sig, unsigned int *siglen, void *ecdsa) {
+ int rSize, sSize, xLen;
+ const EC_GROUP *group;
+ BIGNUM *order = NULL;
+ ECDSA_SIG *s;
+ int ret = 0;
+
+ s = ECDSA_do_sign(dgst, dlen, ecdsa);
+ if(s == NULL) {
+ *siglen = 0;
+ return(ret);
+ }
+
+ group = EC_KEY_get0_group(ecdsa);
+ if(group == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EC_KEY_get0_group",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ order = BN_new();
+ if(order == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BN_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ if(EC_GROUP_get_order(group, order, NULL) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EC_GROUP_get_order",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ xLen = BN_num_bytes(order);
+ if(xLen > (XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE / 2)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "xLen=%d > %d",
+ xLen, XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE / 2);
+ goto done;
+ }
+
+ rSize = BN_num_bytes(s->r);
+ sSize = BN_num_bytes(s->s);
+ if((rSize > xLen) || (sSize > xLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size(r)=%d or size(s)=%d > %d",
+ rSize, sSize, xLen);
+ goto done;
+ }
+
+ memset(sig, 0, xLen * 2);
+ BN_bn2bin(s->r, sig + xLen - rSize);
+ BN_bn2bin(s->s, sig + (xLen * 2) - sSize);
+ *siglen = xLen * 2;
+
+ ret = 1;
+
+done:
+ if(order != NULL) {
+ BN_clear_free(order);
+ }
+ ECDSA_SIG_free(s);
+ return(ret);
+}
+
+static int
+xmlSecOpenSSLEcdsaEvpVerify(int type ATTRIBUTE_UNUSED,
+ const unsigned char *dgst, unsigned int dgst_len,
+ const unsigned char *sigbuf, unsigned int siglen,
+ void *ecdsa) {
+ const EC_GROUP *group;
+ unsigned int xLen;
+ BIGNUM *order = NULL;
+ ECDSA_SIG *s;
+ int ret = -1;
+
+ s = ECDSA_SIG_new();
+ if (s == NULL) {
+ return(ret);
+ }
+
+ group = EC_KEY_get0_group(ecdsa);
+ if(group == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EC_KEY_get0_group",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ order = BN_new();
+ if(order == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BN_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ if(EC_GROUP_get_order(group, order, NULL) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EC_GROUP_get_order",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ xLen = BN_num_bytes(order);
+ if(xLen > (XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE / 2)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "xLen=%d > %d",
+ xLen, XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE / 2);
+ goto done;
+ }
+
+ if(siglen != xLen * 2) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "invalid length %d (%d expected)",
+ siglen, xLen * 2);
+ goto done;
+ }
+
+ s->r = BN_bin2bn(sigbuf, xLen, NULL);
+ s->s = BN_bin2bn(sigbuf + xLen, xLen, NULL);
+ if((s->r == NULL) || (s->s == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BN_bin2bn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = ECDSA_do_verify(dgst, dgst_len, s, ecdsa);
+
+done:
+ if(order != NULL) {
+ BN_clear_free(order);
+ }
+ ECDSA_SIG_free(s);
+ return(ret);
+}
+
+#ifndef XMLSEC_NO_SHA1
+/****************************************************************************
+ *
+ * ECDSA-SHA1 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameEcdsaSha1, /* const xmlChar* name; */
+ xmlSecHrefEcdsaSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformEcdsaSha1GetKlass:
+ *
+ * The ECDSA-SHA1 signature transform klass.
+ *
+ * Returns: ECDSA-SHA1 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformEcdsaSha1GetKlass(void) {
+ return(&xmlSecOpenSSLEcdsaSha1Klass);
+}
+
+#ifndef XMLSEC_OPENSSL_096
+static int
+xmlSecOpenSSLEcdsaSha1EvpInit(EVP_MD_CTX *ctx)
+{
+ return SHA1_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha1EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA1_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha1EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA1_Final(md,ctx->md_data);
+}
+#endif /* XMLSEC_OPENSSL_096 */
+
+static const EVP_MD xmlSecOpenSSLEcdsaSha1MdEvp = {
+ NID_ecdsa_with_SHA1,
+ NID_ecdsa_with_SHA1,
+ SHA_DIGEST_LENGTH,
+#ifndef XMLSEC_OPENSSL_096
+ 0,
+ xmlSecOpenSSLEcdsaSha1EvpInit,
+ xmlSecOpenSSLEcdsaSha1EvpUpdate,
+ xmlSecOpenSSLEcdsaSha1EvpFinal,
+ NULL,
+ NULL,
+#else /* XMLSEC_OPENSSL_096 */
+ SHA1_Init,
+ SHA1_Update,
+ SHA1_Final,
+#endif /* XMLSEC_OPENSSL_096 */
+ xmlSecOpenSSLEcdsaEvpSign,
+ xmlSecOpenSSLEcdsaEvpVerify,
+ /* XXX-MAK: This worries me, not sure that the keys are right. */
+ {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA1,0,0,0},
+ SHA_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA_CTX),
+ NULL
+};
+
+static const EVP_MD *xmlSecOpenSSLEcdsaSha1Evp(void)
+{
+ return(&xmlSecOpenSSLEcdsaSha1MdEvp);
+}
+
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+/****************************************************************************
+ *
+ * ECDSA-SHA224 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha224Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameEcdsaSha224, /* const xmlChar* name; */
+ xmlSecHrefEcdsaSha224, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformEcdsaSha224GetKlass:
+ *
+ * The ECDSA-SHA224 signature transform klass.
+ *
+ * Returns: ECDSA-SHA224 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformEcdsaSha224GetKlass(void) {
+ return(&xmlSecOpenSSLEcdsaSha224Klass);
+}
+
+#ifndef XMLSEC_OPENSSL_096
+static int
+xmlSecOpenSSLEcdsaSha224EvpInit(EVP_MD_CTX *ctx)
+{
+ return SHA224_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha224EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA224_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha224EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA224_Final(md,ctx->md_data);
+}
+#endif /* XMLSEC_OPENSSL_096 */
+
+static const EVP_MD xmlSecOpenSSLEcdsaSha224MdEvp = {
+ NID_ecdsa_with_SHA224,
+ NID_ecdsa_with_SHA224,
+ SHA224_DIGEST_LENGTH,
+#ifndef XMLSEC_OPENSSL_096
+ 0,
+ xmlSecOpenSSLEcdsaSha224EvpInit,
+ xmlSecOpenSSLEcdsaSha224EvpUpdate,
+ xmlSecOpenSSLEcdsaSha224EvpFinal,
+ NULL,
+ NULL,
+#else /* XMLSEC_OPENSSL_096 */
+ SHA224_Init,
+ SHA224_Update,
+ SHA224_Final,
+#endif /* XMLSEC_OPENSSL_096 */
+ xmlSecOpenSSLEcdsaEvpSign,
+ xmlSecOpenSSLEcdsaEvpVerify,
+ /* XXX-MAK: This worries me, not sure that the keys are right. */
+ {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA224,0,0,0},
+ SHA256_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+ NULL
+};
+
+static const EVP_MD *xmlSecOpenSSLEcdsaSha224Evp(void)
+{
+ return(&xmlSecOpenSSLEcdsaSha224MdEvp);
+}
+
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+/****************************************************************************
+ *
+ * ECDSA-SHA256 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameEcdsaSha256, /* const xmlChar* name; */
+ xmlSecHrefEcdsaSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformEcdsaSha256GetKlass:
+ *
+ * The ECDSA-SHA256 signature transform klass.
+ *
+ * Returns: ECDSA-SHA256 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformEcdsaSha256GetKlass(void) {
+ return(&xmlSecOpenSSLEcdsaSha256Klass);
+}
+
+#ifndef XMLSEC_OPENSSL_096
+static int
+xmlSecOpenSSLEcdsaSha256EvpInit(EVP_MD_CTX *ctx)
+{
+ return SHA256_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha256EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA256_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha256EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA256_Final(md,ctx->md_data);
+}
+#endif /* XMLSEC_OPENSSL_096 */
+
+static const EVP_MD xmlSecOpenSSLEcdsaSha256MdEvp = {
+ NID_ecdsa_with_SHA256,
+ NID_ecdsa_with_SHA256,
+ SHA256_DIGEST_LENGTH,
+#ifndef XMLSEC_OPENSSL_096
+ 0,
+ xmlSecOpenSSLEcdsaSha256EvpInit,
+ xmlSecOpenSSLEcdsaSha256EvpUpdate,
+ xmlSecOpenSSLEcdsaSha256EvpFinal,
+ NULL,
+ NULL,
+#else /* XMLSEC_OPENSSL_096 */
+ SHA256_Init,
+ SHA256_Update,
+ SHA256_Final,
+#endif /* XMLSEC_OPENSSL_096 */
+ xmlSecOpenSSLEcdsaEvpSign,
+ xmlSecOpenSSLEcdsaEvpVerify,
+ /* XXX-MAK: This worries me, not sure that the keys are right. */
+ {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA256,0,0,0},
+ SHA256_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+ NULL
+};
+
+static const EVP_MD *xmlSecOpenSSLEcdsaSha256Evp(void)
+{
+ return(&xmlSecOpenSSLEcdsaSha256MdEvp);
+}
+
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/****************************************************************************
+ *
+ * ECDSA-SHA384 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameEcdsaSha384, /* const xmlChar* name; */
+ xmlSecHrefEcdsaSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformEcdsaSha384GetKlass:
+ *
+ * The ECDSA-SHA384 signature transform klass.
+ *
+ * Returns: ECDSA-SHA384 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformEcdsaSha384GetKlass(void) {
+ return(&xmlSecOpenSSLEcdsaSha384Klass);
+}
+
+#ifndef XMLSEC_OPENSSL_096
+static int
+xmlSecOpenSSLEcdsaSha384EvpInit(EVP_MD_CTX *ctx)
+{
+ return SHA384_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha384EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA384_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha384EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA384_Final(md,ctx->md_data);
+}
+#endif /* XMLSEC_OPENSSL_096 */
+
+static const EVP_MD xmlSecOpenSSLEcdsaSha384MdEvp = {
+ NID_ecdsa_with_SHA384,
+ NID_ecdsa_with_SHA384,
+ SHA384_DIGEST_LENGTH,
+#ifndef XMLSEC_OPENSSL_096
+ 0,
+ xmlSecOpenSSLEcdsaSha384EvpInit,
+ xmlSecOpenSSLEcdsaSha384EvpUpdate,
+ xmlSecOpenSSLEcdsaSha384EvpFinal,
+ NULL,
+ NULL,
+#else /* XMLSEC_OPENSSL_096 */
+ SHA384_Init,
+ SHA384_Update,
+ SHA384_Final,
+#endif /* XMLSEC_OPENSSL_096 */
+ xmlSecOpenSSLEcdsaEvpSign,
+ xmlSecOpenSSLEcdsaEvpVerify,
+ /* XXX-MAK: This worries me, not sure that the keys are right. */
+ {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA384,0,0,0},
+ SHA512_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA512_CTX),
+ NULL
+};
+
+static const EVP_MD *xmlSecOpenSSLEcdsaSha384Evp(void)
+{
+ return(&xmlSecOpenSSLEcdsaSha384MdEvp);
+}
+
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/****************************************************************************
+ *
+ * ECDSA-SHA512 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameEcdsaSha512, /* const xmlChar* name; */
+ xmlSecHrefEcdsaSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformEcdsaSha512GetKlass:
+ *
+ * The ECDSA-SHA512 signature transform klass.
+ *
+ * Returns: ECDSA-SHA512 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformEcdsaSha512GetKlass(void) {
+ return(&xmlSecOpenSSLEcdsaSha512Klass);
+}
+
+#ifndef XMLSEC_OPENSSL_096
+static int
+xmlSecOpenSSLEcdsaSha512EvpInit(EVP_MD_CTX *ctx)
+{
+ return SHA512_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha512EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA512_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha512EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA512_Final(md,ctx->md_data);
+}
+#endif /* XMLSEC_OPENSSL_096 */
+
+static const EVP_MD xmlSecOpenSSLEcdsaSha512MdEvp = {
+ NID_ecdsa_with_SHA512,
+ NID_ecdsa_with_SHA512,
+ SHA512_DIGEST_LENGTH,
+#ifndef XMLSEC_OPENSSL_096
+ 0,
+ xmlSecOpenSSLEcdsaSha512EvpInit,
+ xmlSecOpenSSLEcdsaSha512EvpUpdate,
+ xmlSecOpenSSLEcdsaSha512EvpFinal,
+ NULL,
+ NULL,
+#else /* XMLSEC_OPENSSL_096 */
+ SHA512_Init,
+ SHA512_Update,
+ SHA512_Final,
+#endif /* XMLSEC_OPENSSL_096 */
+ xmlSecOpenSSLEcdsaEvpSign,
+ xmlSecOpenSSLEcdsaEvpVerify,
+ /* XXX-MAK: This worries me, not sure that the keys are right. */
+ {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA512,0,0,0},
+ SHA512_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA512_CTX),
+ NULL
+};
+
+static const EVP_MD *xmlSecOpenSSLEcdsaSha512Evp(void)
+{
+ return(&xmlSecOpenSSLEcdsaSha512MdEvp);
+}
+
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_ECDSA */
+
#ifndef XMLSEC_NO_RSA
#ifndef XMLSEC_NO_MD5
@@ -734,39 +1666,39 @@ static const EVP_MD *xmlSecOpenSSLDsaSha1Evp(void)
***************************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLRsaMd5Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
-
- xmlSecNameRsaMd5, /* const xmlChar* name; */
- xmlSecHrefRsaMd5, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaMd5, /* const xmlChar* name; */
+ xmlSecHrefRsaMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecOpenSSLTransformRsaMd5GetKlass:
- *
+ *
* The RSA-MD5 signature transform klass.
*
* Returns: RSA-MD5 signature transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformRsaMd5GetKlass(void) {
return(&xmlSecOpenSSLRsaMd5Klass);
}
@@ -781,39 +1713,39 @@ xmlSecOpenSSLTransformRsaMd5GetKlass(void) {
***************************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLRsaRipemd160Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
-
- xmlSecNameRsaRipemd160, /* const xmlChar* name; */
- xmlSecHrefRsaRipemd160, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaRipemd160, /* const xmlChar* name; */
+ xmlSecHrefRsaRipemd160, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecOpenSSLTransformRsaRipemd160GetKlass:
- *
+ *
* The RSA-RIPEMD160 signature transform klass.
*
* Returns: RSA-RIPEMD160 signature transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformRsaRipemd160GetKlass(void) {
return(&xmlSecOpenSSLRsaRipemd160Klass);
}
@@ -828,39 +1760,39 @@ xmlSecOpenSSLTransformRsaRipemd160GetKlass(void) {
***************************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLRsaSha1Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
-
- xmlSecNameRsaSha1, /* const xmlChar* name; */
- xmlSecHrefRsaSha1, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha1, /* const xmlChar* name; */
+ xmlSecHrefRsaSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecOpenSSLTransformRsaSha1GetKlass:
- *
+ *
* The RSA-SHA1 signature transform klass.
*
* Returns: RSA-SHA1 signature transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformRsaSha1GetKlass(void) {
return(&xmlSecOpenSSLRsaSha1Klass);
}
@@ -875,39 +1807,39 @@ xmlSecOpenSSLTransformRsaSha1GetKlass(void) {
***************************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLRsaSha224Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
-
- xmlSecNameRsaSha224, /* const xmlChar* name; */
- xmlSecHrefRsaSha224, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha224, /* const xmlChar* name; */
+ xmlSecHrefRsaSha224, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecOpenSSLTransformRsaSha224GetKlass:
- *
+ *
* The RSA-SHA224 signature transform klass.
*
* Returns: RSA-SHA224 signature transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformRsaSha224GetKlass(void) {
return(&xmlSecOpenSSLRsaSha224Klass);
}
@@ -922,39 +1854,39 @@ xmlSecOpenSSLTransformRsaSha224GetKlass(void) {
***************************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLRsaSha256Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
-
- xmlSecNameRsaSha256, /* const xmlChar* name; */
- xmlSecHrefRsaSha256, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha256, /* const xmlChar* name; */
+ xmlSecHrefRsaSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecOpenSSLTransformRsaSha256GetKlass:
- *
+ *
* The RSA-SHA256 signature transform klass.
*
* Returns: RSA-SHA256 signature transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformRsaSha256GetKlass(void) {
return(&xmlSecOpenSSLRsaSha256Klass);
}
@@ -969,39 +1901,39 @@ xmlSecOpenSSLTransformRsaSha256GetKlass(void) {
***************************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLRsaSha384Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
-
- xmlSecNameRsaSha384, /* const xmlChar* name; */
- xmlSecHrefRsaSha384, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha384, /* const xmlChar* name; */
+ xmlSecHrefRsaSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecOpenSSLTransformRsaSha384GetKlass:
- *
+ *
* The RSA-SHA384 signature transform klass.
*
* Returns: RSA-SHA384 signature transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformRsaSha384GetKlass(void) {
return(&xmlSecOpenSSLRsaSha384Klass);
}
@@ -1016,39 +1948,39 @@ xmlSecOpenSSLTransformRsaSha384GetKlass(void) {
***************************************************************************/
static xmlSecTransformKlass xmlSecOpenSSLRsaSha512Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
-
- xmlSecNameRsaSha512, /* const xmlChar* name; */
- xmlSecHrefRsaSha512, /* const xmlChar* href; */
- xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
-
- xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
- xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha512, /* const xmlChar* name; */
+ xmlSecHrefRsaSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecOpenSSLTransformRsaSha512GetKlass:
- *
+ *
* The RSA-SHA512 signature transform klass.
*
* Returns: RSA-SHA512 signature transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecOpenSSLTransformRsaSha512GetKlass(void) {
return(&xmlSecOpenSSLRsaSha512Klass);
}
@@ -1058,4 +1990,52 @@ xmlSecOpenSSLTransformRsaSha512GetKlass(void) {
#endif /* XMLSEC_NO_RSA */
+#ifndef XMLSEC_NO_GOST
+/****************************************************************************
+ *
+ * GOST2001-GOSTR3411_94 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLGost2001GostR3411_94Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameGost2001GostR3411_94, /* const xmlChar* name; */
+ xmlSecHrefGost2001GostR3411_94, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformGost2001GostR3411_94GetKlass:
+ *
+ * The GOST2001-GOSTR3411_94 signature transform klass.
+ *
+ * Returns: GOST2001-GOSTR3411_94 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformGost2001GostR3411_94GetKlass(void) {
+ return(&xmlSecOpenSSLGost2001GostR3411_94Klass);
+}
+
+#endif /* XMLSEC_NO_GOST*/
+
diff --git a/src/openssl/symkeys.c b/src/openssl/symkeys.c
index fdcf2876..6195ed6d 100644
--- a/src/openssl/symkeys.c
+++ b/src/openssl/symkeys.c
@@ -1,12 +1,12 @@
-/**
+/**
*
* XMLSec library
- *
+ *
* DES Algorithm support
- *
+ *
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -27,43 +27,43 @@
#include <xmlsec/openssl/crypto.h>
/*****************************************************************************
- *
+ *
* Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
*
****************************************************************************/
-static int xmlSecOpenSSLSymKeyDataInitialize (xmlSecKeyDataPtr data);
-static int xmlSecOpenSSLSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
- xmlSecKeyDataPtr src);
-static void xmlSecOpenSSLSymKeyDataFinalize (xmlSecKeyDataPtr data);
-static int xmlSecOpenSSLSymKeyDataXmlRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecOpenSSLSymKeyDataXmlWrite (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecOpenSSLSymKeyDataBinRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- const xmlSecByte* buf,
- xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecOpenSSLSymKeyDataBinWrite (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlSecByte** buf,
- xmlSecSize* bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecOpenSSLSymKeyDataGenerate (xmlSecKeyDataPtr data,
- xmlSecSize sizeBits,
- xmlSecKeyDataType type);
-
-static xmlSecKeyDataType xmlSecOpenSSLSymKeyDataGetType (xmlSecKeyDataPtr data);
-static xmlSecSize xmlSecOpenSSLSymKeyDataGetSize (xmlSecKeyDataPtr data);
-static void xmlSecOpenSSLSymKeyDataDebugDump (xmlSecKeyDataPtr data,
- FILE* output);
-static void xmlSecOpenSSLSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
- FILE* output);
-static int xmlSecOpenSSLSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
+static int xmlSecOpenSSLSymKeyDataInitialize (xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecOpenSSLSymKeyDataFinalize (xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLSymKeyDataXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLSymKeyDataXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLSymKeyDataBinRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLSymKeyDataBinWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlSecByte** buf,
+ xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLSymKeyDataGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecOpenSSLSymKeyDataGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecOpenSSLSymKeyDataGetSize (xmlSecKeyDataPtr data);
+static void xmlSecOpenSSLSymKeyDataDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecOpenSSLSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static int xmlSecOpenSSLSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
#define xmlSecOpenSSLSymKeyDataCheckId(data) \
(xmlSecKeyDataIsValid((data)) && \
@@ -72,7 +72,7 @@ static int xmlSecOpenSSLSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
static int
xmlSecOpenSSLSymKeyDataInitialize(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecOpenSSLSymKeyDataCheckId(data), -1);
-
+
return(xmlSecKeyDataBinaryValueInitialize(data));
}
@@ -81,48 +81,48 @@ xmlSecOpenSSLSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
xmlSecAssert2(xmlSecOpenSSLSymKeyDataCheckId(dst), -1);
xmlSecAssert2(xmlSecOpenSSLSymKeyDataCheckId(src), -1);
xmlSecAssert2(dst->id == src->id, -1);
-
+
return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
}
static void
xmlSecOpenSSLSymKeyDataFinalize(xmlSecKeyDataPtr data) {
xmlSecAssert(xmlSecOpenSSLSymKeyDataCheckId(data));
-
+
xmlSecKeyDataBinaryValueFinalize(data);
}
static int
xmlSecOpenSSLSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecAssert2(xmlSecOpenSSLSymKeyDataKlassCheck(id), -1);
-
+
return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
}
-static int
+static int
xmlSecOpenSSLSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecAssert2(xmlSecOpenSSLSymKeyDataKlassCheck(id), -1);
-
+
return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
}
static int
xmlSecOpenSSLSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- const xmlSecByte* buf, xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecAssert2(xmlSecOpenSSLSymKeyDataKlassCheck(id), -1);
-
+
return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
}
static int
xmlSecOpenSSLSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlSecByte** buf, xmlSecSize* bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecByte** buf, xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecAssert2(xmlSecOpenSSLSymKeyDataKlassCheck(id), -1);
-
+
return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
}
@@ -135,7 +135,7 @@ xmlSecOpenSSLSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlS
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
xmlSecAssert2(buffer != NULL, -1);
-
+
return(xmlSecOpenSSLGenerateRandom(buffer, (sizeBits + 7) / 8));
}
@@ -151,46 +151,46 @@ xmlSecOpenSSLSymKeyDataGetType(xmlSecKeyDataPtr data) {
return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
}
-static xmlSecSize
+static xmlSecSize
xmlSecOpenSSLSymKeyDataGetSize(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecOpenSSLSymKeyDataCheckId(data), 0);
-
+
return(xmlSecKeyDataBinaryValueGetSize(data));
}
-static void
+static void
xmlSecOpenSSLSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecOpenSSLSymKeyDataCheckId(data));
-
- xmlSecKeyDataBinaryValueDebugDump(data, output);
+
+ xmlSecKeyDataBinaryValueDebugDump(data, output);
}
static void
xmlSecOpenSSLSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
xmlSecAssert(xmlSecOpenSSLSymKeyDataCheckId(data));
-
- xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
+
+ xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
}
-static int
-xmlSecOpenSSLSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
+static int
+xmlSecOpenSSLSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
#ifndef XMLSEC_NO_DES
if(klass == xmlSecOpenSSLKeyDataDesId) {
- return(1);
+ return(1);
}
#endif /* XMLSEC_NO_DES */
#ifndef XMLSEC_NO_AES
#ifndef XMLSEC_OPENSSL_096
if(klass == xmlSecOpenSSLKeyDataAesId) {
- return(1);
+ return(1);
}
#endif /* XMLSEC_OPENSSL_096 */
#endif /* XMLSEC_NO_AES */
#ifndef XMLSEC_NO_HMAC
if(klass == xmlSecOpenSSLKeyDataHmacId) {
- return(1);
+ return(1);
}
#endif /* XMLSEC_NO_HMAC */
@@ -210,55 +210,55 @@ static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataAesKlass = {
/* data */
xmlSecNameAESKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefAESKeyValue, /* const xmlChar* href; */
- xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
- xmlSecNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefAESKeyValue, /* const xmlChar* href; */
+ xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- xmlSecOpenSSLSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecOpenSSLSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecOpenSSLSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- xmlSecOpenSSLSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
+ xmlSecOpenSSLSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecOpenSSLSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecOpenSSLSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecOpenSSLSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
/* get info */
- xmlSecOpenSSLSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
- xmlSecOpenSSLSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ xmlSecOpenSSLSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecOpenSSLSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- xmlSecOpenSSLSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecOpenSSLSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- xmlSecOpenSSLSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
- xmlSecOpenSSLSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ xmlSecOpenSSLSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecOpenSSLSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecOpenSSLSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecOpenSSLSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- xmlSecOpenSSLSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecOpenSSLSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ xmlSecOpenSSLSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecOpenSSLSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLKeyDataAesGetKlass:
- *
+ *
* The AES key data klass.
*
* Returns: AES key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecOpenSSLKeyDataAesGetKlass(void) {
return(&xmlSecOpenSSLKeyDataAesKlass);
}
/**
* xmlSecOpenSSLKeyDataAesSet:
- * @data: the pointer to AES key data.
- * @buf: the pointer to key value.
- * @bufSize: the key value size (in bytes).
+ * @data: the pointer to AES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
*
* Sets the value of AES key data.
*
@@ -267,14 +267,14 @@ xmlSecOpenSSLKeyDataAesGetKlass(void) {
int
xmlSecOpenSSLKeyDataAesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
xmlSecBufferPtr buffer;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataAesId), -1);
xmlSecAssert2(buf != NULL, -1);
xmlSecAssert2(bufSize > 0, -1);
-
+
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
xmlSecAssert2(buffer != NULL, -1);
-
+
return(xmlSecBufferSetData(buffer, buf, bufSize));
}
@@ -293,55 +293,55 @@ static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataDesKlass = {
/* data */
xmlSecNameDESKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefDESKeyValue, /* const xmlChar* href; */
- xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
- xmlSecNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefDESKeyValue, /* const xmlChar* href; */
+ xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- xmlSecOpenSSLSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecOpenSSLSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecOpenSSLSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- xmlSecOpenSSLSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
+ xmlSecOpenSSLSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecOpenSSLSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecOpenSSLSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecOpenSSLSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
/* get info */
- xmlSecOpenSSLSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
- xmlSecOpenSSLSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ xmlSecOpenSSLSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecOpenSSLSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- xmlSecOpenSSLSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecOpenSSLSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- xmlSecOpenSSLSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
- xmlSecOpenSSLSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ xmlSecOpenSSLSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecOpenSSLSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecOpenSSLSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecOpenSSLSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- xmlSecOpenSSLSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecOpenSSLSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ xmlSecOpenSSLSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecOpenSSLSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLKeyDataDesGetKlass:
- *
+ *
* The DES key data klass.
*
* Returns: DES key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecOpenSSLKeyDataDesGetKlass(void) {
return(&xmlSecOpenSSLKeyDataDesKlass);
}
/**
* xmlSecOpenSSLKeyDataDesSet:
- * @data: the pointer to DES key data.
- * @buf: the pointer to key value.
- * @bufSize: the key value size (in bytes).
+ * @data: the pointer to DES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
*
* Sets the value of DES key data.
*
@@ -350,14 +350,14 @@ xmlSecOpenSSLKeyDataDesGetKlass(void) {
int
xmlSecOpenSSLKeyDataDesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
xmlSecBufferPtr buffer;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDesId), -1);
xmlSecAssert2(buf != NULL, -1);
xmlSecAssert2(bufSize > 0, -1);
-
+
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
xmlSecAssert2(buffer != NULL, -1);
-
+
return(xmlSecBufferSetData(buffer, buf, bufSize));
}
@@ -375,55 +375,55 @@ static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataHmacKlass = {
/* data */
xmlSecNameHMACKeyValue,
- xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
- xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
- xmlSecNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
+ xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- xmlSecOpenSSLSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecOpenSSLSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecOpenSSLSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- xmlSecOpenSSLSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
-
+ xmlSecOpenSSLSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecOpenSSLSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecOpenSSLSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecOpenSSLSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
/* get info */
- xmlSecOpenSSLSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
- xmlSecOpenSSLSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ xmlSecOpenSSLSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecOpenSSLSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- xmlSecOpenSSLSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecOpenSSLSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- xmlSecOpenSSLSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
- xmlSecOpenSSLSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ xmlSecOpenSSLSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecOpenSSLSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecOpenSSLSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecOpenSSLSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- xmlSecOpenSSLSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecOpenSSLSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ xmlSecOpenSSLSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecOpenSSLSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLKeyDataHmacGetKlass:
- *
+ *
* The HMAC key data klass.
*
* Returns: HMAC key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecOpenSSLKeyDataHmacGetKlass(void) {
return(&xmlSecOpenSSLKeyDataHmacKlass);
}
/**
* xmlSecOpenSSLKeyDataHmacSet:
- * @data: the pointer to HMAC key data.
- * @buf: the pointer to key value.
- * @bufSize: the key value size (in bytes).
+ * @data: the pointer to HMAC key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
*
* Sets the value of HMAC key data.
*
@@ -432,14 +432,14 @@ xmlSecOpenSSLKeyDataHmacGetKlass(void) {
int
xmlSecOpenSSLKeyDataHmacSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
xmlSecBufferPtr buffer;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataHmacId), -1);
xmlSecAssert2(buf != NULL, -1);
xmlSecAssert2(bufSize > 0, -1);
-
+
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
xmlSecAssert2(buffer != NULL, -1);
-
+
return(xmlSecBufferSetData(buffer, buf, bufSize));
}
diff --git a/src/openssl/x509.c b/src/openssl/x509.c
index 74dd4096..459a312d 100644
--- a/src/openssl/x509.c
+++ b/src/openssl/x509.c
@@ -1,4 +1,4 @@
-/**
+/**
* XMLSec library
*
* X509 support
@@ -6,7 +6,7 @@
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -45,73 +45,73 @@
* X509 utility functions
*
************************************************************************/
-static int xmlSecOpenSSLX509DataNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecOpenSSLX509CertificateNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecOpenSSLX509CertificateNodeWrite (X509* cert,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecOpenSSLX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecOpenSSLX509SubjectNameNodeWrite (X509* cert,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecOpenSSLX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecOpenSSLX509IssuerSerialNodeWrite (X509* cert,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecOpenSSLX509SKINodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecOpenSSLX509SKINodeWrite (X509* cert,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecOpenSSLX509CRLNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecOpenSSLX509CRLNodeWrite (X509_CRL* crl,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
- xmlSecKeyPtr key,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static X509* xmlSecOpenSSLX509CertDerRead (const xmlSecByte* buf,
- xmlSecSize size);
-static X509* xmlSecOpenSSLX509CertBase64DerRead (xmlChar* buf);
-static xmlChar* xmlSecOpenSSLX509CertBase64DerWrite (X509* cert,
- int base64LineWrap);
-static X509_CRL* xmlSecOpenSSLX509CrlDerRead (xmlSecByte* buf,
- xmlSecSize size);
-static X509_CRL* xmlSecOpenSSLX509CrlBase64DerRead (xmlChar* buf);
-static xmlChar* xmlSecOpenSSLX509CrlBase64DerWrite (X509_CRL* crl,
- int base64LineWrap);
-static xmlChar* xmlSecOpenSSLX509NameWrite (X509_NAME* nm);
-static xmlChar* xmlSecOpenSSLASN1IntegerWrite (ASN1_INTEGER *asni);
-static xmlChar* xmlSecOpenSSLX509SKIWrite (X509* cert);
-static void xmlSecOpenSSLX509CertDebugDump (X509* cert,
- FILE* output);
-static void xmlSecOpenSSLX509CertDebugXmlDump (X509* cert,
- FILE* output);
-static int xmlSecOpenSSLX509CertGetTime (ASN1_TIME* t,
- time_t* res);
+static int xmlSecOpenSSLX509DataNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLX509CertificateNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLX509CertificateNodeWrite (X509* cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLX509SubjectNameNodeWrite (X509* cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLX509IssuerSerialNodeWrite (X509* cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLX509SKINodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLX509SKINodeWrite (X509* cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLX509CRLNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLX509CRLNodeWrite (X509_CRL* crl,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
+ xmlSecKeyPtr key,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static X509* xmlSecOpenSSLX509CertDerRead (const xmlSecByte* buf,
+ xmlSecSize size);
+static X509* xmlSecOpenSSLX509CertBase64DerRead (xmlChar* buf);
+static xmlChar* xmlSecOpenSSLX509CertBase64DerWrite (X509* cert,
+ int base64LineWrap);
+static X509_CRL* xmlSecOpenSSLX509CrlDerRead (xmlSecByte* buf,
+ xmlSecSize size);
+static X509_CRL* xmlSecOpenSSLX509CrlBase64DerRead (xmlChar* buf);
+static xmlChar* xmlSecOpenSSLX509CrlBase64DerWrite (X509_CRL* crl,
+ int base64LineWrap);
+static xmlChar* xmlSecOpenSSLX509NameWrite (X509_NAME* nm);
+static xmlChar* xmlSecOpenSSLASN1IntegerWrite (ASN1_INTEGER *asni);
+static xmlChar* xmlSecOpenSSLX509SKIWrite (X509* cert);
+static void xmlSecOpenSSLX509CertDebugDump (X509* cert,
+ FILE* output);
+static void xmlSecOpenSSLX509CertDebugXmlDump (X509* cert,
+ FILE* output);
+static int xmlSecOpenSSLX509CertGetTime (ASN1_TIME* t,
+ time_t* res);
/*************************************************************************
*
* Internal OpenSSL X509 data CTX
*
************************************************************************/
-typedef struct _xmlSecOpenSSLX509DataCtx xmlSecOpenSSLX509DataCtx,
- *xmlSecOpenSSLX509DataCtxPtr;
+typedef struct _xmlSecOpenSSLX509DataCtx xmlSecOpenSSLX509DataCtx,
+ *xmlSecOpenSSLX509DataCtxPtr;
struct _xmlSecOpenSSLX509DataCtx {
- X509* keyCert;
- STACK_OF(X509)* certsList;
- STACK_OF(X509_CRL)* crlsList;
+ X509* keyCert;
+ STACK_OF(X509)* certsList;
+ STACK_OF(X509_CRL)* crlsList;
};
/**************************************************************************
@@ -121,52 +121,52 @@ struct _xmlSecOpenSSLX509DataCtx {
*
* The X509Data Element (http://www.w3.org/TR/xmldsig-core/#sec-X509Data)
*
- * An X509Data element within KeyInfo contains one or more identifiers of keys
- * or X509 certificates (or certificates' identifiers or a revocation list).
+ * An X509Data element within KeyInfo contains one or more identifiers of keys
+ * or X509 certificates (or certificates' identifiers or a revocation list).
* The content of X509Data is:
*
* 1. At least one element, from the following set of element types; any of these may appear together or more than once iff (if and only if) each instance describes or is related to the same certificate:
* 2.
- * * The X509IssuerSerial element, which contains an X.509 issuer
- * distinguished name/serial number pair that SHOULD be compliant
- * with RFC2253 [LDAP-DN],
- * * The X509SubjectName element, which contains an X.509 subject
- * distinguished name that SHOULD be compliant with RFC2253 [LDAP-DN],
- * * The X509SKI element, which contains the base64 encoded plain (i.e.
- * non-DER-encoded) value of a X509 V.3 SubjectKeyIdentifier extension.
- * * The X509Certificate element, which contains a base64-encoded [X509v3]
- * certificate, and
- * * Elements from an external namespace which accompanies/complements any
- * of the elements above.
- * * The X509CRL element, which contains a base64-encoded certificate
- * revocation list (CRL) [X509v3].
+ * * The X509IssuerSerial element, which contains an X.509 issuer
+ * distinguished name/serial number pair that SHOULD be compliant
+ * with RFC2253 [LDAP-DN],
+ * * The X509SubjectName element, which contains an X.509 subject
+ * distinguished name that SHOULD be compliant with RFC2253 [LDAP-DN],
+ * * The X509SKI element, which contains the base64 encoded plain (i.e.
+ * non-DER-encoded) value of a X509 V.3 SubjectKeyIdentifier extension.
+ * * The X509Certificate element, which contains a base64-encoded [X509v3]
+ * certificate, and
+ * * Elements from an external namespace which accompanies/complements any
+ * of the elements above.
+ * * The X509CRL element, which contains a base64-encoded certificate
+ * revocation list (CRL) [X509v3].
*
- * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear
+ * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear
* MUST refer to the certificate or certificates containing the validation key.
- * All such elements that refer to a particular individual certificate MUST be
- * grouped inside a single X509Data element and if the certificate to which
+ * All such elements that refer to a particular individual certificate MUST be
+ * grouped inside a single X509Data element and if the certificate to which
* they refer appears, it MUST also be in that X509Data element.
*
- * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that relate to
- * the same key but different certificates MUST be grouped within a single
+ * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that relate to
+ * the same key but different certificates MUST be grouped within a single
* KeyInfo but MAY occur in multiple X509Data elements.
*
- * All certificates appearing in an X509Data element MUST relate to the
- * validation key by either containing it or being part of a certification
+ * All certificates appearing in an X509Data element MUST relate to the
+ * validation key by either containing it or being part of a certification
* chain that terminates in a certificate containing the validation key.
*
* No ordering is implied by the above constraints.
*
- * Note, there is no direct provision for a PKCS#7 encoded "bag" of
- * certificates or CRLs. However, a set of certificates and CRLs can occur
- * within an X509Data element and multiple X509Data elements can occur in a
- * KeyInfo. Whenever multiple certificates occur in an X509Data element, at
- * least one such certificate must contain the public key which verifies the
+ * Note, there is no direct provision for a PKCS#7 encoded "bag" of
+ * certificates or CRLs. However, a set of certificates and CRLs can occur
+ * within an X509Data element and multiple X509Data elements can occur in a
+ * KeyInfo. Whenever multiple certificates occur in an X509Data element, at
+ * least one such certificate must contain the public key which verifies the
* signature.
*
* Schema Definition
*
- * <element name="X509Data" type="ds:X509DataType"/>
+ * <element name="X509Data" type="ds:X509DataType"/>
* <complexType name="X509DataType">
* <sequence maxOccurs="unbounded">
* <choice>
@@ -179,10 +179,10 @@ struct _xmlSecOpenSSLX509DataCtx {
* </choice>
* </sequence>
* </complexType>
- * <complexType name="X509IssuerSerialType">
- * <sequence>
- * <element name="X509IssuerName" type="string"/>
- * <element name="X509SerialNumber" type="integer"/>
+ * <complexType name="X509IssuerSerialType">
+ * <sequence>
+ * <element name="X509IssuerName" type="string"/>
+ * <element name="X509SerialNumber" type="integer"/>
* </sequence>
* </complexType>
*
@@ -203,30 +203,30 @@ struct _xmlSecOpenSSLX509DataCtx {
* xmlSecOpenSSLX509DataCtx is located after xmlSecTransform
*
*************************************************************************/
-#define xmlSecOpenSSLX509DataSize \
- (sizeof(xmlSecKeyData) + sizeof(xmlSecOpenSSLX509DataCtx))
+#define xmlSecOpenSSLX509DataSize \
+ (sizeof(xmlSecKeyData) + sizeof(xmlSecOpenSSLX509DataCtx))
#define xmlSecOpenSSLX509DataGetCtx(data) \
((xmlSecOpenSSLX509DataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData)))
-static int xmlSecOpenSSLKeyDataX509Initialize (xmlSecKeyDataPtr data);
-static int xmlSecOpenSSLKeyDataX509Duplicate (xmlSecKeyDataPtr dst,
- xmlSecKeyDataPtr src);
-static void xmlSecOpenSSLKeyDataX509Finalize (xmlSecKeyDataPtr data);
-static int xmlSecOpenSSLKeyDataX509XmlRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecOpenSSLKeyDataX509XmlWrite (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static xmlSecKeyDataType xmlSecOpenSSLKeyDataX509GetType (xmlSecKeyDataPtr data);
-static const xmlChar* xmlSecOpenSSLKeyDataX509GetIdentifier (xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLKeyDataX509Initialize (xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLKeyDataX509Duplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecOpenSSLKeyDataX509Finalize (xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLKeyDataX509XmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLKeyDataX509XmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static xmlSecKeyDataType xmlSecOpenSSLKeyDataX509GetType (xmlSecKeyDataPtr data);
+static const xmlChar* xmlSecOpenSSLKeyDataX509GetIdentifier (xmlSecKeyDataPtr data);
-static void xmlSecOpenSSLKeyDataX509DebugDump (xmlSecKeyDataPtr data,
- FILE* output);
-static void xmlSecOpenSSLKeyDataX509DebugXmlDump (xmlSecKeyDataPtr data,
- FILE* output);
+static void xmlSecOpenSSLKeyDataX509DebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecOpenSSLKeyDataX509DebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
@@ -236,63 +236,63 @@ static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataX509Klass = {
/* data */
xmlSecNameX509Data,
- xmlSecKeyDataUsageKeyInfoNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefX509Data, /* const xmlChar* href; */
- xmlSecNodeX509Data, /* const xmlChar* dataNodeName; */
- xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageKeyInfoNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefX509Data, /* const xmlChar* href; */
+ xmlSecNodeX509Data, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- xmlSecOpenSSLKeyDataX509Initialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecOpenSSLKeyDataX509Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecOpenSSLKeyDataX509Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- NULL, /* xmlSecKeyDataGenerateMethod generate; */
+ xmlSecOpenSSLKeyDataX509Initialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecOpenSSLKeyDataX509Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecOpenSSLKeyDataX509Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
/* get info */
- xmlSecOpenSSLKeyDataX509GetType, /* xmlSecKeyDataGetTypeMethod getType; */
- NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
- xmlSecOpenSSLKeyDataX509GetIdentifier, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ xmlSecOpenSSLKeyDataX509GetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ xmlSecOpenSSLKeyDataX509GetIdentifier, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- xmlSecOpenSSLKeyDataX509XmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecOpenSSLKeyDataX509XmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- NULL, /* xmlSecKeyDataBinReadMethod binRead; */
- NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ xmlSecOpenSSLKeyDataX509XmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecOpenSSLKeyDataX509XmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- xmlSecOpenSSLKeyDataX509DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecOpenSSLKeyDataX509DebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ xmlSecOpenSSLKeyDataX509DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecOpenSSLKeyDataX509DebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-/**
+/**
* xmlSecOpenSSLKeyDataX509GetKlass:
- *
+ *
* The OpenSSL X509 key data klass (http://www.w3.org/TR/xmldsig-core/#sec-X509Data).
*
* Returns: the X509 data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecOpenSSLKeyDataX509GetKlass(void) {
return(&xmlSecOpenSSLKeyDataX509Klass);
}
/**
* xmlSecOpenSSLKeyDataX509GetKeyCert:
- * @data: the pointer to X509 key data.
+ * @data: the pointer to X509 key data.
*
- * Gets the certificate from which the key was extracted.
+ * Gets the certificate from which the key was extracted.
*
* Returns: the key's certificate or NULL if key data was not used for key
* extraction or an error occurs.
*/
-X509*
+X509*
xmlSecOpenSSLKeyDataX509GetKeyCert(xmlSecKeyDataPtr data) {
xmlSecOpenSSLX509DataCtxPtr ctx;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), NULL);
ctx = xmlSecOpenSSLX509DataGetCtx(data);
@@ -303,8 +303,8 @@ xmlSecOpenSSLKeyDataX509GetKeyCert(xmlSecKeyDataPtr data) {
/**
* xmlSecOpenSSLKeyDataX509AdoptKeyCert:
- * @data: the pointer to X509 key data.
- * @cert: the pointer to OpenSSL X509 certificate.
+ * @data: the pointer to X509 key data.
+ * @cert: the pointer to OpenSSL X509 certificate.
*
* Sets the key's certificate in @data.
*
@@ -319,9 +319,9 @@ xmlSecOpenSSLKeyDataX509AdoptKeyCert(xmlSecKeyDataPtr data, X509* cert) {
ctx = xmlSecOpenSSLX509DataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
-
+
if(ctx->keyCert != NULL) {
- X509_free(ctx->keyCert);
+ X509_free(ctx->keyCert);
}
ctx->keyCert = cert;
return(0);
@@ -329,60 +329,60 @@ xmlSecOpenSSLKeyDataX509AdoptKeyCert(xmlSecKeyDataPtr data, X509* cert) {
/**
* xmlSecOpenSSLKeyDataX509AdoptCert:
- * @data: the pointer to X509 key data.
- * @cert: the pointer to OpenSSL X509 certificate.
+ * @data: the pointer to X509 key data.
+ * @cert: the pointer to OpenSSL X509 certificate.
*
* Adds certificate to the X509 key data.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecOpenSSLKeyDataX509AdoptCert(xmlSecKeyDataPtr data, X509* cert) {
xmlSecOpenSSLX509DataCtxPtr ctx;
int ret;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1);
xmlSecAssert2(cert != NULL, -1);
ctx = xmlSecOpenSSLX509DataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
-
+
if(ctx->certsList == NULL) {
- ctx->certsList = sk_X509_new_null();
- if(ctx->certsList == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "sk_X509_new_null",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
+ ctx->certsList = sk_X509_new_null();
+ if(ctx->certsList == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "sk_X509_new_null",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
ret = sk_X509_push(ctx->certsList, cert);
if(ret < 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "sk_X509_push",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "sk_X509_push",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
return(0);
}
/**
* xmlSecOpenSSLKeyDataX509GetCert:
- * @data: the pointer to X509 key data.
- * @pos: the desired certificate position.
- *
+ * @data: the pointer to X509 key data.
+ * @pos: the desired certificate position.
+ *
* Gets a certificate from X509 key data.
*
- * Returns: the pointer to certificate or NULL if @pos is larger than the
+ * Returns: the pointer to certificate or NULL if @pos is larger than the
* number of certificates in @data or an error occurs.
*/
-X509*
+X509*
xmlSecOpenSSLKeyDataX509GetCert(xmlSecKeyDataPtr data, xmlSecSize pos) {
xmlSecOpenSSLX509DataCtxPtr ctx;
@@ -398,13 +398,13 @@ xmlSecOpenSSLKeyDataX509GetCert(xmlSecKeyDataPtr data, xmlSecSize pos) {
/**
* xmlSecOpenSSLKeyDataX509GetCertsSize:
- * @data: the pointer to X509 key data.
+ * @data: the pointer to X509 key data.
*
* Gets the number of certificates in @data.
*
* Returns: te number of certificates in @data.
*/
-xmlSecSize
+xmlSecSize
xmlSecOpenSSLKeyDataX509GetCertsSize(xmlSecKeyDataPtr data) {
xmlSecOpenSSLX509DataCtxPtr ctx;
@@ -418,60 +418,60 @@ xmlSecOpenSSLKeyDataX509GetCertsSize(xmlSecKeyDataPtr data) {
/**
* xmlSecOpenSSLKeyDataX509AdoptCrl:
- * @data: the pointer to X509 key data.
- * @crl: the pointer to OpenSSL X509 CRL.
+ * @data: the pointer to X509 key data.
+ * @crl: the pointer to OpenSSL X509 CRL.
*
* Adds CRL to the X509 key data.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecOpenSSLKeyDataX509AdoptCrl(xmlSecKeyDataPtr data, X509_CRL* crl) {
xmlSecOpenSSLX509DataCtxPtr ctx;
int ret;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1);
xmlSecAssert2(crl != NULL, -1);
ctx = xmlSecOpenSSLX509DataGetCtx(data);
xmlSecAssert2(ctx != NULL, -1);
-
+
if(ctx->crlsList == NULL) {
- ctx->crlsList = sk_X509_CRL_new_null();
- if(ctx->crlsList == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "sk_X509_CRL_new_null",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
+ ctx->crlsList = sk_X509_CRL_new_null();
+ if(ctx->crlsList == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "sk_X509_CRL_new_null",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
ret = sk_X509_CRL_push(ctx->crlsList, crl);
if(ret < 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "sk_X509_CRL_push",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "sk_X509_CRL_push",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
return(0);
}
/**
* xmlSecOpenSSLKeyDataX509GetCrl:
- * @data: the pointer to X509 key data.
- * @pos: the desired CRL position.
- *
+ * @data: the pointer to X509 key data.
+ * @pos: the desired CRL position.
+ *
* Gets a CRL from X509 key data.
*
- * Returns: the pointer to CRL or NULL if @pos is larger than the
+ * Returns: the pointer to CRL or NULL if @pos is larger than the
* number of CRLs in @data or an error occurs.
*/
-X509_CRL*
+X509_CRL*
xmlSecOpenSSLKeyDataX509GetCrl(xmlSecKeyDataPtr data, xmlSecSize pos) {
xmlSecOpenSSLX509DataCtxPtr ctx;
@@ -488,13 +488,13 @@ xmlSecOpenSSLKeyDataX509GetCrl(xmlSecKeyDataPtr data, xmlSecSize pos) {
/**
* xmlSecOpenSSLKeyDataX509GetCrlsSize:
- * @data: the pointer to X509 key data.
+ * @data: the pointer to X509 key data.
*
* Gets the number of CRLs in @data.
*
* Returns: te number of CRLs in @data.
*/
-xmlSecSize
+xmlSecSize
xmlSecOpenSSLKeyDataX509GetCrlsSize(xmlSecKeyDataPtr data) {
xmlSecOpenSSLX509DataCtxPtr ctx;
@@ -506,7 +506,7 @@ xmlSecOpenSSLKeyDataX509GetCrlsSize(xmlSecKeyDataPtr data) {
return((ctx->crlsList != NULL) ? sk_X509_CRL_num(ctx->crlsList) : 0);
}
-static int
+static int
xmlSecOpenSSLKeyDataX509Initialize(xmlSecKeyDataPtr data) {
xmlSecOpenSSLX509DataCtxPtr ctx;
@@ -530,99 +530,99 @@ xmlSecOpenSSLKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecOpenSSLKeyDataX509Id), -1);
xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecOpenSSLKeyDataX509Id), -1);
-
+
/* copy certsList */
size = xmlSecOpenSSLKeyDataX509GetCertsSize(src);
for(pos = 0; pos < size; ++pos) {
- certSrc = xmlSecOpenSSLKeyDataX509GetCert(src, pos);
- if(certSrc == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
- "xmlSecOpenSSLKeyDataX509GetCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
-
- certDst = X509_dup(certSrc);
- if(certDst == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "X509_dup",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- ret = xmlSecOpenSSLKeyDataX509AdoptCert(dst, certDst);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "xmlSecOpenSSLKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- X509_free(certDst);
- return(-1);
- }
+ certSrc = xmlSecOpenSSLKeyDataX509GetCert(src, pos);
+ if(certSrc == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
+ "xmlSecOpenSSLKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ certDst = X509_dup(certSrc);
+ if(certDst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "X509_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLKeyDataX509AdoptCert(dst, certDst);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecOpenSSLKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_free(certDst);
+ return(-1);
+ }
}
/* copy crls */
size = xmlSecOpenSSLKeyDataX509GetCrlsSize(src);
for(pos = 0; pos < size; ++pos) {
- crlSrc = xmlSecOpenSSLKeyDataX509GetCrl(src, pos);
- if(crlSrc == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
- "xmlSecOpenSSLKeyDataX509GetCrl",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
-
- crlDst = X509_CRL_dup(crlSrc);
- if(crlDst == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "X509_CRL_dup",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- ret = xmlSecOpenSSLKeyDataX509AdoptCrl(dst, crlDst);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "xmlSecOpenSSLKeyDataX509AdoptCrl",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- X509_CRL_free(crlDst);
- return(-1);
- }
+ crlSrc = xmlSecOpenSSLKeyDataX509GetCrl(src, pos);
+ if(crlSrc == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
+ "xmlSecOpenSSLKeyDataX509GetCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ crlDst = X509_CRL_dup(crlSrc);
+ if(crlDst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "X509_CRL_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLKeyDataX509AdoptCrl(dst, crlDst);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecOpenSSLKeyDataX509AdoptCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_CRL_free(crlDst);
+ return(-1);
+ }
}
/* copy key cert if exist */
certSrc = xmlSecOpenSSLKeyDataX509GetKeyCert(src);
if(certSrc != NULL) {
- certDst = X509_dup(certSrc);
- if(certDst == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "X509_dup",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- ret = xmlSecOpenSSLKeyDataX509AdoptKeyCert(dst, certDst);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "xmlSecOpenSSLKeyDataX509AdoptKeyCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- X509_free(certDst);
- return(-1);
- }
+ certDst = X509_dup(certSrc);
+ if(certDst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "X509_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ ret = xmlSecOpenSSLKeyDataX509AdoptKeyCert(dst, certDst);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecOpenSSLKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_free(certDst);
+ return(-1);
+ }
}
return(0);
}
@@ -637,72 +637,72 @@ xmlSecOpenSSLKeyDataX509Finalize(xmlSecKeyDataPtr data) {
xmlSecAssert(ctx != NULL);
if(ctx->certsList != NULL) {
- sk_X509_pop_free(ctx->certsList, X509_free);
+ sk_X509_pop_free(ctx->certsList, X509_free);
}
if(ctx->crlsList != NULL) {
- sk_X509_CRL_pop_free(ctx->crlsList, X509_CRL_free);
+ sk_X509_CRL_pop_free(ctx->crlsList, X509_CRL_free);
}
if(ctx->keyCert != NULL) {
- X509_free(ctx->keyCert);
+ X509_free(ctx->keyCert);
}
memset(ctx, 0, sizeof(xmlSecOpenSSLX509DataCtx));
}
static int
xmlSecOpenSSLKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data;
int ret;
-
+
xmlSecAssert2(id == xmlSecOpenSSLKeyDataX509Id, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
-
+
data = xmlSecKeyEnsureData(key, id);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyEnsureData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecOpenSSLX509DataNodeRead(data, node, keyInfoCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLX509DataNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLX509DataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) {
ret = xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLKeyDataX509VerifyAndExtractKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLKeyDataX509VerifyAndExtractKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
}
return(0);
}
-static int
+static int
xmlSecOpenSSLKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data;
X509* cert;
X509_CRL* crl;
xmlSecSize size, pos;
int content;
int ret;
-
+
xmlSecAssert2(id == xmlSecOpenSSLKeyDataX509Id, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(node != NULL, -1);
@@ -710,112 +710,112 @@ xmlSecOpenSSLKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx);
if (content < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecX509DataGetNodeContent",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "content=%d", content);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecX509DataGetNodeContent",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "content=%d", content);
+ return(-1);
} else if(content == 0) {
- /* by default we are writing certificates and crls */
- content = XMLSEC_X509DATA_DEFAULT;
+ /* by default we are writing certificates and crls */
+ content = XMLSEC_X509DATA_DEFAULT;
}
/* get x509 data */
data = xmlSecKeyGetData(key, id);
if(data == NULL) {
- /* no x509 data in the key */
- return(0);
+ /* no x509 data in the key */
+ return(0);
}
/* write certs */
size = xmlSecOpenSSLKeyDataX509GetCertsSize(data);
for(pos = 0; pos < size; ++pos) {
- cert = xmlSecOpenSSLKeyDataX509GetCert(data, pos);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLKeyDataX509GetCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
-
- if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
- ret = xmlSecOpenSSLX509CertificateNodeWrite(cert, node, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLX509CertificateNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
- }
-
- if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
- ret = xmlSecOpenSSLX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLX509SubjectNameNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
- }
-
- if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
- ret = xmlSecOpenSSLX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLX509IssuerSerialNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
- }
-
- if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
- ret = xmlSecOpenSSLX509SKINodeWrite(cert, node, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLX509SKINodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
- }
- }
+ cert = xmlSecOpenSSLKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
+ ret = xmlSecOpenSSLX509CertificateNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLX509CertificateNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
+ ret = xmlSecOpenSSLX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLX509SubjectNameNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
+ ret = xmlSecOpenSSLX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLX509IssuerSerialNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
+ ret = xmlSecOpenSSLX509SKINodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLX509SKINodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+ }
/* write crls if needed */
if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
- size = xmlSecOpenSSLKeyDataX509GetCrlsSize(data);
- for(pos = 0; pos < size; ++pos) {
- crl = xmlSecOpenSSLKeyDataX509GetCrl(data, pos);
- if(crl == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLKeyDataX509GetCrl",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
-
- ret = xmlSecOpenSSLX509CRLNodeWrite(crl, node, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLX509CRLNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
- }
- }
-
+ size = xmlSecOpenSSLKeyDataX509GetCrlsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ crl = xmlSecOpenSSLKeyDataX509GetCrl(data, pos);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLKeyDataX509GetCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLX509CRLNodeWrite(crl, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLX509CRLNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+ }
+
return(0);
}
@@ -824,19 +824,19 @@ static xmlSecKeyDataType
xmlSecOpenSSLKeyDataX509GetType(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), xmlSecKeyDataTypeUnknown);
- /* TODO: return verified/not verified status */
+ /* TODO: return verified/not verified status */
return(xmlSecKeyDataTypeUnknown);
}
static const xmlChar*
xmlSecOpenSSLKeyDataX509GetIdentifier(xmlSecKeyDataPtr data) {
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), NULL);
-
- /* TODO */
+
+ /* TODO */
return(NULL);
}
-static void
+static void
xmlSecOpenSSLKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) {
X509* cert;
xmlSecSize size, pos;
@@ -847,25 +847,25 @@ xmlSecOpenSSLKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) {
fprintf(output, "=== X509 Data:\n");
cert = xmlSecOpenSSLKeyDataX509GetKeyCert(data);
if(cert != NULL) {
- fprintf(output, "==== Key Certificate:\n");
- xmlSecOpenSSLX509CertDebugDump(cert, output);
+ fprintf(output, "==== Key Certificate:\n");
+ xmlSecOpenSSLX509CertDebugDump(cert, output);
}
-
+
size = xmlSecOpenSSLKeyDataX509GetCertsSize(data);
for(pos = 0; pos < size; ++pos) {
- cert = xmlSecOpenSSLKeyDataX509GetCert(data, pos);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecOpenSSLKeyDataX509GetCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return;
- }
- fprintf(output, "==== Certificate:\n");
- xmlSecOpenSSLX509CertDebugDump(cert, output);
- }
-
+ cert = xmlSecOpenSSLKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "==== Certificate:\n");
+ xmlSecOpenSSLX509CertDebugDump(cert, output);
+ }
+
/* we don't print out crls */
}
@@ -880,78 +880,78 @@ xmlSecOpenSSLKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
fprintf(output, "<X509Data>\n");
cert = xmlSecOpenSSLKeyDataX509GetKeyCert(data);
if(cert != NULL) {
- fprintf(output, "<KeyCertificate>\n");
- xmlSecOpenSSLX509CertDebugXmlDump(cert, output);
- fprintf(output, "</KeyCertificate>\n");
+ fprintf(output, "<KeyCertificate>\n");
+ xmlSecOpenSSLX509CertDebugXmlDump(cert, output);
+ fprintf(output, "</KeyCertificate>\n");
}
-
+
size = xmlSecOpenSSLKeyDataX509GetCertsSize(data);
for(pos = 0; pos < size; ++pos) {
- cert = xmlSecOpenSSLKeyDataX509GetCert(data, pos);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecOpenSSLKeyDataX509GetCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return;
- }
- fprintf(output, "<Certificate>\n");
- xmlSecOpenSSLX509CertDebugXmlDump(cert, output);
- fprintf(output, "</Certificate>\n");
- }
-
+ cert = xmlSecOpenSSLKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "<Certificate>\n");
+ xmlSecOpenSSLX509CertDebugXmlDump(cert, output);
+ fprintf(output, "</Certificate>\n");
+ }
+
/* we don't print out crls */
fprintf(output, "</X509Data>\n");
}
static int
xmlSecOpenSSLX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlNodePtr cur;
+ xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
-
+
for(cur = xmlSecGetNextElementNode(node->children);
- cur != NULL;
- cur = xmlSecGetNextElementNode(cur->next)) {
-
- ret = 0;
- if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) {
- ret = xmlSecOpenSSLX509CertificateNodeRead(data, cur, keyInfoCtx);
- } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
- ret = xmlSecOpenSSLX509SubjectNameNodeRead(data, cur, keyInfoCtx);
- } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
- ret = xmlSecOpenSSLX509IssuerSerialNodeRead(data, cur, keyInfoCtx);
- } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
- ret = xmlSecOpenSSLX509SKINodeRead(data, cur, keyInfoCtx);
- } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
- ret = xmlSecOpenSSLX509CRLNodeRead(data, cur, keyInfoCtx);
- } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) {
- /* laxi schema validation: ignore unknown nodes */
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "read node failed");
- return(-1);
- }
+ cur != NULL;
+ cur = xmlSecGetNextElementNode(cur->next)) {
+
+ ret = 0;
+ if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) {
+ ret = xmlSecOpenSSLX509CertificateNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
+ ret = xmlSecOpenSSLX509SubjectNameNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
+ ret = xmlSecOpenSSLX509IssuerSerialNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
+ ret = xmlSecOpenSSLX509SKINodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
+ ret = xmlSecOpenSSLX509CRLNodeRead(data, cur, keyInfoCtx);
+ } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) {
+ /* laxi schema validation: ignore unknown nodes */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "read node failed");
+ return(-1);
+ }
}
return(0);
}
static int
-xmlSecOpenSSLX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+xmlSecOpenSSLX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlChar *content;
X509* cert;
int ret;
@@ -962,77 +962,77 @@ xmlSecOpenSSLX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xml
content = xmlNodeGetContent(node);
if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
- if(content != NULL) {
- xmlFree(content);
- }
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- return(0);
+ if(content != NULL) {
+ xmlFree(content);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
}
cert = xmlSecOpenSSLX509CertBase64DerRead(content);
if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecOpenSSLX509CertBase64DerRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(content);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLX509CertBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+
ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecOpenSSLKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- X509_free(cert);
- xmlFree(content);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_free(cert);
+ xmlFree(content);
+ return(-1);
+ }
+
xmlFree(content);
return(0);
}
-static int
+static int
xmlSecOpenSSLX509CertificateNodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlChar* buf;
xmlNodePtr cur;
-
+
xmlSecAssert2(cert != NULL, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
-
+
/* set base64 lines size from context */
- buf = xmlSecOpenSSLX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
+ buf = xmlSecOpenSSLX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLX509CertBase64DerWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509CertBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
- xmlFree(buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
+ xmlFree(buf);
+ return(-1);
}
/* todo: add \n around base64 data - from context */
@@ -1043,14 +1043,14 @@ xmlSecOpenSSLX509CertificateNodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInfo
return(0);
}
-static int
-xmlSecOpenSSLX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+static int
+xmlSecOpenSSLX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataStorePtr x509Store;
xmlChar* subject;
X509* cert;
X509* cert2;
int ret;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
@@ -1058,72 +1058,72 @@ xmlSecOpenSSLX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xml
x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecOpenSSLX509StoreId);
if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
subject = xmlNodeGetContent(node);
if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) {
- if(subject != NULL) {
- xmlFree(subject);
- }
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- return(0);
+ if(subject != NULL) {
+ xmlFree(subject);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
}
cert = xmlSecOpenSSLX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
if(cert == NULL){
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_FOUND,
- "subject=%s",
- xmlSecErrorsSafeString(subject));
- xmlFree(subject);
- return(-1);
- }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "subject=%s",
+ xmlSecErrorsSafeString(subject));
+ xmlFree(subject);
+ return(-1);
+ }
- xmlFree(subject);
- return(0);
+ xmlFree(subject);
+ return(0);
}
cert2 = X509_dup(cert);
if(cert2 == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "X509_dup",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "X509_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(subject);
- return(-1);
+ xmlFree(subject);
+ return(-1);
}
-
+
ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert2);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecOpenSSLKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- X509_free(cert2);
- xmlFree(subject);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_free(cert2);
+ xmlFree(subject);
+ return(-1);
+ }
+
xmlFree(subject);
return(0);
}
@@ -1138,36 +1138,36 @@ xmlSecOpenSSLX509SubjectNameNodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInfo
buf = xmlSecOpenSSLX509NameWrite(X509_get_subject_name(cert));
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLX509NameWrite(X509_get_subject_name)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509NameWrite(X509_get_subject_name)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
- xmlFree(buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
+ xmlFree(buf);
+ return(-1);
}
xmlSecNodeEncodeAndSetContent(cur, buf);
xmlFree(buf);
return(0);
}
-static int
+static int
xmlSecOpenSSLX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataStorePtr x509Store;
xmlNodePtr cur;
xmlChar *issuerName;
- xmlChar *issuerSerial;
+ xmlChar *issuerSerial;
X509* cert;
X509* cert2;
int ret;
@@ -1179,130 +1179,130 @@ xmlSecOpenSSLX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xm
x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecOpenSSLX509StoreId);
if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
cur = xmlSecGetNextElementNode(node->children);
if(cur == NULL) {
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
- return(0);
- }
-
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ return(0);
+ }
+
/* the first is required node X509IssuerName */
if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
issuerName = xmlNodeGetContent(cur);
if(issuerName == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+ return(-1);
}
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
/* next is required node X509SerialNumber */
if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
- xmlFree(issuerName);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+ xmlFree(issuerName);
+ return(-1);
+ }
issuerSerial = xmlNodeGetContent(cur);
if(issuerSerial == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- xmlFree(issuerName);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ xmlFree(issuerName);
+ return(-1);
}
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(issuerSerial);
- xmlFree(issuerName);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
}
cert = xmlSecOpenSSLX509StoreFindCert(x509Store, NULL, issuerName, issuerSerial, NULL, keyInfoCtx);
if(cert == NULL){
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_FOUND,
- "issuerName=%s;issuerSerial=%s",
- xmlSecErrorsSafeString(issuerName),
- xmlSecErrorsSafeString(issuerSerial));
- xmlFree(issuerSerial);
- xmlFree(issuerName);
- return(-1);
- }
- xmlFree(issuerSerial);
- xmlFree(issuerName);
- return(0);
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "issuerName=%s;issuerSerial=%s",
+ xmlSecErrorsSafeString(issuerName),
+ xmlSecErrorsSafeString(issuerSerial));
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(0);
}
cert2 = X509_dup(cert);
if(cert2 == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "X509_dup",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(issuerSerial);
- xmlFree(issuerName);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "X509_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
}
ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert2);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecOpenSSLKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- X509_free(cert2);
- xmlFree(issuerSerial);
- xmlFree(issuerName);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_free(cert2);
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+
xmlFree(issuerSerial);
xmlFree(issuerName);
return(0);
@@ -1314,65 +1314,65 @@ xmlSecOpenSSLX509IssuerSerialNodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInf
xmlNodePtr issuerNameNode;
xmlNodePtr issuerNumberNode;
xmlChar* buf;
-
+
xmlSecAssert2(cert != NULL, -1);
xmlSecAssert2(node != NULL, -1);
/* create xml nodes */
cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
+ return(-1);
}
issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
if(issuerNameNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+ return(-1);
}
issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
if(issuerNumberNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+ return(-1);
}
/* write data */
buf = xmlSecOpenSSLX509NameWrite(X509_get_issuer_name(cert));
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLX509NameWrite(X509_get_issuer_name)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509NameWrite(X509_get_issuer_name)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
xmlSecNodeEncodeAndSetContent(issuerNameNode, buf);
xmlFree(buf);
buf = xmlSecOpenSSLASN1IntegerWrite(X509_get_serialNumber(cert));
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLASN1IntegerWrite(X509_get_serialNumber)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLASN1IntegerWrite(X509_get_serialNumber)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
xmlSecNodeEncodeAndSetContent(issuerNumberNode, buf);
xmlFree(buf);
@@ -1381,14 +1381,14 @@ xmlSecOpenSSLX509IssuerSerialNodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInf
}
-static int
+static int
xmlSecOpenSSLX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataStorePtr x509Store;
xmlChar* ski;
X509* cert;
X509* cert2;
int ret;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
@@ -1396,70 +1396,70 @@ xmlSecOpenSSLX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyIn
x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecOpenSSLX509StoreId);
if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ski = xmlNodeGetContent(node);
if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) {
- if(ski != NULL) {
- xmlFree(ski);
- }
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SKI));
- return(-1);
- }
- return(0);
+ if(ski != NULL) {
+ xmlFree(ski);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ return(-1);
+ }
+ return(0);
}
cert = xmlSecOpenSSLX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
if(cert == NULL){
- xmlFree(ski);
-
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_FOUND,
- "ski=%s",
- xmlSecErrorsSafeString(ski));
- return(-1);
- }
- return(0);
+ xmlFree(ski);
+
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "ski=%s",
+ xmlSecErrorsSafeString(ski));
+ return(-1);
+ }
+ return(0);
}
cert2 = X509_dup(cert);
if(cert2 == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "X509_dup",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(ski);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "X509_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(ski);
+ return(-1);
}
ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert2);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecOpenSSLKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- X509_free(cert2);
- xmlFree(ski);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_free(cert2);
+ xmlFree(ski);
+ return(-1);
+ }
+
xmlFree(ski);
return(0);
}
@@ -1474,24 +1474,24 @@ xmlSecOpenSSLX509SKINodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr k
buf = xmlSecOpenSSLX509SKIWrite(cert);
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLX509SKIWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509SKIWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "new_node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SKI));
- xmlFree(buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "new_node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ xmlFree(buf);
+ return(-1);
}
xmlSecNodeEncodeAndSetContent(cur, buf);
xmlFree(buf);
@@ -1499,7 +1499,7 @@ xmlSecOpenSSLX509SKINodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr k
return(0);
}
-static int
+static int
xmlSecOpenSSLX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlChar *content;
X509_CRL* crl;
@@ -1511,43 +1511,43 @@ xmlSecOpenSSLX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyIn
content = xmlNodeGetContent(node);
if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
- if(content != NULL) {
- xmlFree(content);
- }
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- return(0);
+ if(content != NULL) {
+ xmlFree(content);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
}
crl = xmlSecOpenSSLX509CrlBase64DerRead(content);
if(crl == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecOpenSSLX509CrlBase64DerRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(content);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLX509CrlBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+
ret = xmlSecOpenSSLKeyDataX509AdoptCrl(data, crl);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecOpenSSLKeyDataX509AdoptCrl",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- X509_CRL_free(crl);
- xmlFree(content);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataX509AdoptCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_CRL_free(crl);
+ xmlFree(content);
+ return(-1);
+ }
+
xmlFree(content);
return(0);
}
@@ -1562,26 +1562,26 @@ xmlSecOpenSSLX509CRLNodeWrite(X509_CRL* crl, xmlNodePtr node, xmlSecKeyInfoCtxPt
xmlSecAssert2(keyInfoCtx != NULL, -1);
/* set base64 lines size from context */
- buf = xmlSecOpenSSLX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
+ buf = xmlSecOpenSSLX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLX509CrlBase64DerWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509CrlBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "new_node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509CRL));
- xmlFree(buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "new_node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509CRL));
+ xmlFree(buf);
+ return(-1);
}
/* todo: add \n around base64 data - from context */
/* todo: add errors check */
@@ -1594,11 +1594,11 @@ xmlSecOpenSSLX509CRLNodeWrite(X509_CRL* crl, xmlNodePtr node, xmlSecKeyInfoCtxPt
static int
xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecOpenSSLX509DataCtxPtr ctx;
xmlSecKeyDataStorePtr x509Store;
int ret;
-
+
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
@@ -1609,93 +1609,93 @@ xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr
x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecOpenSSLX509StoreId);
if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
if((ctx->keyCert == NULL) && (ctx->certsList != NULL) && (xmlSecKeyGetValue(key) == NULL)) {
- X509* cert;
-
- cert = xmlSecOpenSSLX509StoreVerify(x509Store, ctx->certsList, ctx->crlsList, keyInfoCtx);
- if(cert != NULL) {
- xmlSecKeyDataPtr keyValue;
-
- ctx->keyCert = X509_dup(cert);
- if(ctx->keyCert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "X509_dup",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- keyValue = xmlSecOpenSSLX509CertGetKey(ctx->keyCert);
- if(keyValue == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecOpenSSLX509CertGetKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* verify that the key matches our expectations */
- if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeyReqMatchKeyValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(keyValue);
- return(-1);
- }
-
- ret = xmlSecKeySetValue(key, keyValue);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(keyValue);
- return(-1);
- }
-
- if((X509_get_notBefore(ctx->keyCert) != NULL) && (X509_get_notAfter(ctx->keyCert) != NULL)) {
- ret = xmlSecOpenSSLX509CertGetTime(X509_get_notBefore(ctx->keyCert), &(key->notValidBefore));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecOpenSSLX509CertGetTime",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "notValidBefore");
- return(-1);
- }
- ret = xmlSecOpenSSLX509CertGetTime(X509_get_notAfter(ctx->keyCert), &(key->notValidAfter));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecOpenSSLX509CertGetTime",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "notValidAfter");
- return(-1);
- }
- } else {
- key->notValidBefore = key->notValidAfter = 0;
- }
- } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ X509* cert;
+
+ cert = xmlSecOpenSSLX509StoreVerify(x509Store, ctx->certsList, ctx->crlsList, keyInfoCtx);
+ if(cert != NULL) {
+ xmlSecKeyDataPtr keyValue;
+
+ ctx->keyCert = X509_dup(cert);
+ if(ctx->keyCert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "X509_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ keyValue = xmlSecOpenSSLX509CertGetKey(ctx->keyCert);
+ if(keyValue == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLX509CertGetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* verify that the key matches our expectations */
+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeyReqMatchKeyValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyValue);
+ return(-1);
+ }
+
+ ret = xmlSecKeySetValue(key, keyValue);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyValue);
+ return(-1);
+ }
+
+ if((X509_get_notBefore(ctx->keyCert) != NULL) && (X509_get_notAfter(ctx->keyCert) != NULL)) {
+ ret = xmlSecOpenSSLX509CertGetTime(X509_get_notBefore(ctx->keyCert), &(key->notValidBefore));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLX509CertGetTime",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "notValidBefore");
+ return(-1);
+ }
+ ret = xmlSecOpenSSLX509CertGetTime(X509_get_notAfter(ctx->keyCert), &(key->notValidAfter));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLX509CertGetTime",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "notValidAfter");
+ return(-1);
+ }
+ } else {
+ key->notValidBefore = key->notValidAfter = 0;
+ }
+ } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
return(0);
}
@@ -1704,38 +1704,38 @@ xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr
extern time_t timegm (struct tm *tm);
#else /* HAVE_TIMEGM */
#ifdef WIN32
-#define timegm(tm) (mktime(tm) - _timezone)
+#define timegm(tm) (mktime(tm) - _timezone)
#else /* WIN32 */
/* Absolutely not the best way but it's the only ANSI compatible way I know.
* If you system has a native struct tm --> GMT time_t conversion function
* (like timegm) use it instead.
*/
-static time_t
-my_timegm(struct tm *t) {
- time_t tl, tb;
- struct tm *tg;
+static time_t
+my_timegm(struct tm *t) {
+ time_t tl, tb;
+ struct tm *tg;
- tl = mktime (t);
+ tl = mktime (t);
if(tl == -1) {
- t->tm_hour--;
- tl = mktime (t);
- if (tl == -1) {
- return -1;
- }
- tl += 3600;
- }
- tg = gmtime (&tl);
- tg->tm_isdst = 0;
- tb = mktime (tg);
+ t->tm_hour--;
+ tl = mktime (t);
+ if (tl == -1) {
+ return -1;
+ }
+ tl += 3600;
+ }
+ tg = gmtime (&tl);
+ tg->tm_isdst = 0;
+ tb = mktime (tg);
if (tb == -1) {
- tg->tm_hour--;
- tb = mktime (tg);
- if (tb == -1) {
- return -1;
- }
- tb += 3600;
- }
- return (tl - (tb - tl));
+ tg->tm_hour--;
+ tb = mktime (tg);
+ if (tb == -1) {
+ return -1;
+ }
+ tb += 3600;
+ }
+ return (tl - (tb - tl));
}
#define timegm(tm) my_timegm(tm)
@@ -1746,112 +1746,112 @@ static int
xmlSecOpenSSLX509CertGetTime(ASN1_TIME* t, time_t* res) {
struct tm tm;
int offset;
-
+
xmlSecAssert2(t != NULL, -1);
xmlSecAssert2(res != NULL, -1);
(*res) = 0;
#ifndef XMLSEC_OPENSSL_096
if(!ASN1_TIME_check(t)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "ASN1_TIME_check",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "ASN1_TIME_check",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
#endif /* XMLSEC_OPENSSL_096 */
-
+
memset(&tm, 0, sizeof(tm));
#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
if(t->type == V_ASN1_UTCTIME) {
- xmlSecAssert2(t->length > 12, -1);
-
-
- /* this code is copied from OpenSSL asn1/a_utctm.c file */
- tm.tm_year = g2(t->data);
- if(tm.tm_year < 50) {
- tm.tm_year += 100;
- }
- tm.tm_mon = g2(t->data + 2) - 1;
- tm.tm_mday = g2(t->data + 4);
- tm.tm_hour = g2(t->data + 6);
- tm.tm_min = g2(t->data + 8);
- tm.tm_sec = g2(t->data + 10);
- if(t->data[12] == 'Z') {
- offset = 0;
- } else {
- xmlSecAssert2(t->length > 16, -1);
-
- offset = g2(t->data + 13) * 60 + g2(t->data + 15);
- if(t->data[12] == '-') {
- offset = -offset;
- }
- }
- tm.tm_isdst = -1;
+ xmlSecAssert2(t->length > 12, -1);
+
+
+ /* this code is copied from OpenSSL asn1/a_utctm.c file */
+ tm.tm_year = g2(t->data);
+ if(tm.tm_year < 50) {
+ tm.tm_year += 100;
+ }
+ tm.tm_mon = g2(t->data + 2) - 1;
+ tm.tm_mday = g2(t->data + 4);
+ tm.tm_hour = g2(t->data + 6);
+ tm.tm_min = g2(t->data + 8);
+ tm.tm_sec = g2(t->data + 10);
+ if(t->data[12] == 'Z') {
+ offset = 0;
+ } else {
+ xmlSecAssert2(t->length > 16, -1);
+
+ offset = g2(t->data + 13) * 60 + g2(t->data + 15);
+ if(t->data[12] == '-') {
+ offset = -offset;
+ }
+ }
+ tm.tm_isdst = -1;
} else {
- xmlSecAssert2(t->length > 14, -1);
-
- tm.tm_year = g2(t->data) * 100 + g2(t->data + 2);
- tm.tm_mon = g2(t->data + 4) - 1;
- tm.tm_mday = g2(t->data + 6);
- tm.tm_hour = g2(t->data + 8);
- tm.tm_min = g2(t->data + 10);
- tm.tm_sec = g2(t->data + 12);
- if(t->data[14] == 'Z') {
- offset = 0;
- } else {
- xmlSecAssert2(t->length > 18, -1);
-
- offset = g2(t->data + 15) * 60 + g2(t->data + 17);
- if(t->data[14] == '-') {
- offset = -offset;
- }
- }
- tm.tm_isdst = -1;
+ xmlSecAssert2(t->length > 14, -1);
+
+ tm.tm_year = g2(t->data) * 100 + g2(t->data + 2);
+ tm.tm_mon = g2(t->data + 4) - 1;
+ tm.tm_mday = g2(t->data + 6);
+ tm.tm_hour = g2(t->data + 8);
+ tm.tm_min = g2(t->data + 10);
+ tm.tm_sec = g2(t->data + 12);
+ if(t->data[14] == 'Z') {
+ offset = 0;
+ } else {
+ xmlSecAssert2(t->length > 18, -1);
+
+ offset = g2(t->data + 15) * 60 + g2(t->data + 17);
+ if(t->data[14] == '-') {
+ offset = -offset;
+ }
+ }
+ tm.tm_isdst = -1;
}
#undef g2
(*res) = timegm(&tm) - offset * 60;
return(0);
}
-/**
+/**
* xmlSecOpenSSLX509CertGetKey:
- * @cert: the certificate.
- *
+ * @cert: the certificate.
+ *
* Extracts public key from the @cert.
*
* Returns: public key value or NULL if an error occurs.
*/
-xmlSecKeyDataPtr
+xmlSecKeyDataPtr
xmlSecOpenSSLX509CertGetKey(X509* cert) {
xmlSecKeyDataPtr data;
EVP_PKEY *pKey = NULL;
-
+
xmlSecAssert2(cert != NULL, NULL);
pKey = X509_get_pubkey(cert);
if(pKey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "X509_get_pubkey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_get_pubkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
data = xmlSecOpenSSLEvpKeyAdopt(pKey);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLEvpKeyAdopt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- EVP_PKEY_free(pKey);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLEvpKeyAdopt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ EVP_PKEY_free(pKey);
+ return(NULL);
+ }
+
return(data);
}
@@ -1860,18 +1860,18 @@ xmlSecOpenSSLX509CertBase64DerRead(xmlChar* buf) {
int ret;
xmlSecAssert2(buf != NULL, NULL);
-
+
/* usual trick with base64 decoding "in-place" */
- ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
+ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Decode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
return(xmlSecOpenSSLX509CertDerRead((xmlSecByte*)buf, ret));
}
@@ -1883,37 +1883,37 @@ xmlSecOpenSSLX509CertDerRead(const xmlSecByte* buf, xmlSecSize size) {
xmlSecAssert2(buf != NULL, NULL);
xmlSecAssert2(size > 0, NULL);
-
+
mem = BIO_new(BIO_s_mem());
if(mem == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BIO_new",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "BIO_s_mem");
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "BIO_s_mem");
+ return(NULL);
+ }
+
ret = BIO_write(mem, buf, size);
if(ret <= 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BIO_write",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "size=%d", size);
- BIO_free_all(mem);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_write",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", size);
+ BIO_free_all(mem);
+ return(NULL);
}
cert = d2i_X509_bio(mem, NULL);
if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "d2i_X509_bio",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- BIO_free_all(mem);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "d2i_X509_bio",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free_all(mem);
+ return(NULL);
}
BIO_free_all(mem);
@@ -1928,42 +1928,42 @@ xmlSecOpenSSLX509CertBase64DerWrite(X509* cert, int base64LineWrap) {
long size;
xmlSecAssert2(cert != NULL, NULL);
-
+
mem = BIO_new(BIO_s_mem());
if(mem == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BIO_new",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "BIO_s_mem");
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "BIO_s_mem");
+ return(NULL);
}
/* todo: add error checks */
i2d_X509_bio(mem, cert);
BIO_flush(mem);
-
+
size = BIO_get_mem_data(mem, &p);
if((size <= 0) || (p == NULL)){
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BIO_get_mem_data",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- BIO_free_all(mem);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_get_mem_data",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free_all(mem);
+ return(NULL);
+ }
+
res = xmlSecBase64Encode(p, size, base64LineWrap);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- BIO_free_all(mem);
- return(NULL);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free_all(mem);
+ return(NULL);
+ }
BIO_free_all(mem);
return(res);
@@ -1974,18 +1974,18 @@ xmlSecOpenSSLX509CrlBase64DerRead(xmlChar* buf) {
int ret;
xmlSecAssert2(buf != NULL, NULL);
-
+
/* usual trick with base64 decoding "in-place" */
- ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
+ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Decode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
return(xmlSecOpenSSLX509CrlDerRead((xmlSecByte*)buf, ret));
}
@@ -1997,37 +1997,37 @@ xmlSecOpenSSLX509CrlDerRead(xmlSecByte* buf, xmlSecSize size) {
xmlSecAssert2(buf != NULL, NULL);
xmlSecAssert2(size > 0, NULL);
-
+
mem = BIO_new(BIO_s_mem());
if(mem == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BIO_new",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "BIO_s_mem");
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "BIO_s_mem");
+ return(NULL);
+ }
+
ret = BIO_write(mem, buf, size);
if(ret <= 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BIO_write",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "size=%d", size);
- BIO_free_all(mem);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_write",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", size);
+ BIO_free_all(mem);
+ return(NULL);
}
crl = d2i_X509_CRL_bio(mem, NULL);
if(crl == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "d2i_X509_CRL_bio",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- BIO_free_all(mem);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "d2i_X509_CRL_bio",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free_all(mem);
+ return(NULL);
}
BIO_free_all(mem);
@@ -2042,44 +2042,44 @@ xmlSecOpenSSLX509CrlBase64DerWrite(X509_CRL* crl, int base64LineWrap) {
long size;
xmlSecAssert2(crl != NULL, NULL);
-
+
mem = BIO_new(BIO_s_mem());
if(mem == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BIO_new",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "BIO_s_mem");
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "BIO_s_mem");
+ return(NULL);
}
/* todo: add error checks */
i2d_X509_CRL_bio(mem, crl);
BIO_flush(mem);
-
+
size = BIO_get_mem_data(mem, &p);
if((size <= 0) || (p == NULL)){
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BIO_get_mem_data",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- BIO_free_all(mem);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_get_mem_data",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free_all(mem);
+ return(NULL);
+ }
+
res = xmlSecBase64Encode(p, size, base64LineWrap);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- BIO_free_all(mem);
- return(NULL);
- }
-
- BIO_free_all(mem);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free_all(mem);
+ return(NULL);
+ }
+
+ BIO_free_all(mem);
return(res);
}
@@ -2094,19 +2094,19 @@ xmlSecOpenSSLX509NameWrite(X509_NAME* nm) {
mem = BIO_new(BIO_s_mem());
if(mem == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BIO_new",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "BIO_s_mem");
+ NULL,
+ "BIO_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "BIO_s_mem");
return(NULL);
}
if (X509_NAME_print_ex(mem, nm, 0, XN_FLAG_RFC2253) <=0) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "X509_NAME_print_ex",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ NULL,
+ "X509_NAME_print_ex",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
BIO_free_all(mem);
return(NULL);
}
@@ -2116,13 +2116,13 @@ xmlSecOpenSSLX509NameWrite(X509_NAME* nm) {
size = BIO_pending(mem);
res = xmlMalloc(size + 1);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlMalloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- BIO_free_all(mem);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free_all(mem);
+ return(NULL);
}
size = BIO_read(mem, res, size);
@@ -2137,28 +2137,28 @@ xmlSecOpenSSLASN1IntegerWrite(ASN1_INTEGER *asni) {
xmlChar *res = NULL;
BIGNUM *bn;
char *p;
-
+
xmlSecAssert2(asni != NULL, NULL);
bn = ASN1_INTEGER_to_BN(asni, NULL);
if(bn == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "ASN1_INTEGER_to_BN",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "ASN1_INTEGER_to_BN",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
p = BN_bn2dec(bn);
if (p == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BN_bn2dec",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- BN_free(bn);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BN_bn2dec",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BN_free(bn);
+ return(NULL);
}
BN_free(bn);
bn = NULL;
@@ -2169,13 +2169,13 @@ xmlSecOpenSSLASN1IntegerWrite(ASN1_INTEGER *asni) {
*/
res = xmlCharStrdup(p);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlCharStrdup",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- OPENSSL_free(p);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlCharStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ OPENSSL_free(p);
+ return(NULL);
}
OPENSSL_free(p);
p = NULL;
@@ -2193,51 +2193,51 @@ xmlSecOpenSSLX509SKIWrite(X509* cert) {
index = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
if (index < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "Certificate without SubjectKeyIdentifier extension",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "Certificate without SubjectKeyIdentifier extension",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
ext = X509_get_ext(cert, index);
if (ext == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "X509_get_ext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_get_ext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
keyId = X509V3_EXT_d2i(ext);
if (keyId == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "X509V3_EXT_d2i",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- M_ASN1_OCTET_STRING_free(keyId);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509V3_EXT_d2i",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ M_ASN1_OCTET_STRING_free(keyId);
+ return(NULL);
}
res = xmlSecBase64Encode(M_ASN1_STRING_data(keyId), M_ASN1_STRING_length(keyId), 0);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- M_ASN1_OCTET_STRING_free(keyId);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ M_ASN1_OCTET_STRING_free(keyId);
+ return(NULL);
}
M_ASN1_OCTET_STRING_free(keyId);
-
+
return(res);
}
-static void
+static void
xmlSecOpenSSLX509CertDebugDump(X509* cert, FILE* output) {
char buf[1024];
BIGNUM *bn = NULL;
@@ -2245,47 +2245,47 @@ xmlSecOpenSSLX509CertDebugDump(X509* cert, FILE* output) {
xmlSecAssert(cert != NULL);
xmlSecAssert(output != NULL);
- fprintf(output, "==== Subject Name: %s\n",
- X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf)));
- fprintf(output, "==== Issuer Name: %s\n",
- X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf)));
+ fprintf(output, "==== Subject Name: %s\n",
+ X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf)));
+ fprintf(output, "==== Issuer Name: %s\n",
+ X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf)));
fprintf(output, "==== Issuer Serial: ");
bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(cert),NULL);
if(bn != NULL) {
- BN_print_fp(output, bn);
- BN_free(bn);
- fprintf(output, "\n");
+ BN_print_fp(output, bn);
+ BN_free(bn);
+ fprintf(output, "\n");
} else {
- fprintf(output, "unknown\n");
+ fprintf(output, "unknown\n");
}
}
-static void
+static void
xmlSecOpenSSLX509CertDebugXmlDump(X509* cert, FILE* output) {
char buf[1024];
BIGNUM *bn = NULL;
xmlSecAssert(cert != NULL);
xmlSecAssert(output != NULL);
-
+
fprintf(output, "<SubjectName>");
- xmlSecPrintXmlString(output,
- BAD_CAST X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf))
+ xmlSecPrintXmlString(output,
+ BAD_CAST X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf))
);
fprintf(output, "</SubjectName>\n");
-
-
+
+
fprintf(output, "<IssuerName>");
- xmlSecPrintXmlString(output,
- BAD_CAST X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf)));
+ xmlSecPrintXmlString(output,
+ BAD_CAST X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf)));
fprintf(output, "</IssuerName>\n");
fprintf(output, "<SerialNumber>");
bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(cert),NULL);
if(bn != NULL) {
- BN_print_fp(output, bn);
- BN_free(bn);
+ BN_print_fp(output, bn);
+ BN_free(bn);
}
fprintf(output, "</SerialNumber>\n");
}
@@ -2297,11 +2297,11 @@ xmlSecOpenSSLX509CertDebugXmlDump(X509* cert, FILE* output) {
*
*
*************************************************************************/
-static int xmlSecOpenSSLKeyDataRawX509CertBinRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- const xmlSecByte* buf,
- xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLKeyDataRawX509CertBinRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataRawX509CertKlass = {
sizeof(xmlSecKeyDataKlass),
@@ -2309,58 +2309,58 @@ static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataRawX509CertKlass = {
/* data */
xmlSecNameRawX509Cert,
- xmlSecKeyDataUsageRetrievalMethodNodeBin,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefRawX509Cert, /* const xmlChar* href; */
- NULL, /* const xmlChar* dataNodeName; */
- xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
-
+ xmlSecKeyDataUsageRetrievalMethodNodeBin,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefRawX509Cert, /* const xmlChar* href; */
+ NULL, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
/* constructors/destructor */
- NULL, /* xmlSecKeyDataInitializeMethod initialize; */
- NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
- NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
- NULL, /* xmlSecKeyDataGenerateMethod generate; */
+ NULL, /* xmlSecKeyDataInitializeMethod initialize; */
+ NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
/* get info */
- NULL, /* xmlSecKeyDataGetTypeMethod getType; */
- NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ NULL, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
/* read/write */
- NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- xmlSecOpenSSLKeyDataRawX509CertBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
- NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+ NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecOpenSSLKeyDataRawX509CertBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
/* debug */
- NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecOpenSSLKeyDataRawX509CertGetKlass:
- *
+ *
* The raw X509 certificates key data klass.
*
* Returns: raw X509 certificates key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecOpenSSLKeyDataRawX509CertGetKlass(void) {
return(&xmlSecOpenSSLKeyDataRawX509CertKlass);
}
static int
xmlSecOpenSSLKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- const xmlSecByte* buf, xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data;
X509* cert;
int ret;
-
+
xmlSecAssert2(id == xmlSecOpenSSLKeyDataRawX509CertId, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(buf != NULL, -1);
@@ -2369,44 +2369,44 @@ xmlSecOpenSSLKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
cert = xmlSecOpenSSLX509CertDerRead(buf, bufSize);
if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLX509CertDerRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509CertDerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
data = xmlSecKeyEnsureData(key, xmlSecOpenSSLKeyDataX509Id);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyEnsureData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- X509_free(cert);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_free(cert);
+ return(-1);
+ }
+
ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- X509_free(cert);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_free(cert);
+ return(-1);
}
ret = xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecOpenSSLKeyDataX509VerifyAndExtractKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLKeyDataX509VerifyAndExtractKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
diff --git a/src/openssl/x509vfy.c b/src/openssl/x509vfy.c
index 40264c0d..fe51da4e 100644
--- a/src/openssl/x509vfy.c
+++ b/src/openssl/x509vfy.c
@@ -1,4 +1,4 @@
-/**
+/**
* XMLSec library
*
* X509 support
@@ -6,7 +6,7 @@
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -42,17 +42,17 @@
* Internal OpenSSL X509 store CTX
*
*************************************************************************/
-typedef struct _xmlSecOpenSSLX509StoreCtx xmlSecOpenSSLX509StoreCtx,
- *xmlSecOpenSSLX509StoreCtxPtr;
+typedef struct _xmlSecOpenSSLX509StoreCtx xmlSecOpenSSLX509StoreCtx,
+ *xmlSecOpenSSLX509StoreCtxPtr;
struct _xmlSecOpenSSLX509StoreCtx {
- X509_STORE* xst;
- STACK_OF(X509)* untrusted;
+ X509_STORE* xst;
+ STACK_OF(X509)* untrusted;
STACK_OF(X509_CRL)* crls;
-
+
#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097)
- X509_VERIFY_PARAM * vpm;
+ X509_VERIFY_PARAM * vpm;
#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
-};
+};
/****************************************************************************
*
@@ -63,88 +63,88 @@ struct _xmlSecOpenSSLX509StoreCtx {
***************************************************************************/
#define xmlSecOpenSSLX509StoreGetCtx(store) \
((xmlSecOpenSSLX509StoreCtxPtr)(((xmlSecByte*)(store)) + \
- sizeof(xmlSecKeyDataStoreKlass)))
-#define xmlSecOpenSSLX509StoreSize \
+ sizeof(xmlSecKeyDataStoreKlass)))
+#define xmlSecOpenSSLX509StoreSize \
(sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecOpenSSLX509StoreCtx))
-
-static int xmlSecOpenSSLX509StoreInitialize (xmlSecKeyDataStorePtr store);
-static void xmlSecOpenSSLX509StoreFinalize (xmlSecKeyDataStorePtr store);
+
+static int xmlSecOpenSSLX509StoreInitialize (xmlSecKeyDataStorePtr store);
+static void xmlSecOpenSSLX509StoreFinalize (xmlSecKeyDataStorePtr store);
static xmlSecKeyDataStoreKlass xmlSecOpenSSLX509StoreKlass = {
sizeof(xmlSecKeyDataStoreKlass),
xmlSecOpenSSLX509StoreSize,
/* data */
- xmlSecNameX509Store, /* const xmlChar* name; */
-
+ xmlSecNameX509Store, /* const xmlChar* name; */
+
/* constructors/destructor */
- xmlSecOpenSSLX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */
- xmlSecOpenSSLX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */
+ xmlSecOpenSSLX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */
+ xmlSecOpenSSLX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */
/* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
-static int xmlSecOpenSSLX509VerifyCRL (X509_STORE* xst,
- X509_CRL *crl );
-static X509* xmlSecOpenSSLX509FindCert (STACK_OF(X509) *certs,
- xmlChar *subjectName,
- xmlChar *issuerName,
- xmlChar *issuerSerial,
- xmlChar *ski);
-static X509* xmlSecOpenSSLX509FindNextChainCert (STACK_OF(X509) *chain,
- X509 *cert);
-static int xmlSecOpenSSLX509VerifyCertAgainstCrls (STACK_OF(X509_CRL) *crls,
- X509* cert);
-static X509_NAME* xmlSecOpenSSLX509NameRead (xmlSecByte *str,
- int len);
-static int xmlSecOpenSSLX509NameStringRead (xmlSecByte **str,
- int *strLen,
- xmlSecByte *res,
- int resLen,
- xmlSecByte delim,
- int ingoreTrailingSpaces);
-static int xmlSecOpenSSLX509NamesCompare (X509_NAME *a,
- X509_NAME *b);
-static int xmlSecOpenSSLX509_NAME_cmp (const X509_NAME *a,
- const X509_NAME *b);
-static int xmlSecOpenSSLX509_NAME_ENTRY_cmp (const X509_NAME_ENTRY **a,
- const X509_NAME_ENTRY **b);
-
-/**
+static int xmlSecOpenSSLX509VerifyCRL (X509_STORE* xst,
+ X509_CRL *crl );
+static X509* xmlSecOpenSSLX509FindCert (STACK_OF(X509) *certs,
+ xmlChar *subjectName,
+ xmlChar *issuerName,
+ xmlChar *issuerSerial,
+ xmlChar *ski);
+static X509* xmlSecOpenSSLX509FindNextChainCert (STACK_OF(X509) *chain,
+ X509 *cert);
+static int xmlSecOpenSSLX509VerifyCertAgainstCrls (STACK_OF(X509_CRL) *crls,
+ X509* cert);
+static X509_NAME* xmlSecOpenSSLX509NameRead (xmlSecByte *str,
+ int len);
+static int xmlSecOpenSSLX509NameStringRead (xmlSecByte **str,
+ int *strLen,
+ xmlSecByte *res,
+ int resLen,
+ xmlSecByte delim,
+ int ingoreTrailingSpaces);
+static int xmlSecOpenSSLX509NamesCompare (X509_NAME *a,
+ X509_NAME *b);
+static int xmlSecOpenSSLX509_NAME_cmp (const X509_NAME * a,
+ const X509_NAME * b);
+static int xmlSecOpenSSLX509_NAME_ENTRY_cmp (const X509_NAME_ENTRY * const *a,
+ const X509_NAME_ENTRY * const *b);
+
+/**
* xmlSecOpenSSLX509StoreGetKlass:
- *
+ *
* The OpenSSL X509 certificates key data store klass.
*
* Returns: pointer to OpenSSL X509 certificates key data store klass.
*/
-xmlSecKeyDataStoreId
+xmlSecKeyDataStoreId
xmlSecOpenSSLX509StoreGetKlass(void) {
return(&xmlSecOpenSSLX509StoreKlass);
}
/**
* xmlSecOpenSSLX509StoreFindCert:
- * @store: the pointer to X509 key data store klass.
- * @subjectName: the desired certificate name.
- * @issuerName: the desired certificate issuer name.
- * @issuerSerial: the desired certificate issuer serial number.
- * @ski: the desired certificate SKI.
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ * @store: the pointer to X509 key data store klass.
+ * @subjectName: the desired certificate name.
+ * @issuerName: the desired certificate issuer name.
+ * @issuerSerial: the desired certificate issuer serial number.
+ * @ski: the desired certificate SKI.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
*
* Searches @store for a certificate that matches given criteria.
*
* Returns: pointer to found certificate or NULL if certificate is not found
* or an error occurs.
*/
-X509*
+X509*
xmlSecOpenSSLX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName,
- xmlChar *issuerName, xmlChar *issuerSerial,
- xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) {
+ xmlChar *issuerName, xmlChar *issuerSerial,
+ xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) {
xmlSecOpenSSLX509StoreCtxPtr ctx;
X509* res = NULL;
-
+
xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecOpenSSLX509StoreId), NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
@@ -159,24 +159,24 @@ xmlSecOpenSSLX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName
/**
* xmlSecOpenSSLX509StoreVerify:
- * @store: the pointer to X509 key data store klass.
- * @certs: the untrusted certificates stack.
- * @crls: the crls stack.
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ * @store: the pointer to X509 key data store klass.
+ * @certs: the untrusted certificates stack.
+ * @crls: the crls stack.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
*
* Verifies @certs list.
*
* Returns: pointer to the first verified certificate from @certs.
- */
-X509*
+ */
+X509*
xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509* certs,
- XMLSEC_STACK_OF_X509_CRL* crls, xmlSecKeyInfoCtx* keyInfoCtx) {
+ XMLSEC_STACK_OF_X509_CRL* crls, xmlSecKeyInfoCtx* keyInfoCtx) {
xmlSecOpenSSLX509StoreCtxPtr ctx;
STACK_OF(X509)* certs2 = NULL;
STACK_OF(X509_CRL)* crls2 = NULL;
- X509* res = NULL;
- X509* cert;
- X509 *err_cert = NULL;
+ X509 * res = NULL;
+ X509 * cert;
+ X509 * err_cert = NULL;
char buf[256];
int err = 0, depth;
int i;
@@ -189,256 +189,256 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509*
ctx = xmlSecOpenSSLX509StoreGetCtx(store);
xmlSecAssert2(ctx != NULL, NULL);
xmlSecAssert2(ctx->xst != NULL, NULL);
-
+
/* dup certs */
certs2 = sk_X509_dup(certs);
if(certs2 == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "sk_X509_dup",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "sk_X509_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
/* add untrusted certs from the store */
if(ctx->untrusted != NULL) {
- for(i = 0; i < sk_X509_num(ctx->untrusted); ++i) {
- ret = sk_X509_push(certs2, sk_X509_value(ctx->untrusted, i));
- if(ret < 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "sk_X509_push",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- }
+ for(i = 0; i < sk_X509_num(ctx->untrusted); ++i) {
+ ret = sk_X509_push(certs2, sk_X509_value(ctx->untrusted, i));
+ if(ret < 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "sk_X509_push",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
}
-
+
/* dup crls but remove all non-verified */
if(crls != NULL) {
- crls2 = sk_X509_CRL_dup(crls);
- if(crls2 == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "sk_X509_CRL_dup",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- for(i = 0; i < sk_X509_CRL_num(crls2); ) {
- ret = xmlSecOpenSSLX509VerifyCRL(ctx->xst, sk_X509_CRL_value(crls2, i));
- if(ret == 1) {
- ++i;
- } else if(ret == 0) {
- sk_X509_CRL_delete(crls2, i);
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "xmlSecOpenSSLX509VerifyCRL",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- }
+ crls2 = sk_X509_CRL_dup(crls);
+ if(crls2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "sk_X509_CRL_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ for(i = 0; i < sk_X509_CRL_num(crls2); ) {
+ ret = xmlSecOpenSSLX509VerifyCRL(ctx->xst, sk_X509_CRL_value(crls2, i));
+ if(ret == 1) {
+ ++i;
+ } else if(ret == 0) {
+ (void)sk_X509_CRL_delete(crls2, i);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlSecOpenSSLX509VerifyCRL",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
}
-
+
/* remove all revoked certs */
- for(i = 0; i < sk_X509_num(certs2);) {
- cert = sk_X509_value(certs2, i);
-
- if(crls2 != NULL) {
- ret = xmlSecOpenSSLX509VerifyCertAgainstCrls(crls2, cert);
- if(ret == 0) {
- sk_X509_delete(certs2, i);
- continue;
- } else if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "xmlSecOpenSSLX509VerifyCertAgainstCrls",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- }
-
- if(ctx->crls != NULL) {
- ret = xmlSecOpenSSLX509VerifyCertAgainstCrls(ctx->crls, cert);
- if(ret == 0) {
- sk_X509_delete(certs2, i);
- continue;
- } else if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "xmlSecOpenSSLX509VerifyCertAgainstCrls",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- }
- ++i;
- }
+ for(i = 0; i < sk_X509_num(certs2);) {
+ cert = sk_X509_value(certs2, i);
+
+ if(crls2 != NULL) {
+ ret = xmlSecOpenSSLX509VerifyCertAgainstCrls(crls2, cert);
+ if(ret == 0) {
+ (void)sk_X509_delete(certs2, i);
+ continue;
+ } else if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlSecOpenSSLX509VerifyCertAgainstCrls",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+
+ if(ctx->crls != NULL) {
+ ret = xmlSecOpenSSLX509VerifyCertAgainstCrls(ctx->crls, cert);
+ if(ret == 0) {
+ (void)sk_X509_delete(certs2, i);
+ continue;
+ } else if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlSecOpenSSLX509VerifyCertAgainstCrls",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+ ++i;
+ }
/* get one cert after another and try to verify */
- for(i = 0; i < sk_X509_num(certs2); ++i) {
- cert = sk_X509_value(certs2, i);
- if(xmlSecOpenSSLX509FindNextChainCert(certs2, cert) == NULL) {
- X509_STORE_CTX xsc;
+ for(i = 0; i < sk_X509_num(certs2); ++i) {
+ cert = sk_X509_value(certs2, i);
+ if(xmlSecOpenSSLX509FindNextChainCert(certs2, cert) == NULL) {
+ X509_STORE_CTX xsc;
#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097)
- X509_VERIFY_PARAM * vpm = NULL;
- unsigned long vpm_flags = 0;
-
- vpm = X509_VERIFY_PARAM_new();
- if(vpm == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "X509_VERIFY_PARAM_new",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- vpm_flags = vpm->flags;
+ X509_VERIFY_PARAM * vpm = NULL;
+ unsigned long vpm_flags = 0;
+
+ vpm = X509_VERIFY_PARAM_new();
+ if(vpm == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_VERIFY_PARAM_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ vpm_flags = vpm->flags;
/*
- vpm_flags &= (~X509_V_FLAG_X509_STRICT);
+ vpm_flags &= (~X509_V_FLAG_X509_STRICT);
*/
- vpm_flags &= (~X509_V_FLAG_CRL_CHECK);
+ vpm_flags &= (~X509_V_FLAG_CRL_CHECK);
- X509_VERIFY_PARAM_set_depth(vpm, 9);
- X509_VERIFY_PARAM_set_flags(vpm, vpm_flags);
+ X509_VERIFY_PARAM_set_depth(vpm, 9);
+ X509_VERIFY_PARAM_set_flags(vpm, vpm_flags);
#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
-
- X509_STORE_CTX_init (&xsc, ctx->xst, cert, certs2);
- if(keyInfoCtx->certsVerificationTime > 0) {
+ X509_STORE_CTX_init (&xsc, ctx->xst, cert, certs2);
+
+ if(keyInfoCtx->certsVerificationTime > 0) {
#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097)
- vpm_flags |= X509_V_FLAG_USE_CHECK_TIME;
- X509_VERIFY_PARAM_set_time(vpm, keyInfoCtx->certsVerificationTime);
+ vpm_flags |= X509_V_FLAG_USE_CHECK_TIME;
+ X509_VERIFY_PARAM_set_time(vpm, keyInfoCtx->certsVerificationTime);
#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
- X509_STORE_CTX_set_time(&xsc, 0, keyInfoCtx->certsVerificationTime);
- }
+ X509_STORE_CTX_set_time(&xsc, 0, keyInfoCtx->certsVerificationTime);
+ }
#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097)
- X509_STORE_CTX_set0_param(&xsc, vpm);
+ X509_STORE_CTX_set0_param(&xsc, vpm);
#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
-
- ret = X509_verify_cert(&xsc);
- err_cert = X509_STORE_CTX_get_current_cert(&xsc);
- err = X509_STORE_CTX_get_error(&xsc);
- depth = X509_STORE_CTX_get_error_depth(&xsc);
-
- X509_STORE_CTX_cleanup (&xsc);
-
- if(ret == 1) {
- res = cert;
- goto done;
- } else if(ret < 0) {
- const char* err_msg;
-
- buf[0] = '\0';
- X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof buf);
- err_msg = X509_verify_cert_error_string(err);
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "X509_verify_cert",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "subj=%s;err=%d;msg=%s",
- xmlSecErrorsSafeString(buf),
- err,
- xmlSecErrorsSafeString(err_msg));
- goto done;
- } else if(ret == 0) {
- const char* err_msg;
-
- buf[0] = '\0';
- X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof buf);
- err_msg = X509_verify_cert_error_string(err);
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "X509_verify_cert",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "subj=%s;err=%d;msg=%s",
- xmlSecErrorsSafeString(buf),
- err,
- xmlSecErrorsSafeString(err_msg));
- }
- }
+
+ ret = X509_verify_cert(&xsc);
+ err_cert = X509_STORE_CTX_get_current_cert(&xsc);
+ err = X509_STORE_CTX_get_error(&xsc);
+ depth = X509_STORE_CTX_get_error_depth(&xsc);
+
+ X509_STORE_CTX_cleanup (&xsc);
+
+ if(ret == 1) {
+ res = cert;
+ goto done;
+ } else if(ret < 0) {
+ const char* err_msg;
+
+ buf[0] = '\0';
+ X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof buf);
+ err_msg = X509_verify_cert_error_string(err);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_verify_cert",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "subj=%s;err=%d;msg=%s",
+ xmlSecErrorsSafeString(buf),
+ err,
+ xmlSecErrorsSafeString(err_msg));
+ goto done;
+ } else if(ret == 0) {
+ const char* err_msg;
+
+ buf[0] = '\0';
+ X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof buf);
+ err_msg = X509_verify_cert_error_string(err);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_verify_cert",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "subj=%s;err=%d;msg=%s",
+ xmlSecErrorsSafeString(buf),
+ err,
+ xmlSecErrorsSafeString(err_msg));
+ }
+ }
}
/* if we came here then we found nothing. do we have any error? */
if((err != 0) && (err_cert != NULL)) {
- const char* err_msg;
-
- err_msg = X509_verify_cert_error_string(err);
- switch (err) {
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, sizeof buf);
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- NULL,
- XMLSEC_ERRORS_R_CERT_ISSUER_FAILED,
- "err=%d;msg=%s;issuer=%s",
- err,
- xmlSecErrorsSafeString(err_msg),
- xmlSecErrorsSafeString(buf));
- break;
- case X509_V_ERR_CERT_NOT_YET_VALID:
- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_YET_VALID,
- "err=%d;msg=%s", err,
- xmlSecErrorsSafeString(err_msg));
- break;
- case X509_V_ERR_CERT_HAS_EXPIRED:
- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- NULL,
- XMLSEC_ERRORS_R_CERT_HAS_EXPIRED,
- "err=%d;msg=%s", err,
- xmlSecErrorsSafeString(err_msg));
- break;
- default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- NULL,
- XMLSEC_ERRORS_R_CERT_VERIFY_FAILED,
- "err=%d;msg=%s", err,
- xmlSecErrorsSafeString(err_msg));
- }
+ const char* err_msg;
+
+ err_msg = X509_verify_cert_error_string(err);
+ switch (err) {
+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+ X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, sizeof buf);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_ISSUER_FAILED,
+ "err=%d;msg=%s;issuer=%s",
+ err,
+ xmlSecErrorsSafeString(err_msg),
+ xmlSecErrorsSafeString(buf));
+ break;
+ case X509_V_ERR_CERT_NOT_YET_VALID:
+ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_YET_VALID,
+ "err=%d;msg=%s", err,
+ xmlSecErrorsSafeString(err_msg));
+ break;
+ case X509_V_ERR_CERT_HAS_EXPIRED:
+ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_HAS_EXPIRED,
+ "err=%d;msg=%s", err,
+ xmlSecErrorsSafeString(err_msg));
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_VERIFY_FAILED,
+ "err=%d;msg=%s", err,
+ xmlSecErrorsSafeString(err_msg));
+ }
}
-
-done:
+
+done:
if(certs2 != NULL) {
- sk_X509_free(certs2);
+ sk_X509_free(certs2);
}
if(crls2 != NULL) {
- sk_X509_CRL_free(crls2);
+ sk_X509_CRL_free(crls2);
}
return(res);
}
/**
* xmlSecOpenSSLX509StoreAdoptCert:
- * @store: the pointer to X509 key data store klass.
- * @cert: the pointer to OpenSSL X509 certificate.
- * @type: the certificate type (trusted/untrusted).
+ * @store: the pointer to X509 key data store klass.
+ * @cert: the pointer to OpenSSL X509 certificate.
+ * @type: the certificate type (trusted/untrusted).
*
* Adds trusted (root) or untrusted certificate to the store.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecOpenSSLX509StoreAdoptCert(xmlSecKeyDataStorePtr store, X509* cert, xmlSecKeyDataType type) {
xmlSecOpenSSLX509StoreCtxPtr ctx;
int ret;
-
+
xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecOpenSSLX509StoreId), -1);
xmlSecAssert2(cert != NULL, -1);
@@ -460,51 +460,51 @@ xmlSecOpenSSLX509StoreAdoptCert(xmlSecKeyDataStorePtr store, X509* cert, xmlSecK
/* add cert increments the reference */
X509_free(cert);
} else {
- xmlSecAssert2(ctx->untrusted != NULL, -1);
-
- ret = sk_X509_push(ctx->untrusted, cert);
- if(ret < 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "sk_X509_push",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecAssert2(ctx->untrusted != NULL, -1);
+
+ ret = sk_X509_push(ctx->untrusted, cert);
+ if(ret < 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "sk_X509_push",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
return(0);
}
/**
* xmlSecOpenSSLX509StoreAdoptCrl:
- * @store: the pointer to X509 key data store klass.
- * @crl: the pointer to OpenSSL X509_CRL.
+ * @store: the pointer to X509 key data store klass.
+ * @crl: the pointer to OpenSSL X509_CRL.
*
* Adds X509 CRL to the store.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecOpenSSLX509StoreAdoptCrl(xmlSecKeyDataStorePtr store, X509_CRL* crl) {
xmlSecOpenSSLX509StoreCtxPtr ctx;
int ret;
-
+
xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecOpenSSLX509StoreId), -1);
xmlSecAssert2(crl != NULL, -1);
ctx = xmlSecOpenSSLX509StoreGetCtx(store);
xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->crls != NULL, -1);
-
- ret = sk_X509_CRL_push(ctx->crls, crl);
- if(ret < 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "sk_X509_CRL_push",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecAssert2(ctx->crls != NULL, -1);
+
+ ret = sk_X509_CRL_push(ctx->crls, crl);
+ if(ret < 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "sk_X509_CRL_push",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
return (0);
}
@@ -519,7 +519,7 @@ xmlSecOpenSSLX509StoreAdoptCrl(xmlSecKeyDataStorePtr store, X509_CRL* crl) {
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecOpenSSLX509StoreAddCertsPath(xmlSecKeyDataStorePtr store, const char *path) {
xmlSecOpenSSLX509StoreCtxPtr ctx;
X509_LOOKUP *lookup = NULL;
@@ -530,25 +530,25 @@ xmlSecOpenSSLX509StoreAddCertsPath(xmlSecKeyDataStorePtr store, const char *path
ctx = xmlSecOpenSSLX509StoreGetCtx(store);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->xst != NULL, -1);
-
+
lookup = X509_STORE_add_lookup(ctx->xst, X509_LOOKUP_hash_dir());
if(lookup == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "X509_STORE_add_lookup",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_STORE_add_lookup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
if(!X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "X509_LOOKUP_add_dir",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "path='%s'",
- xmlSecErrorsSafeString(path)
- );
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_LOOKUP_add_dir",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "path='%s'",
+ xmlSecErrorsSafeString(path)
+ );
+ return(-1);
}
return(0);
}
@@ -589,9 +589,9 @@ xmlSecOpenSSLX509StoreAddCertsFile(xmlSecKeyDataStorePtr store, const char *file
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
"X509_LOOKUP_load_file",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "file='%s'",
- xmlSecErrorsSafeString(file)
- );
+ "file='%s'",
+ xmlSecErrorsSafeString(file)
+ );
return(-1);
}
return(0);
@@ -601,7 +601,7 @@ static int
xmlSecOpenSSLX509StoreInitialize(xmlSecKeyDataStorePtr store) {
const xmlChar* path;
X509_LOOKUP *lookup = NULL;
-
+
xmlSecOpenSSLX509StoreCtxPtr ctx;
xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecOpenSSLX509StoreId), -1);
@@ -612,96 +612,96 @@ xmlSecOpenSSLX509StoreInitialize(xmlSecKeyDataStorePtr store) {
ctx->xst = X509_STORE_new();
if(ctx->xst == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "X509_STORE_new",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_STORE_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
if(!X509_STORE_set_default_paths(ctx->xst)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "X509_STORE_set_default_paths",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_STORE_set_default_paths",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
-
+
+
lookup = X509_STORE_add_lookup(ctx->xst, X509_LOOKUP_hash_dir());
if(lookup == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "X509_STORE_add_lookup",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_STORE_add_lookup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
- }
+ }
path = xmlSecOpenSSLGetDefaultTrustedCertsFolder();
if(path != NULL) {
- if(!X509_LOOKUP_add_dir(lookup, (char*)path, X509_FILETYPE_PEM)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "X509_LOOKUP_add_dir",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "path='%s'",
- xmlSecErrorsSafeString(path)
- );
- return(-1);
- }
+ if(!X509_LOOKUP_add_dir(lookup, (char*)path, X509_FILETYPE_PEM)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_LOOKUP_add_dir",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "path='%s'",
+ xmlSecErrorsSafeString(path)
+ );
+ return(-1);
+ }
} else {
- if(!X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "X509_LOOKUP_add_dir",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE
- );
- return(-1);
- }
+ if(!X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_LOOKUP_add_dir",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE
+ );
+ return(-1);
+ }
}
ctx->untrusted = sk_X509_new_null();
if(ctx->untrusted == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "sk_X509_new_null",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "sk_X509_new_null",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
ctx->crls = sk_X509_CRL_new_null();
if(ctx->crls == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "sk_X509_CRL_new_null",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "sk_X509_CRL_new_null",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097)
ctx->vpm = X509_VERIFY_PARAM_new();
if(ctx->vpm == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "X509_VERIFY_PARAM_new",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- X509_VERIFY_PARAM_set_depth(ctx->vpm, 9); /* the default cert verification path in openssl */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_VERIFY_PARAM_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ X509_VERIFY_PARAM_set_depth(ctx->vpm, 9); /* the default cert verification path in openssl */
X509_STORE_set1_param(ctx->xst, ctx->vpm);
-
+
#else /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
- ctx->xst->depth = 9; /* the default cert verification path in openssl */
+ ctx->xst->depth = 9; /* the default cert verification path in openssl */
#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
- return(0);
+ return(0);
}
static void
@@ -711,20 +711,20 @@ xmlSecOpenSSLX509StoreFinalize(xmlSecKeyDataStorePtr store) {
ctx = xmlSecOpenSSLX509StoreGetCtx(store);
xmlSecAssert(ctx != NULL);
-
+
if(ctx->xst != NULL) {
- X509_STORE_free(ctx->xst);
+ X509_STORE_free(ctx->xst);
}
if(ctx->untrusted != NULL) {
- sk_X509_pop_free(ctx->untrusted, X509_free);
+ sk_X509_pop_free(ctx->untrusted, X509_free);
}
if(ctx->crls != NULL) {
- sk_X509_CRL_pop_free(ctx->crls, X509_CRL_free);
+ sk_X509_CRL_pop_free(ctx->crls, X509_CRL_free);
}
#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097)
if(ctx->vpm != NULL) {
- X509_VERIFY_PARAM_free(ctx->vpm);
+ X509_VERIFY_PARAM_free(ctx->vpm);
}
#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
@@ -739,179 +739,179 @@ xmlSecOpenSSLX509StoreFinalize(xmlSecKeyDataStorePtr store) {
*****************************************************************************/
static int
xmlSecOpenSSLX509VerifyCRL(X509_STORE* xst, X509_CRL *crl ) {
- X509_STORE_CTX xsc;
+ X509_STORE_CTX xsc;
X509_OBJECT xobj;
EVP_PKEY *pkey;
- int ret;
+ int ret;
xmlSecAssert2(xst != NULL, -1);
xmlSecAssert2(crl != NULL, -1);
-
+
X509_STORE_CTX_init(&xsc, xst, NULL, NULL);
- ret = X509_STORE_get_by_subject(&xsc, X509_LU_X509,
- X509_CRL_get_issuer(crl), &xobj);
+ ret = X509_STORE_get_by_subject(&xsc, X509_LU_X509,
+ X509_CRL_get_issuer(crl), &xobj);
if(ret <= 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "X509_STORE_get_by_subject",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_STORE_get_by_subject",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
pkey = X509_get_pubkey(xobj.data.x509);
X509_OBJECT_free_contents(&xobj);
if(pkey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "X509_get_pubkey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_get_pubkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ret = X509_CRL_verify(crl, pkey);
- EVP_PKEY_free(pkey);
+ EVP_PKEY_free(pkey);
if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "X509_CRL_verify",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_CRL_verify",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
}
- X509_STORE_CTX_cleanup (&xsc);
+ X509_STORE_CTX_cleanup (&xsc);
return((ret == 1) ? 1 : 0);
}
-static X509*
+static X509*
xmlSecOpenSSLX509FindCert(STACK_OF(X509) *certs, xmlChar *subjectName,
- xmlChar *issuerName, xmlChar *issuerSerial,
- xmlChar *ski) {
+ xmlChar *issuerName, xmlChar *issuerSerial,
+ xmlChar *ski) {
X509 *cert = NULL;
int i;
xmlSecAssert2(certs != NULL, NULL);
-
+
/* todo: may be this is not the fastest way to search certs */
if(subjectName != NULL) {
- X509_NAME *nm;
- X509_NAME *subj;
-
- nm = xmlSecOpenSSLX509NameRead(subjectName, xmlStrlen(subjectName));
- if(nm == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLX509NameRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "subject=%s",
- xmlSecErrorsSafeString(subjectName));
- return(NULL);
- }
-
- for(i = 0; i < sk_X509_num(certs); ++i) {
- cert = sk_X509_value(certs, i);
- subj = X509_get_subject_name(cert);
- if(xmlSecOpenSSLX509NamesCompare(nm, subj) == 0) {
- X509_NAME_free(nm);
- return(cert);
- }
- }
- X509_NAME_free(nm);
+ X509_NAME *nm;
+ X509_NAME *subj;
+
+ nm = xmlSecOpenSSLX509NameRead(subjectName, xmlStrlen(subjectName));
+ if(nm == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509NameRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "subject=%s",
+ xmlSecErrorsSafeString(subjectName));
+ return(NULL);
+ }
+
+ for(i = 0; i < sk_X509_num(certs); ++i) {
+ cert = sk_X509_value(certs, i);
+ subj = X509_get_subject_name(cert);
+ if(xmlSecOpenSSLX509NamesCompare(nm, subj) == 0) {
+ X509_NAME_free(nm);
+ return(cert);
+ }
+ }
+ X509_NAME_free(nm);
} else if((issuerName != NULL) && (issuerSerial != NULL)) {
- X509_NAME *nm;
- X509_NAME *issuer;
- BIGNUM *bn;
- ASN1_INTEGER *serial;
-
- nm = xmlSecOpenSSLX509NameRead(issuerName, xmlStrlen(issuerName));
- if(nm == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLX509NameRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "issuer=%s",
- xmlSecErrorsSafeString(issuerName));
- return(NULL);
- }
-
- bn = BN_new();
- if(bn == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BN_new",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- X509_NAME_free(nm);
- return(NULL);
- }
- if(BN_dec2bn(&bn, (char*)issuerSerial) == 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BN_dec2bn",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- BN_free(bn);
- X509_NAME_free(nm);
- return(NULL);
- }
-
- serial = BN_to_ASN1_INTEGER(bn, NULL);
- if(serial == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "BN_to_ASN1_INTEGER",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- BN_free(bn);
- X509_NAME_free(nm);
- return(NULL);
- }
- BN_free(bn);
-
-
- for(i = 0; i < sk_X509_num(certs); ++i) {
- cert = sk_X509_value(certs, i);
- if(ASN1_INTEGER_cmp(X509_get_serialNumber(cert), serial) != 0) {
- continue;
- }
- issuer = X509_get_issuer_name(cert);
- if(xmlSecOpenSSLX509NamesCompare(nm, issuer) == 0) {
- ASN1_INTEGER_free(serial);
- X509_NAME_free(nm);
- return(cert);
- }
- }
+ X509_NAME *nm;
+ X509_NAME *issuer;
+ BIGNUM *bn;
+ ASN1_INTEGER *serial;
+
+ nm = xmlSecOpenSSLX509NameRead(issuerName, xmlStrlen(issuerName));
+ if(nm == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509NameRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "issuer=%s",
+ xmlSecErrorsSafeString(issuerName));
+ return(NULL);
+ }
+
+ bn = BN_new();
+ if(bn == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BN_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_NAME_free(nm);
+ return(NULL);
+ }
+ if(BN_dec2bn(&bn, (char*)issuerSerial) == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BN_dec2bn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BN_free(bn);
+ X509_NAME_free(nm);
+ return(NULL);
+ }
+
+ serial = BN_to_ASN1_INTEGER(bn, NULL);
+ if(serial == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BN_to_ASN1_INTEGER",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BN_free(bn);
+ X509_NAME_free(nm);
+ return(NULL);
+ }
+ BN_free(bn);
+
+
+ for(i = 0; i < sk_X509_num(certs); ++i) {
+ cert = sk_X509_value(certs, i);
+ if(ASN1_INTEGER_cmp(X509_get_serialNumber(cert), serial) != 0) {
+ continue;
+ }
+ issuer = X509_get_issuer_name(cert);
+ if(xmlSecOpenSSLX509NamesCompare(nm, issuer) == 0) {
+ ASN1_INTEGER_free(serial);
+ X509_NAME_free(nm);
+ return(cert);
+ }
+ }
X509_NAME_free(nm);
- ASN1_INTEGER_free(serial);
+ ASN1_INTEGER_free(serial);
} else if(ski != NULL) {
- int len;
- int index;
- X509_EXTENSION *ext;
- ASN1_OCTET_STRING *keyId;
-
- /* our usual trick with base64 decode */
- len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski));
- if(len < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Decode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "ski=%s",
- xmlSecErrorsSafeString(ski));
- return(NULL);
- }
- for(i = 0; i < sk_X509_num(certs); ++i) {
- cert = sk_X509_value(certs, i);
- index = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
- if((index >= 0) && (ext = X509_get_ext(cert, index))) {
- keyId = X509V3_EXT_d2i(ext);
- if((keyId != NULL) && (keyId->length == len) &&
- (memcmp(keyId->data, ski, len) == 0)) {
- M_ASN1_OCTET_STRING_free(keyId);
- return(cert);
- }
- M_ASN1_OCTET_STRING_free(keyId);
- }
- }
+ int len;
+ int index;
+ X509_EXTENSION *ext;
+ ASN1_OCTET_STRING *keyId;
+
+ /* our usual trick with base64 decode */
+ len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski));
+ if(len < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ski=%s",
+ xmlSecErrorsSafeString(ski));
+ return(NULL);
+ }
+ for(i = 0; i < sk_X509_num(certs); ++i) {
+ cert = sk_X509_value(certs, i);
+ index = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
+ if((index >= 0) && (ext = X509_get_ext(cert, index))) {
+ keyId = X509V3_EXT_d2i(ext);
+ if((keyId != NULL) && (keyId->length == len) &&
+ (memcmp(keyId->data, ski, len) == 0)) {
+ M_ASN1_OCTET_STRING_free(keyId);
+ return(cert);
+ }
+ M_ASN1_OCTET_STRING_free(keyId);
+ }
+ }
}
return(NULL);
@@ -924,14 +924,14 @@ xmlSecOpenSSLX509FindNextChainCert(STACK_OF(X509) *chain, X509 *cert) {
xmlSecAssert2(chain != NULL, NULL);
xmlSecAssert2(cert != NULL, NULL);
-
+
certSubjHash = X509_subject_name_hash(cert);
for(i = 0; i < sk_X509_num(chain); ++i) {
- if((sk_X509_value(chain, i) != cert) &&
- (X509_issuer_name_hash(sk_X509_value(chain, i)) == certSubjHash)) {
+ if((sk_X509_value(chain, i) != cert) &&
+ (X509_issuer_name_hash(sk_X509_value(chain, i)) == certSubjHash)) {
- return(sk_X509_value(chain, i));
- }
+ return(sk_X509_value(chain, i));
+ }
}
return(NULL);
}
@@ -942,57 +942,57 @@ xmlSecOpenSSLX509VerifyCertAgainstCrls(STACK_OF(X509_CRL) *crls, X509* cert) {
X509_CRL *crl = NULL;
X509_REVOKED *revoked;
int i, n;
- int ret;
+ int ret;
xmlSecAssert2(crls != NULL, -1);
xmlSecAssert2(cert != NULL, -1);
-
+
/*
* Try to retrieve a CRL corresponding to the issuer of
- * the current certificate
- */
+ * the current certificate
+ */
n = sk_X509_CRL_num(crls);
for(i = 0; i < n; i++) {
- crl = sk_X509_CRL_value(crls, i);
- if(crl == NULL) {
- continue;
- }
-
- issuer = X509_CRL_get_issuer(crl);
- if(xmlSecOpenSSLX509NamesCompare(X509_CRL_get_issuer(crl), issuer) == 0) {
- break;
- }
+ crl = sk_X509_CRL_value(crls, i);
+ if(crl == NULL) {
+ continue;
+ }
+
+ issuer = X509_CRL_get_issuer(crl);
+ if(xmlSecOpenSSLX509NamesCompare(X509_CRL_get_issuer(crl), issuer) == 0) {
+ break;
+ }
}
if((i >= n) || (crl == NULL)){
- /* no crls for this issuer */
- return(1);
+ /* no crls for this issuer */
+ return(1);
}
- /*
- * Check date of CRL to make sure it's not expired
+ /*
+ * Check date of CRL to make sure it's not expired
*/
ret = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
if (ret == 0) {
- /* crl expired */
- return(1);
+ /* crl expired */
+ return(1);
}
-
- /*
+
+ /*
* Check if the current certificate is revoked by this CRL
*/
n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
for (i = 0; i < n; i++) {
revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
if (ASN1_INTEGER_cmp(revoked->serialNumber, X509_get_serialNumber(cert)) == 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_CERT_REVOKED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_CERT_REVOKED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
}
}
- return(1);
+ return(1);
}
static X509_NAME *
@@ -1004,167 +1004,167 @@ xmlSecOpenSSLX509NameRead(xmlSecByte *str, int len) {
int type = MBSTRING_ASC;
xmlSecAssert2(str != NULL, NULL);
-
+
nm = X509_NAME_new();
if(nm == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "X509_NAME_new",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_NAME_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
-
+
while(len > 0) {
- /* skip spaces after comma or semicolon */
- while((len > 0) && isspace(*str)) {
- ++str; --len;
- }
-
- nameLen = xmlSecOpenSSLX509NameStringRead(&str, &len, name, sizeof(name), '=', 0);
- if(nameLen < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLX509NameStringRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- X509_NAME_free(nm);
- return(NULL);
- }
- name[nameLen] = '\0';
- if(len > 0) {
- ++str; --len;
- if((*str) == '\"') {
- ++str; --len;
- valueLen = xmlSecOpenSSLX509NameStringRead(&str, &len,
- value, sizeof(value), '"', 1);
- if(valueLen < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLX509NameStringRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- X509_NAME_free(nm);
- return(NULL);
- }
-
- /* skip quote */
- if((len <= 0) || ((*str) != '\"')) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "quote is expected:%s",
- xmlSecErrorsSafeString(str));
- X509_NAME_free(nm);
- return(NULL);
- }
+ /* skip spaces after comma or semicolon */
+ while((len > 0) && isspace(*str)) {
+ ++str; --len;
+ }
+
+ nameLen = xmlSecOpenSSLX509NameStringRead(&str, &len, name, sizeof(name), '=', 0);
+ if(nameLen < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509NameStringRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_NAME_free(nm);
+ return(NULL);
+ }
+ name[nameLen] = '\0';
+ if(len > 0) {
+ ++str; --len;
+ if((*str) == '\"') {
+ ++str; --len;
+ valueLen = xmlSecOpenSSLX509NameStringRead(&str, &len,
+ value, sizeof(value), '"', 1);
+ if(valueLen < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509NameStringRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_NAME_free(nm);
+ return(NULL);
+ }
+
+ /* skip quote */
+ if((len <= 0) || ((*str) != '\"')) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "quote is expected:%s",
+ xmlSecErrorsSafeString(str));
+ X509_NAME_free(nm);
+ return(NULL);
+ }
++str; --len;
- /* skip spaces before comma or semicolon */
- while((len > 0) && isspace(*str)) {
- ++str; --len;
- }
- if((len > 0) && ((*str) != ',')) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "comma is expected:%s",
- xmlSecErrorsSafeString(str));
- X509_NAME_free(nm);
- return(NULL);
- }
- if(len > 0) {
- ++str; --len;
- }
- type = MBSTRING_ASC;
- } else if((*str) == '#') {
- /* TODO: read octect values */
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "reading octect values is not implemented yet");
- X509_NAME_free(nm);
- return(NULL);
- } else {
- valueLen = xmlSecOpenSSLX509NameStringRead(&str, &len,
- value, sizeof(value), ',', 1);
- if(valueLen < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecOpenSSLX509NameStringRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- X509_NAME_free(nm);
- return(NULL);
- }
- type = MBSTRING_ASC;
- }
- } else {
- valueLen = 0;
- }
- value[valueLen] = '\0';
- if(len > 0) {
- ++str; --len;
- }
- X509_NAME_add_entry_by_txt(nm, (char*)name, type, value, valueLen, -1, 0);
+ /* skip spaces before comma or semicolon */
+ while((len > 0) && isspace(*str)) {
+ ++str; --len;
+ }
+ if((len > 0) && ((*str) != ',')) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "comma is expected:%s",
+ xmlSecErrorsSafeString(str));
+ X509_NAME_free(nm);
+ return(NULL);
+ }
+ if(len > 0) {
+ ++str; --len;
+ }
+ type = MBSTRING_ASC;
+ } else if((*str) == '#') {
+ /* TODO: read octect values */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "reading octect values is not implemented yet");
+ X509_NAME_free(nm);
+ return(NULL);
+ } else {
+ valueLen = xmlSecOpenSSLX509NameStringRead(&str, &len,
+ value, sizeof(value), ',', 1);
+ if(valueLen < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509NameStringRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_NAME_free(nm);
+ return(NULL);
+ }
+ type = MBSTRING_ASC;
+ }
+ } else {
+ valueLen = 0;
+ }
+ value[valueLen] = '\0';
+ if(len > 0) {
+ ++str; --len;
+ }
+ X509_NAME_add_entry_by_txt(nm, (char*)name, type, value, valueLen, -1, 0);
}
-
+
return(nm);
}
-static int
-xmlSecOpenSSLX509NameStringRead(xmlSecByte **str, int *strLen,
- xmlSecByte *res, int resLen,
- xmlSecByte delim, int ingoreTrailingSpaces) {
- xmlSecByte *p, *q, *nonSpace;
+static int
+xmlSecOpenSSLX509NameStringRead(xmlSecByte **str, int *strLen,
+ xmlSecByte *res, int resLen,
+ xmlSecByte delim, int ingoreTrailingSpaces) {
+ xmlSecByte *p, *q, *nonSpace;
xmlSecAssert2(str != NULL, -1);
xmlSecAssert2(strLen != NULL, -1);
xmlSecAssert2(res != NULL, -1);
-
+
p = (*str);
nonSpace = q = res;
- while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) {
- if((*p) != '\\') {
- if(ingoreTrailingSpaces && !isspace(*p)) nonSpace = q;
- *(q++) = *(p++);
- } else {
- ++p;
- nonSpace = q;
- if(xmlSecIsHex((*p))) {
- if((p - (*str) + 1) >= (*strLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "two hex digits expected");
- return(-1);
- }
- *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]);
- p += 2;
- } else {
- if(((++p) - (*str)) >= (*strLen)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "escaped symbol missed");
- return(-1);
- }
- *(q++) = *(p++);
- }
- }
+ while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) {
+ if((*p) != '\\') {
+ if(ingoreTrailingSpaces && !isspace(*p)) nonSpace = q;
+ *(q++) = *(p++);
+ } else {
+ ++p;
+ nonSpace = q;
+ if(xmlSecIsHex((*p))) {
+ if((p - (*str) + 1) >= (*strLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "two hex digits expected");
+ return(-1);
+ }
+ *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]);
+ p += 2;
+ } else {
+ if(((++p) - (*str)) >= (*strLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "escaped symbol missed");
+ return(-1);
+ }
+ *(q++) = *(p++);
+ }
+ }
}
if(((p - (*str)) < (*strLen)) && ((*p) != delim)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "buffer is too small");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "buffer is too small");
+ return(-1);
}
(*strLen) -= (p - (*str));
(*str) = p;
@@ -1172,106 +1172,106 @@ xmlSecOpenSSLX509NameStringRead(xmlSecByte **str, int *strLen,
}
static
-int xmlSecOpenSSLX509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) {
+int xmlSecOpenSSLX509_NAME_cmp(const X509_NAME * a, const X509_NAME * b) {
int i,ret;
const X509_NAME_ENTRY *na,*nb;
xmlSecAssert2(a != NULL, -1);
xmlSecAssert2(b != NULL, 1);
-
+
if (sk_X509_NAME_ENTRY_num(a->entries) != sk_X509_NAME_ENTRY_num(b->entries)) {
- return sk_X509_NAME_ENTRY_num(a->entries) - sk_X509_NAME_ENTRY_num(b->entries);
+ return sk_X509_NAME_ENTRY_num(a->entries) - sk_X509_NAME_ENTRY_num(b->entries);
}
-
+
for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) {
- na=sk_X509_NAME_ENTRY_value(a->entries,i);
- nb=sk_X509_NAME_ENTRY_value(b->entries,i);
-
- ret = xmlSecOpenSSLX509_NAME_ENTRY_cmp(&na, &nb);
- if(ret != 0) {
- return(ret);
- }
- }
+ na=sk_X509_NAME_ENTRY_value(a->entries,i);
+ nb=sk_X509_NAME_ENTRY_value(b->entries,i);
+
+ ret = xmlSecOpenSSLX509_NAME_ENTRY_cmp(&na, &nb);
+ if(ret != 0) {
+ return(ret);
+ }
+ }
return(0);
}
-/**
+/**
* xmlSecOpenSSLX509NamesCompare:
*
* We have to sort X509_NAME entries to get correct results.
* This is ugly but OpenSSL does not support it
*/
-static int
+static int
xmlSecOpenSSLX509NamesCompare(X509_NAME *a, X509_NAME *b) {
X509_NAME *a1 = NULL;
X509_NAME *b1 = NULL;
int ret;
-
- xmlSecAssert2(a != NULL, -1);
- xmlSecAssert2(b != NULL, 1);
-
+
+ xmlSecAssert2(a != NULL, -1);
+ xmlSecAssert2(b != NULL, 1);
+
a1 = X509_NAME_dup(a);
if(a1 == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "X509_NAME_dup",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_NAME_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
b1 = X509_NAME_dup(b);
if(b1 == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "X509_NAME_dup",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_NAME_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(1);
}
-
+
/* sort both */
- sk_X509_NAME_ENTRY_set_cmp_func(a1->entries, xmlSecOpenSSLX509_NAME_ENTRY_cmp);
+ (void)sk_X509_NAME_ENTRY_set_cmp_func(a1->entries, xmlSecOpenSSLX509_NAME_ENTRY_cmp);
sk_X509_NAME_ENTRY_sort(a1->entries);
- sk_X509_NAME_ENTRY_set_cmp_func(b1->entries, xmlSecOpenSSLX509_NAME_ENTRY_cmp);
+ (void)sk_X509_NAME_ENTRY_set_cmp_func(b1->entries, xmlSecOpenSSLX509_NAME_ENTRY_cmp);
sk_X509_NAME_ENTRY_sort(b1->entries);
/* actually compare */
ret = xmlSecOpenSSLX509_NAME_cmp(a1, b1);
-
+
/* cleanup */
X509_NAME_free(a1);
X509_NAME_free(b1);
return(ret);
}
-static int
-xmlSecOpenSSLX509_NAME_ENTRY_cmp(const X509_NAME_ENTRY **a, const X509_NAME_ENTRY **b) {
+static int
+xmlSecOpenSSLX509_NAME_ENTRY_cmp(const X509_NAME_ENTRY * const *a, const X509_NAME_ENTRY * const *b) {
int ret;
-
+
xmlSecAssert2(a != NULL, -1);
xmlSecAssert2(b != NULL, 1);
xmlSecAssert2((*a) != NULL, -1);
xmlSecAssert2((*b) != NULL, 1);
- /* first compare values */
+ /* first compare values */
if(((*a)->value == NULL) && ((*b)->value != NULL)) {
- return(-1);
+ return(-1);
} else if(((*a)->value != NULL) && ((*b)->value == NULL)) {
- return(1);
+ return(1);
} else if(((*a)->value == NULL) && ((*b)->value == NULL)) {
- return(0);
- }
-
+ return(0);
+ }
+
ret = (*a)->value->length - (*b)->value->length;
if(ret != 0) {
- return(ret);
+ return(ret);
}
-
+
ret = memcmp((*a)->value->data, (*b)->value->data, (*a)->value->length);
if(ret != 0) {
- return(ret);
+ return(ret);
}
/* next compare names */
diff --git a/src/parser.c b/src/parser.c
index 74c15229..9bb50905 100644
--- a/src/parser.c
+++ b/src/parser.c
@@ -1,11 +1,11 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* XML Parser transform and utility functions.
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -29,62 +29,62 @@
* Internal parser
*
*****************************************************************************/
-typedef struct _xmlSecParserCtx xmlSecParserCtx,
- *xmlSecParserCtxPtr;
+typedef struct _xmlSecParserCtx xmlSecParserCtx,
+ *xmlSecParserCtxPtr;
struct _xmlSecParserCtx {
- xmlParserCtxtPtr parserCtx;
-};
+ xmlParserCtxtPtr parserCtx;
+};
/**************************************************************************
*
- * XML Parser transform
+ * XML Parser transform
*
* xmlSecParserCtx is located after xmlSecTransform
- *
+ *
***************************************************************************/
-#define xmlSecParserSize \
- (sizeof(xmlSecTransform) + sizeof(xmlSecParserCtx))
+#define xmlSecParserSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecParserCtx))
#define xmlSecParserGetCtx(transform) \
((xmlSecTransformCheckSize((transform), xmlSecParserSize)) ? \
- ((xmlSecParserCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) : \
- (xmlSecParserCtxPtr)NULL)
-
-static int xmlSecParserInitialize (xmlSecTransformPtr transform);
-static void xmlSecParserFinalize (xmlSecTransformPtr transform);
-static int xmlSecParserPushBin (xmlSecTransformPtr transform,
- const xmlSecByte* data,
- xmlSecSize dataSize,
- int final,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecParserPopXml (xmlSecTransformPtr transform,
- xmlSecNodeSetPtr* nodes,
- xmlSecTransformCtxPtr transformCtx);
+ ((xmlSecParserCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) : \
+ (xmlSecParserCtxPtr)NULL)
+
+static int xmlSecParserInitialize (xmlSecTransformPtr transform);
+static void xmlSecParserFinalize (xmlSecTransformPtr transform);
+static int xmlSecParserPushBin (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ int final,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecParserPopXml (xmlSecTransformPtr transform,
+ xmlSecNodeSetPtr* nodes,
+ xmlSecTransformCtxPtr transformCtx);
static xmlSecTransformKlass xmlSecParserKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecParserSize, /* xmlSecSize objSize */
-
- BAD_CAST "xml-parser", /* const xmlChar* name; */
- NULL, /* const xmlChar* href; */
- xmlSecTransformUsageDSigTransform, /* xmlSecTransformUsage usage; */
-
- xmlSecParserInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecParserFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecParserPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- NULL, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- xmlSecParserPopXml, /* xmlSecTransformPopXmlMethod popXml; */
- NULL, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecParserSize, /* xmlSecSize objSize */
+
+ BAD_CAST "xml-parser", /* const xmlChar* name; */
+ NULL, /* const xmlChar* href; */
+ xmlSecTransformUsageDSigTransform, /* xmlSecTransformUsage usage; */
+
+ xmlSecParserInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecParserFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecParserPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ NULL, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ xmlSecParserPopXml, /* xmlSecTransformPopXmlMethod popXml; */
+ NULL, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
@@ -94,21 +94,21 @@ static xmlSecTransformKlass xmlSecParserKlass = {
*
* Returns: XML parser transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformXmlParserGetKlass(void) {
return(&xmlSecParserKlass);
}
-static int
-xmlSecParserInitialize(xmlSecTransformPtr transform) {
+static int
+xmlSecParserInitialize(xmlSecTransformPtr transform) {
xmlSecParserCtxPtr ctx;
-
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXmlParserId), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecParserSize), -1);
ctx = xmlSecParserGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
-
+
/* initialize context */
memset(ctx, 0, sizeof(xmlSecParserCtx));
return(0);
@@ -123,19 +123,19 @@ xmlSecParserFinalize(xmlSecTransformPtr transform) {
ctx = xmlSecParserGetCtx(transform);
xmlSecAssert(ctx != NULL);
-
+
if(ctx->parserCtx != NULL) {
- xmlFreeParserCtxt(ctx->parserCtx);
+ xmlFreeParserCtxt(ctx->parserCtx);
}
memset(ctx, 0, sizeof(xmlSecParserCtx));
}
-static int
+static int
xmlSecParserPushBin(xmlSecTransformPtr transform, const xmlSecByte* data,
- xmlSecSize dataSize, int final, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize dataSize, int final, xmlSecTransformCtxPtr transformCtx) {
xmlSecParserCtxPtr ctx;
int ret;
-
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXmlParserId), -1);
xmlSecAssert2(transformCtx != NULL, -1);
@@ -144,108 +144,108 @@ xmlSecParserPushBin(xmlSecTransformPtr transform, const xmlSecByte* data,
/* check/update current transform status */
if(transform->status == xmlSecTransformStatusNone) {
- xmlSecAssert2(ctx->parserCtx == NULL, -1);
-
- ctx->parserCtx = xmlCreatePushParserCtxt(NULL, NULL, NULL, 0, NULL);
- if(ctx->parserCtx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlCreatePushParserCtxt",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecAssert2(ctx->parserCtx == NULL, -1);
+
+ ctx->parserCtx = xmlCreatePushParserCtxt(NULL, NULL, NULL, 0, NULL);
+ if(ctx->parserCtx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlCreatePushParserCtxt",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
/* required for c14n! */
- ctx->parserCtx->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
- ctx->parserCtx->replaceEntities = 1;
+ ctx->parserCtx->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ ctx->parserCtx->replaceEntities = 1;
- transform->status = xmlSecTransformStatusWorking;
+ transform->status = xmlSecTransformStatusWorking;
} else if(transform->status == xmlSecTransformStatusFinished) {
- return(0);
+ return(0);
} else if(transform->status != xmlSecTransformStatusWorking) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
xmlSecAssert2(transform->status == xmlSecTransformStatusWorking, -1);
xmlSecAssert2(ctx->parserCtx != NULL, -1);
-
+
/* push data to the input buffer */
if((data != NULL) && (dataSize > 0)) {
- ret = xmlParseChunk(ctx->parserCtx, (const char*)data, dataSize, 0);
- if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlParseChunk",
- XMLSEC_ERRORS_R_XML_FAILED,
- "size=%d", dataSize);
- return(-1);
- }
- }
-
+ ret = xmlParseChunk(ctx->parserCtx, (const char*)data, dataSize, 0);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlParseChunk",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "size=%d", dataSize);
+ return(-1);
+ }
+ }
+
/* finish parsing and push to next in the chain */
if(final != 0) {
- ret = xmlParseChunk(ctx->parserCtx, NULL, 0, 1);
- if((ret != 0) || (ctx->parserCtx->myDoc == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlParseChunk",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* todo: check that document is well formed? */
- transform->outNodes = xmlSecNodeSetCreate(ctx->parserCtx->myDoc,
- NULL, xmlSecNodeSetTree);
- if(transform->outNodes == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecNodeSetCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFreeDoc(ctx->parserCtx->myDoc);
- ctx->parserCtx->myDoc = NULL;
- return(-1);
- }
- xmlSecNodeSetDocDestroy(transform->outNodes); /* this node set "owns" the doc pointer */
- ctx->parserCtx->myDoc = NULL;
-
- /* push result to the next transform (if exist) */
- if(transform->next != NULL) {
- ret = xmlSecTransformPushXml(transform->next, transform->outNodes, transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecTransformPushXml",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
- transform->status = xmlSecTransformStatusFinished;
+ ret = xmlParseChunk(ctx->parserCtx, NULL, 0, 1);
+ if((ret != 0) || (ctx->parserCtx->myDoc == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlParseChunk",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* todo: check that document is well formed? */
+ transform->outNodes = xmlSecNodeSetCreate(ctx->parserCtx->myDoc,
+ NULL, xmlSecNodeSetTree);
+ if(transform->outNodes == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNodeSetCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(ctx->parserCtx->myDoc);
+ ctx->parserCtx->myDoc = NULL;
+ return(-1);
+ }
+ xmlSecNodeSetDocDestroy(transform->outNodes); /* this node set "owns" the doc pointer */
+ ctx->parserCtx->myDoc = NULL;
+
+ /* push result to the next transform (if exist) */
+ if(transform->next != NULL) {
+ ret = xmlSecTransformPushXml(transform->next, transform->outNodes, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformPushXml",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
}
return(0);
}
-static int
+static int
xmlSecParserPopXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr* nodes,
- xmlSecTransformCtxPtr transformCtx) {
+ xmlSecTransformCtxPtr transformCtx) {
xmlSecParserCtxPtr ctx;
xmlParserInputBufferPtr buf;
xmlParserInputPtr input;
xmlParserCtxtPtr ctxt;
xmlDocPtr doc;
int ret;
-
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXmlParserId), -1);
- xmlSecAssert2(nodes != NULL, -1);
+ xmlSecAssert2(nodes != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecParserGetCtx(transform);
@@ -254,115 +254,115 @@ xmlSecParserPopXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr* nodes,
/* check/update current transform status */
switch(transform->status) {
case xmlSecTransformStatusNone:
- transform->status = xmlSecTransformStatusWorking;
- break;
+ transform->status = xmlSecTransformStatusWorking;
+ break;
case xmlSecTransformStatusWorking:
- /* just do nothing */
- break;
+ /* just do nothing */
+ break;
case xmlSecTransformStatusFinished:
- (*nodes) = NULL;
- return(0);
+ (*nodes) = NULL;
+ return(0);
default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
xmlSecAssert2(transform->status == xmlSecTransformStatusWorking, -1);
-
+
/* prepare parser context */
if(transform->prev == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- "prev transform is null");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ "prev transform is null");
+ return(-1);
}
-
+
buf = xmlSecTransformCreateInputBuffer(transform->prev, transformCtx);
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecTransformCreateInputBuffer",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformCreateInputBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
ctxt = xmlNewParserCtxt();
if (ctxt == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlNewParserCtxt",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFreeParserInputBuffer(buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlNewParserCtxt",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeParserInputBuffer(buf);
+ return(-1);
}
-
+
input = xmlNewIOInputStream(ctxt, buf, XML_CHAR_ENCODING_NONE);
if(input == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlNewParserCtxt",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFreeParserCtxt(ctxt);
- xmlFreeParserInputBuffer(buf);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlNewParserCtxt",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeParserCtxt(ctxt);
+ xmlFreeParserInputBuffer(buf);
+ return(-1);
}
-
+
ret = inputPush(ctxt, input);
if(input == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "inputPush",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFreeInputStream(input);
- xmlFreeParserCtxt(ctxt);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "inputPush",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeInputStream(input);
+ xmlFreeParserCtxt(ctxt);
+ return(-1);
}
/* required for c14n! */
- ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
ctxt->replaceEntities = 1;
/* finaly do the parsing */
ret = xmlParseDocument(ctxt);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlParseDocument",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- if(ctxt->myDoc != NULL) {
- xmlFreeDoc(ctxt->myDoc);
- ctxt->myDoc = NULL;
- }
- xmlFreeParserCtxt(ctxt);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlParseDocument",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ if(ctxt->myDoc != NULL) {
+ xmlFreeDoc(ctxt->myDoc);
+ ctxt->myDoc = NULL;
+ }
+ xmlFreeParserCtxt(ctxt);
+ return(-1);
}
-
+
/* remember the result and free parsing context */
doc = ctxt->myDoc;
ctxt->myDoc = NULL;
- xmlFreeParserCtxt(ctxt);
+ xmlFreeParserCtxt(ctxt);
/* return result to the caller */
(*nodes) = xmlSecNodeSetCreate(doc, NULL, xmlSecNodeSetTree);
if((*nodes) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecNodeSetCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFreeDoc(doc);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNodeSetCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
xmlSecNodeSetDocDestroy((*nodes)); /* this node set "owns" the doc pointer */
transform->status = xmlSecTransformStatusFinished;
return(0);
@@ -374,19 +374,19 @@ xmlSecParserPopXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr* nodes,
*
*************************************************************************/
typedef struct _xmlSecExtMemoryParserCtx {
- const xmlSecByte *prefix;
- xmlSecSize prefixSize;
- const xmlSecByte *buffer;
- xmlSecSize bufferSize;
- const xmlSecByte *postfix;
- xmlSecSize postfixSize;
+ const xmlSecByte *prefix;
+ xmlSecSize prefixSize;
+ const xmlSecByte *buffer;
+ xmlSecSize bufferSize;
+ const xmlSecByte *postfix;
+ xmlSecSize postfixSize;
} xmlSecExtMemoryParserCtx, *xmlSecExtMemoryParserCtxPtr;
-/**
+/**
* xmlSecParseFile:
- * @filename: the filename.
+ * @filename: the filename.
*
- * Loads XML Doc from file @filename. We need a special version because of
+ * Loads XML Doc from file @filename. We need a special version because of
* c14n issue. The code is copied from xmlSAXParseFileWithData() function.
*
* Returns: pointer to the loaded XML document or NULL if an error occurs.
@@ -396,129 +396,132 @@ xmlSecParseFile(const char *filename) {
xmlDocPtr ret;
xmlParserCtxtPtr ctxt;
char *directory = NULL;
-
+
xmlSecAssert2(filename != NULL, NULL);
xmlInitParser();
ctxt = xmlCreateFileParserCtxt(filename);
if (ctxt == NULL) {
- return(NULL);
+ return(NULL);
}
- /* todo: set directories from current doc? */
+ /* enable parsing of XML documents with large text nodes */
+ /* crashes on x64 xmlCtxtUseOptions (ctxt, XML_PARSE_HUGE); */
+
+ /* todo: set directories from current doc? */
if ((ctxt->directory == NULL) && (directory == NULL))
directory = xmlParserGetDirectory(filename);
if ((ctxt->directory == NULL) && (directory != NULL))
ctxt->directory = (char *) xmlStrdup((xmlChar *) directory);
/* required for c14n! */
- ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
ctxt->replaceEntities = 1;
-
+
xmlParseDocument(ctxt);
- if(ctxt->wellFormed) {
- ret = ctxt->myDoc;
+ if(ctxt->wellFormed) {
+ ret = ctxt->myDoc;
} else {
ret = NULL;
xmlFreeDoc(ctxt->myDoc);
ctxt->myDoc = NULL;
}
- xmlFreeParserCtxt(ctxt);
+ xmlFreeParserCtxt(ctxt);
return(ret);
-
+
}
/**
* xmlSecParseMemoryExt:
- * @prefix: the first part of the input.
- * @prefixSize: the size of the first part of the input.
- * @buffer: the second part of the input.
- * @bufferSize: the size of the second part of the input.
- * @postfix: the third part of the input.
- * @postfixSize: the size of the third part of the input.
+ * @prefix: the first part of the input.
+ * @prefixSize: the size of the first part of the input.
+ * @buffer: the second part of the input.
+ * @bufferSize: the size of the second part of the input.
+ * @postfix: the third part of the input.
+ * @postfixSize: the size of the third part of the input.
*
- * Loads XML Doc from 3 chunks of memory: @prefix, @buffer and @postfix.
+ * Loads XML Doc from 3 chunks of memory: @prefix, @buffer and @postfix.
*
* Returns: pointer to the loaded XML document or NULL if an error occurs.
*/
xmlDocPtr
xmlSecParseMemoryExt(const xmlSecByte *prefix, xmlSecSize prefixSize,
- const xmlSecByte *buffer, xmlSecSize bufferSize,
- const xmlSecByte *postfix, xmlSecSize postfixSize) {
+ const xmlSecByte *buffer, xmlSecSize bufferSize,
+ const xmlSecByte *postfix, xmlSecSize postfixSize) {
xmlParserCtxtPtr ctxt = NULL;
xmlDocPtr doc = NULL;
int ret;
-
+
/* create context */
ctxt = xmlCreatePushParserCtxt(NULL, NULL, NULL, 0, NULL);
if(ctxt == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlCreatePushParserCtxt",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlCreatePushParserCtxt",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
/* required for c14n! */
- ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
ctxt->replaceEntities = 1;
/* prefix */
if((prefix != NULL) && (prefixSize > 0)) {
ret = xmlParseChunk(ctxt, (const char*)prefix, prefixSize, 0);
- if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlParseChunk",
- XMLSEC_ERRORS_R_XML_FAILED,
- "prefixSize=%d", prefixSize);
- goto done;
- }
- }
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlParseChunk",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "prefixSize=%d", prefixSize);
+ goto done;
+ }
+ }
/* buffer */
if((buffer != NULL) && (bufferSize > 0)) {
ret = xmlParseChunk(ctxt, (const char*)buffer, bufferSize, 0);
- if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlParseChunk",
- XMLSEC_ERRORS_R_XML_FAILED,
- "bufferSize=%d", bufferSize);
- goto done;
- }
- }
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlParseChunk",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "bufferSize=%d", bufferSize);
+ goto done;
+ }
+ }
/* postfix */
if((postfix != NULL) && (postfixSize > 0)) {
ret = xmlParseChunk(ctxt, (const char*)postfix, postfixSize, 0);
- if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlParseChunk",
- XMLSEC_ERRORS_R_XML_FAILED,
- "postfixSize=%d", postfixSize);
- goto done;
- }
- }
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlParseChunk",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "postfixSize=%d", postfixSize);
+ goto done;
+ }
+ }
/* finishing */
ret = xmlParseChunk(ctxt, NULL, 0, 1);
if((ret != 0) || (ctxt->myDoc == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlParseChunk",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlParseChunk",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
doc = ctxt->myDoc;
done:
if(ctxt != NULL) {
- xmlFreeParserCtxt(ctxt);
+ xmlFreeParserCtxt(ctxt);
}
return(doc);
}
@@ -526,11 +529,11 @@ done:
/**
* xmlSecParseMemory:
- * @buffer: the input buffer.
- * @size: the input buffer size.
- * @recovery: the flag.
+ * @buffer: the input buffer.
+ * @size: the input buffer size.
+ * @recovery: the flag.
*
- * Loads XML Doc from memory. We need a special version because of
+ * Loads XML Doc from memory. We need a special version because of
* c14n issue. The code is copied from xmlSAXParseMemory() function.
*
* Returns: pointer to the loaded XML document or NULL if an error occurs.
@@ -541,31 +544,31 @@ xmlSecParseMemory(const xmlSecByte *buffer, xmlSecSize size, int recovery) {
xmlParserCtxtPtr ctxt;
xmlSecAssert2(buffer != NULL, NULL);
-
+
ctxt = xmlCreateMemoryParserCtxt((char*)buffer, size);
if (ctxt == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlCreateMemoryParserCtxt",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlCreateMemoryParserCtxt",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
/* required for c14n! */
- ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
ctxt->replaceEntities = 1;
xmlParseDocument(ctxt);
if((ctxt->wellFormed) || recovery) {
- ret = ctxt->myDoc;
+ ret = ctxt->myDoc;
} else {
ret = NULL;
xmlFreeDoc(ctxt->myDoc);
ctxt->myDoc = NULL;
}
- xmlFreeParserCtxt(ctxt);
+ xmlFreeParserCtxt(ctxt);
return(ret);
}
diff --git a/src/skeleton/Makefile.am b/src/skeleton/Makefile.am
index 8e2e910b..2f54f9de 100644
--- a/src/skeleton/Makefile.am
+++ b/src/skeleton/Makefile.am
@@ -30,10 +30,10 @@ libxmlsec1_skeleton_la_SOURCES += ../strings.c
endif
libxmlsec1_skeleton_la_LIBADD = \
- ../libxmlsec1.la \
$(SKELETON_LIBS) \
$(LIBXSLT_LIBS) \
$(LIBXML_LIBS) \
+ ../libxmlsec1.la \
$(NULL)
libxmlsec1_skeleton_la_DEPENDENCIES = \
diff --git a/src/skeleton/app.c b/src/skeleton/app.c
index e229ab34..15ba3cf7 100644
--- a/src/skeleton/app.c
+++ b/src/skeleton/app.c
@@ -1,9 +1,9 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -22,10 +22,10 @@
/**
* xmlSecSkeletonAppInit:
- * @config: the path to Skeleton configuration (unused).
- *
+ * @config: the path to Skeleton configuration (unused).
+ *
* General crypto engine initialization. This function is used
- * by XMLSec command line utility and called before
+ * by XMLSec command line utility and called before
* @xmlSecInit function.
*
* Returns: 0 on success or a negative value otherwise.
@@ -38,9 +38,9 @@ xmlSecSkeletonAppInit(const char* config ATTRIBUTE_UNUSED) {
/**
* xmlSecSkeletonAppShutdown:
- *
+ *
* General crypto engine shutdown. This function is used
- * by XMLSec command line utility and called after
+ * by XMLSec command line utility and called after
* @xmlSecShutdown function.
*
* Returns: 0 on success or a negative value otherwise.
@@ -48,17 +48,17 @@ xmlSecSkeletonAppInit(const char* config ATTRIBUTE_UNUSED) {
int
xmlSecSkeletonAppShutdown(void) {
/* TODO: shutdown Skeleton crypto engine */
-
+
return(0);
}
/**
* xmlSecSkeletonAppKeyLoad:
- * @filename: the key filename.
- * @format: the key file format.
- * @pwd: the key file password.
- * @pwdCallback: the key password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @filename: the key filename.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key from the a file (not implemented yet).
*
@@ -66,29 +66,29 @@ xmlSecSkeletonAppShutdown(void) {
*/
xmlSecKeyPtr
xmlSecSkeletonAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
- const char *pwd,
- void* pwdCallback,
- void* pwdCallbackCtx) {
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx) {
xmlSecAssert2(filename != NULL, NULL);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
-
+
/* TODO: load key */
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSkeletonAppKeyLoad",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ NULL,
+ "xmlSecSkeletonAppKeyLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
/**
* xmlSecSkeletonAppKeyLoadMemory:
- * @data: the key binary data.
- * @dataSize: the key binary data size.
- * @format: the key data format.
- * @pwd: the key data2 password.
- * @pwdCallback: the key password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @data: the key binary data.
+ * @dataSize: the key binary data size.
+ * @format: the key data format.
+ * @pwd: the key data2 password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key from a binary @data.
*
@@ -96,16 +96,16 @@ xmlSecSkeletonAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
*/
xmlSecKeyPtr
xmlSecSkeletonAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlSecKeyDataFormat format,
- const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
+ const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
xmlSecAssert2(data != NULL, NULL);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
/* TODO: load key */
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSkeletonAppKeyLoad",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ NULL,
+ "xmlSecSkeletonAppKeyLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
@@ -113,64 +113,64 @@ xmlSecSkeletonAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlS
#ifndef XMLSEC_NO_X509
/**
* xmlSecSkeletonAppKeyCertLoad:
- * @key: the pointer to key.
- * @filename: the certificate filename.
- * @format: the certificate file format.
+ * @key: the pointer to key.
+ * @filename: the certificate filename.
+ * @format: the certificate file format.
*
* Reads the certificate from $@filename and adds it to key
* (not implemented yet).
- *
+ *
* Returns: 0 on success or a negative value otherwise.
*/
-int
-xmlSecSkeletonAppKeyCertLoad(xmlSecKeyPtr key, const char* filename,
- xmlSecKeyDataFormat format) {
+int
+xmlSecSkeletonAppKeyCertLoad(xmlSecKeyPtr key, const char* filename,
+ xmlSecKeyDataFormat format) {
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
-
+
/* TODO */
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSkeletonAppKeyCertLoad",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ NULL,
+ "xmlSecSkeletonAppKeyCertLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/**
* xmlSecSkeletonAppKeyCertLoadMemory:
- * @key: the pointer to key.
- * @data: the certificate binary data.
- * @dataSize: the certificate binary data size.
- * @format: the certificate file format.
+ * @key: the pointer to key.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
*
* Reads the certificate from memory buffer and adds it to key.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
*/
-int
-xmlSecSkeletonAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSize dataSize,
- xmlSecKeyDataFormat format) {
+int
+xmlSecSkeletonAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecKeyDataFormat format) {
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
-
+
/* TODO */
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSkeletonAppKeyCertLoadMemory",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ NULL,
+ "xmlSecSkeletonAppKeyCertLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/**
* xmlSecSkeletonAppPkcs12Load:
- * @filename: the PKCS12 key filename.
- * @pwd: the PKCS12 file password.
- * @pwdCallback: the password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @filename: the PKCS12 key filename.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key and all associated certificates from the PKCS12 file
* (not implemented yet).
@@ -180,29 +180,29 @@ xmlSecSkeletonAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xml
*
* Returns: pointer to the key or NULL if an error occurs.
*/
-xmlSecKeyPtr
-xmlSecSkeletonAppPkcs12Load(const char *filename,
- const char *pwd ATTRIBUTE_UNUSED,
- void* pwdCallback ATTRIBUTE_UNUSED,
- void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+xmlSecKeyPtr
+xmlSecSkeletonAppPkcs12Load(const char *filename,
+ const char *pwd ATTRIBUTE_UNUSED,
+ void* pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
xmlSecAssert2(filename != NULL, NULL);
/* TODO: load pkcs12 file */
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSkeletonAppPkcs12Load",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ NULL,
+ "xmlSecSkeletonAppPkcs12Load",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
/**
* xmlSecSkeletonAppPkcs12LoadMemory:
- * @data: the key binary data.
- * @dataSize: the key binary data size.
- * @pwd: the PKCS12 password.
- * @pwdCallback: the password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @data: the key binary data.
+ * @dataSize: the key binary data size.
+ * @pwd: the PKCS12 password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key and all associated certificates from the PKCS12 binary data.
* For uniformity, call xmlSecSkeletonAppKeyLoad instead of this function. Pass
@@ -210,60 +210,60 @@ xmlSecSkeletonAppPkcs12Load(const char *filename,
*
* Returns: pointer to the key or NULL if an error occurs.
*/
-xmlSecKeyPtr
+xmlSecKeyPtr
xmlSecSkeletonAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, const char *pwd,
- void *pwdCallback ATTRIBUTE_UNUSED,
- void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+ void *pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
xmlSecAssert2(data != NULL, NULL);
/* TODO: load pkcs12 file */
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSkeletonAppPkcs12Load",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ NULL,
+ "xmlSecSkeletonAppPkcs12Load",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
/**
* xmlSecSkeletonAppKeysMngrCertLoad:
- * @mngr: the keys manager.
- * @filename: the certificate file.
- * @format: the certificate file format.
- * @type: the flag that indicates is the certificate in @filename
- * trusted or not.
- *
+ * @mngr: the keys manager.
+ * @filename: the certificate file.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate in @filename
+ * trusted or not.
+ *
* Reads cert from @filename and adds to the list of trusted or known
* untrusted certs in @store (not implemented yet).
*
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecSkeletonAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
- xmlSecKeyDataFormat format,
- xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+xmlSecSkeletonAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
/* TODO: load cert and add to keys manager */
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSkeletonAppKeysMngrCertLoad",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ NULL,
+ "xmlSecSkeletonAppKeysMngrCertLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/**
* xmlSecSkeletonAppKeysMngrCertLoadMemory:
- * @mngr: the pointer to keys manager.
- * @data: the key binary data.
- * @dataSize: the key binary data size.
- * @format: the certificate format (PEM or DER).
- * @type: the certificate type (trusted/untrusted).
+ * @mngr: the pointer to keys manager.
+ * @data: the key binary data.
+ * @dataSize: the key binary data size.
+ * @format: the certificate format (PEM or DER).
+ * @type: the certificate type (trusted/untrusted).
*
* Reads cert from @data and adds to the list of trusted or known
* untrusted certs in @store
@@ -271,19 +271,19 @@ xmlSecSkeletonAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecSkeletonAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* data,
- xmlSecSize dataSize, xmlSecKeyDataFormat format,
- xmlSecKeyDataType type) {
+xmlSecSkeletonAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* data,
+ xmlSecSize dataSize, xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type) {
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
/* TODO: load cert and add to keys manager */
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSkeletonAppKeysMngrCertLoad",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ NULL,
+ "xmlSecSkeletonAppKeysMngrCertLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
@@ -291,196 +291,196 @@ xmlSecSkeletonAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte
/**
* xmlSecSkeletonAppDefaultKeysMngrInit:
- * @mngr: the pointer to keys manager.
+ * @mngr: the pointer to keys manager.
*
* Initializes @mngr with simple keys store #xmlSecSimpleKeysStoreId
* and a default Skeleton crypto key data stores.
*
* Returns: 0 on success or a negative value otherwise.
- */
+ */
int
xmlSecSkeletonAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) {
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
-
- /* TODO: if Skeleton crypto engine has another default
+
+ /* TODO: if Skeleton crypto engine has another default
* keys storage then use it!
*/
- /* create simple keys store if needed */
+ /* create simple keys store if needed */
if(xmlSecKeysMngrGetKeysStore(mngr) == NULL) {
- xmlSecKeyStorePtr keysStore;
-
- keysStore = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
- if(keysStore == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyStoreCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecSimpleKeysStoreId");
- return(-1);
- }
-
- ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrAdoptKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyStoreDestroy(keysStore);
- return(-1);
- }
+ xmlSecKeyStorePtr keysStore;
+
+ keysStore = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
+ if(keysStore == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecSimpleKeysStoreId");
+ return(-1);
+ }
+
+ ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrAdoptKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyStoreDestroy(keysStore);
+ return(-1);
+ }
}
- ret = xmlSecSkeletonKeysMngrInit(mngr);
+ ret = xmlSecSkeletonKeysMngrInit(mngr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSkeletonKeysMngrInit",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSkeletonKeysMngrInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
mngr->getKey = xmlSecKeysMngrGetKey;
return(0);
}
/**
* xmlSecSkeletonAppDefaultKeysMngrAdoptKey:
- * @mngr: the pointer to keys manager.
- * @key: the pointer to key.
+ * @mngr: the pointer to keys manager.
+ * @key: the pointer to key.
*
* Adds @key to the keys manager @mngr created with #xmlSecSkeletonAppDefaultKeysMngrInit
* function.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecSkeletonAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) {
xmlSecKeyStorePtr store;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(key != NULL, -1);
- /* TODO: if Skeleton crypto engine has another default
+ /* TODO: if Skeleton crypto engine has another default
* keys storage then use it!
*/
-
+
store = xmlSecKeysMngrGetKeysStore(mngr);
if(store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
ret = xmlSecSimpleKeysStoreAdoptKey(store, key);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSimpleKeysStoreAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
return(0);
}
/**
* xmlSecSkeletonAppDefaultKeysMngrLoad:
- * @mngr: the pointer to keys manager.
- * @uri: the uri.
+ * @mngr: the pointer to keys manager.
+ * @uri: the uri.
*
- * Loads XML keys file from @uri to the keys manager @mngr created
+ * Loads XML keys file from @uri to the keys manager @mngr created
* with #xmlSecSkeletonAppDefaultKeysMngrInit function.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecSkeletonAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) {
xmlSecKeyStorePtr store;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(uri != NULL, -1);
- /* TODO: if Skeleton crypto engine has another default
+ /* TODO: if Skeleton crypto engine has another default
* keys storage then use it!
*/
-
+
store = xmlSecKeysMngrGetKeysStore(mngr);
if(store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
ret = xmlSecSimpleKeysStoreLoad(store, uri, mngr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSimpleKeysStoreLoad",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "uri=%s", xmlSecErrorsSafeString(uri));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreLoad",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s", xmlSecErrorsSafeString(uri));
+ return(-1);
}
-
+
return(0);
}
/**
* xmlSecSkeletonAppDefaultKeysMngrSave:
- * @mngr: the pointer to keys manager.
- * @filename: the destination filename.
- * @type: the type of keys to save (public/private/symmetric).
+ * @mngr: the pointer to keys manager.
+ * @filename: the destination filename.
+ * @type: the type of keys to save (public/private/symmetric).
*
* Saves keys from @mngr to XML keys file.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecSkeletonAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename, xmlSecKeyDataType type) {
xmlSecKeyStorePtr store;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
- /* TODO: if Skeleton crypto engine has another default
+ /* TODO: if Skeleton crypto engine has another default
* keys storage then use it!
*/
-
+
store = xmlSecKeysMngrGetKeysStore(mngr);
if(store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
ret = xmlSecSimpleKeysStoreSave(store, filename, type);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSimpleKeysStoreSave",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(filename));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreSave",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ return(-1);
}
-
+
return(0);
}
diff --git a/src/skeleton/crypto.c b/src/skeleton/crypto.c
index aff0945a..3be20644 100644
--- a/src/skeleton/crypto.c
+++ b/src/skeleton/crypto.c
@@ -1,9 +1,9 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -34,129 +34,195 @@ static xmlSecCryptoDLFunctionsPtr gXmlSecSkeletonFunctions = NULL;
xmlSecCryptoDLFunctionsPtr
xmlSecCryptoGetFunctions_skeleton(void) {
static xmlSecCryptoDLFunctions functions;
-
+
if(gXmlSecSkeletonFunctions != NULL) {
- return(gXmlSecSkeletonFunctions);
+ return(gXmlSecSkeletonFunctions);
}
memset(&functions, 0, sizeof(functions));
gXmlSecSkeletonFunctions = &functions;
- /**
+ /********************************************************************
+ *
* Crypto Init/shutdown
- */
- gXmlSecSkeletonFunctions->cryptoInit = xmlSecSkeletonInit;
- gXmlSecSkeletonFunctions->cryptoShutdown = xmlSecSkeletonShutdown;
- gXmlSecSkeletonFunctions->cryptoKeysMngrInit = xmlSecSkeletonKeysMngrInit;
-
- /**
+ *
+ ********************************************************************/
+ gXmlSecSkeletonFunctions->cryptoInit = xmlSecSkeletonInit;
+ gXmlSecSkeletonFunctions->cryptoShutdown = xmlSecSkeletonShutdown;
+ gXmlSecSkeletonFunctions->cryptoKeysMngrInit = xmlSecSkeletonKeysMngrInit;
+
+ /********************************************************************
+ *
* Key data ids
- */
-#ifndef XMLSEC_NO_AES
- gXmlSecSkeletonFunctions->keyDataAesGetKlass = xmlSecSkeletonKeyDataAesGetKlass;
+ *
+ ********************************************************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecSkeletonFunctions->keyDataAesGetKlass = xmlSecSkeletonKeyDataAesGetKlass;
#endif /* XMLSEC_NO_AES */
-#ifndef XMLSEC_NO_DES
- gXmlSecSkeletonFunctions->keyDataDesGetKlass = xmlSecSkeletonKeyDataDesGetKlass;
+#ifndef XMLSEC_NO_DES
+ gXmlSecSkeletonFunctions->keyDataDesGetKlass = xmlSecSkeletonKeyDataDesGetKlass;
#endif /* XMLSEC_NO_DES */
#ifndef XMLSEC_NO_DSA
- gXmlSecSkeletonFunctions->keyDataDsaGetKlass = xmlSecSkeletonKeyDataDsaGetKlass;
-#endif /* XMLSEC_NO_DSA */
+ gXmlSecSkeletonFunctions->keyDataDsaGetKlass = xmlSecSkeletonKeyDataDsaGetKlass;
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_ECDSA
+ gXmlSecSkeletonFunctions->keyDataEcdsaGetKlass = xmlSecSkeletonKeyDataEcdsaGetKlass;
+#endif /* XMLSEC_NO_ECDSA */
#ifndef XMLSEC_NO_GOST
- gXmlSecSkeletonFunctions->keyDataGost2001GetKlass = xmlSecSkeletonKeyDataGost2001GetKlass;
-#endif /* XMLSEC_NO_GOST */
+ gXmlSecSkeletonFunctions->keyDataGost2001GetKlass = xmlSecSkeletonKeyDataGost2001GetKlass;
+#endif /* XMLSEC_NO_GOST */
-#ifndef XMLSEC_NO_HMAC
- gXmlSecSkeletonFunctions->keyDataHmacGetKlass = xmlSecSkeletonKeyDataHmacGetKlass;
-#endif /* XMLSEC_NO_HMAC */
+#ifndef XMLSEC_NO_HMAC
+ gXmlSecSkeletonFunctions->keyDataHmacGetKlass = xmlSecSkeletonKeyDataHmacGetKlass;
+#endif /* XMLSEC_NO_HMAC */
#ifndef XMLSEC_NO_RSA
- gXmlSecSkeletonFunctions->keyDataRsaGetKlass = xmlSecSkeletonKeyDataRsaGetKlass;
+ gXmlSecSkeletonFunctions->keyDataRsaGetKlass = xmlSecSkeletonKeyDataRsaGetKlass;
#endif /* XMLSEC_NO_RSA */
#ifndef XMLSEC_NO_X509
- gXmlSecSkeletonFunctions->keyDataX509GetKlass = xmlSecSkeletonKeyDataX509GetKlass;
- gXmlSecSkeletonFunctions->keyDataRawX509CertGetKlass = xmlSecSkeletonKeyDataRawX509CertGetKlass;
+ gXmlSecSkeletonFunctions->keyDataX509GetKlass = xmlSecSkeletonKeyDataX509GetKlass;
+ gXmlSecSkeletonFunctions->keyDataRawX509CertGetKlass = xmlSecSkeletonKeyDataRawX509CertGetKlass;
#endif /* XMLSEC_NO_X509 */
- /**
+ /********************************************************************
+ *
* Key data store ids
- */
+ *
+ ********************************************************************/
#ifndef XMLSEC_NO_X509
- gXmlSecSkeletonFunctions->x509StoreGetKlass = xmlSecSkeletonX509StoreGetKlass;
+ gXmlSecSkeletonFunctions->x509StoreGetKlass = xmlSecSkeletonX509StoreGetKlass;
#endif /* XMLSEC_NO_X509 */
- /**
+ /********************************************************************
+ *
* Crypto transforms ids
- */
-#ifndef XMLSEC_NO_AES
- gXmlSecSkeletonFunctions->transformAes128CbcGetKlass = xmlSecSkeletonTransformAes128CbcGetKlass;
- gXmlSecSkeletonFunctions->transformAes192CbcGetKlass = xmlSecSkeletonTransformAes192CbcGetKlass;
- gXmlSecSkeletonFunctions->transformAes256CbcGetKlass = xmlSecSkeletonTransformAes256CbcGetKlass;
- gXmlSecSkeletonFunctions->transformKWAes128GetKlass = xmlSecSkeletonTransformKWAes128GetKlass;
- gXmlSecSkeletonFunctions->transformKWAes192GetKlass = xmlSecSkeletonTransformKWAes192GetKlass;
- gXmlSecSkeletonFunctions->transformKWAes256GetKlass = xmlSecSkeletonTransformKWAes256GetKlass;
+ *
+ ********************************************************************/
+
+ /******************************* AES ********************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecSkeletonFunctions->transformAes128CbcGetKlass = xmlSecSkeletonTransformAes128CbcGetKlass;
+ gXmlSecSkeletonFunctions->transformAes192CbcGetKlass = xmlSecSkeletonTransformAes192CbcGetKlass;
+ gXmlSecSkeletonFunctions->transformAes256CbcGetKlass = xmlSecSkeletonTransformAes256CbcGetKlass;
+ gXmlSecSkeletonFunctions->transformKWAes128GetKlass = xmlSecSkeletonTransformKWAes128GetKlass;
+ gXmlSecSkeletonFunctions->transformKWAes192GetKlass = xmlSecSkeletonTransformKWAes192GetKlass;
+ gXmlSecSkeletonFunctions->transformKWAes256GetKlass = xmlSecSkeletonTransformKWAes256GetKlass;
#endif /* XMLSEC_NO_AES */
-#ifndef XMLSEC_NO_DES
- gXmlSecSkeletonFunctions->transformDes3CbcGetKlass = xmlSecSkeletonTransformDes3CbcGetKlass;
- gXmlSecSkeletonFunctions->transformKWDes3GetKlass = xmlSecSkeletonTransformKWDes3GetKlass;
+ /******************************* DES ********************************/
+#ifndef XMLSEC_NO_DES
+ gXmlSecSkeletonFunctions->transformDes3CbcGetKlass = xmlSecSkeletonTransformDes3CbcGetKlass;
+ gXmlSecSkeletonFunctions->transformKWDes3GetKlass = xmlSecSkeletonTransformKWDes3GetKlass;
#endif /* XMLSEC_NO_DES */
+ /******************************* DSA ********************************/
#ifndef XMLSEC_NO_DSA
- gXmlSecSkeletonFunctions->transformDsaSha1GetKlass = xmlSecSkeletonTransformDsaSha1GetKlass;
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecSkeletonFunctions->transformDsaSha1GetKlass = xmlSecSkeletonTransformDsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecSkeletonFunctions->transformDsaSha256GetKlass = xmlSecSkeletonTransformDsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
#endif /* XMLSEC_NO_DSA */
+ /******************************* ECDSA ********************************/
+#ifndef XMLSEC_NO_ECDSA
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecSkeletonFunctions->transformEcdsaSha1GetKlass = xmlSecSkeletonTransformEcdsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+ gXmlSecSkeletonFunctions->transformEcdsaSha224GetKlass = xmlSecSkeletonTransformEcdsaSha224GetKlass;
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecSkeletonFunctions->transformEcdsaSha256GetKlass = xmlSecSkeletonTransformEcdsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecSkeletonFunctions->transformEcdsaSha384GetKlass = xmlSecSkeletonTransformEcdsaSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecSkeletonFunctions->transformEcdsaSha512GetKlass = xmlSecSkeletonTransformEcdsaSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_ECDSA */
+
+ /******************************* GOST ********************************/
#ifndef XMLSEC_NO_GOST
- gXmlSecSkeletonFunctions->transformGost2001GostR3411_94GetKlass = xmlSecSkeletonTransformGost2001GostR3411_94GetKlass;
+ gXmlSecSkeletonFunctions->transformGost2001GostR3411_94GetKlass = xmlSecSkeletonTransformGost2001GostR3411_94GetKlass;
#endif /* XMLSEC_GOST */
+#ifndef XMLSEC_NO_GOST
+ gXmlSecSkeletonFunctions->transformGostR3411_94GetKlass = xmlSecSkeletonTransformGostR3411_94GetKlass;
+#endif /* XMLSEC_NO_GOST */
+
+ /******************************* HMAC ********************************/
#ifndef XMLSEC_NO_HMAC
- gXmlSecSkeletonFunctions->transformHmacSha1GetKlass = xmlSecSkeletonTransformHmacSha1GetKlass;
- gXmlSecSkeletonFunctions->transformHmacRipemd160GetKlass = xmlSecSkeletonTransformHmacRipemd160GetKlass;
- gXmlSecSkeletonFunctions->transformHmacMd5GetKlass = xmlSecSkeletonTransformHmacMd5GetKlass;
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecSkeletonFunctions->transformHmacSha1GetKlass = xmlSecSkeletonTransformHmacSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecSkeletonFunctions->transformHmacRipemd160GetKlass = xmlSecSkeletonTransformHmacRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_MD5
+ gXmlSecSkeletonFunctions->transformHmacMd5GetKlass = xmlSecSkeletonTransformHmacMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
#endif /* XMLSEC_NO_HMAC */
+ /******************************* RIPEMD160 ********************************/
#ifndef XMLSEC_NO_RIPEMD160
- gXmlSecSkeletonFunctions->transformRipemd160GetKlass = xmlSecSkeletonTransformRipemd160GetKlass;
+ gXmlSecSkeletonFunctions->transformRipemd160GetKlass = xmlSecSkeletonTransformRipemd160GetKlass;
#endif /* XMLSEC_NO_RIPEMD160 */
+ /******************************* RSA ********************************/
#ifndef XMLSEC_NO_RSA
- gXmlSecSkeletonFunctions->transformRsaSha1GetKlass = xmlSecSkeletonTransformRsaSha1GetKlass;
- gXmlSecSkeletonFunctions->transformRsaPkcs1GetKlass = xmlSecSkeletonTransformRsaPkcs1GetKlass;
- gXmlSecSkeletonFunctions->transformRsaOaepGetKlass = xmlSecSkeletonTransformRsaOaepGetKlass;
+ gXmlSecSkeletonFunctions->transformRsaSha1GetKlass = xmlSecSkeletonTransformRsaSha1GetKlass;
+ gXmlSecSkeletonFunctions->transformRsaPkcs1GetKlass = xmlSecSkeletonTransformRsaPkcs1GetKlass;
+ gXmlSecSkeletonFunctions->transformRsaOaepGetKlass = xmlSecSkeletonTransformRsaOaepGetKlass;
#endif /* XMLSEC_NO_RSA */
-#ifndef XMLSEC_NO_SHA1
- gXmlSecSkeletonFunctions->transformSha1GetKlass = xmlSecSkeletonTransformSha1GetKlass;
+ /******************************* SHA1 ********************************/
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecSkeletonFunctions->transformSha1GetKlass = xmlSecSkeletonTransformSha1GetKlass;
#endif /* XMLSEC_NO_SHA1 */
-#ifndef XMLSEC_NO_GOST
- gXmlSecSkeletonFunctions->transformGostR3411_94GetKlass = xmlSecSkeletonTransformGostR3411_94GetKlass;
-#endif /* XMLSEC_NO_GOST */
-
- /**
+ /********************************************************************
+ *
* High level routines form xmlsec command line utility
- */
- gXmlSecSkeletonFunctions->cryptoAppInit = xmlSecSkeletonAppInit;
- gXmlSecSkeletonFunctions->cryptoAppShutdown = xmlSecSkeletonAppShutdown;
- gXmlSecSkeletonFunctions->cryptoAppDefaultKeysMngrInit = xmlSecSkeletonAppDefaultKeysMngrInit;
- gXmlSecSkeletonFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecSkeletonAppDefaultKeysMngrAdoptKey;
- gXmlSecSkeletonFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecSkeletonAppDefaultKeysMngrLoad;
- gXmlSecSkeletonFunctions->cryptoAppDefaultKeysMngrSave = xmlSecSkeletonAppDefaultKeysMngrSave;
+ *
+ ********************************************************************/
+ gXmlSecSkeletonFunctions->cryptoAppInit = xmlSecSkeletonAppInit;
+ gXmlSecSkeletonFunctions->cryptoAppShutdown = xmlSecSkeletonAppShutdown;
+ gXmlSecSkeletonFunctions->cryptoAppDefaultKeysMngrInit = xmlSecSkeletonAppDefaultKeysMngrInit;
+ gXmlSecSkeletonFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecSkeletonAppDefaultKeysMngrAdoptKey;
+ gXmlSecSkeletonFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecSkeletonAppDefaultKeysMngrLoad;
+ gXmlSecSkeletonFunctions->cryptoAppDefaultKeysMngrSave = xmlSecSkeletonAppDefaultKeysMngrSave;
#ifndef XMLSEC_NO_X509
- gXmlSecSkeletonFunctions->cryptoAppKeysMngrCertLoad = xmlSecSkeletonAppKeysMngrCertLoad;
- gXmlSecSkeletonFunctions->cryptoAppKeysMngrCertLoadMemory = xmlSecSkeletonAppKeysMngrCertLoadMemory;
- gXmlSecSkeletonFunctions->cryptoAppPkcs12Load = xmlSecSkeletonAppPkcs12Load;
- gXmlSecSkeletonFunctions->cryptoAppPkcs12LoadMemory = xmlSecSkeletonAppPkcs12LoadMemory;
- gXmlSecSkeletonFunctions->cryptoAppKeyCertLoad = xmlSecSkeletonAppKeyCertLoad;
- gXmlSecSkeletonFunctions->cryptoAppKeyCertLoadMemory = xmlSecSkeletonAppKeyCertLoadMemory;
+ gXmlSecSkeletonFunctions->cryptoAppKeysMngrCertLoad = xmlSecSkeletonAppKeysMngrCertLoad;
+ gXmlSecSkeletonFunctions->cryptoAppKeysMngrCertLoadMemory = xmlSecSkeletonAppKeysMngrCertLoadMemory;
+ gXmlSecSkeletonFunctions->cryptoAppPkcs12Load = xmlSecSkeletonAppPkcs12Load;
+ gXmlSecSkeletonFunctions->cryptoAppPkcs12LoadMemory = xmlSecSkeletonAppPkcs12LoadMemory;
+ gXmlSecSkeletonFunctions->cryptoAppKeyCertLoad = xmlSecSkeletonAppKeyCertLoad;
+ gXmlSecSkeletonFunctions->cryptoAppKeyCertLoadMemory = xmlSecSkeletonAppKeyCertLoadMemory;
#endif /* XMLSEC_NO_X509 */
- gXmlSecSkeletonFunctions->cryptoAppKeyLoad = xmlSecSkeletonAppKeyLoad;
- gXmlSecSkeletonFunctions->cryptoAppKeyLoadMemory = xmlSecSkeletonAppKeyLoadMemory;
- gXmlSecSkeletonFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecSkeletonAppGetDefaultPwdCallback();
+ gXmlSecSkeletonFunctions->cryptoAppKeyLoad = xmlSecSkeletonAppKeyLoad;
+ gXmlSecSkeletonFunctions->cryptoAppKeyLoadMemory = xmlSecSkeletonAppKeyLoadMemory;
+ gXmlSecSkeletonFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecSkeletonAppGetDefaultPwdCallback();
return(gXmlSecSkeletonFunctions);
}
@@ -164,31 +230,31 @@ xmlSecCryptoGetFunctions_skeleton(void) {
/**
* xmlSecSkeletonInit:
- *
- * XMLSec library specific crypto engine initialization.
+ *
+ * XMLSec library specific crypto engine initialization.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecSkeletonInit (void) {
/* Check loaded xmlsec library version */
if(xmlSecCheckVersionExact() != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecCheckVersionExact",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCheckVersionExact",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* register our klasses */
if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_skeleton()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
@@ -197,12 +263,12 @@ xmlSecSkeletonInit (void) {
/**
* xmlSecSkeletonShutdown:
- *
- * XMLSec library specific crypto engine shutdown.
+ *
+ * XMLSec library specific crypto engine shutdown.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecSkeletonShutdown(void) {
/* TODO: if necessary, do additional shutdown here */
return(0);
@@ -210,7 +276,7 @@ xmlSecSkeletonShutdown(void) {
/**
* xmlSecSkeletonKeysMngrInit:
- * @mngr: the pointer to keys manager.
+ * @mngr: the pointer to keys manager.
*
* Adds Skeleton specific key data stores in keys manager.
*
diff --git a/src/skeleton/globals.h b/src/skeleton/globals.h
index 272a27b8..770b6dba 100644
--- a/src/skeleton/globals.h
+++ b/src/skeleton/globals.h
@@ -5,14 +5,14 @@
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#ifndef __XMLSEC_GLOBALS_H__
#define __XMLSEC_GLOBALS_H__
/**
- * Use autoconf defines if present.
+ * Use autoconf defines if present.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
diff --git a/src/soap.c b/src/soap.c
index 84512b23..3757e1ad 100644
--- a/src/soap.c
+++ b/src/soap.c
@@ -1,11 +1,11 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* Simple SOAP messages parsing/creation.
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -14,7 +14,7 @@
#include <stdlib.h>
#include <string.h>
-
+
#include <libxml/tree.h>
#include <xmlsec/xmlsec.h>
@@ -30,8 +30,8 @@
/**
* xmlSecSoap11CreateEnvelope:
* @doc: the parent doc (might be NULL).
- *
- * Creates a new SOAP Envelope node. Caller is responsible for
+ *
+ * Creates a new SOAP Envelope node. Caller is responsible for
* adding the returned node to the XML document.
*
* XML Schema (http://schemas.xmlsoap.org/soap/envelope/):
@@ -41,7 +41,7 @@
* <xs:sequence>
* <xs:element ref="tns:Header" minOccurs="0"/>
* <xs:element ref="tns:Body" minOccurs="1"/>
- * <xs:any namespace="##other" minOccurs="0"
+ * <xs:any namespace="##other" minOccurs="0"
* maxOccurs="unbounded" processContents="lax"/>
* </xs:sequence>
* <xs:anyAttribute namespace="##other" processContents="lax"/>
@@ -50,57 +50,57 @@
* Returns: pointer to newly created <soap:Envelope> node or NULL
* if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecSoap11CreateEnvelope(xmlDocPtr doc) {
xmlNodePtr envNode;
xmlNodePtr bodyNode;
xmlNsPtr ns;
-
+
/* create Envelope node */
envNode = xmlNewDocNode(doc, NULL, xmlSecNodeEnvelope, NULL);
if(envNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewDocNode",
- XMLSEC_ERRORS_R_XML_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeEnvelope));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewDocNode",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeEnvelope));
+ return(NULL);
}
-
+
ns = xmlNewNs(envNode, xmlSecSoap11Ns, NULL) ;
if(ns == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewNs",
- XMLSEC_ERRORS_R_XML_FAILED,
- "ns=%s",
- xmlSecErrorsSafeString(xmlSecSoap11Ns));
- xmlFreeNode(envNode);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "ns=%s",
+ xmlSecErrorsSafeString(xmlSecSoap11Ns));
+ xmlFreeNode(envNode);
+ return(NULL);
}
xmlSetNs(envNode, ns);
-
- /* add required Body node */
+
+ /* add required Body node */
bodyNode = xmlSecAddChild(envNode, xmlSecNodeBody, xmlSecSoap11Ns);
if(bodyNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeBody));
- xmlFreeNode(envNode);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeBody));
+ xmlFreeNode(envNode);
+ return(NULL);
}
-
+
return(envNode);
}
/**
* xmlSecSoap11EnsureHeader:
* @envNode: the pointer to <soap:Envelope> node.
- *
+ *
* Gets the pointer to <soap:Header> node (if necessary, the node
* is created).
*
@@ -109,7 +109,7 @@ xmlSecSoap11CreateEnvelope(xmlDocPtr doc) {
* <xs:element name="Header" type="tns:Header"/>
* <xs:complexType name="Header">
* <xs:sequence>
- * <xs:any namespace="##other" minOccurs="0"
+ * <xs:any namespace="##other" minOccurs="0"
* maxOccurs="unbounded" processContents="lax"/>
* </xs:sequence>
* <xs:anyAttribute namespace="##other" processContents="lax"/>
@@ -117,11 +117,11 @@ xmlSecSoap11CreateEnvelope(xmlDocPtr doc) {
*
* Returns: pointer to <soap:Header> node or NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecSoap11EnsureHeader(xmlNodePtr envNode) {
xmlNodePtr hdrNode;
xmlNodePtr cur;
-
+
xmlSecAssert2(envNode != NULL, NULL);
/* try to find Header node first */
@@ -132,25 +132,25 @@ xmlSecSoap11EnsureHeader(xmlNodePtr envNode) {
/* if the first element child is not Header then it is Body */
if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap11Ns)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeBody),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeBody),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
-
+
/* finally add Header node before body */
hdrNode = xmlSecAddPrevSibling(cur, xmlSecNodeHeader, xmlSecSoap11Ns);
if(hdrNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
"xmlSecAddPrevSibling",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
-
+
return(hdrNode);
}
@@ -158,7 +158,7 @@ xmlSecSoap11EnsureHeader(xmlNodePtr envNode) {
* xmlSecSoap11AddBodyEntry:
* @envNode: the pointer to <soap:Envelope> node.
* @entryNode: the pointer to body entry node.
- *
+ *
* Adds a new entry to <soap:Body> node.
*
* Returns: pointer to the added entry (@contentNode) or NULL if an error occurs.
@@ -172,12 +172,12 @@ xmlSecSoap11AddBodyEntry(xmlNodePtr envNode, xmlNodePtr entryNode) {
bodyNode = xmlSecSoap11GetBody(envNode);
if(bodyNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap11GetBody",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap11GetBody",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
return(xmlSecAddChildNode(bodyNode, entryNode));
@@ -186,7 +186,7 @@ xmlSecSoap11AddBodyEntry(xmlNodePtr envNode, xmlNodePtr entryNode) {
/**
* xmlSecSoap11AddFaultEntry:
* @envNode: the pointer to <soap:Envelope> node.
- * @faultCodeHref: the fault code QName href (must be known in th context of
+ * @faultCodeHref: the fault code QName href (must be known in th context of
* <soap:Body> node).
* @faultCodeLocalPart: the fault code QName LocalPart.
* @faultString: the human readable explanation of the fault.
@@ -208,17 +208,17 @@ xmlSecSoap11AddBodyEntry(xmlNodePtr envNode, xmlNodePtr entryNode) {
* </xs:complexType>
* <xs:complexType name="detail">
* <xs:sequence>
- * <xs:any namespace="##any" minOccurs="0" maxOccurs="unbounded"
+ * <xs:any namespace="##any" minOccurs="0" maxOccurs="unbounded"
* processContents="lax"/>
* </xs:sequence>
* <xs:anyAttribute namespace="##any" processContents="lax"/>
* </xs:complexType>
- *
+ *
* Returns: pointer to the added entry or NULL if an error occurs.
*/
xmlNodePtr
-xmlSecSoap11AddFaultEntry(xmlNodePtr envNode, const xmlChar* faultCodeHref,
- const xmlChar* faultCodeLocalPart,
+xmlSecSoap11AddFaultEntry(xmlNodePtr envNode, const xmlChar* faultCodeHref,
+ const xmlChar* faultCodeLocalPart,
const xmlChar* faultString, const xmlChar* faultActor) {
xmlNodePtr bodyNode;
xmlNodePtr faultNode;
@@ -232,65 +232,65 @@ xmlSecSoap11AddFaultEntry(xmlNodePtr envNode, const xmlChar* faultCodeHref,
/* get Body node */
bodyNode = xmlSecSoap11GetBody(envNode);
if(bodyNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap11GetBody",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap11GetBody",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
-
+
/* check that we don't have Fault node already */
faultNode = xmlSecFindChild(bodyNode, xmlSecNodeFault, xmlSecSoap11Ns);
if(faultNode != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeBody),
- XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeBody),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
-
+
/* add Fault node */
faultNode = xmlSecAddChild(bodyNode, xmlSecNodeFault, xmlSecSoap11Ns);
if(faultNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeFault));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeFault));
+ return(NULL);
}
-
+
/* add faultcode node */
cur = xmlSecAddChild(faultNode, xmlSecNodeFaultCode, xmlSecSoap11Ns);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeFaultCode));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeFaultCode));
xmlUnlinkNode(faultNode);
xmlFreeNode(faultNode);
- return(NULL);
+ return(NULL);
}
-
+
/* create qname for fault code */
qname = xmlSecGetQName(cur, faultCodeHref, faultCodeLocalPart);
if(qname == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
- "xmlSecGetQName",
- XMLSEC_ERRORS_R_XML_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(cur->name));
+ "xmlSecGetQName",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(cur->name));
xmlUnlinkNode(faultNode);
xmlFreeNode(faultNode);
- return(NULL);
+ return(NULL);
}
-
+
/* set faultcode value */
xmlNodeSetContent(cur, qname);
xmlFree(qname);
@@ -298,39 +298,39 @@ xmlSecSoap11AddFaultEntry(xmlNodePtr envNode, const xmlChar* faultCodeHref,
/* add faultstring node */
cur = xmlSecAddChild(faultNode, xmlSecNodeFaultString, xmlSecSoap11Ns);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeFaultString));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeFaultString));
xmlUnlinkNode(faultNode);
xmlFreeNode(faultNode);
- return(NULL);
+ return(NULL);
}
/* set faultstring node */
xmlNodeSetContent(cur, faultString);
-
+
if(faultActor != NULL) {
/* add faultactor node */
cur = xmlSecAddChild(faultNode, xmlSecNodeFaultActor, xmlSecSoap11Ns);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeFaultActor));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeFaultActor));
xmlUnlinkNode(faultNode);
xmlFreeNode(faultNode);
- return(NULL);
+ return(NULL);
}
-
+
/* set faultactor node */
xmlNodeSetContent(cur, faultActor);
}
-
+
return(faultNode);
}
@@ -343,20 +343,20 @@ xmlSecSoap11AddFaultEntry(xmlNodePtr envNode, const xmlChar* faultCodeHref,
* Returns: 1 if @envNode has a valid <soap:Envelope> element, 0 if it is
* not valid or a negative value if an error occurs.
*/
-int
+int
xmlSecSoap11CheckEnvelope(xmlNodePtr envNode) {
xmlNodePtr cur;
-
+
xmlSecAssert2(envNode != NULL, -1);
-
+
/* verify envNode itself */
if(!xmlSecCheckNodeName(envNode, xmlSecNodeEnvelope, xmlSecSoap11Ns)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeEnvelope),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeEnvelope),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
}
/* optional Header node first */
@@ -367,29 +367,29 @@ xmlSecSoap11CheckEnvelope(xmlNodePtr envNode) {
/* required Body node is next */
if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap11Ns)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeBody),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeBody),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
}
-
+
return(1);
}
/**
* xmlSecSoap11GetHeader:
* @envNode: the pointer to <soap:Envelope> node.
- *
+ *
* Gets pointer to the <soap:Header> node.
*
* Returns: pointer to <soap:Header> node or NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecSoap11GetHeader(xmlNodePtr envNode) {
xmlNodePtr cur;
-
+
xmlSecAssert2(envNode != NULL, NULL);
/* optional Header node is first */
@@ -404,15 +404,15 @@ xmlSecSoap11GetHeader(xmlNodePtr envNode) {
/**
* xmlSecSoap11GetBody:
* @envNode: the pointer to <soap:Envelope> node.
- *
+ *
* Gets pointer to the <soap:Body> node.
*
* Returns: pointer to <soap:Body> node or NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecSoap11GetBody(xmlNodePtr envNode) {
xmlNodePtr cur;
-
+
xmlSecAssert2(envNode != NULL, NULL);
/* optional Header node first */
@@ -423,12 +423,12 @@ xmlSecSoap11GetBody(xmlNodePtr envNode) {
/* Body node is next */
if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap11Ns)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeBody),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeBody),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
return(cur);
@@ -442,23 +442,23 @@ xmlSecSoap11GetBody(xmlNodePtr envNode) {
*
* Returns: the number of body entries.
*/
-xmlSecSize
+xmlSecSize
xmlSecSoap11GetBodyEntriesNumber(xmlNodePtr envNode) {
xmlSecSize number = 0;
xmlNodePtr bodyNode;
xmlNodePtr cur;
-
+
xmlSecAssert2(envNode != NULL, 0);
/* get Body node */
bodyNode = xmlSecSoap11GetBody(envNode);
if(bodyNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap11GetBody",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap11GetBody",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
}
cur = xmlSecGetNextElementNode(bodyNode->children);
@@ -466,7 +466,7 @@ xmlSecSoap11GetBodyEntriesNumber(xmlNodePtr envNode) {
number++;
cur = xmlSecGetNextElementNode(cur->next);
}
-
+
return(number);
}
@@ -474,27 +474,27 @@ xmlSecSoap11GetBodyEntriesNumber(xmlNodePtr envNode) {
* xmlSecSoap11GetBodyEntry:
* @envNode: the pointer to <soap:Envelope> node.
* @pos: the body entry number.
- *
+ *
* Gets the body entry number @pos.
*
* Returns: pointer to body entry node or NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecSoap11GetBodyEntry(xmlNodePtr envNode, xmlSecSize pos) {
xmlNodePtr bodyNode;
xmlNodePtr cur;
-
+
xmlSecAssert2(envNode != NULL, NULL);
/* get Body node */
bodyNode = xmlSecSoap11GetBody(envNode);
if(bodyNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap11GetBody",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap11GetBody",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
cur = xmlSecGetNextElementNode(bodyNode->children);
@@ -509,12 +509,12 @@ xmlSecSoap11GetBodyEntry(xmlNodePtr envNode, xmlSecSize pos) {
/**
* xmlSecSoap11GetFaultEntry:
* @envNode: the pointer to <soap:Envelope> node.
- *
+ *
* Gets the Fault entry (if any).
*
* Returns: pointer to Fault entry or NULL if it does not exist.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecSoap11GetFaultEntry(xmlNodePtr envNode) {
xmlNodePtr bodyNode;
@@ -523,24 +523,24 @@ xmlSecSoap11GetFaultEntry(xmlNodePtr envNode) {
/* get Body node */
bodyNode = xmlSecSoap11GetBody(envNode);
if(bodyNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap11GetBody",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap11GetBody",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
return(xmlSecFindChild(bodyNode, xmlSecNodeFault, xmlSecSoap11Ns));
}
-
+
/***********************************************************************
*
* SOAP 1.2
*
**********************************************************************/
-static const xmlSecQName2IntegerInfo gXmlSecSoap12FaultCodeInfo[] =
+static const xmlSecQName2IntegerInfo gXmlSecSoap12FaultCodeInfo[] =
{
{ xmlSecSoap12Ns, xmlSecSoapFaultCodeVersionMismatch,
xmlSecSoap12FaultCodeVersionMismatch },
@@ -552,18 +552,18 @@ static const xmlSecQName2IntegerInfo gXmlSecSoap12FaultCodeInfo[] =
xmlSecSoap12FaultCodeSender },
{ xmlSecSoap12Ns, xmlSecSoapFaultCodeReceiver,
xmlSecSoap12FaultCodeReceiver },
- { NULL, NULL, 0 } /* MUST be last in the list */
+ { NULL, NULL, 0 } /* MUST be last in the list */
};
/**
* xmlSecSoap12CreateEnvelope:
* @doc: the parent doc (might be NULL).
- *
- * Creates a new SOAP 1.2 Envelope node. Caller is responsible for
+ *
+ * Creates a new SOAP 1.2 Envelope node. Caller is responsible for
* adding the returned node to the XML document.
*
* XML Schema (http://www.w3.org/2003/05/soap-envelope):
- *
+ *
* <xs:element name="Envelope" type="tns:Envelope"/>
* <xs:complexType name="Envelope">
* <xs:sequence>
@@ -576,57 +576,57 @@ static const xmlSecQName2IntegerInfo gXmlSecSoap12FaultCodeInfo[] =
* Returns: pointer to newly created <soap:Envelope> node or NULL
* if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecSoap12CreateEnvelope(xmlDocPtr doc) {
xmlNodePtr envNode;
xmlNodePtr bodyNode;
xmlNsPtr ns;
-
+
/* create Envelope node */
envNode = xmlNewDocNode(doc, NULL, xmlSecNodeEnvelope, NULL);
if(envNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewDocNode",
- XMLSEC_ERRORS_R_XML_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeEnvelope));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewDocNode",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeEnvelope));
+ return(NULL);
}
-
+
ns = xmlNewNs(envNode, xmlSecSoap12Ns, NULL) ;
if(ns == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewNs",
- XMLSEC_ERRORS_R_XML_FAILED,
- "ns=%s",
- xmlSecErrorsSafeString(xmlSecSoap12Ns));
- xmlFreeNode(envNode);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "ns=%s",
+ xmlSecErrorsSafeString(xmlSecSoap12Ns));
+ xmlFreeNode(envNode);
+ return(NULL);
}
xmlSetNs(envNode, ns);
-
- /* add required Body node */
+
+ /* add required Body node */
bodyNode = xmlSecAddChild(envNode, xmlSecNodeBody, xmlSecSoap12Ns);
if(bodyNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeBody));
- xmlFreeNode(envNode);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeBody));
+ xmlFreeNode(envNode);
+ return(NULL);
}
-
+
return(envNode);
}
/**
* xmlSecSoap12EnsureHeader:
* @envNode: the pointer to <soap:Envelope> node.
- *
+ *
* Gets the pointer to <soap:Header> node (if necessary, the node
* is created).
*
@@ -635,7 +635,7 @@ xmlSecSoap12CreateEnvelope(xmlDocPtr doc) {
* <xs:element name="Header" type="tns:Header"/>
* <xs:complexType name="Header">
* <xs:sequence>
- * <xs:any namespace="##any" processContents="lax"
+ * <xs:any namespace="##any" processContents="lax"
* minOccurs="0" maxOccurs="unbounded"/>
* </xs:sequence>
* <xs:anyAttribute namespace="##other" processContents="lax"/>
@@ -643,11 +643,11 @@ xmlSecSoap12CreateEnvelope(xmlDocPtr doc) {
*
* Returns: pointer to <soap:Header> node or NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecSoap12EnsureHeader(xmlNodePtr envNode) {
xmlNodePtr hdrNode;
xmlNodePtr cur;
-
+
xmlSecAssert2(envNode != NULL, NULL);
/* try to find Header node first */
@@ -658,25 +658,25 @@ xmlSecSoap12EnsureHeader(xmlNodePtr envNode) {
/* if the first element child is not Header then it is Body */
if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap12Ns)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeBody),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeBody),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
-
+
/* finally add Header node before body */
hdrNode = xmlSecAddPrevSibling(cur, xmlSecNodeHeader, xmlSecSoap12Ns);
if(hdrNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
"xmlSecAddPrevSibling",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
-
+
return(hdrNode);
}
@@ -684,7 +684,7 @@ xmlSecSoap12EnsureHeader(xmlNodePtr envNode) {
* xmlSecSoap12AddBodyEntry:
* @envNode: the pointer to <soap:Envelope> node.
* @entryNode: the pointer to body entry node.
- *
+ *
* Adds a new entry to <soap:Body> node.
*
* XML Schema (http://www.w3.org/2003/05/soap-envelope):
@@ -692,7 +692,7 @@ xmlSecSoap12EnsureHeader(xmlNodePtr envNode) {
* <xs:element name="Body" type="tns:Body"/>
* <xs:complexType name="Body">
* <xs:sequence>
- * <xs:any namespace="##any" processContents="lax"
+ * <xs:any namespace="##any" processContents="lax"
* minOccurs="0" maxOccurs="unbounded"/>
* </xs:sequence>
* <xs:anyAttribute namespace="##other" processContents="lax"/>
@@ -709,12 +709,12 @@ xmlSecSoap12AddBodyEntry(xmlNodePtr envNode, xmlNodePtr entryNode) {
bodyNode = xmlSecSoap12GetBody(envNode);
if(bodyNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap12GetBody",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap12GetBody",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
return(xmlSecAddChildNode(bodyNode, entryNode));
@@ -726,9 +726,9 @@ xmlSecSoap12AddBodyEntry(xmlNodePtr envNode, xmlNodePtr entryNode) {
* @faultCode: the fault code.
* @faultReasonText: the human readable explanation of the fault.
* @faultReasonLang: the language (xml:lang) for @faultReason string.
- * @faultNodeURI: the more preciese information about fault source
+ * @faultNodeURI: the more preciese information about fault source
* (might be NULL).
- * @faultRole: the role the node was operating in at the point
+ * @faultRole: the role the node was operating in at the point
* the fault occurred (might be NULL).
*
* Adds <soap:Fault> entry to the @envNode. Note that only one <soap:Fault>
@@ -746,21 +746,21 @@ xmlSecSoap12AddBodyEntry(xmlNodePtr envNode, xmlNodePtr entryNode) {
* <xs:element name="Detail" type="tns:detail" minOccurs="0"/>
* </xs:sequence>
* </xs:complexType>
- *
+ *
* <xs:complexType name="faultcode">
* <xs:sequence>
* <xs:element name="Value" type="tns:faultcodeEnum"/>
* <xs:element name="Subcode" type="tns:subcode" minOccurs="0"/>
* </xs:sequence>
* </xs:complexType>
- *
+ *
* <xs:complexType name="faultreason">
* <xs:sequence>
- * <xs:element name="Text" type="tns:reasontext"
+ * <xs:element name="Text" type="tns:reasontext"
* minOccurs="1" maxOccurs="unbounded"/>
* </xs:sequence>
* </xs:complexType>
- *
+ *
* <xs:complexType name="reasontext">
* <xs:simpleContent>
* <xs:extension base="xs:string">
@@ -768,7 +768,7 @@ xmlSecSoap12AddBodyEntry(xmlNodePtr envNode, xmlNodePtr entryNode) {
* </xs:extension>
* </xs:simpleContent>
* </xs:complexType>
- *
+ *
* <xs:simpleType name="faultcodeEnum">
* <xs:restriction base="xs:QName">
* <xs:enumeration value="tns:DataEncodingUnknown"/>
@@ -778,28 +778,28 @@ xmlSecSoap12AddBodyEntry(xmlNodePtr envNode, xmlNodePtr entryNode) {
* <xs:enumeration value="tns:VersionMismatch"/>
* </xs:restriction>
* </xs:simpleType>
- *
+ *
* <xs:complexType name="subcode">
* <xs:sequence>
* <xs:element name="Value" type="xs:QName"/>
* <xs:element name="Subcode" type="tns:subcode" minOccurs="0"/>
* </xs:sequence>
* </xs:complexType>
- *
+ *
* <xs:complexType name="detail">
* <xs:sequence>
- * <xs:any namespace="##any" processContents="lax"
+ * <xs:any namespace="##any" processContents="lax"
* minOccurs="0" maxOccurs="unbounded"/>
* </xs:sequence>
* <xs:anyAttribute namespace="##other" processContents="lax"/>
* </xs:complexType>
- *
+ *
* Returns: pointer to the added entry or NULL if an error occurs.
*/
xmlNodePtr
xmlSecSoap12AddFaultEntry(xmlNodePtr envNode, xmlSecSoap12FaultCode faultCode,
- const xmlChar* faultReasonText, const xmlChar* faultReasonLang,
- const xmlChar* faultNodeURI, const xmlChar* faultRole) {
+ const xmlChar* faultReasonText, const xmlChar* faultReasonLang,
+ const xmlChar* faultNodeURI, const xmlChar* faultRole) {
xmlNodePtr bodyNode;
xmlNodePtr faultNode;
xmlNodePtr cur;
@@ -813,107 +813,107 @@ xmlSecSoap12AddFaultEntry(xmlNodePtr envNode, xmlSecSoap12FaultCode faultCode,
/* get Body node */
bodyNode = xmlSecSoap12GetBody(envNode);
if(bodyNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap12GetBody",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap12GetBody",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
-
+
/* check that we don't have Fault node already */
faultNode = xmlSecFindChild(bodyNode, xmlSecNodeFault, xmlSecSoap12Ns);
if(faultNode != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeBody),
- XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeBody),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
-
+
/* add Fault node */
faultNode = xmlSecAddChild(bodyNode, xmlSecNodeFault, xmlSecSoap12Ns);
if(faultNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeFault));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeFault));
+ return(NULL);
}
-
+
/* add Code node */
cur = xmlSecAddChild(faultNode, xmlSecNodeCode, xmlSecSoap12Ns);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeCode));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeCode));
xmlUnlinkNode(faultNode);
xmlFreeNode(faultNode);
- return(NULL);
+ return(NULL);
}
-
+
/* write the fault code in Value child */
ret = xmlSecQName2IntegerNodeWrite(gXmlSecSoap12FaultCodeInfo, cur,
xmlSecNodeValue, xmlSecSoap12Ns,
faultCode);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecQName2IntegerNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "faultCode=%d",
- faultCode);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "faultCode=%d",
+ faultCode);
xmlUnlinkNode(faultNode);
xmlFreeNode(faultNode);
- return(NULL);
+ return(NULL);
}
/* add Reason node */
cur = xmlSecAddChild(faultNode, xmlSecNodeReason, xmlSecSoap12Ns);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeReason));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeReason));
xmlUnlinkNode(faultNode);
xmlFreeNode(faultNode);
- return(NULL);
+ return(NULL);
}
-
+
/* Add Reason/Text node */
if(xmlSecSoap12AddFaultReasonText(faultNode, faultReasonText, faultReasonLang) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap12AddFaultReasonText",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "text=%s",
- xmlSecErrorsSafeString(faultReasonText));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap12AddFaultReasonText",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "text=%s",
+ xmlSecErrorsSafeString(faultReasonText));
xmlUnlinkNode(faultNode);
xmlFreeNode(faultNode);
- return(NULL);
+ return(NULL);
}
if(faultNodeURI != NULL) {
/* add Node node */
cur = xmlSecAddChild(faultNode, xmlSecNodeNode, xmlSecSoap12Ns);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeNode));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeNode));
xmlUnlinkNode(faultNode);
xmlFreeNode(faultNode);
- return(NULL);
+ return(NULL);
}
xmlNodeSetContent(cur, faultNodeURI);
}
@@ -922,19 +922,19 @@ xmlSecSoap12AddFaultEntry(xmlNodePtr envNode, xmlSecSoap12FaultCode faultCode,
/* add Role node */
cur = xmlSecAddChild(faultNode, xmlSecNodeRole, xmlSecSoap12Ns);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRole));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRole));
xmlUnlinkNode(faultNode);
xmlFreeNode(faultNode);
- return(NULL);
+ return(NULL);
}
xmlNodeSetContent(cur, faultRole);
}
-
+
return(faultNode);
}
@@ -949,7 +949,7 @@ xmlSecSoap12AddFaultEntry(xmlNodePtr envNode, xmlSecSoap12FaultCode faultCode,
* Returns: a pointer to the newly created <Subcode> node or NULL if an error
* occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecSoap12AddFaultSubcode(xmlNodePtr faultNode, const xmlChar* subCodeHref, const xmlChar* subCodeName) {
xmlNodePtr cur, subcodeNode, valueNode;
xmlChar* qname;
@@ -962,11 +962,11 @@ xmlSecSoap12AddFaultSubcode(xmlNodePtr faultNode, const xmlChar* subCodeHref, co
cur = xmlSecGetNextElementNode(faultNode->children);
if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeCode, xmlSecSoap12Ns)) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
NULL,
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeCode));
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeCode));
return(NULL);
}
@@ -986,27 +986,27 @@ xmlSecSoap12AddFaultSubcode(xmlNodePtr faultNode, const xmlChar* subCodeHref, co
/* add Subcode node */
subcodeNode = xmlSecAddChild(cur, xmlSecNodeSubcode, xmlSecSoap12Ns);
if(subcodeNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeSubcode));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeSubcode));
+ return(NULL);
}
/* add Value node */
valueNode = xmlSecAddChild(subcodeNode, xmlSecNodeValue, xmlSecSoap12Ns);
if(valueNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeValue));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeValue));
xmlUnlinkNode(subcodeNode);
xmlFreeNode(subcodeNode);
- return(NULL);
+ return(NULL);
}
/* create qname for fault code */
@@ -1014,13 +1014,13 @@ xmlSecSoap12AddFaultSubcode(xmlNodePtr faultNode, const xmlChar* subCodeHref, co
if(qname == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
- "xmlSecGetQName",
- XMLSEC_ERRORS_R_XML_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(cur->name));
+ "xmlSecGetQName",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(cur->name));
xmlUnlinkNode(subcodeNode);
xmlFreeNode(subcodeNode);
- return(NULL);
+ return(NULL);
}
/* set result qname in Value node */
@@ -1043,8 +1043,8 @@ xmlSecSoap12AddFaultSubcode(xmlNodePtr faultNode, const xmlChar* subCodeHref, co
* Returns: a pointer to the newly created <Text> node or NULL if an error
* occurs.
*/
-xmlNodePtr
-xmlSecSoap12AddFaultReasonText(xmlNodePtr faultNode, const xmlChar* faultReasonText,
+xmlNodePtr
+xmlSecSoap12AddFaultReasonText(xmlNodePtr faultNode, const xmlChar* faultReasonText,
const xmlChar* faultReasonLang) {
xmlNodePtr reasonNode;
xmlNodePtr textNode;
@@ -1056,25 +1056,25 @@ xmlSecSoap12AddFaultReasonText(xmlNodePtr faultNode, const xmlChar* faultReasonT
/* find Reason node */
reasonNode = xmlSecFindChild(faultNode, xmlSecNodeReason, xmlSecSoap12Ns);
if(reasonNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecFindChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeReason));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecFindChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeReason));
+ return(NULL);
}
/* add Text node */
textNode = xmlSecAddChild(reasonNode, xmlSecNodeText, xmlSecSoap12Ns);
if(textNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeText));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeText));
+ return(NULL);
}
xmlNodeSetContent(textNode, faultReasonText);
xmlNodeSetLang(textNode, faultReasonLang);
@@ -1086,13 +1086,13 @@ xmlSecSoap12AddFaultReasonText(xmlNodePtr faultNode, const xmlChar* faultReasonT
* xmlSecSoap12AddFaultDetailEntry:
* @faultNode: the pointer to <Fault> node.
* @detailEntryNode: the pointer to detail entry node.
- *
+ *
* Adds a new child to the Detail child element of @faultNode.
*
- * Returns: pointer to the added child (@detailEntryNode) or NULL if an error
+ * Returns: pointer to the added child (@detailEntryNode) or NULL if an error
* occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecSoap12AddFaultDetailEntry(xmlNodePtr faultNode, xmlNodePtr detailEntryNode) {
xmlNodePtr detailNode;
@@ -1104,16 +1104,16 @@ xmlSecSoap12AddFaultDetailEntry(xmlNodePtr faultNode, xmlNodePtr detailEntryNode
if(detailNode == NULL) {
detailNode = xmlSecAddChild(faultNode, xmlSecNodeDetail, xmlSecSoap12Ns);
if(detailNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDetail));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDetail));
+ return(NULL);
}
}
-
+
return(xmlSecAddChildNode(detailNode, detailEntryNode));
}
@@ -1126,20 +1126,20 @@ xmlSecSoap12AddFaultDetailEntry(xmlNodePtr faultNode, xmlNodePtr detailEntryNode
* Returns: 1 if @envNode has a valid <soap:Envelope> element, 0 if it is
* not valid or a negative value if an error occurs.
*/
-int
+int
xmlSecSoap12CheckEnvelope(xmlNodePtr envNode) {
xmlNodePtr cur;
-
+
xmlSecAssert2(envNode != NULL, -1);
-
+
/* verify envNode itself */
if(!xmlSecCheckNodeName(envNode, xmlSecNodeEnvelope, xmlSecSoap12Ns)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeEnvelope),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeEnvelope),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
}
/* optional Header node first */
@@ -1150,29 +1150,29 @@ xmlSecSoap12CheckEnvelope(xmlNodePtr envNode) {
/* required Body node is next */
if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap12Ns)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeBody),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeBody),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
}
-
+
return(1);
}
/**
* xmlSecSoap12GetHeader:
* @envNode: the pointer to <soap:Envelope> node.
- *
+ *
* Gets pointer to the <soap:Header> node.
*
* Returns: pointer to <soap:Header> node or NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecSoap12GetHeader(xmlNodePtr envNode) {
xmlNodePtr cur;
-
+
xmlSecAssert2(envNode != NULL, NULL);
/* optional Header node is first */
@@ -1187,15 +1187,15 @@ xmlSecSoap12GetHeader(xmlNodePtr envNode) {
/**
* xmlSecSoap12GetBody:
* @envNode: the pointer to <soap:Envelope> node.
- *
+ *
* Gets pointer to the <soap:Body> node.
*
* Returns: pointer to <soap:Body> node or NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecSoap12GetBody(xmlNodePtr envNode) {
xmlNodePtr cur;
-
+
xmlSecAssert2(envNode != NULL, NULL);
/* optional Header node first */
@@ -1206,12 +1206,12 @@ xmlSecSoap12GetBody(xmlNodePtr envNode) {
/* Body node is next */
if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap12Ns)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeBody),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeBody),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
return(cur);
@@ -1225,23 +1225,23 @@ xmlSecSoap12GetBody(xmlNodePtr envNode) {
*
* Returns: the number of body entries.
*/
-xmlSecSize
+xmlSecSize
xmlSecSoap12GetBodyEntriesNumber(xmlNodePtr envNode) {
xmlSecSize number = 0;
xmlNodePtr bodyNode;
xmlNodePtr cur;
-
+
xmlSecAssert2(envNode != NULL, 0);
/* get Body node */
bodyNode = xmlSecSoap12GetBody(envNode);
if(bodyNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap12GetBody",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap12GetBody",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
}
cur = xmlSecGetNextElementNode(bodyNode->children);
@@ -1249,7 +1249,7 @@ xmlSecSoap12GetBodyEntriesNumber(xmlNodePtr envNode) {
number++;
cur = xmlSecGetNextElementNode(cur->next);
}
-
+
return(number);
}
@@ -1257,27 +1257,27 @@ xmlSecSoap12GetBodyEntriesNumber(xmlNodePtr envNode) {
* xmlSecSoap12GetBodyEntry:
* @envNode: the pointer to <soap:Envelope> node.
* @pos: the body entry number.
- *
+ *
* Gets the body entry number @pos.
*
* Returns: pointer to body entry node or NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecSoap12GetBodyEntry(xmlNodePtr envNode, xmlSecSize pos) {
xmlNodePtr bodyNode;
xmlNodePtr cur;
-
+
xmlSecAssert2(envNode != NULL, NULL);
/* get Body node */
bodyNode = xmlSecSoap12GetBody(envNode);
if(bodyNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap12GetBody",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap12GetBody",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
cur = xmlSecGetNextElementNode(bodyNode->children);
@@ -1292,12 +1292,12 @@ xmlSecSoap12GetBodyEntry(xmlNodePtr envNode, xmlSecSize pos) {
/**
* xmlSecSoap12GetFaultEntry:
* @envNode: the pointer to <soap:Envelope> node.
- *
+ *
* Gets the Fault entry (if any).
*
* Returns: pointer to Fault entry or NULL if it does not exist.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecSoap12GetFaultEntry(xmlNodePtr envNode) {
xmlNodePtr bodyNode;
@@ -1306,17 +1306,17 @@ xmlSecSoap12GetFaultEntry(xmlNodePtr envNode) {
/* get Body node */
bodyNode = xmlSecSoap12GetBody(envNode);
if(bodyNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap12GetBody",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap12GetBody",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
return(xmlSecFindChild(bodyNode, xmlSecNodeFault, xmlSecSoap12Ns));
}
-
+
#endif /* XMLSEC_NO_SOAP */
diff --git a/src/strings.c b/src/strings.c
index 98971986..f746f4db 100644
--- a/src/strings.c
+++ b/src/strings.c
@@ -1,11 +1,11 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* All the string constants.
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -19,52 +19,52 @@
* Global Namespaces
*
************************************************************************/
-const xmlChar xmlSecNs[] = "http://www.aleksey.com/xmlsec/2002";
-const xmlChar xmlSecDSigNs[] = "http://www.w3.org/2000/09/xmldsig#";
-const xmlChar xmlSecEncNs[] = "http://www.w3.org/2001/04/xmlenc#";
-const xmlChar xmlSecXkmsNs[] = "http://www.w3.org/2002/03/xkms#";
-const xmlChar xmlSecXPathNs[] = "http://www.w3.org/TR/1999/REC-xpath-19991116";
-const xmlChar xmlSecXPath2Ns[] = "http://www.w3.org/2002/06/xmldsig-filter2";
-const xmlChar xmlSecXPointerNs[] = "http://www.w3.org/2001/04/xmldsig-more/xptr";
-const xmlChar xmlSecSoap11Ns[] = "http://schemas.xmlsoap.org/soap/envelope/";
-const xmlChar xmlSecSoap12Ns[] = "http://www.w3.org/2002/06/soap-envelope";
+const xmlChar xmlSecNs[] = "http://www.aleksey.com/xmlsec/2002";
+const xmlChar xmlSecDSigNs[] = "http://www.w3.org/2000/09/xmldsig#";
+const xmlChar xmlSecEncNs[] = "http://www.w3.org/2001/04/xmlenc#";
+const xmlChar xmlSecXkmsNs[] = "http://www.w3.org/2002/03/xkms#";
+const xmlChar xmlSecXPathNs[] = "http://www.w3.org/TR/1999/REC-xpath-19991116";
+const xmlChar xmlSecXPath2Ns[] = "http://www.w3.org/2002/06/xmldsig-filter2";
+const xmlChar xmlSecXPointerNs[] = "http://www.w3.org/2001/04/xmldsig-more/xptr";
+const xmlChar xmlSecSoap11Ns[] = "http://schemas.xmlsoap.org/soap/envelope/";
+const xmlChar xmlSecSoap12Ns[] = "http://www.w3.org/2002/06/soap-envelope";
/*************************************************************************
*
* DSig Nodes
*
************************************************************************/
-const xmlChar xmlSecNodeSignature[] = "Signature";
-const xmlChar xmlSecNodeSignedInfo[] = "SignedInfo";
+const xmlChar xmlSecNodeSignature[] = "Signature";
+const xmlChar xmlSecNodeSignedInfo[] = "SignedInfo";
const xmlChar xmlSecNodeCanonicalizationMethod[]= "CanonicalizationMethod";
-const xmlChar xmlSecNodeSignatureMethod[] = "SignatureMethod";
-const xmlChar xmlSecNodeSignatureValue[] = "SignatureValue";
-const xmlChar xmlSecNodeDigestMethod[] = "DigestMethod";
-const xmlChar xmlSecNodeDigestValue[] = "DigestValue";
-const xmlChar xmlSecNodeObject[] = "Object";
-const xmlChar xmlSecNodeManifest[] = "Manifest";
-const xmlChar xmlSecNodeSignatureProperties[] = "SignatureProperties";
+const xmlChar xmlSecNodeSignatureMethod[] = "SignatureMethod";
+const xmlChar xmlSecNodeSignatureValue[] = "SignatureValue";
+const xmlChar xmlSecNodeDigestMethod[] = "DigestMethod";
+const xmlChar xmlSecNodeDigestValue[] = "DigestValue";
+const xmlChar xmlSecNodeObject[] = "Object";
+const xmlChar xmlSecNodeManifest[] = "Manifest";
+const xmlChar xmlSecNodeSignatureProperties[] = "SignatureProperties";
/*************************************************************************
*
* Encryption Nodes
*
************************************************************************/
-const xmlChar xmlSecNodeEncryptedData[] = "EncryptedData";
-const xmlChar xmlSecNodeEncryptionMethod[] = "EncryptionMethod";
-const xmlChar xmlSecNodeEncryptionProperties[] = "EncryptionProperties";
-const xmlChar xmlSecNodeEncryptionProperty[] = "EncryptionProperty";
-const xmlChar xmlSecNodeCipherData[] = "CipherData";
-const xmlChar xmlSecNodeCipherValue[] = "CipherValue";
-const xmlChar xmlSecNodeCipherReference[] = "CipherReference";
-const xmlChar xmlSecNodeReferenceList[] = "ReferenceList";
+const xmlChar xmlSecNodeEncryptedData[] = "EncryptedData";
+const xmlChar xmlSecNodeEncryptionMethod[] = "EncryptionMethod";
+const xmlChar xmlSecNodeEncryptionProperties[] = "EncryptionProperties";
+const xmlChar xmlSecNodeEncryptionProperty[] = "EncryptionProperty";
+const xmlChar xmlSecNodeCipherData[] = "CipherData";
+const xmlChar xmlSecNodeCipherValue[] = "CipherValue";
+const xmlChar xmlSecNodeCipherReference[] = "CipherReference";
+const xmlChar xmlSecNodeReferenceList[] = "ReferenceList";
const xmlChar xmlSecNodeDataReference[] = "DataReference";
const xmlChar xmlSecNodeKeyReference[] = "KeyReference";
-const xmlChar xmlSecNodeCarriedKeyName[] = "CarriedKeyName";
+const xmlChar xmlSecNodeCarriedKeyName[] = "CarriedKeyName";
-const xmlChar xmlSecTypeEncContent[] = "http://www.w3.org/2001/04/xmlenc#Content";
-const xmlChar xmlSecTypeEncElement[] = "http://www.w3.org/2001/04/xmlenc#Element";
+const xmlChar xmlSecTypeEncContent[] = "http://www.w3.org/2001/04/xmlenc#Content";
+const xmlChar xmlSecTypeEncElement[] = "http://www.w3.org/2001/04/xmlenc#Element";
/*************************************************************************
*
@@ -72,108 +72,108 @@ const xmlChar xmlSecTypeEncElement[] = "http://www.w3.org/2001/04/xmlenc#Elemen
*
************************************************************************/
#ifndef XMLSEC_NO_XKMS
-const xmlChar xmlSecXkmsServerRequestResultName[] = "result-response";
-const xmlChar xmlSecXkmsServerRequestStatusName[] = "status-request";
-const xmlChar xmlSecXkmsServerRequestLocateName[] = "locate-request";
-const xmlChar xmlSecXkmsServerRequestValidateName[] = "validate-request";
-const xmlChar xmlSecXkmsServerRequestCompoundName[] = "compound-request";
-
-const xmlChar xmlSecNodeResult[] = "Result";
-const xmlChar xmlSecNodeStatusRequest[] = "StatusRequest";
-const xmlChar xmlSecNodeStatusResult[] = "StatusResult";
-const xmlChar xmlSecNodeLocateRequest[] = "LocateRequest";
-const xmlChar xmlSecNodeLocateResult[] = "LocateResult";
-const xmlChar xmlSecNodeValidateRequest[] = "ValidateRequest";
-const xmlChar xmlSecNodeValidateResult[] = "ValidateResult";
-const xmlChar xmlSecNodeCompoundRequest[] = "CompoundRequest";
-const xmlChar xmlSecNodeCompoundResult[] = "CompoundResult";
-
-const xmlChar xmlSecNodeMessageExtension[] = "MessageExtension";
-const xmlChar xmlSecNodeOpaqueClientData[] = "OpaqueClientData";
-const xmlChar xmlSecNodeResponseMechanism[] = "ResponseMechanism";
-const xmlChar xmlSecNodeRespondWith[] = "RespondWith";
-const xmlChar xmlSecNodePendingNotification[] = "PendingNotification";
-const xmlChar xmlSecNodeQueryKeyBinding[] = "QueryKeyBinding";
-const xmlChar xmlSecNodeKeyUsage[] = "KeyUsage";
-const xmlChar xmlSecNodeUseKeyWith[] = "UseKeyWith";
-const xmlChar xmlSecNodeTimeInstant[] = "TimeInstant";
-const xmlChar xmlSecNodeRequestSignatureValue[] = "RequestSignatureValue";
-const xmlChar xmlSecNodeUnverifiedKeyBinding[] = "UnverifiedKeyBinding";
-const xmlChar xmlSecNodeValidityInterval[] = "ValidityInterval";
+const xmlChar xmlSecXkmsServerRequestResultName[] = "result-response";
+const xmlChar xmlSecXkmsServerRequestStatusName[] = "status-request";
+const xmlChar xmlSecXkmsServerRequestLocateName[] = "locate-request";
+const xmlChar xmlSecXkmsServerRequestValidateName[] = "validate-request";
+const xmlChar xmlSecXkmsServerRequestCompoundName[] = "compound-request";
+
+const xmlChar xmlSecNodeResult[] = "Result";
+const xmlChar xmlSecNodeStatusRequest[] = "StatusRequest";
+const xmlChar xmlSecNodeStatusResult[] = "StatusResult";
+const xmlChar xmlSecNodeLocateRequest[] = "LocateRequest";
+const xmlChar xmlSecNodeLocateResult[] = "LocateResult";
+const xmlChar xmlSecNodeValidateRequest[] = "ValidateRequest";
+const xmlChar xmlSecNodeValidateResult[] = "ValidateResult";
+const xmlChar xmlSecNodeCompoundRequest[] = "CompoundRequest";
+const xmlChar xmlSecNodeCompoundResult[] = "CompoundResult";
+
+const xmlChar xmlSecNodeMessageExtension[] = "MessageExtension";
+const xmlChar xmlSecNodeOpaqueClientData[] = "OpaqueClientData";
+const xmlChar xmlSecNodeResponseMechanism[] = "ResponseMechanism";
+const xmlChar xmlSecNodeRespondWith[] = "RespondWith";
+const xmlChar xmlSecNodePendingNotification[] = "PendingNotification";
+const xmlChar xmlSecNodeQueryKeyBinding[] = "QueryKeyBinding";
+const xmlChar xmlSecNodeKeyUsage[] = "KeyUsage";
+const xmlChar xmlSecNodeUseKeyWith[] = "UseKeyWith";
+const xmlChar xmlSecNodeTimeInstant[] = "TimeInstant";
+const xmlChar xmlSecNodeRequestSignatureValue[] = "RequestSignatureValue";
+const xmlChar xmlSecNodeUnverifiedKeyBinding[] = "UnverifiedKeyBinding";
+const xmlChar xmlSecNodeValidityInterval[] = "ValidityInterval";
const xmlChar xmlSecNodeStatus[] = "Status";
const xmlChar xmlSecNodeValidReason[] = "ValidReason";
const xmlChar xmlSecNodeInvalidReason[] = "InvalidReason";
const xmlChar xmlSecNodeIndeterminateReason[] = "IndeterminateReason";
-const xmlChar xmlSecAttrService[] = "Service";
-const xmlChar xmlSecAttrNonce[] = "Nonce";
-const xmlChar xmlSecAttrOriginalRequestId[] = "OriginalRequestId";
-const xmlChar xmlSecAttrResponseLimit[] = "ResponseLimit";
-const xmlChar xmlSecAttrMechanism[] = "Mechanism[";
-const xmlChar xmlSecAttrIdentifier[] = "Identifier";
-const xmlChar xmlSecAttrApplication[] = "Application";
-const xmlChar xmlSecAttrResultMajor[] = "ResultMajor";
-const xmlChar xmlSecAttrResultMinor[] = "ResultMinor";
-const xmlChar xmlSecAttrRequestId[] = "RequestId";
-const xmlChar xmlSecAttrNotBefore[] = "NotBefore";
-const xmlChar xmlSecAttrNotOnOrAfter[] = "NotOnOrAfter";
-const xmlChar xmlSecAttrTime[] = "Time";
+const xmlChar xmlSecAttrService[] = "Service";
+const xmlChar xmlSecAttrNonce[] = "Nonce";
+const xmlChar xmlSecAttrOriginalRequestId[] = "OriginalRequestId";
+const xmlChar xmlSecAttrResponseLimit[] = "ResponseLimit";
+const xmlChar xmlSecAttrMechanism[] = "Mechanism[";
+const xmlChar xmlSecAttrIdentifier[] = "Identifier";
+const xmlChar xmlSecAttrApplication[] = "Application";
+const xmlChar xmlSecAttrResultMajor[] = "ResultMajor";
+const xmlChar xmlSecAttrResultMinor[] = "ResultMinor";
+const xmlChar xmlSecAttrRequestId[] = "RequestId";
+const xmlChar xmlSecAttrNotBefore[] = "NotBefore";
+const xmlChar xmlSecAttrNotOnOrAfter[] = "NotOnOrAfter";
+const xmlChar xmlSecAttrTime[] = "Time";
const xmlChar xmlSecAttrStatusValue[] = "StatusValue";
-const xmlChar xmlSecResponseMechanismPending[] = "Pending";
+const xmlChar xmlSecResponseMechanismPending[] = "Pending";
const xmlChar xmlSecResponseMechanismRepresent[]= "Represent";
const xmlChar xmlSecResponseMechanismRequestSignatureValue[] = "RequestSignatureValue";
-const xmlChar xmlSecRespondWithKeyName[] = "KeyName";
-const xmlChar xmlSecRespondWithKeyValue[] = "KeyValue";
-const xmlChar xmlSecRespondWithX509Cert[] = "X509Cert";
-const xmlChar xmlSecRespondWithX509Chain[] = "X509Chain";
-const xmlChar xmlSecRespondWithX509CRL[] = "X509CRL";
-const xmlChar xmlSecRespondWithOCSP[] = "OCSP";
+const xmlChar xmlSecRespondWithKeyName[] = "KeyName";
+const xmlChar xmlSecRespondWithKeyValue[] = "KeyValue";
+const xmlChar xmlSecRespondWithX509Cert[] = "X509Cert";
+const xmlChar xmlSecRespondWithX509Chain[] = "X509Chain";
+const xmlChar xmlSecRespondWithX509CRL[] = "X509CRL";
+const xmlChar xmlSecRespondWithOCSP[] = "OCSP";
const xmlChar xmlSecRespondWithRetrievalMethod[]= "RetrievalMethod";
-const xmlChar xmlSecRespondWithPGP[] = "PGP";
-const xmlChar xmlSecRespondWithPGPWeb[] = "PGPWeb";
-const xmlChar xmlSecRespondWithSPKI[] = "SPKI";
-const xmlChar xmlSecRespondWithPrivateKey[] = "PrivateKey";
+const xmlChar xmlSecRespondWithPGP[] = "PGP";
+const xmlChar xmlSecRespondWithPGPWeb[] = "PGPWeb";
+const xmlChar xmlSecRespondWithSPKI[] = "SPKI";
+const xmlChar xmlSecRespondWithPrivateKey[] = "PrivateKey";
-const xmlChar xmlSecStatusResultSuccess[] = "Success";
-const xmlChar xmlSecStatusResultFailed[] = "Failed";
-const xmlChar xmlSecStatusResultPending[] = "Pending";
+const xmlChar xmlSecStatusResultSuccess[] = "Success";
+const xmlChar xmlSecStatusResultFailed[] = "Failed";
+const xmlChar xmlSecStatusResultPending[] = "Pending";
-const xmlChar xmlSecKeyUsageEncryption[] = "Encryption";
-const xmlChar xmlSecKeyUsageSignature[] = "Signature";
-const xmlChar xmlSecKeyUsageExchange[] = "Exchange";
+const xmlChar xmlSecKeyUsageEncryption[] = "Encryption";
+const xmlChar xmlSecKeyUsageSignature[] = "Signature";
+const xmlChar xmlSecKeyUsageExchange[] = "Exchange";
-const xmlChar xmlSecKeyBindingStatusValid[] = "Valid";
-const xmlChar xmlSecKeyBindingStatusInvalid[] = "Invalid";
-const xmlChar xmlSecKeyBindingStatusIndeterminate[] = "Indeterminate";
+const xmlChar xmlSecKeyBindingStatusValid[] = "Valid";
+const xmlChar xmlSecKeyBindingStatusInvalid[] = "Invalid";
+const xmlChar xmlSecKeyBindingStatusIndeterminate[] = "Indeterminate";
const xmlChar xmlSecKeyBindingReasonIssuerTrust[] = "IssuerTrust";
const xmlChar xmlSecKeyBindingReasonRevocationStatus[] = "RevocationStatus";
const xmlChar xmlSecKeyBindingReasonValidityInterval[] = "ValidityInterval";
const xmlChar xmlSecKeyBindingReasonSignature[] = "Signature";
-const xmlChar xmlSecResultMajorCodeSuccess[] = "Success";
-const xmlChar xmlSecResultMajorCodeVersionMismatch[] = "VersionMismatch";
-const xmlChar xmlSecResultMajorCodeSender[] = "Sender";
-const xmlChar xmlSecResultMajorCodeReceiver[] = "Receiver";
-const xmlChar xmlSecResultMajorCodeRepresent[] = "Represent";
-const xmlChar xmlSecResultMajorCodePending[] = "Pending";
-
-const xmlChar xmlSecResultMinorCodeNoMatch[] = "NoMatch";
-const xmlChar xmlSecResultMinorCodeTooManyResponses[] = "TooManyResponses";
-const xmlChar xmlSecResultMinorCodeIncomplete[] = "Incomplete";
-const xmlChar xmlSecResultMinorCodeFailure[] = "Failure";
-const xmlChar xmlSecResultMinorCodeRefused[] = "Refused";
-const xmlChar xmlSecResultMinorCodeNoAuthentication[] = "NoAuthentication";
+const xmlChar xmlSecResultMajorCodeSuccess[] = "Success";
+const xmlChar xmlSecResultMajorCodeVersionMismatch[] = "VersionMismatch";
+const xmlChar xmlSecResultMajorCodeSender[] = "Sender";
+const xmlChar xmlSecResultMajorCodeReceiver[] = "Receiver";
+const xmlChar xmlSecResultMajorCodeRepresent[] = "Represent";
+const xmlChar xmlSecResultMajorCodePending[] = "Pending";
+
+const xmlChar xmlSecResultMinorCodeNoMatch[] = "NoMatch";
+const xmlChar xmlSecResultMinorCodeTooManyResponses[] = "TooManyResponses";
+const xmlChar xmlSecResultMinorCodeIncomplete[] = "Incomplete";
+const xmlChar xmlSecResultMinorCodeFailure[] = "Failure";
+const xmlChar xmlSecResultMinorCodeRefused[] = "Refused";
+const xmlChar xmlSecResultMinorCodeNoAuthentication[] = "NoAuthentication";
const xmlChar xmlSecResultMinorCodeMessageNotSupported[]= "MessageNotSupported";
-const xmlChar xmlSecResultMinorCodeUnknownResponseId[] = "UnknownResponseId";
-const xmlChar xmlSecResultMinorCodeNotSynchronous[] = "NotSynchronous";
+const xmlChar xmlSecResultMinorCodeUnknownResponseId[] = "UnknownResponseId";
+const xmlChar xmlSecResultMinorCodeNotSynchronous[] = "NotSynchronous";
const xmlChar xmlSecXkmsSoapSubcodeValueMessageNotSupported[] = "MessageNotSupported";
-const xmlChar xmlSecXkmsSoapSubcodeValueBadMessage[] = "BadMessage";
+const xmlChar xmlSecXkmsSoapSubcodeValueBadMessage[] = "BadMessage";
-const xmlChar xmlSecXkmsSoapFaultReasonLang[] = "en";
+const xmlChar xmlSecXkmsSoapFaultReasonLang[] = "en";
const xmlChar xmlSecXkmsSoapFaultReasonUnsupportedVersion[] = "Unsupported SOAP version";
const xmlChar xmlSecXkmsSoapFaultReasonUnableToProcess[] = "Unable to process %s";
const xmlChar xmlSecXkmsSoapFaultReasonServiceUnavailable[] = "Service temporarily unable";
@@ -191,365 +191,401 @@ const xmlChar xmlSecXkmsFormatStrSoap12[] = "soap-1.2";
* KeyInfo Nodes
*
************************************************************************/
-const xmlChar xmlSecNodeKeyInfo[] = "KeyInfo";
-const xmlChar xmlSecNodeReference[] = "Reference";
-const xmlChar xmlSecNodeTransforms[] = "Transforms";
-const xmlChar xmlSecNodeTransform[] = "Transform";
+const xmlChar xmlSecNodeKeyInfo[] = "KeyInfo";
+const xmlChar xmlSecNodeReference[] = "Reference";
+const xmlChar xmlSecNodeTransforms[] = "Transforms";
+const xmlChar xmlSecNodeTransform[] = "Transform";
/*************************************************************************
*
* Attributes
*
************************************************************************/
-const xmlChar xmlSecAttrId[] = "Id";
-const xmlChar xmlSecAttrURI[] = "URI";
-const xmlChar xmlSecAttrType[] = "Type";
-const xmlChar xmlSecAttrMimeType[] = "MimeType";
-const xmlChar xmlSecAttrEncoding[] = "Encoding";
-const xmlChar xmlSecAttrAlgorithm[] = "Algorithm";
-const xmlChar xmlSecAttrFilter[] = "Filter";
-const xmlChar xmlSecAttrRecipient[] = "Recipient";
-const xmlChar xmlSecAttrTarget[] = "Target";
+const xmlChar xmlSecAttrId[] = "Id";
+const xmlChar xmlSecAttrURI[] = "URI";
+const xmlChar xmlSecAttrType[] = "Type";
+const xmlChar xmlSecAttrMimeType[] = "MimeType";
+const xmlChar xmlSecAttrEncoding[] = "Encoding";
+const xmlChar xmlSecAttrAlgorithm[] = "Algorithm";
+const xmlChar xmlSecAttrFilter[] = "Filter";
+const xmlChar xmlSecAttrRecipient[] = "Recipient";
+const xmlChar xmlSecAttrTarget[] = "Target";
/*************************************************************************
*
* AES strings
*
************************************************************************/
-const xmlChar xmlSecNameAESKeyValue[] = "aes";
-const xmlChar xmlSecNodeAESKeyValue[] = "AESKeyValue";
-const xmlChar xmlSecHrefAESKeyValue[] = "http://www.aleksey.com/xmlsec/2002#AESKeyValue";
+const xmlChar xmlSecNameAESKeyValue[] = "aes";
+const xmlChar xmlSecNodeAESKeyValue[] = "AESKeyValue";
+const xmlChar xmlSecHrefAESKeyValue[] = "http://www.aleksey.com/xmlsec/2002#AESKeyValue";
-const xmlChar xmlSecNameAes128Cbc[] = "aes128-cbc";
-const xmlChar xmlSecHrefAes128Cbc[] = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
+const xmlChar xmlSecNameAes128Cbc[] = "aes128-cbc";
+const xmlChar xmlSecHrefAes128Cbc[] = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
-const xmlChar xmlSecNameAes192Cbc[] = "aes192-cbc";
-const xmlChar xmlSecHrefAes192Cbc[] = "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
+const xmlChar xmlSecNameAes192Cbc[] = "aes192-cbc";
+const xmlChar xmlSecHrefAes192Cbc[] = "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
-const xmlChar xmlSecNameAes256Cbc[] = "aes256-cbc";
-const xmlChar xmlSecHrefAes256Cbc[] = "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
+const xmlChar xmlSecNameAes256Cbc[] = "aes256-cbc";
+const xmlChar xmlSecHrefAes256Cbc[] = "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
-const xmlChar xmlSecNameKWAes128[] = "kw-aes128";
-const xmlChar xmlSecHrefKWAes128[] = "http://www.w3.org/2001/04/xmlenc#kw-aes128";
+const xmlChar xmlSecNameKWAes128[] = "kw-aes128";
+const xmlChar xmlSecHrefKWAes128[] = "http://www.w3.org/2001/04/xmlenc#kw-aes128";
-const xmlChar xmlSecNameKWAes192[] = "kw-aes192";
-const xmlChar xmlSecHrefKWAes192[] = "http://www.w3.org/2001/04/xmlenc#kw-aes192";
+const xmlChar xmlSecNameKWAes192[] = "kw-aes192";
+const xmlChar xmlSecHrefKWAes192[] = "http://www.w3.org/2001/04/xmlenc#kw-aes192";
-const xmlChar xmlSecNameKWAes256[] = "kw-aes256";
-const xmlChar xmlSecHrefKWAes256[] = "http://www.w3.org/2001/04/xmlenc#kw-aes256";
+const xmlChar xmlSecNameKWAes256[] = "kw-aes256";
+const xmlChar xmlSecHrefKWAes256[] = "http://www.w3.org/2001/04/xmlenc#kw-aes256";
/*************************************************************************
*
* BASE64 strings
*
************************************************************************/
-const xmlChar xmlSecNameBase64[] = "base64";
-const xmlChar xmlSecHrefBase64[] = "http://www.w3.org/2000/09/xmldsig#base64";
+const xmlChar xmlSecNameBase64[] = "base64";
+const xmlChar xmlSecHrefBase64[] = "http://www.w3.org/2000/09/xmldsig#base64";
/*************************************************************************
*
* C14N strings
*
************************************************************************/
-const xmlChar xmlSecNameC14N[] = "c14n";
-const xmlChar xmlSecHrefC14N[] = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
+const xmlChar xmlSecNameC14N[] = "c14n";
+const xmlChar xmlSecHrefC14N[] = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
-const xmlChar xmlSecNameC14NWithComments[] = "c14n-with-comments";
-const xmlChar xmlSecHrefC14NWithComments[] = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments";
+const xmlChar xmlSecNameC14NWithComments[] = "c14n-with-comments";
+const xmlChar xmlSecHrefC14NWithComments[] = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments";
-const xmlChar xmlSecNameC14N11[] = "c14n11";
-const xmlChar xmlSecHrefC14N11[] = "http://www.w3.org/2006/12/xml-c14n11";
+const xmlChar xmlSecNameC14N11[] = "c14n11";
+const xmlChar xmlSecHrefC14N11[] = "http://www.w3.org/2006/12/xml-c14n11";
-const xmlChar xmlSecNameC14N11WithComments[] = "c14n11-with-comments";
-const xmlChar xmlSecHrefC14N11WithComments[] = "http://www.w3.org/2006/12/xml-c14n11#WithComments";
+const xmlChar xmlSecNameC14N11WithComments[] = "c14n11-with-comments";
+const xmlChar xmlSecHrefC14N11WithComments[] = "http://www.w3.org/2006/12/xml-c14n11#WithComments";
-const xmlChar xmlSecNameExcC14N[] = "exc-c14n";
-const xmlChar xmlSecHrefExcC14N[] = "http://www.w3.org/2001/10/xml-exc-c14n#";
+const xmlChar xmlSecNameExcC14N[] = "exc-c14n";
+const xmlChar xmlSecHrefExcC14N[] = "http://www.w3.org/2001/10/xml-exc-c14n#";
-const xmlChar xmlSecNameExcC14NWithComments[] = "exc-c14n-with-comments";
-const xmlChar xmlSecHrefExcC14NWithComments[] = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments";
+const xmlChar xmlSecNameExcC14NWithComments[] = "exc-c14n-with-comments";
+const xmlChar xmlSecHrefExcC14NWithComments[] = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments";
-const xmlChar xmlSecNsExcC14N[] = "http://www.w3.org/2001/10/xml-exc-c14n#";
-const xmlChar xmlSecNsExcC14NWithComments[] = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments";
+const xmlChar xmlSecNsExcC14N[] = "http://www.w3.org/2001/10/xml-exc-c14n#";
+const xmlChar xmlSecNsExcC14NWithComments[] = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments";
-const xmlChar xmlSecNodeInclusiveNamespaces[] = "InclusiveNamespaces";
-const xmlChar xmlSecAttrPrefixList[] = "PrefixList";
+const xmlChar xmlSecNodeInclusiveNamespaces[] = "InclusiveNamespaces";
+const xmlChar xmlSecAttrPrefixList[] = "PrefixList";
/*************************************************************************
*
* DES strings
*
************************************************************************/
-const xmlChar xmlSecNameDESKeyValue[] = "des";
-const xmlChar xmlSecNodeDESKeyValue[] = "DESKeyValue";
-const xmlChar xmlSecHrefDESKeyValue[] = "http://www.aleksey.com/xmlsec/2002#DESKeyValue";
+const xmlChar xmlSecNameDESKeyValue[] = "des";
+const xmlChar xmlSecNodeDESKeyValue[] = "DESKeyValue";
+const xmlChar xmlSecHrefDESKeyValue[] = "http://www.aleksey.com/xmlsec/2002#DESKeyValue";
-const xmlChar xmlSecNameDes3Cbc[] = "tripledes-cbc";
-const xmlChar xmlSecHrefDes3Cbc[] = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
+const xmlChar xmlSecNameDes3Cbc[] = "tripledes-cbc";
+const xmlChar xmlSecHrefDes3Cbc[] = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
-const xmlChar xmlSecNameKWDes3[] = "kw-tripledes";
-const xmlChar xmlSecHrefKWDes3[] = "http://www.w3.org/2001/04/xmlenc#kw-tripledes";
+const xmlChar xmlSecNameKWDes3[] = "kw-tripledes";
+const xmlChar xmlSecHrefKWDes3[] = "http://www.w3.org/2001/04/xmlenc#kw-tripledes";
/*************************************************************************
*
* GOST2001 strings
*
************************************************************************/
-const xmlChar xmlSecNameGOST2001KeyValue[] = "gost2001";
-const xmlChar xmlSecNodeGOST2001KeyValue[] = "gostr34102001-gostr3411";
-const xmlChar xmlSecHrefGOST2001KeyValue[] = "http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411";
+const xmlChar xmlSecNameGOST2001KeyValue[] = "gost2001";
+const xmlChar xmlSecNodeGOST2001KeyValue[] = "gostr34102001-gostr3411";
+const xmlChar xmlSecHrefGOST2001KeyValue[] = "http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411";
-const xmlChar xmlSecNameGost2001GostR3411_94[] = "gostr34102001-gostr3411";
-const xmlChar xmlSecHrefGost2001GostR3411_94[] = "http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411";
+const xmlChar xmlSecNameGost2001GostR3411_94[] = "gostr34102001-gostr3411";
+const xmlChar xmlSecHrefGost2001GostR3411_94[] = "http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411";
/*************************************************************************
*
* DSA strings
*
************************************************************************/
-const xmlChar xmlSecNameDSAKeyValue[] = "dsa";
-const xmlChar xmlSecNodeDSAKeyValue[] = "DSAKeyValue";
-const xmlChar xmlSecHrefDSAKeyValue[] = "http://www.w3.org/2000/09/xmldsig#DSAKeyValue";
-const xmlChar xmlSecNodeDSAP[] = "P";
-const xmlChar xmlSecNodeDSAQ[] = "Q";
-const xmlChar xmlSecNodeDSAG[] = "G";
-const xmlChar xmlSecNodeDSAJ[] = "J";
-const xmlChar xmlSecNodeDSAX[] = "X";
-const xmlChar xmlSecNodeDSAY[] = "Y";
-const xmlChar xmlSecNodeDSASeed[] = "Seed";
-const xmlChar xmlSecNodeDSAPgenCounter[] = "PgenCounter";
+const xmlChar xmlSecNameDSAKeyValue[] = "dsa";
+const xmlChar xmlSecNodeDSAKeyValue[] = "DSAKeyValue";
+const xmlChar xmlSecHrefDSAKeyValue[] = "http://www.w3.org/2000/09/xmldsig#DSAKeyValue";
+const xmlChar xmlSecNodeDSAP[] = "P";
+const xmlChar xmlSecNodeDSAQ[] = "Q";
+const xmlChar xmlSecNodeDSAG[] = "G";
+const xmlChar xmlSecNodeDSAJ[] = "J";
+const xmlChar xmlSecNodeDSAX[] = "X";
+const xmlChar xmlSecNodeDSAY[] = "Y";
+const xmlChar xmlSecNodeDSASeed[] = "Seed";
+const xmlChar xmlSecNodeDSAPgenCounter[] = "PgenCounter";
+
+const xmlChar xmlSecNameDsaSha1[] = "dsa-sha1";
+const xmlChar xmlSecHrefDsaSha1[] = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
+
+const xmlChar xmlSecNameDsaSha256[] = "dsa-sha256";
+const xmlChar xmlSecHrefDsaSha256[] = "http://www.w3.org/2009/xmldsig11#dsa-sha256";
-const xmlChar xmlSecNameDsaSha1[] = "dsa-sha1";
-const xmlChar xmlSecHrefDsaSha1[] = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
+/*************************************************************************
+ *
+ * ECDSA strings
+ *
+ ************************************************************************/
+/* XXX-MAK: More constants will be needed later. */
+const xmlChar xmlSecNameECDSAKeyValue[] = "ecdsa";
+const xmlChar xmlSecNodeECDSAKeyValue[] = "ECDSAKeyValue";
+const xmlChar xmlSecHrefECDSAKeyValue[] = "http://scap.nist.gov/specifications/tmsad/#resource-1.0";
+const xmlChar xmlSecNodeECDSAP[] = "P";
+const xmlChar xmlSecNodeECDSAQ[] = "Q";
+const xmlChar xmlSecNodeECDSAG[] = "G";
+const xmlChar xmlSecNodeECDSAJ[] = "J";
+const xmlChar xmlSecNodeECDSAX[] = "X";
+const xmlChar xmlSecNodeECDSAY[] = "Y";
+const xmlChar xmlSecNodeECDSASeed[] = "Seed";
+const xmlChar xmlSecNodeECDSAPgenCounter[] = "PgenCounter";
+
+const xmlChar xmlSecNameEcdsaSha1[] = "ecdsa-sha1";
+const xmlChar xmlSecHrefEcdsaSha1[] = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1";
+
+const xmlChar xmlSecNameEcdsaSha224[] = "ecdsa-sha224";
+const xmlChar xmlSecHrefEcdsaSha224[] = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224";
+
+const xmlChar xmlSecNameEcdsaSha256[] = "ecdsa-sha256";
+const xmlChar xmlSecHrefEcdsaSha256[] = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";
+
+const xmlChar xmlSecNameEcdsaSha384[] = "ecdsa-sha384";
+const xmlChar xmlSecHrefEcdsaSha384[] = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384";
+
+const xmlChar xmlSecNameEcdsaSha512[] = "ecdsa-sha512";
+const xmlChar xmlSecHrefEcdsaSha512[] = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512";
/*************************************************************************
*
* EncryptedKey
*
************************************************************************/
-const xmlChar xmlSecNameEncryptedKey[] = "enc-key";
-const xmlChar xmlSecNodeEncryptedKey[] = "EncryptedKey";
-const xmlChar xmlSecHrefEncryptedKey[] = "http://www.w3.org/2001/04/xmlenc#EncryptedKey";
+const xmlChar xmlSecNameEncryptedKey[] = "enc-key";
+const xmlChar xmlSecNodeEncryptedKey[] = "EncryptedKey";
+const xmlChar xmlSecHrefEncryptedKey[] = "http://www.w3.org/2001/04/xmlenc#EncryptedKey";
/*************************************************************************
*
* Enveloped transform strings
*
************************************************************************/
-const xmlChar xmlSecNameEnveloped[] = "enveloped-signature";
-const xmlChar xmlSecHrefEnveloped[] = "http://www.w3.org/2000/09/xmldsig#enveloped-signature";
+const xmlChar xmlSecNameEnveloped[] = "enveloped-signature";
+const xmlChar xmlSecHrefEnveloped[] = "http://www.w3.org/2000/09/xmldsig#enveloped-signature";
/*************************************************************************
*
* HMAC strings
*
************************************************************************/
-const xmlChar xmlSecNameHMACKeyValue[] = "hmac";
-const xmlChar xmlSecNodeHMACKeyValue[] = "HMACKeyValue";
-const xmlChar xmlSecHrefHMACKeyValue[] = "http://www.aleksey.com/xmlsec/2002#HMACKeyValue";
+const xmlChar xmlSecNameHMACKeyValue[] = "hmac";
+const xmlChar xmlSecNodeHMACKeyValue[] = "HMACKeyValue";
+const xmlChar xmlSecHrefHMACKeyValue[] = "http://www.aleksey.com/xmlsec/2002#HMACKeyValue";
-const xmlChar xmlSecNodeHMACOutputLength[] = "HMACOutputLength";
+const xmlChar xmlSecNodeHMACOutputLength[] = "HMACOutputLength";
-const xmlChar xmlSecNameHmacMd5[] = "hmac-md5";
-const xmlChar xmlSecHrefHmacMd5[] = "http://www.w3.org/2001/04/xmldsig-more#hmac-md5";
+const xmlChar xmlSecNameHmacMd5[] = "hmac-md5";
+const xmlChar xmlSecHrefHmacMd5[] = "http://www.w3.org/2001/04/xmldsig-more#hmac-md5";
-const xmlChar xmlSecNameHmacRipemd160[] = "hmac-ripemd160";
-const xmlChar xmlSecHrefHmacRipemd160[] = "http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160";
+const xmlChar xmlSecNameHmacRipemd160[] = "hmac-ripemd160";
+const xmlChar xmlSecHrefHmacRipemd160[] = "http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160";
-const xmlChar xmlSecNameHmacSha1[] = "hmac-sha1";
-const xmlChar xmlSecHrefHmacSha1[] = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
+const xmlChar xmlSecNameHmacSha1[] = "hmac-sha1";
+const xmlChar xmlSecHrefHmacSha1[] = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
-const xmlChar xmlSecNameHmacSha224[] = "hmac-sha224";
-const xmlChar xmlSecHrefHmacSha224[] = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha224";
+const xmlChar xmlSecNameHmacSha224[] = "hmac-sha224";
+const xmlChar xmlSecHrefHmacSha224[] = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha224";
-const xmlChar xmlSecNameHmacSha256[] = "hmac-sha256";
-const xmlChar xmlSecHrefHmacSha256[] = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256";
+const xmlChar xmlSecNameHmacSha256[] = "hmac-sha256";
+const xmlChar xmlSecHrefHmacSha256[] = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256";
-const xmlChar xmlSecNameHmacSha384[] = "hmac-sha384";
-const xmlChar xmlSecHrefHmacSha384[] = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha384";
+const xmlChar xmlSecNameHmacSha384[] = "hmac-sha384";
+const xmlChar xmlSecHrefHmacSha384[] = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha384";
-const xmlChar xmlSecNameHmacSha512[] = "hmac-sha512";
-const xmlChar xmlSecHrefHmacSha512[] = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512";
+const xmlChar xmlSecNameHmacSha512[] = "hmac-sha512";
+const xmlChar xmlSecHrefHmacSha512[] = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512";
/*************************************************************************
*
* KeyName strings
*
************************************************************************/
-const xmlChar xmlSecNameKeyName[] = "key-name";
-const xmlChar xmlSecNodeKeyName[] = "KeyName";
+const xmlChar xmlSecNameKeyName[] = "key-name";
+const xmlChar xmlSecNodeKeyName[] = "KeyName";
/*************************************************************************
*
* KeyValue strings
*
************************************************************************/
-const xmlChar xmlSecNameKeyValue[] = "key-value";
-const xmlChar xmlSecNodeKeyValue[] = "KeyValue";
+const xmlChar xmlSecNameKeyValue[] = "key-value";
+const xmlChar xmlSecNodeKeyValue[] = "KeyValue";
/*************************************************************************
*
* Memory Buffer strings
*
************************************************************************/
-const xmlChar xmlSecNameMemBuf[] = "membuf-transform";
+const xmlChar xmlSecNameMemBuf[] = "membuf-transform";
/*************************************************************************
*
* MD5 strings
*
************************************************************************/
-const xmlChar xmlSecNameMd5[] = "md5";
-const xmlChar xmlSecHrefMd5[] = "http://www.w3.org/2001/04/xmldsig-more#md5";
+const xmlChar xmlSecNameMd5[] = "md5";
+const xmlChar xmlSecHrefMd5[] = "http://www.w3.org/2001/04/xmldsig-more#md5";
/*************************************************************************
*
* RetrievalMethod
*
************************************************************************/
-const xmlChar xmlSecNameRetrievalMethod[] = "retrieval-method";
-const xmlChar xmlSecNodeRetrievalMethod[] = "RetrievalMethod";
+const xmlChar xmlSecNameRetrievalMethod[] = "retrieval-method";
+const xmlChar xmlSecNodeRetrievalMethod[] = "RetrievalMethod";
/*************************************************************************
*
* RIPEMD160 strings
*
************************************************************************/
-const xmlChar xmlSecNameRipemd160[] = "ripemd160";
-const xmlChar xmlSecHrefRipemd160[] = "http://www.w3.org/2001/04/xmlenc#ripemd160";
+const xmlChar xmlSecNameRipemd160[] = "ripemd160";
+const xmlChar xmlSecHrefRipemd160[] = "http://www.w3.org/2001/04/xmlenc#ripemd160";
/*************************************************************************
*
* RSA strings
*
************************************************************************/
-const xmlChar xmlSecNameRSAKeyValue[] = "rsa";
-const xmlChar xmlSecNodeRSAKeyValue[] = "RSAKeyValue";
-const xmlChar xmlSecHrefRSAKeyValue[] = "http://www.w3.org/2000/09/xmldsig#RSAKeyValue";
-const xmlChar xmlSecNodeRSAModulus[] = "Modulus";
-const xmlChar xmlSecNodeRSAExponent[] = "Exponent";
-const xmlChar xmlSecNodeRSAPrivateExponent[] = "PrivateExponent";
+const xmlChar xmlSecNameRSAKeyValue[] = "rsa";
+const xmlChar xmlSecNodeRSAKeyValue[] = "RSAKeyValue";
+const xmlChar xmlSecHrefRSAKeyValue[] = "http://www.w3.org/2000/09/xmldsig#RSAKeyValue";
+const xmlChar xmlSecNodeRSAModulus[] = "Modulus";
+const xmlChar xmlSecNodeRSAExponent[] = "Exponent";
+const xmlChar xmlSecNodeRSAPrivateExponent[] = "PrivateExponent";
-const xmlChar xmlSecNameRsaMd5[] = "rsa-md5";
-const xmlChar xmlSecHrefRsaMd5[] = "http://www.w3.org/2001/04/xmldsig-more#rsa-md5";
+const xmlChar xmlSecNameRsaMd5[] = "rsa-md5";
+const xmlChar xmlSecHrefRsaMd5[] = "http://www.w3.org/2001/04/xmldsig-more#rsa-md5";
-const xmlChar xmlSecNameRsaRipemd160[] = "rsa-ripemd160";
-const xmlChar xmlSecHrefRsaRipemd160[] = "http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160";
+const xmlChar xmlSecNameRsaRipemd160[] = "rsa-ripemd160";
+const xmlChar xmlSecHrefRsaRipemd160[] = "http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160";
-const xmlChar xmlSecNameRsaSha1[] = "rsa-sha1";
-const xmlChar xmlSecHrefRsaSha1[] = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
+const xmlChar xmlSecNameRsaSha1[] = "rsa-sha1";
+const xmlChar xmlSecHrefRsaSha1[] = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
-const xmlChar xmlSecNameRsaSha224[] = "rsa-sha224";
-const xmlChar xmlSecHrefRsaSha224[] = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha224";
+const xmlChar xmlSecNameRsaSha224[] = "rsa-sha224";
+const xmlChar xmlSecHrefRsaSha224[] = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha224";
-const xmlChar xmlSecNameRsaSha256[] = "rsa-sha256";
-const xmlChar xmlSecHrefRsaSha256[] = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
+const xmlChar xmlSecNameRsaSha256[] = "rsa-sha256";
+const xmlChar xmlSecHrefRsaSha256[] = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
-const xmlChar xmlSecNameRsaSha384[] = "rsa-sha384";
-const xmlChar xmlSecHrefRsaSha384[] = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
+const xmlChar xmlSecNameRsaSha384[] = "rsa-sha384";
+const xmlChar xmlSecHrefRsaSha384[] = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
-const xmlChar xmlSecNameRsaSha512[] = "rsa-sha512";
-const xmlChar xmlSecHrefRsaSha512[] = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
+const xmlChar xmlSecNameRsaSha512[] = "rsa-sha512";
+const xmlChar xmlSecHrefRsaSha512[] = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
-const xmlChar xmlSecNameRsaPkcs1[] = "rsa-1_5";
-const xmlChar xmlSecHrefRsaPkcs1[] = "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
+const xmlChar xmlSecNameRsaPkcs1[] = "rsa-1_5";
+const xmlChar xmlSecHrefRsaPkcs1[] = "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
-const xmlChar xmlSecNameRsaOaep[] = "rsa-oaep-mgf1p";
-const xmlChar xmlSecHrefRsaOaep[] = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
-const xmlChar xmlSecNodeRsaOAEPparams[] = "OAEPparams";
+const xmlChar xmlSecNameRsaOaep[] = "rsa-oaep-mgf1p";
+const xmlChar xmlSecHrefRsaOaep[] = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
+const xmlChar xmlSecNodeRsaOAEPparams[] = "OAEPparams";
/*************************************************************************
*
* GOSTR3411_94 strings
*
************************************************************************/
-const xmlChar xmlSecNameGostR3411_94[] = "gostr3411";
-const xmlChar xmlSecHrefGostR3411_94[] = "http://www.w3.org/2001/04/xmldsig-more#gostr3411";
+const xmlChar xmlSecNameGostR3411_94[] = "gostr3411";
+const xmlChar xmlSecHrefGostR3411_94[] = "http://www.w3.org/2001/04/xmldsig-more#gostr3411";
/*************************************************************************
*
* SHA1 strings
*
************************************************************************/
-const xmlChar xmlSecNameSha1[] = "sha1";
-const xmlChar xmlSecHrefSha1[] = "http://www.w3.org/2000/09/xmldsig#sha1";
+const xmlChar xmlSecNameSha1[] = "sha1";
+const xmlChar xmlSecHrefSha1[] = "http://www.w3.org/2000/09/xmldsig#sha1";
-const xmlChar xmlSecNameSha224[] = "sha224";
-const xmlChar xmlSecHrefSha224[] = "http://www.w3.org/2001/04/xmldsig-more#sha224";
+const xmlChar xmlSecNameSha224[] = "sha224";
+const xmlChar xmlSecHrefSha224[] = "http://www.w3.org/2001/04/xmldsig-more#sha224";
-const xmlChar xmlSecNameSha256[] = "sha256";
-const xmlChar xmlSecHrefSha256[] = "http://www.w3.org/2001/04/xmlenc#sha256";
+const xmlChar xmlSecNameSha256[] = "sha256";
+const xmlChar xmlSecHrefSha256[] = "http://www.w3.org/2001/04/xmlenc#sha256";
-const xmlChar xmlSecNameSha384[] = "sha384";
-const xmlChar xmlSecHrefSha384[] = "http://www.w3.org/2001/04/xmldsig-more#sha384";
+const xmlChar xmlSecNameSha384[] = "sha384";
+const xmlChar xmlSecHrefSha384[] = "http://www.w3.org/2001/04/xmldsig-more#sha384";
-const xmlChar xmlSecNameSha512[] = "sha512";
-const xmlChar xmlSecHrefSha512[] = "http://www.w3.org/2001/04/xmlenc#sha512";
+const xmlChar xmlSecNameSha512[] = "sha512";
+const xmlChar xmlSecHrefSha512[] = "http://www.w3.org/2001/04/xmlenc#sha512";
/*************************************************************************
*
* X509 strings
*
************************************************************************/
-const xmlChar xmlSecNameX509Data[] = "x509";
-const xmlChar xmlSecNodeX509Data[] = "X509Data";
-const xmlChar xmlSecHrefX509Data[] = "http://www.w3.org/2000/09/xmldsig#X509Data";
+const xmlChar xmlSecNameX509Data[] = "x509";
+const xmlChar xmlSecNodeX509Data[] = "X509Data";
+const xmlChar xmlSecHrefX509Data[] = "http://www.w3.org/2000/09/xmldsig#X509Data";
-const xmlChar xmlSecNodeX509Certificate[] = "X509Certificate";
-const xmlChar xmlSecNodeX509CRL[] = "X509CRL";
-const xmlChar xmlSecNodeX509SubjectName[] = "X509SubjectName";
-const xmlChar xmlSecNodeX509IssuerSerial[] = "X509IssuerSerial";
-const xmlChar xmlSecNodeX509IssuerName[] = "X509IssuerName";
-const xmlChar xmlSecNodeX509SerialNumber[] = "X509SerialNumber";
-const xmlChar xmlSecNodeX509SKI[] = "X509SKI";
+const xmlChar xmlSecNodeX509Certificate[] = "X509Certificate";
+const xmlChar xmlSecNodeX509CRL[] = "X509CRL";
+const xmlChar xmlSecNodeX509SubjectName[] = "X509SubjectName";
+const xmlChar xmlSecNodeX509IssuerSerial[] = "X509IssuerSerial";
+const xmlChar xmlSecNodeX509IssuerName[] = "X509IssuerName";
+const xmlChar xmlSecNodeX509SerialNumber[] = "X509SerialNumber";
+const xmlChar xmlSecNodeX509SKI[] = "X509SKI";
-const xmlChar xmlSecNameRawX509Cert[] = "raw-x509-cert";
-const xmlChar xmlSecHrefRawX509Cert[] = "http://www.w3.org/2000/09/xmldsig#rawX509Certificate";
+const xmlChar xmlSecNameRawX509Cert[] = "raw-x509-cert";
+const xmlChar xmlSecHrefRawX509Cert[] = "http://www.w3.org/2000/09/xmldsig#rawX509Certificate";
-const xmlChar xmlSecNameX509Store[] = "x509-store";
+const xmlChar xmlSecNameX509Store[] = "x509-store";
/*************************************************************************
*
* PGP strings
*
************************************************************************/
-const xmlChar xmlSecNamePGPData[] = "pgp";
-const xmlChar xmlSecNodePGPData[] = "PGPData";
-const xmlChar xmlSecHrefPGPData[] = "http://www.w3.org/2000/09/xmldsig#PGPData";
+const xmlChar xmlSecNamePGPData[] = "pgp";
+const xmlChar xmlSecNodePGPData[] = "PGPData";
+const xmlChar xmlSecHrefPGPData[] = "http://www.w3.org/2000/09/xmldsig#PGPData";
/*************************************************************************
*
* SPKI strings
*
************************************************************************/
-const xmlChar xmlSecNameSPKIData[] = "spki";
-const xmlChar xmlSecNodeSPKIData[] = "SPKIData";
-const xmlChar xmlSecHrefSPKIData[] = "http://www.w3.org/2000/09/xmldsig#SPKIData";
+const xmlChar xmlSecNameSPKIData[] = "spki";
+const xmlChar xmlSecNodeSPKIData[] = "SPKIData";
+const xmlChar xmlSecHrefSPKIData[] = "http://www.w3.org/2000/09/xmldsig#SPKIData";
/*************************************************************************
*
* XPath/XPointer strings
*
************************************************************************/
-const xmlChar xmlSecNameXPath[] = "xpath";
-const xmlChar xmlSecNodeXPath[] = "XPath";
+const xmlChar xmlSecNameXPath[] = "xpath";
+const xmlChar xmlSecNodeXPath[] = "XPath";
-const xmlChar xmlSecNameXPath2[] = "xpath2";
-const xmlChar xmlSecNodeXPath2[] = "XPath";
-const xmlChar xmlSecXPath2FilterIntersect[] = "intersect";
-const xmlChar xmlSecXPath2FilterSubtract[] = "subtract";
-const xmlChar xmlSecXPath2FilterUnion[] = "union";
+const xmlChar xmlSecNameXPath2[] = "xpath2";
+const xmlChar xmlSecNodeXPath2[] = "XPath";
+const xmlChar xmlSecXPath2FilterIntersect[] = "intersect";
+const xmlChar xmlSecXPath2FilterSubtract[] = "subtract";
+const xmlChar xmlSecXPath2FilterUnion[] = "union";
-const xmlChar xmlSecNameXPointer[] = "xpointer";
-const xmlChar xmlSecNodeXPointer[] = "XPointer";
+const xmlChar xmlSecNameXPointer[] = "xpointer";
+const xmlChar xmlSecNodeXPointer[] = "XPointer";
/*************************************************************************
*
* Xslt strings
*
************************************************************************/
-const xmlChar xmlSecNameXslt[] = "xslt";
-const xmlChar xmlSecHrefXslt[] = "http://www.w3.org/TR/1999/REC-xslt-19991116";
+const xmlChar xmlSecNameXslt[] = "xslt";
+const xmlChar xmlSecHrefXslt[] = "http://www.w3.org/TR/1999/REC-xslt-19991116";
#ifndef XMLSEC_NO_SOAP
/*************************************************************************
@@ -557,31 +593,31 @@ const xmlChar xmlSecHrefXslt[] = "http://www.w3.org/TR/1999/REC-xslt-19991116"
* SOAP 1.1/1.2 strings
*
************************************************************************/
-const xmlChar xmlSecNodeEnvelope[] = "Envelope";
-const xmlChar xmlSecNodeHeader[] = "Header";
-const xmlChar xmlSecNodeBody[] = "Body";
-const xmlChar xmlSecNodeFault[] = "Fault";
-const xmlChar xmlSecNodeFaultCode[] = "faultcode";
-const xmlChar xmlSecNodeFaultString[] = "faultstring";
-const xmlChar xmlSecNodeFaultActor[] = "faultactor";
-const xmlChar xmlSecNodeFaultDetail[] = "detail";
-const xmlChar xmlSecNodeCode[] = "Code";
-const xmlChar xmlSecNodeReason[] = "Reason";
-const xmlChar xmlSecNodeNode[] = "Node";
-const xmlChar xmlSecNodeRole[] = "Role";
-const xmlChar xmlSecNodeDetail[] = "Detail";
-const xmlChar xmlSecNodeValue[] = "Value";
-const xmlChar xmlSecNodeSubcode[] = "Subcode";
-const xmlChar xmlSecNodeText[] = "Text";
-
-
-const xmlChar xmlSecSoapFaultCodeVersionMismatch[] = "VersionMismatch";
-const xmlChar xmlSecSoapFaultCodeMustUnderstand[] = "MustUnderstand";
-const xmlChar xmlSecSoapFaultCodeClient[] = "Client";
-const xmlChar xmlSecSoapFaultCodeServer[] = "Server";
-const xmlChar xmlSecSoapFaultCodeReceiver[] = "Receiver";
-const xmlChar xmlSecSoapFaultCodeSender[] = "Sender";
-const xmlChar xmlSecSoapFaultDataEncodningUnknown[] = "DataEncodingUnknown";
+const xmlChar xmlSecNodeEnvelope[] = "Envelope";
+const xmlChar xmlSecNodeHeader[] = "Header";
+const xmlChar xmlSecNodeBody[] = "Body";
+const xmlChar xmlSecNodeFault[] = "Fault";
+const xmlChar xmlSecNodeFaultCode[] = "faultcode";
+const xmlChar xmlSecNodeFaultString[] = "faultstring";
+const xmlChar xmlSecNodeFaultActor[] = "faultactor";
+const xmlChar xmlSecNodeFaultDetail[] = "detail";
+const xmlChar xmlSecNodeCode[] = "Code";
+const xmlChar xmlSecNodeReason[] = "Reason";
+const xmlChar xmlSecNodeNode[] = "Node";
+const xmlChar xmlSecNodeRole[] = "Role";
+const xmlChar xmlSecNodeDetail[] = "Detail";
+const xmlChar xmlSecNodeValue[] = "Value";
+const xmlChar xmlSecNodeSubcode[] = "Subcode";
+const xmlChar xmlSecNodeText[] = "Text";
+
+
+const xmlChar xmlSecSoapFaultCodeVersionMismatch[] = "VersionMismatch";
+const xmlChar xmlSecSoapFaultCodeMustUnderstand[] = "MustUnderstand";
+const xmlChar xmlSecSoapFaultCodeClient[] = "Client";
+const xmlChar xmlSecSoapFaultCodeServer[] = "Server";
+const xmlChar xmlSecSoapFaultCodeReceiver[] = "Receiver";
+const xmlChar xmlSecSoapFaultCodeSender[] = "Sender";
+const xmlChar xmlSecSoapFaultDataEncodningUnknown[] = "DataEncodingUnknown";
#endif /* XMLSEC_NO_SOAP */
@@ -591,11 +627,7 @@ const xmlChar xmlSecSoapFaultDataEncodningUnknown[] = "DataEncodingUnknown";
* Utility strings
*
************************************************************************/
-const xmlChar xmlSecStringEmpty[] = "";
-const xmlChar xmlSecStringCR[] = "\n";
-
-
-
-
+const xmlChar xmlSecStringEmpty[] = "";
+const xmlChar xmlSecStringCR[] = "\n";
diff --git a/src/templates.c b/src/templates.c
index 67cadb14..2270db67 100644
--- a/src/templates.c
+++ b/src/templates.c
@@ -1,18 +1,18 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* Creating signature and encryption templates.
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
#include <stdlib.h>
#include <string.h>
-
+
#include <libxml/tree.h>
#include <xmlsec/xmlsec.h>
@@ -24,15 +24,15 @@
#include <xmlsec/errors.h>
-static xmlNodePtr xmlSecTmplAddReference (xmlNodePtr parentNode,
- xmlSecTransformId digestMethodId,
- const xmlChar *id,
- const xmlChar *uri,
- const xmlChar *type);
-static int xmlSecTmplPrepareEncData (xmlNodePtr parentNode,
- xmlSecTransformId encMethodId);
-static int xmlSecTmplNodeWriteNsList (xmlNodePtr parentNode,
- const xmlChar** namespaces);
+static xmlNodePtr xmlSecTmplAddReference (xmlNodePtr parentNode,
+ xmlSecTransformId digestMethodId,
+ const xmlChar *id,
+ const xmlChar *uri,
+ const xmlChar *type);
+static int xmlSecTmplPrepareEncData (xmlNodePtr parentNode,
+ xmlSecTransformId encMethodId);
+static int xmlSecTmplNodeWriteNsList (xmlNodePtr parentNode,
+ const xmlChar** namespaces);
/**************************************************************************
*
* <dsig:Signature/> node
@@ -40,39 +40,39 @@ static int xmlSecTmplNodeWriteNsList (xmlNodePtr parentNode,
**************************************************************************/
/**
* xmlSecTmplSignatureCreate:
- * @doc: the pointer to signature document or NULL; in the
- * second case, application must later call @xmlSetTreeDoc
- * to ensure that all the children nodes have correct
- * pointer to XML document.
- * @c14nMethodId: the signature canonicalization method.
- * @signMethodId: the signature method.
- * @id: the node id (may be NULL).
- *
- * Creates new <dsig:Signature/> node with the mandatory <dsig:SignedInfo/>,
- * <dsig:CanonicalizationMethod/>, <dsig:SignatureMethod/> and
- * <dsig:SignatureValue/> children and sub-children.
+ * @doc: the pointer to signature document or NULL; in the
+ * second case, application must later call @xmlSetTreeDoc
+ * to ensure that all the children nodes have correct
+ * pointer to XML document.
+ * @c14nMethodId: the signature canonicalization method.
+ * @signMethodId: the signature method.
+ * @id: the node id (may be NULL).
+ *
+ * Creates new <dsig:Signature/> node with the mandatory <dsig:SignedInfo/>,
+ * <dsig:CanonicalizationMethod/>, <dsig:SignatureMethod/> and
+ * <dsig:SignatureValue/> children and sub-children.
* The application is responsible for inserting the returned node
- * in the XML document.
+ * in the XML document.
*
- * Returns: the pointer to newly created <dsig:Signature/> node or NULL if an
+ * Returns: the pointer to newly created <dsig:Signature/> node or NULL if an
* error occurs.
*/
xmlNodePtr
xmlSecTmplSignatureCreate(xmlDocPtr doc, xmlSecTransformId c14nMethodId,
- xmlSecTransformId signMethodId, const xmlChar *id) {
+ xmlSecTransformId signMethodId, const xmlChar *id) {
return xmlSecTmplSignatureCreateNsPref(doc, c14nMethodId, signMethodId, id, NULL);
}
/**
* xmlSecTmplSignatureCreateNsPref:
- * @doc: the pointer to signature document or NULL; in the
- * second case, application must later call @xmlSetTreeDoc
- * to ensure that all the children nodes have correct
- * pointer to XML document.
- * @c14nMethodId: the signature canonicalization method.
- * @signMethodId: the signature method.
- * @id: the node id (may be NULL).
- * @nsPrefix: the namespace prefix for the signature element (e.g. "dsig"), or NULL
+ * @doc: the pointer to signature document or NULL; in the
+ * second case, application must later call @xmlSetTreeDoc
+ * to ensure that all the children nodes have correct
+ * pointer to XML document.
+ * @c14nMethodId: the signature canonicalization method.
+ * @signMethodId: the signature method.
+ * @id: the node id (may be NULL).
+ * @nsPrefix: the namespace prefix for the signature element (e.g. "dsig"), or NULL
*
* Creates new <dsig:Signature/> node with the mandatory
* <dsig:SignedInfo/>, <dsig:CanonicalizationMethod/>,
@@ -83,7 +83,7 @@ xmlSecTmplSignatureCreate(xmlDocPtr doc, xmlSecTransformId c14nMethodId,
* appropriate child nodes. The application is responsible for
* inserting the returned node in the XML document.
*
- * Returns: the pointer to newly created <dsig:Signature/> node or NULL if an
+ * Returns: the pointer to newly created <dsig:Signature/> node or NULL if an
* error occurs.
*/
xmlNodePtr
@@ -94,209 +94,209 @@ xmlSecTmplSignatureCreateNsPref(xmlDocPtr doc, xmlSecTransformId c14nMethodId,
xmlNodePtr signedInfoNode;
xmlNodePtr cur;
xmlNsPtr ns;
-
+
xmlSecAssert2(c14nMethodId != NULL, NULL);
xmlSecAssert2(c14nMethodId->href != NULL, NULL);
xmlSecAssert2(signMethodId != NULL, NULL);
xmlSecAssert2(signMethodId->href != NULL, NULL);
-
+
/* create Signature node itself */
signNode = xmlNewDocNode(doc, NULL, xmlSecNodeSignature, NULL);
if(signNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewDocNode",
- XMLSEC_ERRORS_R_XML_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeSignature));
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewDocNode",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeSignature));
+ return(NULL);
+ }
+
ns = xmlNewNs(signNode, xmlSecDSigNs, nsPrefix);
if(ns == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewNs",
- XMLSEC_ERRORS_R_XML_FAILED,
- "ns=%s",
- xmlSecErrorsSafeString(xmlSecDSigNs));
- xmlFreeNode(signNode);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "ns=%s",
+ xmlSecErrorsSafeString(xmlSecDSigNs));
+ xmlFreeNode(signNode);
+ return(NULL);
}
xmlSetNs(signNode, ns);
-
+
if(id != NULL) {
- xmlSetProp(signNode, BAD_CAST "Id", id);
+ xmlSetProp(signNode, BAD_CAST "Id", id);
}
- /* add SignedInfo node */
+ /* add SignedInfo node */
signedInfoNode = xmlSecAddChild(signNode, xmlSecNodeSignedInfo, xmlSecDSigNs);
if(signedInfoNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeSignedInfo));
- xmlFreeNode(signNode);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeSignedInfo));
+ xmlFreeNode(signNode);
+ return(NULL);
}
- /* add SignatureValue node */
+ /* add SignatureValue node */
cur = xmlSecAddChild(signNode, xmlSecNodeSignatureValue, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeSignatureValue));
- xmlFreeNode(signNode);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeSignatureValue));
+ xmlFreeNode(signNode);
+ return(NULL);
}
/* add CanonicaizationMethod node to SignedInfo */
cur = xmlSecAddChild(signedInfoNode, xmlSecNodeCanonicalizationMethod, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeCanonicalizationMethod));
- xmlFreeNode(signNode);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeCanonicalizationMethod));
+ xmlFreeNode(signNode);
+ return(NULL);
}
if(xmlSetProp(cur, xmlSecAttrAlgorithm, c14nMethodId->href) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSetProp",
- XMLSEC_ERRORS_R_XML_FAILED,
- "name=%s,value=%s",
- xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
- xmlSecErrorsSafeString(c14nMethodId->href));
- xmlFreeNode(signNode);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ xmlSecErrorsSafeString(c14nMethodId->href));
+ xmlFreeNode(signNode);
+ return(NULL);
}
/* add SignatureMethod node to SignedInfo */
cur = xmlSecAddChild(signedInfoNode, xmlSecNodeSignatureMethod, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeSignatureMethod));
- xmlFreeNode(signNode);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeSignatureMethod));
+ xmlFreeNode(signNode);
+ return(NULL);
}
if(xmlSetProp(cur, xmlSecAttrAlgorithm, signMethodId->href) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSetProp",
- XMLSEC_ERRORS_R_XML_FAILED,
- "name=%s,value=%s",
- xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
- xmlSecErrorsSafeString(signMethodId->href));
- xmlFreeNode(signNode);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ xmlSecErrorsSafeString(signMethodId->href));
+ xmlFreeNode(signNode);
+ return(NULL);
+ }
+
return(signNode);
}
/**
* xmlSecTmplSignatureEnsureKeyInfo:
- * @signNode: the pointer to <dsig:Signature/> node.
- * @id: the node id (may be NULL).
+ * @signNode: the pointer to <dsig:Signature/> node.
+ * @id: the node id (may be NULL).
*
- * Adds (if necessary) <dsig:KeyInfo/> node to the <dsig:Signature/>
- * node @signNode.
+ * Adds (if necessary) <dsig:KeyInfo/> node to the <dsig:Signature/>
+ * node @signNode.
*
- * Returns: the pointer to newly created <dsig:KeyInfo/> node or NULL if an
+ * Returns: the pointer to newly created <dsig:KeyInfo/> node or NULL if an
* error occurs.
*/
xmlNodePtr
xmlSecTmplSignatureEnsureKeyInfo(xmlNodePtr signNode, const xmlChar *id) {
xmlNodePtr res;
-
+
xmlSecAssert2(signNode != NULL, NULL);
res = xmlSecFindChild(signNode, xmlSecNodeKeyInfo, xmlSecDSigNs);
if(res == NULL) {
- xmlNodePtr signValueNode;
-
+ xmlNodePtr signValueNode;
+
signValueNode = xmlSecFindChild(signNode, xmlSecNodeSignatureValue, xmlSecDSigNs);
- if(signValueNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeSignatureValue),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
- res = xmlSecAddNextSibling(signValueNode, xmlSecNodeKeyInfo, xmlSecDSigNs);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddNextSibling",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
- return(NULL);
- }
+ if(signValueNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeSignatureValue),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ res = xmlSecAddNextSibling(signValueNode, xmlSecNodeKeyInfo, xmlSecDSigNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddNextSibling",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
+ return(NULL);
+ }
}
if(id != NULL) {
- xmlSetProp(res, xmlSecAttrId, id);
+ xmlSetProp(res, xmlSecAttrId, id);
}
- return(res);
-}
+ return(res);
+}
/**
* xmlSecTmplSignatureAddReference:
- * @signNode: the pointer to <dsig:Signature/> node.
- * @digestMethodId: the reference digest method.
- * @id: the node id (may be NULL).
- * @uri: the reference node uri (may be NULL).
- * @type: the reference node type (may be NULL).
+ * @signNode: the pointer to <dsig:Signature/> node.
+ * @digestMethodId: the reference digest method.
+ * @id: the node id (may be NULL).
+ * @uri: the reference node uri (may be NULL).
+ * @type: the reference node type (may be NULL).
*
- * Adds <dsig:Reference/> node with given URI (@uri), Id (@id) and
+ * Adds <dsig:Reference/> node with given URI (@uri), Id (@id) and
* Type (@type) attributes and the required children <dsig:DigestMethod/> and
- * <dsig:DigestValue/> to the <dsig:SignedInfo/> child of @signNode.
+ * <dsig:DigestValue/> to the <dsig:SignedInfo/> child of @signNode.
*
- * Returns: the pointer to newly created <dsig:Reference/> node or NULL
+ * Returns: the pointer to newly created <dsig:Reference/> node or NULL
* if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecTmplSignatureAddReference(xmlNodePtr signNode, xmlSecTransformId digestMethodId,
- const xmlChar *id, const xmlChar *uri, const xmlChar *type) {
+ const xmlChar *id, const xmlChar *uri, const xmlChar *type) {
xmlNodePtr signedInfoNode;
-
+
xmlSecAssert2(signNode != NULL, NULL);
xmlSecAssert2(digestMethodId != NULL, NULL);
xmlSecAssert2(digestMethodId->href != NULL, NULL);
signedInfoNode = xmlSecFindChild(signNode, xmlSecNodeSignedInfo, xmlSecDSigNs);
if(signedInfoNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeSignedInfo),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeSignedInfo),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
return(xmlSecTmplAddReference(signedInfoNode, digestMethodId, id, uri, type));
}
-static xmlNodePtr
+static xmlNodePtr
xmlSecTmplAddReference(xmlNodePtr parentNode, xmlSecTransformId digestMethodId,
- const xmlChar *id, const xmlChar *uri, const xmlChar *type) {
+ const xmlChar *id, const xmlChar *uri, const xmlChar *type) {
xmlNodePtr res;
xmlNodePtr cur;
-
+
xmlSecAssert2(parentNode != NULL, NULL);
xmlSecAssert2(digestMethodId != NULL, NULL);
xmlSecAssert2(digestMethodId->href != NULL, NULL);
@@ -304,177 +304,177 @@ xmlSecTmplAddReference(xmlNodePtr parentNode, xmlSecTransformId digestMethodId,
/* add Reference node */
res = xmlSecAddChild(parentNode, xmlSecNodeReference, xmlSecDSigNs);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeReference));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeReference));
+ return(NULL);
}
/* set Reference node attributes */
if(id != NULL) {
- xmlSetProp(res, xmlSecAttrId, id);
+ xmlSetProp(res, xmlSecAttrId, id);
}
if(type != NULL) {
- xmlSetProp(res, xmlSecAttrType, type);
+ xmlSetProp(res, xmlSecAttrType, type);
}
if(uri != NULL) {
- xmlSetProp(res, xmlSecAttrURI, uri);
+ xmlSetProp(res, xmlSecAttrURI, uri);
}
- /* add DigestMethod node and set algorithm */
+ /* add DigestMethod node and set algorithm */
cur = xmlSecAddChild(res, xmlSecNodeDigestMethod, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDigestMethod));
- xmlUnlinkNode(res);
- xmlFreeNode(res);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDigestMethod));
+ xmlUnlinkNode(res);
+ xmlFreeNode(res);
+ return(NULL);
}
if(xmlSetProp(cur, xmlSecAttrAlgorithm, digestMethodId->href) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSetProp",
- XMLSEC_ERRORS_R_XML_FAILED,
- "name=%s,value=%s",
- xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
- xmlSecErrorsSafeString(digestMethodId->href));
- xmlUnlinkNode(res);
- xmlFreeNode(res);
- return(NULL);
- }
-
- /* add DigestValue node */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ xmlSecErrorsSafeString(digestMethodId->href));
+ xmlUnlinkNode(res);
+ xmlFreeNode(res);
+ return(NULL);
+ }
+
+ /* add DigestValue node */
cur = xmlSecAddChild(res, xmlSecNodeDigestValue, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDigestValue));
- xmlUnlinkNode(res);
- xmlFreeNode(res);
- return(NULL);
- }
-
- return(res);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDigestValue));
+ xmlUnlinkNode(res);
+ xmlFreeNode(res);
+ return(NULL);
+ }
+
+ return(res);
}
/**
* xmlSecTmplSignatureAddObject:
- * @signNode: the pointer to <dsig:Signature/> node.
- * @id: the node id (may be NULL).
- * @mimeType: the object mime type (may be NULL).
- * @encoding: the object encoding (may be NULL).
+ * @signNode: the pointer to <dsig:Signature/> node.
+ * @id: the node id (may be NULL).
+ * @mimeType: the object mime type (may be NULL).
+ * @encoding: the object encoding (may be NULL).
*
- * Adds <dsig:Object/> node to the <dsig:Signature/> node @signNode.
+ * Adds <dsig:Object/> node to the <dsig:Signature/> node @signNode.
*
- * Returns: the pointer to newly created <dsig:Object/> node or NULL
+ * Returns: the pointer to newly created <dsig:Object/> node or NULL
* if an error occurs.
*/
xmlNodePtr
-xmlSecTmplSignatureAddObject(xmlNodePtr signNode, const xmlChar *id,
- const xmlChar *mimeType, const xmlChar *encoding) {
+xmlSecTmplSignatureAddObject(xmlNodePtr signNode, const xmlChar *id,
+ const xmlChar *mimeType, const xmlChar *encoding) {
xmlNodePtr res;
xmlSecAssert2(signNode != NULL, NULL);
-
+
res = xmlSecAddChild(signNode, xmlSecNodeObject, xmlSecDSigNs);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeObject));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeObject));
+ return(NULL);
}
if(id != NULL) {
- xmlSetProp(res, xmlSecAttrId, id);
+ xmlSetProp(res, xmlSecAttrId, id);
}
if(mimeType != NULL) {
- xmlSetProp(res, xmlSecAttrMimeType, mimeType);
+ xmlSetProp(res, xmlSecAttrMimeType, mimeType);
}
if(encoding != NULL) {
- xmlSetProp(res, xmlSecAttrEncoding, encoding);
+ xmlSetProp(res, xmlSecAttrEncoding, encoding);
}
- return(res);
+ return(res);
}
-/**
+/**
* xmlSecTmplSignatureGetSignMethodNode:
- * @signNode: the pointer to <dsig:Signature /> node.
+ * @signNode: the pointer to <dsig:Signature /> node.
*
* Gets pointer to <dsig:SignatureMethod/> child of <dsig:KeyInfo/> node.
*
* Returns: pointer to <dsig:SignatureMethod /> node or NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecTmplSignatureGetSignMethodNode(xmlNodePtr signNode) {
xmlNodePtr signedInfoNode;
-
+
xmlSecAssert2(signNode != NULL, NULL);
-
+
signedInfoNode = xmlSecFindChild(signNode, xmlSecNodeSignedInfo, xmlSecDSigNs);
if(signedInfoNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeSignedInfo),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeSignedInfo),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
return(xmlSecFindChild(signedInfoNode, xmlSecNodeSignatureMethod, xmlSecDSigNs));
}
-/**
+/**
* xmlSecTmplSignatureGetC14NMethodNode:
- * @signNode: the pointer to <dsig:Signature /> node.
+ * @signNode: the pointer to <dsig:Signature /> node.
*
* Gets pointer to <dsig:CanonicalizationMethod/> child of <dsig:KeyInfo/> node.
*
* Returns: pointer to <dsig:CanonicalizationMethod /> node or NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecTmplSignatureGetC14NMethodNode(xmlNodePtr signNode) {
xmlNodePtr signedInfoNode;
-
+
xmlSecAssert2(signNode != NULL, NULL);
-
+
signedInfoNode = xmlSecFindChild(signNode, xmlSecNodeSignedInfo, xmlSecDSigNs);
if(signedInfoNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeSignedInfo),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeSignedInfo),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
return(xmlSecFindChild(signedInfoNode, xmlSecNodeCanonicalizationMethod, xmlSecDSigNs));
}
/**
* xmlSecTmplReferenceAddTransform:
- * @referenceNode: the pointer to <dsig:Reference/> node.
- * @transformId: the transform method id.
+ * @referenceNode: the pointer to <dsig:Reference/> node.
+ * @transformId: the transform method id.
*
* Adds <dsig:Transform/> node to the <dsig:Reference/> node @referenceNode.
- *
- * Returns: the pointer to newly created <dsig:Transform/> node or NULL if an
+ *
+ * Returns: the pointer to newly created <dsig:Transform/> node or NULL if an
* error occurs.
*/
xmlNodePtr
xmlSecTmplReferenceAddTransform(xmlNodePtr referenceNode, xmlSecTransformId transformId) {
xmlNodePtr transformsNode;
xmlNodePtr res;
-
+
xmlSecAssert2(referenceNode != NULL, NULL);
xmlSecAssert2(transformId != NULL, NULL);
xmlSecAssert2(transformId->href != NULL, NULL);
@@ -482,64 +482,64 @@ xmlSecTmplReferenceAddTransform(xmlNodePtr referenceNode, xmlSecTransformId tran
/* do we need to create Transforms node first */
transformsNode = xmlSecFindChild(referenceNode, xmlSecNodeTransforms, xmlSecDSigNs);
if(transformsNode == NULL) {
- xmlNodePtr tmp;
-
- tmp = xmlSecGetNextElementNode(referenceNode->children);
- if(tmp == NULL) {
- transformsNode = xmlSecAddChild(referenceNode, xmlSecNodeTransforms, xmlSecDSigNs);
- } else {
- transformsNode = xmlSecAddPrevSibling(tmp, xmlSecNodeTransforms, xmlSecDSigNs);
- }
- if(transformsNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild or xmlSecAddPrevSibling",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeTransforms));
- return(NULL);
- }
+ xmlNodePtr tmp;
+
+ tmp = xmlSecGetNextElementNode(referenceNode->children);
+ if(tmp == NULL) {
+ transformsNode = xmlSecAddChild(referenceNode, xmlSecNodeTransforms, xmlSecDSigNs);
+ } else {
+ transformsNode = xmlSecAddPrevSibling(tmp, xmlSecNodeTransforms, xmlSecDSigNs);
+ }
+ if(transformsNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild or xmlSecAddPrevSibling",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeTransforms));
+ return(NULL);
+ }
}
res = xmlSecAddChild(transformsNode, xmlSecNodeTransform, xmlSecDSigNs);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeTransform));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeTransform));
+ return(NULL);
}
if(xmlSetProp(res, xmlSecAttrAlgorithm, transformId->href) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSetProp",
- XMLSEC_ERRORS_R_XML_FAILED,
- "name=%s,value=%s",
- xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
- xmlSecErrorsSafeString(transformId->href));
- xmlUnlinkNode(res);
- xmlFreeNode(res);
- return(NULL);
- }
-
- return(res);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ xmlSecErrorsSafeString(transformId->href));
+ xmlUnlinkNode(res);
+ xmlFreeNode(res);
+ return(NULL);
+ }
+
+ return(res);
}
/**
* xmlSecTmplObjectAddSignProperties:
- * @objectNode: the pointer to <dsig:Object/> node.
- * @id: the node id (may be NULL).
- * @target: the Target (may be NULL).
+ * @objectNode: the pointer to <dsig:Object/> node.
+ * @id: the node id (may be NULL).
+ * @target: the Target (may be NULL).
*
* Adds <dsig:SignatureProperties/> node to the <dsig:Object/> node @objectNode.
*
- * Returns: the pointer to newly created <dsig:SignatureProperties/> node or NULL
+ * Returns: the pointer to newly created <dsig:SignatureProperties/> node or NULL
* if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecTmplObjectAddSignProperties(xmlNodePtr objectNode, const xmlChar *id, const xmlChar *target) {
xmlNodePtr res;
@@ -547,31 +547,31 @@ xmlSecTmplObjectAddSignProperties(xmlNodePtr objectNode, const xmlChar *id, cons
res = xmlSecAddChild(objectNode, xmlSecNodeSignatureProperties, xmlSecDSigNs);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeSignatureProperties));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeSignatureProperties));
+ return(NULL);
}
if(id != NULL) {
- xmlSetProp(res, xmlSecAttrId, id);
+ xmlSetProp(res, xmlSecAttrId, id);
}
if(target != NULL) {
- xmlSetProp(res, xmlSecAttrTarget, target);
+ xmlSetProp(res, xmlSecAttrTarget, target);
}
return(res);
}
/**
* xmlSecTmplObjectAddManifest:
- * @objectNode: the pointer to <dsig:Object/> node.
- * @id: the node id (may be NULL).
+ * @objectNode: the pointer to <dsig:Object/> node.
+ * @id: the node id (may be NULL).
*
* Adds <dsig:Manifest/> node to the <dsig:Object/> node @objectNode.
*
- * Returns: the pointer to newly created <dsig:Manifest/> node or NULL
+ * Returns: the pointer to newly created <dsig:Manifest/> node or NULL
* if an error occurs.
*/
xmlNodePtr
@@ -582,38 +582,38 @@ xmlSecTmplObjectAddManifest(xmlNodePtr objectNode, const xmlChar *id) {
res = xmlSecAddChild(objectNode, xmlSecNodeManifest, xmlSecDSigNs);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeManifest));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeManifest));
+ return(NULL);
}
if(id != NULL) {
- xmlSetProp(res, xmlSecAttrId, id);
+ xmlSetProp(res, xmlSecAttrId, id);
}
return(res);
}
/**
* xmlSecTmplManifestAddReference:
- * @manifestNode: the pointer to <dsig:Manifest/> node.
- * @digestMethodId: the reference digest method.
- * @id: the node id (may be NULL).
- * @uri: the reference node uri (may be NULL).
- * @type: the reference node type (may be NULL).
+ * @manifestNode: the pointer to <dsig:Manifest/> node.
+ * @digestMethodId: the reference digest method.
+ * @id: the node id (may be NULL).
+ * @uri: the reference node uri (may be NULL).
+ * @type: the reference node type (may be NULL).
*
- * Adds <dsig:Reference/> node with specified URI (@uri), Id (@id) and
+ * Adds <dsig:Reference/> node with specified URI (@uri), Id (@id) and
* Type (@type) attributes and the required children <dsig:DigestMethod/> and
* <dsig:DigestValue/> to the <dsig:Manifest/> node @manifestNode.
*
- * Returns: the pointer to newly created <dsig:Reference/> node or NULL
+ * Returns: the pointer to newly created <dsig:Reference/> node or NULL
* if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecTmplManifestAddReference(xmlNodePtr manifestNode, xmlSecTransformId digestMethodId,
- const xmlChar *id, const xmlChar *uri, const xmlChar *type) {
+ const xmlChar *id, const xmlChar *uri, const xmlChar *type) {
return(xmlSecTmplAddReference(manifestNode, digestMethodId, id, uri, type));
}
@@ -622,175 +622,175 @@ xmlSecTmplManifestAddReference(xmlNodePtr manifestNode, xmlSecTransformId digest
* <enc:EncryptedData/> node
*
**************************************************************************/
-/**
+/**
* xmlSecTmplEncDataCreate:
- * @doc: the pointer to signature document or NULL; in the later
- * case, application must later call @xmlSetTreeDoc to ensure
- * that all the children nodes have correct pointer to XML document.
- * @encMethodId: the encryption method (may be NULL).
- * @id: the Id attribute (optional).
- * @type: the Type attribute (optional)
- * @mimeType: the MimeType attribute (optional)
- * @encoding: the Encoding attribute (optional)
- *
- * Creates new <enc:EncryptedData /> node for encryption template.
- *
- * Returns: the pointer newly created <enc:EncryptedData/> node or NULL
+ * @doc: the pointer to signature document or NULL; in the later
+ * case, application must later call @xmlSetTreeDoc to ensure
+ * that all the children nodes have correct pointer to XML document.
+ * @encMethodId: the encryption method (may be NULL).
+ * @id: the Id attribute (optional).
+ * @type: the Type attribute (optional)
+ * @mimeType: the MimeType attribute (optional)
+ * @encoding: the Encoding attribute (optional)
+ *
+ * Creates new <enc:EncryptedData /> node for encryption template.
+ *
+ * Returns: the pointer newly created <enc:EncryptedData/> node or NULL
* if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecTmplEncDataCreate(xmlDocPtr doc, xmlSecTransformId encMethodId,
- const xmlChar *id, const xmlChar *type,
- const xmlChar *mimeType, const xmlChar *encoding) {
+ const xmlChar *id, const xmlChar *type,
+ const xmlChar *mimeType, const xmlChar *encoding) {
xmlNodePtr encNode;
xmlNsPtr ns;
-
+
encNode = xmlNewDocNode(doc, NULL, xmlSecNodeEncryptedData, NULL);
if(encNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewDocNode",
- XMLSEC_ERRORS_R_XML_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeEncryptedData));
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewDocNode",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeEncryptedData));
+ return(NULL);
+ }
+
ns = xmlNewNs(encNode, xmlSecEncNs, NULL);
if(ns == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewNs",
- XMLSEC_ERRORS_R_XML_FAILED,
- "ns=%s",
- xmlSecErrorsSafeString(xmlSecEncNs));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "ns=%s",
+ xmlSecErrorsSafeString(xmlSecEncNs));
+ return(NULL);
}
xmlSetNs(encNode, ns);
-
+
if(id != NULL) {
- xmlSetProp(encNode, xmlSecAttrId, id);
+ xmlSetProp(encNode, xmlSecAttrId, id);
}
if(type != NULL) {
- xmlSetProp(encNode, xmlSecAttrType, type);
+ xmlSetProp(encNode, xmlSecAttrType, type);
}
if(mimeType != NULL) {
- xmlSetProp(encNode, xmlSecAttrMimeType, mimeType);
+ xmlSetProp(encNode, xmlSecAttrMimeType, mimeType);
}
if(encoding != NULL) {
- xmlSetProp(encNode, xmlSecAttrEncoding, encoding);
+ xmlSetProp(encNode, xmlSecAttrEncoding, encoding);
}
-
+
if(xmlSecTmplPrepareEncData(encNode, encMethodId) < 0) {
- xmlFreeNode(encNode);
- return(NULL);
+ xmlFreeNode(encNode);
+ return(NULL);
}
return(encNode);
}
-static int
+static int
xmlSecTmplPrepareEncData(xmlNodePtr parentNode, xmlSecTransformId encMethodId) {
xmlNodePtr cur;
-
+
xmlSecAssert2(parentNode != NULL, -1);
xmlSecAssert2((encMethodId == NULL) || (encMethodId->href != NULL), -1);
-
+
/* add EncryptionMethod node if requested */
if(encMethodId != NULL) {
- cur = xmlSecAddChild(parentNode, xmlSecNodeEncryptionMethod, xmlSecEncNs);
- if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeEncryptionMethod));
- return(-1);
- }
- if(xmlSetProp(cur, xmlSecAttrAlgorithm, encMethodId->href) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSetProp",
- XMLSEC_ERRORS_R_XML_FAILED,
- "name=%s,value=%s",
- xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
- xmlSecErrorsSafeString(encMethodId->href));
- return(-1);
- }
- }
-
+ cur = xmlSecAddChild(parentNode, xmlSecNodeEncryptionMethod, xmlSecEncNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeEncryptionMethod));
+ return(-1);
+ }
+ if(xmlSetProp(cur, xmlSecAttrAlgorithm, encMethodId->href) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ xmlSecErrorsSafeString(encMethodId->href));
+ return(-1);
+ }
+ }
+
/* and CipherData node */
cur = xmlSecAddChild(parentNode, xmlSecNodeCipherData, xmlSecEncNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeCipherData));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeCipherData));
+ return(-1);
+ }
+
return(0);
}
-/**
+/**
* xmlSecTmplEncDataEnsureKeyInfo:
- * @encNode: the pointer to <enc:EncryptedData/> node.
- * @id: the Id attrbibute (optional).
+ * @encNode: the pointer to <enc:EncryptedData/> node.
+ * @id: the Id attrbibute (optional).
*
* Adds <dsig:KeyInfo/> to the <enc:EncryptedData/> node @encNode.
*
- * Returns: the pointer to newly created <dsig:KeyInfo/> node or
+ * Returns: the pointer to newly created <dsig:KeyInfo/> node or
* NULL if an error occurs.
*/
xmlNodePtr
xmlSecTmplEncDataEnsureKeyInfo(xmlNodePtr encNode, const xmlChar* id) {
xmlNodePtr res;
-
+
xmlSecAssert2(encNode != NULL, NULL);
res = xmlSecFindChild(encNode, xmlSecNodeKeyInfo, xmlSecDSigNs);
if(res == NULL) {
- xmlNodePtr cipherDataNode;
-
+ xmlNodePtr cipherDataNode;
+
cipherDataNode = xmlSecFindChild(encNode, xmlSecNodeCipherData, xmlSecEncNs);
- if(cipherDataNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeCipherData),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
- res = xmlSecAddPrevSibling(cipherDataNode, xmlSecNodeKeyInfo, xmlSecDSigNs);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddPrevSibling",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
- return(NULL);
- }
+ if(cipherDataNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeCipherData),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ res = xmlSecAddPrevSibling(cipherDataNode, xmlSecNodeKeyInfo, xmlSecDSigNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddPrevSibling",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
+ return(NULL);
+ }
}
if(id != NULL) {
- xmlSetProp(res, xmlSecAttrId, id);
+ xmlSetProp(res, xmlSecAttrId, id);
}
- return(res);
+ return(res);
}
-/**
+/**
* xmlSecTmplEncDataEnsureEncProperties:
- * @encNode: the pointer to <enc:EncryptedData/> node.
- * @id: the Id attribute (optional).
+ * @encNode: the pointer to <enc:EncryptedData/> node.
+ * @id: the Id attribute (optional).
*
- * Adds <enc:EncryptionProperties/> node to the <enc:EncryptedData/>
+ * Adds <enc:EncryptionProperties/> node to the <enc:EncryptedData/>
* node @encNode.
*
- * Returns: the pointer to newly created <enc:EncryptionProperties/> node or
+ * Returns: the pointer to newly created <enc:EncryptionProperties/> node or
* NULL if an error occurs.
*/
xmlNodePtr
@@ -801,264 +801,264 @@ xmlSecTmplEncDataEnsureEncProperties(xmlNodePtr encNode, const xmlChar *id) {
res = xmlSecFindChild(encNode, xmlSecNodeEncryptionProperties, xmlSecEncNs);
if(res == NULL) {
- res = xmlSecAddChild(encNode, xmlSecNodeEncryptionProperties, xmlSecEncNs);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeEncryptionProperties));
- return(NULL);
- }
+ res = xmlSecAddChild(encNode, xmlSecNodeEncryptionProperties, xmlSecEncNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeEncryptionProperties));
+ return(NULL);
+ }
}
if(id != NULL) {
- xmlSetProp(res, xmlSecAttrId, id);
+ xmlSetProp(res, xmlSecAttrId, id);
}
-
+
return(res);
}
-/**
+/**
* xmlSecTmplEncDataAddEncProperty:
- * @encNode: the pointer to <enc:EncryptedData/> node.
- * @id: the Id attribute (optional).
- * @target: the Target attribute (optional).
+ * @encNode: the pointer to <enc:EncryptedData/> node.
+ * @id: the Id attribute (optional).
+ * @target: the Target attribute (optional).
*
- * Adds <enc:EncryptionProperty/> node (and the parent
- * <enc:EncryptionProperties/> node if required) to the
+ * Adds <enc:EncryptionProperty/> node (and the parent
+ * <enc:EncryptionProperties/> node if required) to the
* <enc:EncryptedData/> node @encNode.
*
- * Returns: the pointer to newly created <enc:EncryptionProperty/> node or
+ * Returns: the pointer to newly created <enc:EncryptionProperty/> node or
* NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecTmplEncDataAddEncProperty(xmlNodePtr encNode, const xmlChar *id, const xmlChar *target) {
xmlNodePtr encProps;
xmlNodePtr res;
-
+
xmlSecAssert2(encNode != NULL, NULL);
encProps = xmlSecTmplEncDataEnsureEncProperties(encNode, NULL);
if(encProps == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTmplEncDataEnsureEncProperties",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTmplEncDataEnsureEncProperties",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
res = xmlSecAddChild(encProps, xmlSecNodeEncryptionProperty, xmlSecEncNs);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeEncryptionProperty));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeEncryptionProperty));
+ return(NULL);
}
if(id != NULL) {
- xmlSetProp(res, xmlSecAttrId, id);
+ xmlSetProp(res, xmlSecAttrId, id);
}
if(target != NULL) {
- xmlSetProp(res, xmlSecAttrTarget, target);
+ xmlSetProp(res, xmlSecAttrTarget, target);
}
-
+
return(res);
}
-/**
+/**
* xmlSecTmplEncDataEnsureCipherValue:
- * @encNode: the pointer to <enc:EncryptedData/> node.
+ * @encNode: the pointer to <enc:EncryptedData/> node.
*
* Adds <enc:CipherValue/> to the <enc:EncryptedData/> node @encNode.
*
- * Returns: the pointer to newly created <enc:CipherValue/> node or
+ * Returns: the pointer to newly created <enc:CipherValue/> node or
* NULL if an error occurs.
*/
xmlNodePtr
xmlSecTmplEncDataEnsureCipherValue(xmlNodePtr encNode) {
xmlNodePtr cipherDataNode;
xmlNodePtr res, tmp;
-
+
xmlSecAssert2(encNode != NULL, NULL);
cipherDataNode = xmlSecFindChild(encNode, xmlSecNodeCipherData, xmlSecEncNs);
if(cipherDataNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeCipherData),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeCipherData),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
/* check that we don;t have CipherReference node */
tmp = xmlSecFindChild(cipherDataNode, xmlSecNodeCipherReference, xmlSecEncNs);
if(tmp != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeCipherReference),
- XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeCipherReference),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
res = xmlSecFindChild(cipherDataNode, xmlSecNodeCipherValue, xmlSecEncNs);
if(res == NULL) {
- res = xmlSecAddChild(cipherDataNode, xmlSecNodeCipherValue, xmlSecEncNs);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeCipherValue));
- return(NULL);
- }
- }
-
+ res = xmlSecAddChild(cipherDataNode, xmlSecNodeCipherValue, xmlSecEncNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeCipherValue));
+ return(NULL);
+ }
+ }
+
return(res);
}
-/**
+/**
* xmlSecTmplEncDataEnsureCipherReference:
- * @encNode: the pointer to <enc:EncryptedData/> node.
- * @uri: the URI attribute (may be NULL).
+ * @encNode: the pointer to <enc:EncryptedData/> node.
+ * @uri: the URI attribute (may be NULL).
*
* Adds <enc:CipherReference/> node with specified URI attribute @uri
* to the <enc:EncryptedData/> node @encNode.
*
- * Returns: the pointer to newly created <enc:CipherReference/> node or
+ * Returns: the pointer to newly created <enc:CipherReference/> node or
* NULL if an error occurs.
*/
xmlNodePtr
xmlSecTmplEncDataEnsureCipherReference(xmlNodePtr encNode, const xmlChar *uri) {
xmlNodePtr cipherDataNode;
xmlNodePtr res, tmp;
-
+
xmlSecAssert2(encNode != NULL, NULL);
cipherDataNode = xmlSecFindChild(encNode, xmlSecNodeCipherData, xmlSecEncNs);
if(cipherDataNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeCipherData),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeCipherData),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
/* check that we don;t have CipherValue node */
tmp = xmlSecFindChild(cipherDataNode, xmlSecNodeCipherValue, xmlSecEncNs);
if(tmp != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeCipherValue),
- XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeCipherValue),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
res = xmlSecFindChild(cipherDataNode, xmlSecNodeCipherReference, xmlSecEncNs);
if(res == NULL) {
- res = xmlSecAddChild(cipherDataNode, xmlSecNodeCipherReference, xmlSecEncNs);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeCipherReference));
- return(NULL);
- }
- }
-
+ res = xmlSecAddChild(cipherDataNode, xmlSecNodeCipherReference, xmlSecEncNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeCipherReference));
+ return(NULL);
+ }
+ }
+
if(uri != NULL) {
- xmlSetProp(res, xmlSecAttrURI, uri);
+ xmlSetProp(res, xmlSecAttrURI, uri);
}
-
+
return(res);
}
-/**
+/**
* xmlSecTmplEncDataGetEncMethodNode:
- * @encNode: the pointer to <enc:EcnryptedData /> node.
+ * @encNode: the pointer to <enc:EcnryptedData /> node.
*
* Gets pointer to <enc:EncrytpionMethod/> node.
*
* Returns: pointer to <enc:EncryptionMethod /> node or NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecTmplEncDataGetEncMethodNode(xmlNodePtr encNode) {
xmlSecAssert2(encNode != NULL, NULL);
return(xmlSecFindChild(encNode, xmlSecNodeEncryptionMethod, xmlSecEncNs));
}
-/**
+/**
* xmlSecTmplCipherReferenceAddTransform:
- * @cipherReferenceNode: the pointer to <enc:CipherReference/> node.
- * @transformId: the transform id.
+ * @cipherReferenceNode: the pointer to <enc:CipherReference/> node.
+ * @transformId: the transform id.
*
* Adds <dsig:Transform/> node (and the parent <dsig:Transforms/> node)
* with specified transform methods @transform to the <enc:CipherReference/>
* child node of the <enc:EncryptedData/> node @encNode.
*
- * Returns: the pointer to newly created <dsig:Transform/> node or
+ * Returns: the pointer to newly created <dsig:Transform/> node or
* NULL if an error occurs.
*/
xmlNodePtr
-xmlSecTmplCipherReferenceAddTransform(xmlNodePtr cipherReferenceNode,
- xmlSecTransformId transformId) {
+xmlSecTmplCipherReferenceAddTransform(xmlNodePtr cipherReferenceNode,
+ xmlSecTransformId transformId) {
xmlNodePtr transformsNode;
xmlNodePtr res;
xmlSecAssert2(cipherReferenceNode != NULL, NULL);
- xmlSecAssert2(transformId != NULL, NULL);
- xmlSecAssert2(transformId->href != NULL, NULL);
+ xmlSecAssert2(transformId != NULL, NULL);
+ xmlSecAssert2(transformId->href != NULL, NULL);
transformsNode = xmlSecFindChild(cipherReferenceNode, xmlSecNodeTransforms, xmlSecEncNs);
if(transformsNode == NULL) {
- transformsNode = xmlSecAddChild(cipherReferenceNode, xmlSecNodeTransforms, xmlSecEncNs);
- if(transformsNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeTransforms));
- return(NULL);
- }
- }
-
+ transformsNode = xmlSecAddChild(cipherReferenceNode, xmlSecNodeTransforms, xmlSecEncNs);
+ if(transformsNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeTransforms));
+ return(NULL);
+ }
+ }
+
res = xmlSecAddChild(transformsNode, xmlSecNodeTransform, xmlSecDSigNs);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeTransform));
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeTransform));
+ return(NULL);
+ }
+
if(xmlSetProp(res, xmlSecAttrAlgorithm, transformId->href) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSetProp",
- XMLSEC_ERRORS_R_XML_FAILED,
- "name=%s,value=%s",
- xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
- xmlSecErrorsSafeString(transformId->href));
- xmlUnlinkNode(res);
- xmlFreeNode(res);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ xmlSecErrorsSafeString(transformId->href));
+ xmlUnlinkNode(res);
+ xmlFreeNode(res);
+ return(NULL);
+ }
+
return(res);
}
@@ -1067,16 +1067,16 @@ xmlSecTmplCipherReferenceAddTransform(xmlNodePtr cipherReferenceNode,
*
* <enc:EncryptedKey> node
*
- **********************************************************************/
+ **********************************************************************/
-/**
+/**
* xmlSecTmplReferenceListAddDataReference:
- * @encNode: the pointer to <enc:EncryptedKey/> node.
+ * @encNode: the pointer to <enc:EncryptedKey/> node.
* @uri: uri to reference (optional)
*
* Adds <enc:DataReference/> and the parent <enc:ReferenceList/> node (if needed).
*
- * Returns: the pointer to newly created <enc:DataReference/> node or
+ * Returns: the pointer to newly created <enc:DataReference/> node or
* NULL if an error occurs.
*/
xmlNodePtr
@@ -1084,58 +1084,58 @@ xmlSecTmplReferenceListAddDataReference(xmlNodePtr encNode, const xmlChar *uri)
xmlNodePtr refListNode, res;
xmlSecAssert2(encNode != NULL, NULL);
-
+
refListNode = xmlSecFindChild(encNode, xmlSecNodeReferenceList, xmlSecEncNs);
if(refListNode == NULL) {
- refListNode = xmlSecAddChild(encNode, xmlSecNodeReferenceList, xmlSecEncNs);
- if(refListNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeReferenceList));
- return(NULL);
- }
- }
-
+ refListNode = xmlSecAddChild(encNode, xmlSecNodeReferenceList, xmlSecEncNs);
+ if(refListNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeReferenceList));
+ return(NULL);
+ }
+ }
+
res = xmlSecAddChild(refListNode, xmlSecNodeDataReference, xmlSecEncNs);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDataReference));
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDataReference));
+ return(NULL);
+ }
+
if(uri != NULL) {
if(xmlSetProp(res, xmlSecAttrURI, uri) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSetProp",
- XMLSEC_ERRORS_R_XML_FAILED,
- "name=%s,value=%s",
- xmlSecErrorsSafeString(xmlSecAttrURI),
- xmlSecErrorsSafeString(uri));
- xmlUnlinkNode(res);
- xmlFreeNode(res);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrURI),
+ xmlSecErrorsSafeString(uri));
+ xmlUnlinkNode(res);
+ xmlFreeNode(res);
+ return(NULL);
}
}
return(res);
}
-/**
+/**
* xmlSecTmplReferenceListAddKeyReference:
- * @encNode: the pointer to <enc:EncryptedKey/> node.
+ * @encNode: the pointer to <enc:EncryptedKey/> node.
* @uri: uri to reference (optional)
*
* Adds <enc:KeyReference/> and the parent <enc:ReferenceList/> node (if needed).
*
- * Returns: the pointer to newly created <enc:KeyReference/> node or
+ * Returns: the pointer to newly created <enc:KeyReference/> node or
* NULL if an error occurs.
*/
xmlNodePtr
@@ -1143,44 +1143,44 @@ xmlSecTmplReferenceListAddKeyReference(xmlNodePtr encNode, const xmlChar *uri) {
xmlNodePtr refListNode, res;
xmlSecAssert2(encNode != NULL, NULL);
-
+
refListNode = xmlSecFindChild(encNode, xmlSecNodeReferenceList, xmlSecEncNs);
if(refListNode == NULL) {
- refListNode = xmlSecAddChild(encNode, xmlSecNodeReferenceList, xmlSecEncNs);
- if(refListNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeReferenceList));
- return(NULL);
- }
- }
-
+ refListNode = xmlSecAddChild(encNode, xmlSecNodeReferenceList, xmlSecEncNs);
+ if(refListNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeReferenceList));
+ return(NULL);
+ }
+ }
+
res = xmlSecAddChild(refListNode, xmlSecNodeKeyReference, xmlSecEncNs);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeKeyReference));
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyReference));
+ return(NULL);
+ }
+
if(uri != NULL) {
if(xmlSetProp(res, xmlSecAttrURI, uri) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSetProp",
- XMLSEC_ERRORS_R_XML_FAILED,
- "name=%s,value=%s",
- xmlSecErrorsSafeString(xmlSecAttrURI),
- xmlSecErrorsSafeString(uri));
- xmlUnlinkNode(res);
- xmlFreeNode(res);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrURI),
+ xmlSecErrorsSafeString(uri));
+ xmlUnlinkNode(res);
+ xmlFreeNode(res);
+ return(NULL);
}
}
@@ -1196,39 +1196,39 @@ xmlSecTmplReferenceListAddKeyReference(xmlNodePtr encNode, const xmlChar *uri) {
/**
* xmlSecTmplKeyInfoAddKeyName:
- * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
- * @name: the key name (optional).
+ * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
+ * @name: the key name (optional).
*
* Adds <dsig:KeyName/> node to the <dsig:KeyInfo/> node @keyInfoNode.
*
* Returns: the pointer to the newly created <dsig:KeyName/> node or
* NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecTmplKeyInfoAddKeyName(xmlNodePtr keyInfoNode, const xmlChar* name) {
xmlNodePtr res;
xmlSecAssert2(keyInfoNode != NULL, NULL);
-
- res = xmlSecAddChild(keyInfoNode, xmlSecNodeKeyName, xmlSecDSigNs);
+
+ res = xmlSecAddChild(keyInfoNode, xmlSecNodeKeyName, xmlSecDSigNs);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeKeyName));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyName));
+ return(NULL);
}
if(name != NULL) {
- xmlSecNodeEncodeAndSetContent(res, name);
+ xmlSecNodeEncodeAndSetContent(res, name);
}
return(res);
}
/**
* xmlSecTmplKeyInfoAddKeyValue:
- * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
+ * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
*
* Adds <dsig:KeyValue/> node to the <dsig:KeyInfo/> node @keyInfoNode.
*
@@ -1240,24 +1240,24 @@ xmlSecTmplKeyInfoAddKeyValue(xmlNodePtr keyInfoNode) {
xmlNodePtr res;
xmlSecAssert2(keyInfoNode != NULL, NULL);
-
- res = xmlSecAddChild(keyInfoNode, xmlSecNodeKeyValue, xmlSecDSigNs);
+
+ res = xmlSecAddChild(keyInfoNode, xmlSecNodeKeyValue, xmlSecDSigNs);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeKeyValue));
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyValue));
+ return(NULL);
+ }
+
return(res);
}
/**
* xmlSecTmplKeyInfoAddX509Data:
- * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
+ * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
*
* Adds <dsig:X509Data/> node to the <dsig:KeyInfo/> node @keyInfoNode.
*
@@ -1269,26 +1269,26 @@ xmlSecTmplKeyInfoAddX509Data(xmlNodePtr keyInfoNode) {
xmlNodePtr res;
xmlSecAssert2(keyInfoNode != NULL, NULL);
-
- res = xmlSecAddChild(keyInfoNode, xmlSecNodeX509Data, xmlSecDSigNs);
+
+ res = xmlSecAddChild(keyInfoNode, xmlSecNodeX509Data, xmlSecDSigNs);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509Data));
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509Data));
+ return(NULL);
+ }
+
return(res);
}
/**
* xmlSecTmplKeyInfoAddRetrievalMethod:
- * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
- * @uri: the URI attribute (optional).
- * @type: the Type attribute(optional).
+ * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
+ * @uri: the URI attribute (optional).
+ * @type: the Type attribute(optional).
*
* Adds <dsig:RetrievalMethod/> node to the <dsig:KeyInfo/> node @keyInfoNode.
*
@@ -1297,36 +1297,36 @@ xmlSecTmplKeyInfoAddX509Data(xmlNodePtr keyInfoNode) {
*/
xmlNodePtr
xmlSecTmplKeyInfoAddRetrievalMethod(xmlNodePtr keyInfoNode, const xmlChar *uri,
- const xmlChar *type) {
+ const xmlChar *type) {
xmlNodePtr res;
xmlSecAssert2(keyInfoNode != NULL, NULL);
-
- res = xmlSecAddChild(keyInfoNode, xmlSecNodeRetrievalMethod, xmlSecDSigNs);
+
+ res = xmlSecAddChild(keyInfoNode, xmlSecNodeRetrievalMethod, xmlSecDSigNs);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRetrievalMethod));
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRetrievalMethod));
+ return(NULL);
+ }
+
if(uri != NULL) {
- xmlSetProp(res, xmlSecAttrURI, uri);
+ xmlSetProp(res, xmlSecAttrURI, uri);
}
if(type != NULL) {
- xmlSetProp(res, xmlSecAttrType, type);
+ xmlSetProp(res, xmlSecAttrType, type);
}
return(res);
}
/**
* xmlSecTmplRetrievalMethodAddTransform:
- * @retrMethodNode: the pointer to <dsig:RetrievalMethod/> node.
- * @transformId: the transform id.
- *
+ * @retrMethodNode: the pointer to <dsig:RetrievalMethod/> node.
+ * @transformId: the transform id.
+ *
* Adds <dsig:Transform/> node (and the parent <dsig:Transforms/> node
* if required) to the <dsig:RetrievalMethod/> node @retrMethod.
*
@@ -1339,118 +1339,118 @@ xmlSecTmplRetrievalMethodAddTransform(xmlNodePtr retrMethodNode, xmlSecTransform
xmlNodePtr res;
xmlSecAssert2(retrMethodNode != NULL, NULL);
- xmlSecAssert2(transformId != NULL, NULL);
- xmlSecAssert2(transformId->href != NULL, NULL);
+ xmlSecAssert2(transformId != NULL, NULL);
+ xmlSecAssert2(transformId->href != NULL, NULL);
transformsNode = xmlSecFindChild(retrMethodNode, xmlSecNodeTransforms, xmlSecDSigNs);
if(transformsNode == NULL) {
- transformsNode = xmlSecAddChild(retrMethodNode, xmlSecNodeTransforms, xmlSecDSigNs);
- if(transformsNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeTransforms));
- return(NULL);
- }
- }
-
+ transformsNode = xmlSecAddChild(retrMethodNode, xmlSecNodeTransforms, xmlSecDSigNs);
+ if(transformsNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeTransforms));
+ return(NULL);
+ }
+ }
+
res = xmlSecAddChild(transformsNode, xmlSecNodeTransform, xmlSecDSigNs);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeTransform));
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeTransform));
+ return(NULL);
+ }
+
if(xmlSetProp(res, xmlSecAttrAlgorithm, transformId->href) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSetProp",
- XMLSEC_ERRORS_R_XML_FAILED,
- "name=%s,value=%s",
- xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
- xmlSecErrorsSafeString(transformId->href));
- xmlUnlinkNode(res);
- xmlFreeNode(res);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ xmlSecErrorsSafeString(transformId->href));
+ xmlUnlinkNode(res);
+ xmlFreeNode(res);
+ return(NULL);
+ }
+
return(res);
}
/**
* xmlSecTmplKeyInfoAddEncryptedKey:
- * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
- * @encMethodId: the encryption method (optional).
- * @id: the Id attribute (optional).
- * @type: the Type attribute (optional).
- * @recipient: the Recipient attribute (optional).
+ * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
+ * @encMethodId: the encryption method (optional).
+ * @id: the Id attribute (optional).
+ * @type: the Type attribute (optional).
+ * @recipient: the Recipient attribute (optional).
*
- * Adds <enc:EncryptedKey/> node with given attributes to
+ * Adds <enc:EncryptedKey/> node with given attributes to
* the <dsig:KeyInfo/> node @keyInfoNode.
*
* Returns: the pointer to the newly created <enc:EncryptedKey/> node or
* NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecTmplKeyInfoAddEncryptedKey(xmlNodePtr keyInfoNode, xmlSecTransformId encMethodId,
- const xmlChar* id, const xmlChar* type, const xmlChar* recipient) {
+ const xmlChar* id, const xmlChar* type, const xmlChar* recipient) {
xmlNodePtr encKeyNode;
xmlSecAssert2(keyInfoNode != NULL, NULL);
/* we allow multiple encrypted key elements */
- encKeyNode = xmlSecAddChild(keyInfoNode, xmlSecNodeEncryptedKey, xmlSecEncNs);
+ encKeyNode = xmlSecAddChild(keyInfoNode, xmlSecNodeEncryptedKey, xmlSecEncNs);
if(encKeyNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeEncryptedKey));
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeEncryptedKey));
+ return(NULL);
+ }
+
if(id != NULL) {
- xmlSetProp(encKeyNode, xmlSecAttrId, id);
+ xmlSetProp(encKeyNode, xmlSecAttrId, id);
}
if(type != NULL) {
- xmlSetProp(encKeyNode, xmlSecAttrType, type);
+ xmlSetProp(encKeyNode, xmlSecAttrType, type);
}
if(recipient != NULL) {
- xmlSetProp(encKeyNode, xmlSecAttrRecipient, recipient);
+ xmlSetProp(encKeyNode, xmlSecAttrRecipient, recipient);
}
if(xmlSecTmplPrepareEncData(encKeyNode, encMethodId) < 0) {
- xmlUnlinkNode(encKeyNode);
- xmlFreeNode(encKeyNode);
- return(NULL);
- }
- return(encKeyNode);
+ xmlUnlinkNode(encKeyNode);
+ xmlFreeNode(encKeyNode);
+ return(NULL);
+ }
+ return(encKeyNode);
}
/***********************************************************************
*
* <dsig:X509Data> node
*
- **********************************************************************/
+ **********************************************************************/
/**
* xmlSecTmplX509DataAddIssuerSerial:
- * @x509DataNode: the pointer to <dsig:X509Data/> node.
- *
+ * @x509DataNode: the pointer to <dsig:X509Data/> node.
+ *
* Adds <dsig:X509IssuerSerial/> node to the given <dsig:X509Data/> node.
*
* Returns: the pointer to the newly created <dsig:X509IssuerSerial/> node or
* NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecTmplX509DataAddIssuerSerial(xmlNodePtr x509DataNode) {
xmlNodePtr cur;
@@ -1458,32 +1458,32 @@ xmlSecTmplX509DataAddIssuerSerial(xmlNodePtr x509DataNode) {
cur = xmlSecFindChild(x509DataNode, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial),
- XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
cur = xmlSecAddChild(x509DataNode, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
+ return(NULL);
+ }
+
return (cur);
}
/**
* xmlSecTmplX509IssuerSerialAddIssuerName:
- * @x509IssuerSerialNode: the pointer to <dsig:X509IssuerSerial/> node.
- * @issuerName: the issuer name (optional).
+ * @x509IssuerSerialNode: the pointer to <dsig:X509IssuerSerial/> node.
+ * @issuerName: the issuer name (optional).
*
* Adds <dsig:X509IssuerName/> node to the <dsig:X509IssuerSerial/> node @x509IssuerSerialNode.
*
@@ -1492,41 +1492,41 @@ xmlSecTmplX509DataAddIssuerSerial(xmlNodePtr x509DataNode) {
*/
xmlNodePtr
xmlSecTmplX509IssuerSerialAddIssuerName(xmlNodePtr x509IssuerSerialNode, const xmlChar* issuerName) {
- xmlNodePtr res;
-
- xmlSecAssert2(x509IssuerSerialNode != NULL, NULL);
-
+ xmlNodePtr res;
+
+ xmlSecAssert2(x509IssuerSerialNode != NULL, NULL);
+
if(xmlSecFindChild(x509IssuerSerialNode, xmlSecNodeX509IssuerName,
- xmlSecDSigNs) != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
- XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
- res = xmlSecAddChild(x509IssuerSerialNode, xmlSecNodeX509IssuerName, xmlSecDSigNs);
+ xmlSecDSigNs) != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ res = xmlSecAddChild(x509IssuerSerialNode, xmlSecNodeX509IssuerName, xmlSecDSigNs);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
- return(NULL);
- }
-
- if (issuerName != NULL) {
- xmlSecNodeEncodeAndSetContent(res, issuerName);
- }
- return(res);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+ return(NULL);
+ }
+
+ if (issuerName != NULL) {
+ xmlSecNodeEncodeAndSetContent(res, issuerName);
+ }
+ return(res);
}
/**
* xmlSecTmplX509IssuerSerialAddSerialNumber:
- * @x509IssuerSerialNode: the pointer to <dsig:X509IssuerSerial/> node.
- * @serial: the serial number (optional).
+ * @x509IssuerSerialNode: the pointer to <dsig:X509IssuerSerial/> node.
+ * @serial: the serial number (optional).
*
* Adds <dsig:X509SerialNumber/> node to the <dsig:X509IssuerSerial/> node @x509IssuerSerialNode.
*
@@ -1535,48 +1535,48 @@ xmlSecTmplX509IssuerSerialAddIssuerName(xmlNodePtr x509IssuerSerialNode, const x
*/
xmlNodePtr
xmlSecTmplX509IssuerSerialAddSerialNumber(xmlNodePtr x509IssuerSerialNode, const xmlChar* serial) {
- xmlNodePtr res;
-
- xmlSecAssert2(x509IssuerSerialNode != NULL, NULL);
-
- if(xmlSecFindChild(x509IssuerSerialNode, xmlSecNodeX509SerialNumber,
- xmlSecDSigNs) != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber),
- XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
- res = xmlSecAddChild(x509IssuerSerialNode, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
- return(NULL);
- }
-
- if (serial != NULL) {
- xmlSecNodeEncodeAndSetContent(res, serial);
- }
- return(res);
+ xmlNodePtr res;
+
+ xmlSecAssert2(x509IssuerSerialNode != NULL, NULL);
+
+ if(xmlSecFindChild(x509IssuerSerialNode, xmlSecNodeX509SerialNumber,
+ xmlSecDSigNs) != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ res = xmlSecAddChild(x509IssuerSerialNode, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+ return(NULL);
+ }
+
+ if (serial != NULL) {
+ xmlSecNodeEncodeAndSetContent(res, serial);
+ }
+ return(res);
}
/**
* xmlSecTmplX509DataAddSubjectName:
- * @x509DataNode: the pointer to <dsig:X509Data/> node.
- *
+ * @x509DataNode: the pointer to <dsig:X509Data/> node.
+ *
* Adds <dsig:X509SubjectName/> node to the given <dsig:X509Data/> node.
*
* Returns: the pointer to the newly created <dsig:X509SubjectName/> node or
* NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecTmplX509DataAddSubjectName(xmlNodePtr x509DataNode) {
xmlNodePtr cur;
@@ -1584,39 +1584,39 @@ xmlSecTmplX509DataAddSubjectName(xmlNodePtr x509DataNode) {
cur = xmlSecFindChild(x509DataNode, xmlSecNodeX509SubjectName, xmlSecDSigNs);
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName),
- XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeX509SubjectName),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
cur = xmlSecAddChild(x509DataNode, xmlSecNodeX509SubjectName, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
+ return(NULL);
+ }
+
return (cur);
}
/**
* xmlSecTmplX509DataAddSKI:
- * @x509DataNode: the pointer to <dsig:X509Data/> node.
- *
+ * @x509DataNode: the pointer to <dsig:X509Data/> node.
+ *
* Adds <dsig:X509SKI/> node to the given <dsig:X509Data/> node.
*
* Returns: the pointer to the newly created <dsig:X509SKI/> node or
* NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecTmplX509DataAddSKI(xmlNodePtr x509DataNode) {
xmlNodePtr cur;
@@ -1624,40 +1624,40 @@ xmlSecTmplX509DataAddSKI(xmlNodePtr x509DataNode) {
cur = xmlSecFindChild(x509DataNode, xmlSecNodeX509SKI, xmlSecDSigNs);
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeX509SKI),
- XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
cur = xmlSecAddChild(x509DataNode, xmlSecNodeX509SKI, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SKI));
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ return(NULL);
+ }
+
return (cur);
}
/**
* xmlSecTmplX509DataAddCertificate:
- * @x509DataNode: the pointer to <dsig:X509Data/> node.
- *
+ * @x509DataNode: the pointer to <dsig:X509Data/> node.
+ *
* Adds <dsig:X509Certificate/> node to the given <dsig:X509Data/> node.
*
* Returns: the pointer to the newly created <dsig:X509Certificate/> node or
* NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecTmplX509DataAddCertificate(xmlNodePtr x509DataNode) {
xmlNodePtr cur;
@@ -1665,39 +1665,39 @@ xmlSecTmplX509DataAddCertificate(xmlNodePtr x509DataNode) {
cur = xmlSecFindChild(x509DataNode, xmlSecNodeX509Certificate, xmlSecDSigNs);
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeX509Certificate),
- XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeX509Certificate),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
cur = xmlSecAddChild(x509DataNode, xmlSecNodeX509Certificate, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
+ return(NULL);
+ }
+
return (cur);
}
/**
* xmlSecTmplX509DataAddCRL:
- * @x509DataNode: the pointer to <dsig:X509Data/> node.
- *
+ * @x509DataNode: the pointer to <dsig:X509Data/> node.
+ *
* Adds <dsig:X509CRL/> node to the given <dsig:X509Data/> node.
*
* Returns: the pointer to the newly created <dsig:X509CRL/> node or
* NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecTmplX509DataAddCRL(xmlNodePtr x509DataNode) {
xmlNodePtr cur;
@@ -1705,25 +1705,25 @@ xmlSecTmplX509DataAddCRL(xmlNodePtr x509DataNode) {
cur = xmlSecFindChild(x509DataNode, xmlSecNodeX509CRL, xmlSecDSigNs);
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeX509CRL),
- XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeX509CRL),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
cur = xmlSecAddChild(x509DataNode, xmlSecNodeX509CRL, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509CRL));
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509CRL));
+ return(NULL);
+ }
+
return (cur);
}
@@ -1735,10 +1735,10 @@ xmlSecTmplX509DataAddCRL(xmlNodePtr x509DataNode) {
/**
* xmlSecTmplTransformAddHmacOutputLength:
- * @transformNode: the pointer to <dsig:Transform/> node
- * @bitsLen: the required length in bits
+ * @transformNode: the pointer to <dsig:Transform/> node
+ * @bitsLen: the required length in bits
*
- * Creates <dsig:HMACOutputLength/> child for the HMAC transform
+ * Creates <dsig:HMACOutputLength/> child for the HMAC transform
* node @node.
*
* Returns: 0 on success and a negatie value otherwise.
@@ -1753,25 +1753,25 @@ xmlSecTmplTransformAddHmacOutputLength(xmlNodePtr transformNode, xmlSecSize bits
cur = xmlSecFindChild(transformNode, xmlSecNodeHMACOutputLength, xmlSecDSigNs);
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeHMACOutputLength),
- XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeHMACOutputLength),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
cur = xmlSecAddChild(transformNode, xmlSecNodeHMACOutputLength, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeHMACOutputLength));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeHMACOutputLength));
+ return(-1);
+ }
+
sprintf(buf, "%u", bitsLen);
xmlNodeSetContent(cur, BAD_CAST buf);
return(0);
@@ -1779,17 +1779,17 @@ xmlSecTmplTransformAddHmacOutputLength(xmlNodePtr transformNode, xmlSecSize bits
/**
* xmlSecTmplTransformAddRsaOaepParam:
- * @transformNode: the pointer to <dsig:Transform/> node.
- * @buf: the OAEP param buffer.
- * @size: the OAEP param buffer size.
- *
+ * @transformNode: the pointer to <dsig:Transform/> node.
+ * @buf: the OAEP param buffer.
+ * @size: the OAEP param buffer size.
+ *
* Creates <enc:OAEPParam/> child node in the @node.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
-xmlSecTmplTransformAddRsaOaepParam(xmlNodePtr transformNode,
- const xmlSecByte *buf, xmlSecSize size) {
+int
+xmlSecTmplTransformAddRsaOaepParam(xmlNodePtr transformNode,
+ const xmlSecByte *buf, xmlSecSize size) {
xmlNodePtr oaepParamNode;
xmlChar *base64;
@@ -1799,35 +1799,35 @@ xmlSecTmplTransformAddRsaOaepParam(xmlNodePtr transformNode,
oaepParamNode = xmlSecFindChild(transformNode, xmlSecNodeRsaOAEPparams, xmlSecEncNs);
if(oaepParamNode != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeRsaOAEPparams),
- XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeRsaOAEPparams),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
oaepParamNode = xmlSecAddChild(transformNode, xmlSecNodeRsaOAEPparams, xmlSecEncNs);
if(oaepParamNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeRsaOAEPparams));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRsaOAEPparams));
+ return(-1);
+ }
+
base64 = xmlSecBase64Encode(buf, size, 0);
if(base64 == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", size);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return(-1);
+ }
+
xmlNodeSetContent(oaepParamNode, base64);
xmlFree(base64);
return(0);
@@ -1835,9 +1835,9 @@ xmlSecTmplTransformAddRsaOaepParam(xmlNodePtr transformNode,
/**
* xmlSecTmplTransformAddXsltStylesheet:
- * @transformNode: the pointer to <dsig:Transform/> node.
- * @xslt: the XSLT transform exspression.
- *
+ * @transformNode: the pointer to <dsig:Transform/> node.
+ * @xslt: the XSLT transform exspression.
+ *
* Writes the XSLT transform expression to the @node.
*
* Returns: 0 on success or a negative value otherwise.
@@ -1846,140 +1846,140 @@ int
xmlSecTmplTransformAddXsltStylesheet(xmlNodePtr transformNode, const xmlChar *xslt) {
xmlDocPtr xsltDoc;
int ret;
-
- xmlSecAssert2(transformNode != NULL, -1);
- xmlSecAssert2(xslt != NULL, -1);
-
+
+ xmlSecAssert2(transformNode != NULL, -1);
+ xmlSecAssert2(xslt != NULL, -1);
+
xsltDoc = xmlParseMemory((const char*)xslt, xmlStrlen(xslt));
if(xsltDoc == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlParseMemory",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlParseMemory",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecReplaceContent(transformNode, xmlDocGetRootElement(xsltDoc));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecReplaceContent",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFreeDoc(xsltDoc);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecReplaceContent",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(xsltDoc);
+ return(-1);
+ }
+
xmlFreeDoc(xsltDoc);
return(0);
}
/**
* xmlSecTmplTransformAddC14NInclNamespaces:
- * @transformNode: the pointer to <dsig:Transform/> node.
- * @prefixList: the white space delimited list of namespace prefixes,
- * where "#default" indicates the default namespace
- * (optional).
+ * @transformNode: the pointer to <dsig:Transform/> node.
+ * @prefixList: the white space delimited list of namespace prefixes,
+ * where "#default" indicates the default namespace
+ * (optional).
*
* Adds "inclusive" namespaces to the ExcC14N transform node @node.
*
* Returns: 0 if success or a negative value otherwise.
*/
-int
-xmlSecTmplTransformAddC14NInclNamespaces(xmlNodePtr transformNode,
- const xmlChar *prefixList) {
+int
+xmlSecTmplTransformAddC14NInclNamespaces(xmlNodePtr transformNode,
+ const xmlChar *prefixList) {
xmlNodePtr cur;
- xmlSecAssert2(transformNode != NULL, -1);
+ xmlSecAssert2(transformNode != NULL, -1);
xmlSecAssert2(prefixList != NULL, -1);
cur = xmlSecFindChild(transformNode, xmlSecNodeInclusiveNamespaces, xmlSecNsExcC14N);
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeInclusiveNamespaces),
- XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeInclusiveNamespaces),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
cur = xmlSecAddChild(transformNode, xmlSecNodeInclusiveNamespaces, xmlSecNsExcC14N);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecNodeGetName(transformNode)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeInclusiveNamespaces));
- return(-1);
- }
-
- xmlSetProp(cur, xmlSecAttrPrefixList, prefixList);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(transformNode)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeInclusiveNamespaces));
+ return(-1);
+ }
+
+ xmlSetProp(cur, xmlSecAttrPrefixList, prefixList);
return(0);
}
/**
* xmlSecTmplTransformAddXPath:
- * @transformNode: the pointer to the <dsig:Transform/> node.
- * @expression: the XPath expression.
- * @nsList: the NULL terminated list of namespace prefix/href pairs
- * (optional).
+ * @transformNode: the pointer to the <dsig:Transform/> node.
+ * @expression: the XPath expression.
+ * @nsList: the NULL terminated list of namespace prefix/href pairs
+ * (optional).
*
- * Writes XPath transform infromation to the <dsig:Transform/> node
+ * Writes XPath transform infromation to the <dsig:Transform/> node
* @node.
*
* Returns: 0 for success or a negative value otherwise.
*/
-int
+int
xmlSecTmplTransformAddXPath(xmlNodePtr transformNode, const xmlChar *expression,
- const xmlChar **nsList) {
+ const xmlChar **nsList) {
xmlNodePtr xpathNode;
-
+
xmlSecAssert2(transformNode != NULL, -1);
xmlSecAssert2(expression != NULL, -1);
-
+
xpathNode = xmlSecFindChild(transformNode, xmlSecNodeXPath, xmlSecDSigNs);
if(xpathNode != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeXPath),
- XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeXPath),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
xpathNode = xmlSecAddChild(transformNode, xmlSecNodeXPath, xmlSecDSigNs);
if(xpathNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeXPath));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeXPath));
+ return(-1);
+ }
+
xmlSecNodeEncodeAndSetContent(xpathNode, expression);
return((nsList != NULL) ? xmlSecTmplNodeWriteNsList(xpathNode, nsList) : 0);
}
/**
* xmlSecTmplTransformAddXPath2:
- * @transformNode: the pointer to the <dsig:Transform/> node.
- * @type: the XPath2 transform type ("union", "intersect" or "subtract").
- * @expression: the XPath expression.
- * @nsList: the NULL terminated list of namespace prefix/href pairs.
- * (optional).
+ * @transformNode: the pointer to the <dsig:Transform/> node.
+ * @type: the XPath2 transform type ("union", "intersect" or "subtract").
+ * @expression: the XPath expression.
+ * @nsList: the NULL terminated list of namespace prefix/href pairs.
+ * (optional).
*
- * Writes XPath2 transform infromation to the <dsig:Transform/> node
+ * Writes XPath2 transform infromation to the <dsig:Transform/> node
* @node.
*
* Returns: 0 for success or a negative value otherwise.
*/
int
xmlSecTmplTransformAddXPath2(xmlNodePtr transformNode, const xmlChar* type,
- const xmlChar *expression, const xmlChar **nsList) {
+ const xmlChar *expression, const xmlChar **nsList) {
xmlNodePtr xpathNode;
xmlSecAssert2(transformNode != NULL, -1);
@@ -1988,35 +1988,35 @@ xmlSecTmplTransformAddXPath2(xmlNodePtr transformNode, const xmlChar* type,
xpathNode = xmlSecAddChild(transformNode, xmlSecNodeXPath, xmlSecXPath2Ns);
if(xpathNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeXPath));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeXPath));
+ return(-1);
}
xmlSetProp(xpathNode, xmlSecAttrFilter, type);
-
+
xmlSecNodeEncodeAndSetContent(xpathNode, expression);
return((nsList != NULL) ? xmlSecTmplNodeWriteNsList(xpathNode, nsList) : 0);
}
/**
* xmlSecTmplTransformAddXPointer:
- * @transformNode: the pointer to the <dsig:Transform/> node.
- * @expression: the XPath expression.
- * @nsList: the NULL terminated list of namespace prefix/href pairs.
- * (optional).
+ * @transformNode: the pointer to the <dsig:Transform/> node.
+ * @expression: the XPath expression.
+ * @nsList: the NULL terminated list of namespace prefix/href pairs.
+ * (optional).
*
- * Writes XPoniter transform infromation to the <dsig:Transform/> node
+ * Writes XPoniter transform infromation to the <dsig:Transform/> node
* @node.
*
* Returns: 0 for success or a negative value otherwise.
*/
-int
+int
xmlSecTmplTransformAddXPointer(xmlNodePtr transformNode, const xmlChar *expression,
- const xmlChar **nsList) {
+ const xmlChar **nsList) {
xmlNodePtr xpointerNode;
xmlSecAssert2(expression != NULL, -1);
@@ -2024,31 +2024,31 @@ xmlSecTmplTransformAddXPointer(xmlNodePtr transformNode, const xmlChar *expressi
xpointerNode = xmlSecFindChild(transformNode, xmlSecNodeXPointer, xmlSecXPointerNs);
if(xpointerNode != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeXPointer),
- XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeXPointer),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
xpointerNode = xmlSecAddChild(transformNode, xmlSecNodeXPointer, xmlSecXPointerNs);
if(xpointerNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeXPointer));
- return(-1);
- }
-
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeXPointer));
+ return(-1);
+ }
+
+
xmlSecNodeEncodeAndSetContent(xpointerNode, expression);
return((nsList != NULL) ? xmlSecTmplNodeWriteNsList(xpointerNode, nsList) : 0);
}
-static int
+static int
xmlSecTmplNodeWriteNsList(xmlNodePtr parentNode, const xmlChar** nsList) {
xmlNsPtr ns;
const xmlChar *prefix;
@@ -2057,35 +2057,35 @@ xmlSecTmplNodeWriteNsList(xmlNodePtr parentNode, const xmlChar** nsList) {
xmlSecAssert2(parentNode != NULL, -1);
xmlSecAssert2(nsList != NULL, -1);
-
+
ptr = nsList;
while((*ptr) != NULL) {
- if(xmlStrEqual(BAD_CAST "#default", (*ptr))) {
- prefix = NULL;
- } else {
- prefix = (*ptr);
- }
- if((++ptr) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "unexpected end of ns list");
- return(-1);
- }
- href = *(ptr++);
-
- ns = xmlNewNs(parentNode, href, prefix);
- if(ns == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewNs",
- XMLSEC_ERRORS_R_XML_FAILED,
- "href=%s;prefix=%s",
- xmlSecErrorsSafeString(href),
- xmlSecErrorsSafeString(prefix));
- return(-1);
- }
+ if(xmlStrEqual(BAD_CAST "#default", (*ptr))) {
+ prefix = NULL;
+ } else {
+ prefix = (*ptr);
+ }
+ if((++ptr) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "unexpected end of ns list");
+ return(-1);
+ }
+ href = *(ptr++);
+
+ ns = xmlNewNs(parentNode, href, prefix);
+ if(ns == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "href=%s;prefix=%s",
+ xmlSecErrorsSafeString(href),
+ xmlSecErrorsSafeString(prefix));
+ return(-1);
+ }
}
return(0);
}
diff --git a/src/transforms.c b/src/transforms.c
index 2ed3fe88..8a2ded23 100644
--- a/src/transforms.c
+++ b/src/transforms.c
@@ -1,41 +1,41 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* The Transforms Element (http://www.w3.org/TR/xmldsig-core/#sec-Transforms)
- *
- * The optional Transforms element contains an ordered list of Transform
- * elements; these describe how the signer obtained the data object that
+ *
+ * The optional Transforms element contains an ordered list of Transform
+ * elements; these describe how the signer obtained the data object that
* was digested.
*
* Schema Definition:
- *
+ *
* <element name="Transforms" type="ds:TransformsType"/>
* <complexType name="TransformsType">
* <sequence>
- * <element ref="ds:Transform" maxOccurs="unbounded"/>
+ * <element ref="ds:Transform" maxOccurs="unbounded"/>
* </sequence>
* </complexType>
*
* <element name="Transform" type="ds:TransformType"/>
* <complexType name="TransformType" mixed="true">
- * <choice minOccurs="0" maxOccurs="unbounded">
+ * <choice minOccurs="0" maxOccurs="unbounded">
* <any namespace="##other" processContents="lax"/>
* <!-- (1,1) elements from (0,unbounded) namespaces -->
- * <element name="XPath" type="string"/>
+ * <element name="XPath" type="string"/>
* </choice>
- * <attribute name="Algorithm" type="anyURI" use="required"/>
+ * <attribute name="Algorithm" type="anyURI" use="required"/>
* </complexType>
- *
+ *
* DTD:
- *
+ *
* <!ELEMENT Transforms (Transform+)>
* <!ELEMENT Transform (#PCDATA|XPath %Transform.ANY;)* >
* <!ATTLIST Transform Algorithm CDATA #REQUIRED >
* <!ELEMENT XPath (#PCDATA) >
- *
+ *
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
@@ -61,6 +61,8 @@
#include <xmlsec/parser.h>
#include <xmlsec/errors.h>
+#include <xmlsec/private/xslt.h>
+
/**************************************************************************
*
* Global xmlSecTransformIds list functions
@@ -69,11 +71,11 @@
static xmlSecPtrList xmlSecAllTransformIds;
-/**
+/**
* xmlSecTransformIdsGet:
*
* Gets global registered transform klasses list.
- *
+ *
* Returns: the pointer to list of all registered transform klasses.
*/
xmlSecPtrListPtr
@@ -81,78 +83,86 @@ xmlSecTransformIdsGet(void) {
return(&xmlSecAllTransformIds);
}
-/**
+/**
* xmlSecTransformIdsInit:
*
- * Initializes the transform klasses. This function is called from the
+ * Initializes the transform klasses. This function is called from the
* #xmlSecInit function and the application should not call it directly.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecTransformIdsInit(void) {
int ret;
-
+
ret = xmlSecPtrListInitialize(xmlSecTransformIdsGet(), xmlSecTransformIdListId);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListPtrInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecTransformIdListId");
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListPtrInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecTransformIdListId");
return(-1);
}
-
+
ret = xmlSecTransformIdsRegisterDefault();
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformIdsRegisterDefault",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegisterDefault",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
+
+#ifndef XMLSEC_NO_XSLT
+ xmlSecTransformXsltInitialize();
+#endif /* XMLSEC_NO_XSLT */
+
return(0);
}
/**
* xmlSecTransformIdsShutdown:
- *
- * Shuts down the keys data klasses. This function is called from the
+ *
+ * Shuts down the keys data klasses. This function is called from the
* #xmlSecShutdown function and the application should not call it directly.
*/
void
xmlSecTransformIdsShutdown(void) {
+#ifndef XMLSEC_NO_XSLT
+ xmlSecTransformXsltShutdown();
+#endif /* XMLSEC_NO_XSLT */
+
xmlSecPtrListFinalize(xmlSecTransformIdsGet());
}
-/**
+/**
* xmlSecTransformIdsRegister:
- * @id: the transform klass.
+ * @id: the transform klass.
*
* Registers @id in the global list of transform klasses.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecTransformIdsRegister(xmlSecTransformId id) {
int ret;
-
+
xmlSecAssert2(id != xmlSecTransformIdUnknown, -1);
-
+
ret = xmlSecPtrListAdd(xmlSecTransformIdsGet(), (xmlSecPtr)id);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)));
return(-1);
}
-
- return(0);
+
+ return(0);
}
/**
@@ -163,126 +173,126 @@ xmlSecTransformIdsRegister(xmlSecTransformId id) {
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecTransformIdsRegisterDefault(void) {
if(xmlSecTransformIdsRegister(xmlSecTransformBase64Id) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformBase64Id)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformBase64Id)));
+ return(-1);
}
if(xmlSecTransformIdsRegister(xmlSecTransformEnvelopedId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformEnvelopedId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformEnvelopedId)));
+ return(-1);
}
/* c14n methods */
if(xmlSecTransformIdsRegister(xmlSecTransformInclC14NId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInclC14NId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInclC14NId)));
+ return(-1);
}
if(xmlSecTransformIdsRegister(xmlSecTransformInclC14NWithCommentsId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInclC14NWithCommentsId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInclC14NWithCommentsId)));
+ return(-1);
}
if(xmlSecTransformIdsRegister(xmlSecTransformInclC14N11Id) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInclC14N11Id)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInclC14N11Id)));
+ return(-1);
}
if(xmlSecTransformIdsRegister(xmlSecTransformInclC14N11WithCommentsId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInclC14N11WithCommentsId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInclC14N11WithCommentsId)));
+ return(-1);
}
if(xmlSecTransformIdsRegister(xmlSecTransformExclC14NId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformExclC14NId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformExclC14NId)));
+ return(-1);
}
if(xmlSecTransformIdsRegister(xmlSecTransformExclC14NWithCommentsId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformExclC14NWithCommentsId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformExclC14NWithCommentsId)));
+ return(-1);
}
if(xmlSecTransformIdsRegister(xmlSecTransformXPathId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXPathId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXPathId)));
+ return(-1);
}
if(xmlSecTransformIdsRegister(xmlSecTransformXPath2Id) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXPath2Id)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXPath2Id)));
+ return(-1);
}
if(xmlSecTransformIdsRegister(xmlSecTransformXPointerId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXPointerId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXPointerId)));
+ return(-1);
}
#ifndef XMLSEC_NO_XSLT
if(xmlSecTransformIdsRegister(xmlSecTransformXsltId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXsltId)));
- return(-1);
- }
-#endif /* XMLSEC_NO_XSLT */
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXsltId)));
+ return(-1);
+ }
+#endif /* XMLSEC_NO_XSLT */
+
return(0);
}
@@ -293,27 +303,27 @@ xmlSecTransformIdsRegisterDefault(void) {
*************************************************************************/
/**
* xmlSecTransformUriTypeCheck:
- * @type: the expected URI type.
- * @uri: the uri for checking.
+ * @type: the expected URI type.
+ * @uri: the uri for checking.
*
* Checks if @uri matches expected type @type.
*
* Returns: 1 if @uri matches @type, 0 if not or a negative value
* if an error occurs.
*/
-int
+int
xmlSecTransformUriTypeCheck(xmlSecTransformUriType type, const xmlChar* uri) {
xmlSecTransformUriType uriType = 0;
if((uri == NULL) || (xmlStrlen(uri) == 0)) {
- uriType = xmlSecTransformUriTypeEmpty;
+ uriType = xmlSecTransformUriTypeEmpty;
} else if(uri[0] == '#') {
- uriType = xmlSecTransformUriTypeSameDocument;
+ uriType = xmlSecTransformUriTypeSameDocument;
} else if(xmlStrncmp(uri, BAD_CAST "file://", 7) == 0) {
- uriType = xmlSecTransformUriTypeLocal;
+ uriType = xmlSecTransformUriTypeLocal;
} else {
- uriType = xmlSecTransformUriTypeRemote;
- }
+ uriType = xmlSecTransformUriTypeRemote;
+ }
return(((uriType & type) != 0) ? 1 : 0);
}
@@ -327,82 +337,82 @@ xmlSecTransformUriTypeCheck(xmlSecTransformUriType type, const xmlChar* uri) {
* xmlSecTransformCtxCreate:
*
* Creates transforms chain processing context.
- * The caller is responsible for destroying returend object by calling
+ * The caller is responsible for destroying returned object by calling
* #xmlSecTransformCtxDestroy function.
*
* Returns: pointer to newly allocated context object or NULL if an error
* occurs.
*/
-xmlSecTransformCtxPtr
+xmlSecTransformCtxPtr
xmlSecTransformCtxCreate(void) {
xmlSecTransformCtxPtr ctx;
int ret;
-
+
/* Allocate a new xmlSecTransform and fill the fields. */
ctx = (xmlSecTransformCtxPtr)xmlMalloc(sizeof(xmlSecTransformCtx));
if(ctx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", sizeof(xmlSecTransformCtx));
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", sizeof(xmlSecTransformCtx));
+ return(NULL);
+ }
+
ret = xmlSecTransformCtxInitialize(ctx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecTransformCtxDestroy(ctx);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecTransformCtxDestroy(ctx);
+ return(NULL);
+ }
+
return(ctx);
}
/**
* xmlSecTransformCtxDestroy:
- * @ctx: the pointer to transforms chain processing context.
+ * @ctx: the pointer to transforms chain processing context.
*
* Destroy context object created with #xmlSecTransformCtxCreate function.
*/
void
xmlSecTransformCtxDestroy(xmlSecTransformCtxPtr ctx) {
xmlSecAssert(ctx != NULL);
-
+
xmlSecTransformCtxFinalize(ctx);
xmlFree(ctx);
}
/**
* xmlSecTransformCtxInitialize:
- * @ctx: the pointer to transforms chain processing context.
+ * @ctx: the pointer to transforms chain processing context.
*
* Initializes transforms chain processing context.
- * The caller is responsible for cleaing up returend object by calling
+ * The caller is responsible for cleaning up returned object by calling
* #xmlSecTransformCtxFinalize function.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecTransformCtxInitialize(xmlSecTransformCtxPtr ctx) {
int ret;
-
+
xmlSecAssert2(ctx != NULL, -1);
-
+
memset(ctx, 0, sizeof(xmlSecTransformCtx));
ret = xmlSecPtrListInitialize(&(ctx->enabledTransforms), xmlSecTransformIdListId);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ctx->enabledUris = xmlSecTransformUriTypeAny;
@@ -411,14 +421,14 @@ xmlSecTransformCtxInitialize(xmlSecTransformCtxPtr ctx) {
/**
* xmlSecTransformCtxFinalize:
- * @ctx: the pointer to transforms chain processing context.
+ * @ctx: the pointer to transforms chain processing context.
*
* Cleans up @ctx object initialized with #xmlSecTransformCtxInitialize function.
*/
-void
+void
xmlSecTransformCtxFinalize(xmlSecTransformCtxPtr ctx) {
xmlSecAssert(ctx != NULL);
-
+
xmlSecTransformCtxReset(ctx);
xmlSecPtrListFinalize(&(ctx->enabledTransforms));
memset(ctx, 0, sizeof(xmlSecTransformCtx));
@@ -426,104 +436,104 @@ xmlSecTransformCtxFinalize(xmlSecTransformCtxPtr ctx) {
/**
* xmlSecTransformCtxReset:
- * @ctx: the pointer to transforms chain processing context.
+ * @ctx: the pointer to transforms chain processing context.
*
* Resets transfroms context for new processing.
*/
-void
+void
xmlSecTransformCtxReset(xmlSecTransformCtxPtr ctx) {
- xmlSecTransformPtr transform, tmp;
-
+ xmlSecTransformPtr transform, tmp;
+
xmlSecAssert(ctx != NULL);
ctx->result = NULL;
ctx->status = xmlSecTransformStatusNone;
-
+
/* destroy uri */
if(ctx->uri != NULL) {
- xmlFree(ctx->uri);
- ctx->uri = NULL;
+ xmlFree(ctx->uri);
+ ctx->uri = NULL;
}
if(ctx->xptrExpr != NULL) {
- xmlFree(ctx->xptrExpr);
- ctx->xptrExpr = NULL;
+ xmlFree(ctx->xptrExpr);
+ ctx->xptrExpr = NULL;
}
-
+
/* destroy transforms chain */
for(transform = ctx->first; transform != NULL; transform = tmp) {
- tmp = transform->next;
- xmlSecTransformDestroy(transform);
+ tmp = transform->next;
+ xmlSecTransformDestroy(transform);
}
ctx->first = ctx->last = NULL;
}
/**
- * xmlSecTransformCtxCopyUserPref:
- * @dst: the pointer to destination transforms chain processing context.
- * @src: the pointer to source transforms chain processing context.
+ * xmlSecTransformCtxCopyUserPref:
+ * @dst: the pointer to destination transforms chain processing context.
+ * @src: the pointer to source transforms chain processing context.
*
* Copies user settings from @src context to @dst.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecTransformCtxCopyUserPref(xmlSecTransformCtxPtr dst, xmlSecTransformCtxPtr src) {
int ret;
-
+
xmlSecAssert2(dst != NULL, -1);
xmlSecAssert2(src != NULL, -1);
-
- dst->userData = src->userData;
- dst->flags = src->flags;
- dst->flags2 = src->flags2;
- dst->enabledUris = src->enabledUris;
+
+ dst->userData = src->userData;
+ dst->flags = src->flags;
+ dst->flags2 = src->flags2;
+ dst->enabledUris = src->enabledUris;
dst->preExecCallback = src->preExecCallback;
-
+
ret = xmlSecPtrListCopy(&(dst->enabledTransforms), &(src->enabledTransforms));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListCopy",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
return(0);
}
/**
- * xmlSecTransformCtxAppend:
- * @ctx: the pointer to transforms chain processing context.
- * @transform: the pointer to new transform.
+ * xmlSecTransformCtxAppend:
+ * @ctx: the pointer to transforms chain processing context.
+ * @transform: the pointer to new transform.
*
- * Connects the @transform to the end of the chain of transforms in the @ctx
+ * Connects the @transform to the end of the chain of transforms in the @ctx
* (see #xmlSecTransformConnect function for details).
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecTransformCtxAppend(xmlSecTransformCtxPtr ctx, xmlSecTransformPtr transform) {
int ret;
-
- xmlSecAssert2(ctx != NULL, -1);
+
+ xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, -1);
xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
if(ctx->last != NULL) {
- ret = xmlSecTransformConnect(ctx->last, transform, ctx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformConnect",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
- return(-1);
- }
+ ret = xmlSecTransformConnect(ctx->last, transform, ctx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformConnect",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
+ return(-1);
+ }
} else {
- xmlSecAssert2(ctx->first == NULL, -1);
- ctx->first = transform;
+ xmlSecAssert2(ctx->first == NULL, -1);
+ ctx->first = transform;
}
ctx->last = transform;
@@ -531,37 +541,37 @@ xmlSecTransformCtxAppend(xmlSecTransformCtxPtr ctx, xmlSecTransformPtr transform
}
/**
- * xmlSecTransformCtxPrepend:
- * @ctx: the pointer to transforms chain processing context.
- * @transform: the pointer to new transform.
+ * xmlSecTransformCtxPrepend:
+ * @ctx: the pointer to transforms chain processing context.
+ * @transform: the pointer to new transform.
*
- * Connects the @transform to the beggining of the chain of transforms in the @ctx
+ * Connects the @transform to the beggining of the chain of transforms in the @ctx
* (see #xmlSecTransformConnect function for details).
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecTransformCtxPrepend(xmlSecTransformCtxPtr ctx, xmlSecTransformPtr transform) {
int ret;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, -1);
xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
if(ctx->first != NULL) {
- ret = xmlSecTransformConnect(transform, ctx->first, ctx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformConnect",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
- return(-1);
- }
+ ret = xmlSecTransformConnect(transform, ctx->first, ctx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformConnect",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
+ return(-1);
+ }
} else {
- xmlSecAssert2(ctx->last == NULL, -1);
- ctx->last = transform;
+ xmlSecAssert2(ctx->last == NULL, -1);
+ ctx->last = transform;
}
ctx->first = transform;
@@ -569,235 +579,235 @@ xmlSecTransformCtxPrepend(xmlSecTransformCtxPtr ctx, xmlSecTransformPtr transfor
}
/**
- * xmlSecTransformCtxCreateAndAppend:
- * @ctx: the pointer to transforms chain processing context.
- * @id: the new transform klass.
+ * xmlSecTransformCtxCreateAndAppend:
+ * @ctx: the pointer to transforms chain processing context.
+ * @id: the new transform klass.
*
- * Creaeates new transform and connects it to the end of the chain of
+ * Creaeates new transform and connects it to the end of the chain of
* transforms in the @ctx (see #xmlSecTransformConnect function for details).
*
* Returns: pointer to newly created transform or NULL if an error occurs.
*/
-xmlSecTransformPtr
+xmlSecTransformPtr
xmlSecTransformCtxCreateAndAppend(xmlSecTransformCtxPtr ctx, xmlSecTransformId id) {
xmlSecTransformPtr transform;
int ret;
-
+
xmlSecAssert2(ctx != NULL, NULL);
xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, NULL);
xmlSecAssert2(id != xmlSecTransformIdUnknown, NULL);
transform = xmlSecTransformCreate(id);
if(!xmlSecTransformIsValid(transform)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)));
+ return(NULL);
}
ret = xmlSecTransformCtxAppend(ctx, transform);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
- xmlSecTransformDestroy(transform);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
+ xmlSecTransformDestroy(transform);
+ return(NULL);
}
return(transform);
}
/**
- * xmlSecTransformCtxCreateAndPrepend:
- * @ctx: the pointer to transforms chain processing context.
- * @id: the new transform klass.
+ * xmlSecTransformCtxCreateAndPrepend:
+ * @ctx: the pointer to transforms chain processing context.
+ * @id: the new transform klass.
*
- * Creaeates new transform and connects it to the end of the chain of
+ * Creaeates new transform and connects it to the end of the chain of
* transforms in the @ctx (see #xmlSecTransformConnect function for details).
*
* Returns: pointer to newly created transform or NULL if an error occurs.
*/
-xmlSecTransformPtr
+xmlSecTransformPtr
xmlSecTransformCtxCreateAndPrepend(xmlSecTransformCtxPtr ctx, xmlSecTransformId id) {
xmlSecTransformPtr transform;
int ret;
-
+
xmlSecAssert2(ctx != NULL, NULL);
xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, NULL);
xmlSecAssert2(id != xmlSecTransformIdUnknown, NULL);
transform = xmlSecTransformCreate(id);
if(!xmlSecTransformIsValid(transform)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)));
+ return(NULL);
}
ret = xmlSecTransformCtxPrepend(ctx, transform);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxPrepend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
- xmlSecTransformDestroy(transform);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxPrepend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
+ xmlSecTransformDestroy(transform);
+ return(NULL);
}
return(transform);
}
/**
- * xmlSecTransformCtxNodeRead:
- * @ctx: the pointer to transforms chain processing context.
- * @node: the pointer to transform's node.
- * @usage: the transform's usage (signature, encryption, etc.).
+ * xmlSecTransformCtxNodeRead:
+ * @ctx: the pointer to transforms chain processing context.
+ * @node: the pointer to transform's node.
+ * @usage: the transform's usage (signature, encryption, etc.).
*
- * Reads the transform from the @node and appends it to the current chain
+ * Reads the transform from the @node and appends it to the current chain
* of transforms in @ctx.
*
* Returns: pointer to newly created transform or NULL if an error occurs.
*/
xmlSecTransformPtr
-xmlSecTransformCtxNodeRead(xmlSecTransformCtxPtr ctx, xmlNodePtr node,
- xmlSecTransformUsage usage) {
+xmlSecTransformCtxNodeRead(xmlSecTransformCtxPtr ctx, xmlNodePtr node,
+ xmlSecTransformUsage usage) {
xmlSecTransformPtr transform;
int ret;
-
+
xmlSecAssert2(ctx != NULL, NULL);
xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, NULL);
xmlSecAssert2(node != NULL, NULL);
-
+
transform = xmlSecTransformNodeRead(node, usage, ctx);
if(transform == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ return(NULL);
+ }
+
ret = xmlSecTransformCtxAppend(ctx, transform);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
- xmlSecTransformDestroy(transform);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
+ xmlSecTransformDestroy(transform);
+ return(NULL);
+ }
+
return(transform);
}
/**
- * xmlSecTransformCtxNodesListRead:
- * @ctx: the pointer to transforms chain processing context.
- * @node: the pointer to <dsig:Transform/> nodes parent node.
- * @usage: the transform's usage (signature, encryption, etc.).
+ * xmlSecTransformCtxNodesListRead:
+ * @ctx: the pointer to transforms chain processing context.
+ * @node: the pointer to <dsig:Transform/> nodes parent node.
+ * @usage: the transform's usage (signature, encryption, etc.).
*
- * Reads transforms from the <dsig:Transform/> children of the @node and
+ * Reads transforms from the <dsig:Transform/> children of the @node and
* appends them to the current transforms chain in @ctx object.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecTransformCtxNodesListRead(xmlSecTransformCtxPtr ctx, xmlNodePtr node, xmlSecTransformUsage usage) {
xmlSecTransformPtr transform;
xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, -1);
xmlSecAssert2(node != NULL, -1);
-
+
cur = xmlSecGetNextElementNode(node->children);
while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeTransform, xmlSecDSigNs)) {
- transform = xmlSecTransformNodeRead(cur, usage, ctx);
- if(transform == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
-
- ret = xmlSecTransformCtxAppend(ctx, transform);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- xmlSecTransformDestroy(transform);
- return(-1);
- }
- cur = xmlSecGetNextElementNode(cur->next);
+ transform = xmlSecTransformNodeRead(cur, usage, ctx);
+ if(transform == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+
+ ret = xmlSecTransformCtxAppend(ctx, transform);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ xmlSecTransformDestroy(transform);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
return(0);
}
/**
- * xmlSecTransformCtxSetUri:
- * @ctx: the pointer to transforms chain processing context.
- * @uri: the URI.
- * @hereNode: the pointer to "here" node required by some
- * XML transforms (may be NULL).
+ * xmlSecTransformCtxSetUri:
+ * @ctx: the pointer to transforms chain processing context.
+ * @uri: the URI.
+ * @hereNode: the pointer to "here" node required by some
+ * XML transforms (may be NULL).
*
* Parses uri and adds xpointer transforms if required.
*
* The following examples demonstrate what the URI attribute identifies and
- * how it is dereferenced
+ * how it is dereferenced
* (http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel):
*
* - URI="http://example.com/bar.xml"
- * identifies the octets that represent the external resource
- * 'http://example.com/bar.xml', that is probably an XML document given
- * its file extension.
+ * identifies the octets that represent the external resource
+ * 'http://example.com/bar.xml', that is probably an XML document given
+ * its file extension.
*
* - URI="http://example.com/bar.xml#chapter1"
- * identifies the element with ID attribute value 'chapter1' of the
- * external XML resource 'http://example.com/bar.xml', provided as an
- * octet stream. Again, for the sake of interoperability, the element
- * identified as 'chapter1' should be obtained using an XPath transform
- * rather than a URI fragment (barename XPointer resolution in external
- * resources is not REQUIRED in this specification).
+ * identifies the element with ID attribute value 'chapter1' of the
+ * external XML resource 'http://example.com/bar.xml', provided as an
+ * octet stream. Again, for the sake of interoperability, the element
+ * identified as 'chapter1' should be obtained using an XPath transform
+ * rather than a URI fragment (barename XPointer resolution in external
+ * resources is not REQUIRED in this specification).
*
* - URI=""
- * identifies the node-set (minus any comment nodes) of the XML resource
- * containing the signature
+ * identifies the node-set (minus any comment nodes) of the XML resource
+ * containing the signature
*
* - URI="#chapter1"
- * identifies a node-set containing the element with ID attribute value
- * 'chapter1' of the XML resource containing the signature. XML Signature
- * (and its applications) modify this node-set to include the element plus
+ * identifies a node-set containing the element with ID attribute value
+ * 'chapter1' of the XML resource containing the signature. XML Signature
+ * (and its applications) modify this node-set to include the element plus
* all descendents including namespaces and attributes -- but not comments.
*
* Returns: 0 on success or a negative value otherwise.
@@ -809,7 +819,7 @@ xmlSecTransformCtxSetUri(xmlSecTransformCtxPtr ctx, const xmlChar* uri, xmlNodeP
xmlChar* buf = NULL;
int useVisa3DHack = 0;
int ret;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->uri == NULL, -1);
xmlSecAssert2(ctx->xptrExpr == NULL, -1);
@@ -818,272 +828,272 @@ xmlSecTransformCtxSetUri(xmlSecTransformCtxPtr ctx, const xmlChar* uri, xmlNodeP
/* check uri */
if(xmlSecTransformUriTypeCheck(ctx->enabledUris, uri) != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_URI_TYPE,
- "uri=%s",
- xmlSecErrorsSafeString(uri));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_URI_TYPE,
+ "uri=%s",
+ xmlSecErrorsSafeString(uri));
+ return(-1);
}
- /* is it an empty uri? */
+ /* is it an empty uri? */
if((uri == NULL) || (xmlStrlen(uri) == 0)) {
- return(0);
+ return(0);
}
/* do we have barename or full xpointer? */
xptr = xmlStrchr(uri, '#');
if(xptr == NULL){
ctx->uri = xmlStrdup(uri);
- if(ctx->uri == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_STRDUP_FAILED,
- "size=%d", xmlStrlen(uri));
- return(-1);
- }
- /* we are done */
- return(0);
+ if(ctx->uri == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_STRDUP_FAILED,
+ "size=%d", xmlStrlen(uri));
+ return(-1);
+ }
+ /* we are done */
+ return(0);
} else if(xmlStrcmp(uri, BAD_CAST "#xpointer(/)") == 0) {
ctx->xptrExpr = xmlStrdup(uri);
- if(ctx->xptrExpr == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_STRDUP_FAILED,
- "size=%d", xmlStrlen(uri));
- return(-1);
- }
- /* we are done */
- return(0);
- }
-
+ if(ctx->xptrExpr == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_STRDUP_FAILED,
+ "size=%d", xmlStrlen(uri));
+ return(-1);
+ }
+ /* we are done */
+ return(0);
+ }
+
ctx->uri = xmlStrndup(uri, xptr - uri);
if(ctx->uri == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_STRDUP_FAILED,
- "size=%d", xptr - uri);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_STRDUP_FAILED,
+ "size=%d", xptr - uri);
+ return(-1);
}
ctx->xptrExpr = xmlStrdup(xptr);
if(ctx->xptrExpr == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_STRDUP_FAILED,
- "size=%d", xmlStrlen(xptr));
- return(-1);
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_STRDUP_FAILED,
+ "size=%d", xmlStrlen(xptr));
+ return(-1);
}
/* do we have barename or full xpointer? */
xmlSecAssert2(xptr != NULL, -1);
if((xmlStrncmp(xptr, BAD_CAST "#xpointer(", 10) == 0) || (xmlStrncmp(xptr, BAD_CAST "#xmlns(", 7) == 0)) {
- ++xptr;
- nodeSetType = xmlSecNodeSetTree;
+ ++xptr;
+ nodeSetType = xmlSecNodeSetTree;
} else if((ctx->flags & XMLSEC_TRANSFORMCTX_FLAGS_USE_VISA3D_HACK) != 0) {
- ++xptr;
- nodeSetType = xmlSecNodeSetTreeWithoutComments;
- useVisa3DHack = 1;
+ ++xptr;
+ nodeSetType = xmlSecNodeSetTreeWithoutComments;
+ useVisa3DHack = 1;
} else {
- static const char tmpl[] = "xpointer(id(\'%s\'))";
- xmlSecSize size;
-
- /* we need to add "xpointer(id('..')) because otherwise we have
- * problems with numeric ("111" and so on) and other "strange" ids */
- size = xmlStrlen(BAD_CAST tmpl) + xmlStrlen(xptr) + 2;
- buf = (xmlChar*)xmlMalloc(size * sizeof(xmlChar));
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", size);
- return(-1);
- }
- sprintf((char*)buf, tmpl, xptr + 1);
- xptr = buf;
- nodeSetType = xmlSecNodeSetTreeWithoutComments;
- }
-
- if(useVisa3DHack == 0) {
- xmlSecTransformPtr transform;
-
- /* we need to create XPonter transform to execute expr */
- transform = xmlSecTransformCtxCreateAndPrepend(ctx, xmlSecTransformXPointerId);
- if(!xmlSecTransformIsValid(transform)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxCreateAndPrepend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXPointerId)));
- return(-1);
- }
-
+ static const char tmpl[] = "xpointer(id(\'%s\'))";
+ xmlSecSize size;
+
+ /* we need to add "xpointer(id('..')) because otherwise we have
+ * problems with numeric ("111" and so on) and other "strange" ids */
+ size = xmlStrlen(BAD_CAST tmpl) + xmlStrlen(xptr) + 2;
+ buf = (xmlChar*)xmlMalloc(size * sizeof(xmlChar));
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", size);
+ return(-1);
+ }
+ sprintf((char*)buf, tmpl, xptr + 1);
+ xptr = buf;
+ nodeSetType = xmlSecNodeSetTreeWithoutComments;
+ }
+
+ if(useVisa3DHack == 0) {
+ xmlSecTransformPtr transform;
+
+ /* we need to create XPonter transform to execute expr */
+ transform = xmlSecTransformCtxCreateAndPrepend(ctx, xmlSecTransformXPointerId);
+ if(!xmlSecTransformIsValid(transform)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndPrepend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXPointerId)));
+ return(-1);
+ }
+
ret = xmlSecTransformXPointerSetExpr(transform, xptr, nodeSetType, hereNode);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformXPointerSetExpr",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
- if(buf != NULL) {
- xmlFree(buf);
- }
- return(-1);
- }
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformXPointerSetExpr",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
+ if(buf != NULL) {
+ xmlFree(buf);
+ }
+ return(-1);
+ }
} else {
- /* Visa3D protocol doesn't follow XML/XPointer/XMLDSig specs
- * and allows invalid XPointer expressions (e.g. "#12345") in
- * the URI attribute.
- * Since we couldn't evaluate such expressions thru XPath/XPointer
- * engine, we need to have this hack here
- */
- xmlSecTransformPtr transform;
-
- transform = xmlSecTransformCtxCreateAndPrepend(ctx, xmlSecTransformVisa3DHackId);
- if(!xmlSecTransformIsValid(transform)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxCreateAndPrepend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformVisa3DHackId)));
- return(-1);
- }
-
+ /* Visa3D protocol doesn't follow XML/XPointer/XMLDSig specs
+ * and allows invalid XPointer expressions (e.g. "#12345") in
+ * the URI attribute.
+ * Since we couldn't evaluate such expressions thru XPath/XPointer
+ * engine, we need to have this hack here
+ */
+ xmlSecTransformPtr transform;
+
+ transform = xmlSecTransformCtxCreateAndPrepend(ctx, xmlSecTransformVisa3DHackId);
+ if(!xmlSecTransformIsValid(transform)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndPrepend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformVisa3DHackId)));
+ return(-1);
+ }
+
ret = xmlSecTransformVisa3DHackSetID(transform, xptr);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformVisa3DHackSetID",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
- if(buf != NULL) {
- xmlFree(buf);
- }
- return(-1);
- }
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformVisa3DHackSetID",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
+ if(buf != NULL) {
+ xmlFree(buf);
+ }
+ return(-1);
+ }
}
if(buf != NULL) {
- xmlFree(buf);
+ xmlFree(buf);
}
-
+
return(0);
}
/**
- * xmlSecTransformCtxPrepare:
- * @ctx: the pointer to transforms chain processing context.
- * @inputDataType: the expected input type.
+ * xmlSecTransformCtxPrepare:
+ * @ctx: the pointer to transforms chain processing context.
+ * @inputDataType: the expected input type.
*
* Prepares the transform context for processing data of @inputDataType.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecTransformCtxPrepare(xmlSecTransformCtxPtr ctx, xmlSecTransformDataType inputDataType) {
xmlSecTransformDataType firstType;
xmlSecTransformPtr transform;
int ret;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->result == NULL, -1);
xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, -1);
-
+
/* add binary buffer to store result */
transform = xmlSecTransformCtxCreateAndAppend(ctx, xmlSecTransformMemBufId);
if(!xmlSecTransformIsValid(transform)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformMemBufId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformMemBufId)));
+ return(-1);
}
ctx->result = xmlSecTransformMemBufGetBuffer(transform);
if(ctx->result == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformMemBufGetBuffer",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformMemBufId)));
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformMemBufGetBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformMemBufId)));
+ return(-1);
+ }
firstType = xmlSecTransformGetDataType(ctx->first, xmlSecTransformModePush, ctx);
if(((firstType & xmlSecTransformDataTypeBin) == 0) &&
((inputDataType & xmlSecTransformDataTypeBin) != 0)) {
-
+
/* need to add parser transform */
- transform = xmlSecTransformCtxCreateAndPrepend(ctx, xmlSecTransformXmlParserId);
- if(transform == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxCreateAndPrepend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXmlParserId)));
- return(-1);
- }
+ transform = xmlSecTransformCtxCreateAndPrepend(ctx, xmlSecTransformXmlParserId);
+ if(transform == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndPrepend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXmlParserId)));
+ return(-1);
+ }
} else if(((firstType & xmlSecTransformDataTypeXml) == 0) &&
((inputDataType & xmlSecTransformDataTypeXml) != 0)) {
- /* need to add c14n transform */
- transform = xmlSecTransformCtxCreateAndPrepend(ctx, xmlSecTransformInclC14NId);
- if(transform == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxCreateAndPrepend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInclC14NId)));
- return(-1);
- }
+ /* need to add c14n transform */
+ transform = xmlSecTransformCtxCreateAndPrepend(ctx, xmlSecTransformInclC14NId);
+ if(transform == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndPrepend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInclC14NId)));
+ return(-1);
+ }
}
/* finally let application a chance to verify that it's ok to execte
* this transforms chain */
if(ctx->preExecCallback != NULL) {
- ret = (ctx->preExecCallback)(ctx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "ctx->preExecCallback",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
- ctx->status = xmlSecTransformStatusWorking;
+ ret = (ctx->preExecCallback)(ctx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "ctx->preExecCallback",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ ctx->status = xmlSecTransformStatusWorking;
return(0);
}
/**
- * xmlSecTransformCtxBinaryExecute:
- * @ctx: the pointer to transforms chain processing context.
- * @data: the input binary data buffer.
- * @dataSize: the input data size.
+ * xmlSecTransformCtxBinaryExecute:
+ * @ctx: the pointer to transforms chain processing context.
+ * @data: the input binary data buffer.
+ * @dataSize: the input data size.
*
* Processes binary data using transforms chain in the @ctx.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecTransformCtxBinaryExecute(xmlSecTransformCtxPtr ctx,
- const xmlSecByte* data, xmlSecSize dataSize) {
+xmlSecTransformCtxBinaryExecute(xmlSecTransformCtxPtr ctx,
+ const xmlSecByte* data, xmlSecSize dataSize) {
int ret;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->result == NULL, -1);
xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, -1);
@@ -1092,107 +1102,107 @@ xmlSecTransformCtxBinaryExecute(xmlSecTransformCtxPtr ctx,
/* we should not have uri stored in ctx */
xmlSecAssert2(ctx->uri == NULL, -1);
-
+
ret = xmlSecTransformCtxPrepare(ctx, xmlSecTransformDataTypeBin);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxPrepare",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "type=bin");
- return(-1);
- }
-
+ NULL,
+ "xmlSecTransformCtxPrepare",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "type=bin");
+ return(-1);
+ }
+
ret = xmlSecTransformPushBin(ctx->first, data, dataSize, 1, ctx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxPushBin",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "dataSize=%d", dataSize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxPushBin",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "dataSize=%d", dataSize);
+ return(-1);
}
ctx->status = xmlSecTransformStatusFinished;
- return(0);
+ return(0);
}
/**
- * xmlSecTransformCtxUriExecute:
- * @ctx: the pointer to transforms chain processing context.
- * @uri: the URI.
+ * xmlSecTransformCtxUriExecute:
+ * @ctx: the pointer to transforms chain processing context.
+ * @uri: the URI.
*
* Process binary data from the URI using transforms chain in @ctx.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecTransformCtxUriExecute(xmlSecTransformCtxPtr ctx, const xmlChar* uri) {
xmlSecTransformPtr uriTransform;
int ret;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, -1);
xmlSecAssert2(uri != NULL, -1);
/* we should not execute transform for a different uri */
xmlSecAssert2((ctx->uri == NULL) || (uri == ctx->uri) || xmlStrEqual(uri, ctx->uri), -1);
-
+
uriTransform = xmlSecTransformCtxCreateAndPrepend(ctx, xmlSecTransformInputURIId);
if(uriTransform == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxCreateAndPrepend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInputURIId)));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndPrepend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInputURIId)));
+ return(-1);
+ }
+
ret = xmlSecTransformInputURIOpen(uriTransform, uri);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformInputURIOpen",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "uri=%s",
- xmlSecErrorsSafeString(uri));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformInputURIOpen",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s",
+ xmlSecErrorsSafeString(uri));
+ return(-1);
}
/* we do not need to do something special for this transform */
ret = xmlSecTransformCtxPrepare(ctx, xmlSecTransformDataTypeUnknown);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxPrepare",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "type=bin");
- return(-1);
- }
-
- /* Now we have a choice: we either can push from first transform or pop
+ NULL,
+ "xmlSecTransformCtxPrepare",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "type=bin");
+ return(-1);
+ }
+
+ /* Now we have a choice: we either can push from first transform or pop
* from last. Our C14N transforms prefers push, so push data!
*/
- ret = xmlSecTransformPump(uriTransform, uriTransform->next, ctx);
+ ret = xmlSecTransformPump(uriTransform, uriTransform->next, ctx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformPump",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "uri=%s",
- xmlSecErrorsSafeString(uri));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformPump",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s",
+ xmlSecErrorsSafeString(uri));
+ return(-1);
+ }
+
ctx->status = xmlSecTransformStatusFinished;
return(0);
}
/**
- * xmlSecTransformCtxXmlExecute:
- * @ctx: the pointer to transforms chain processing context.
- * @nodes: the input node set.
+ * xmlSecTransformCtxXmlExecute:
+ * @ctx: the pointer to transforms chain processing context.
+ * @nodes: the input node set.
*
* Process @nodes using transforms in the transforms chain in @ctx.
*
@@ -1201,35 +1211,35 @@ xmlSecTransformCtxUriExecute(xmlSecTransformCtxPtr ctx, const xmlChar* uri) {
int
xmlSecTransformCtxXmlExecute(xmlSecTransformCtxPtr ctx, xmlSecNodeSetPtr nodes) {
int ret;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->result == NULL, -1);
xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, -1);
xmlSecAssert2(nodes != NULL, -1);
-
- xmlSecAssert2((ctx->uri == NULL) || (xmlStrlen(ctx->uri) == 0), -1);
+
+ xmlSecAssert2((ctx->uri == NULL) || (xmlStrlen(ctx->uri) == 0), -1);
ret = xmlSecTransformCtxPrepare(ctx, xmlSecTransformDataTypeXml);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxPrepare",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "type=xml");
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxPrepare",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "type=xml");
+ return(-1);
+ }
/* it's better to do push than pop because all XML transform
* just don't care and c14n likes push more than pop */
ret = xmlSecTransformPushXml(ctx->first, nodes, ctx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformPushXml",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformGetName(ctx->first)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformPushXml",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(ctx->first)));
+ return(-1);
}
ctx->status = xmlSecTransformStatusFinished;
@@ -1237,9 +1247,9 @@ xmlSecTransformCtxXmlExecute(xmlSecTransformCtxPtr ctx, xmlSecNodeSetPtr nodes)
}
/**
- * xmlSecTransformCtxExecute:
- * @ctx: the pointer to transforms chain processing context.
- * @doc: the pointer to input document.
+ * xmlSecTransformCtxExecute:
+ * @ctx: the pointer to transforms chain processing context.
+ * @doc: the pointer to input document.
*
* Executes transforms chain in @ctx.
*
@@ -1248,139 +1258,139 @@ xmlSecTransformCtxXmlExecute(xmlSecTransformCtxPtr ctx, xmlSecNodeSetPtr nodes)
int
xmlSecTransformCtxExecute(xmlSecTransformCtxPtr ctx, xmlDocPtr doc) {
int ret;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->result == NULL, -1);
xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, -1);
xmlSecAssert2(doc != NULL, -1);
-
+
if((ctx->uri == NULL) || (xmlStrlen(ctx->uri) == 0)) {
- xmlSecNodeSetPtr nodes;
-
- if((ctx->xptrExpr != NULL) && (xmlStrlen(ctx->xptrExpr) > 0)){
- /* our xpointer transform takes care of providing correct nodes set */
- nodes = xmlSecNodeSetCreate(doc, NULL, xmlSecNodeSetNormal);
- if(nodes == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNodeSetCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- } else {
- /* we do not want to have comments for empty URI */
- nodes = xmlSecNodeSetGetChildren(doc, NULL, 0, 0);
- if(nodes == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNodeSetGetChildren",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
- ret = xmlSecTransformCtxXmlExecute(ctx, nodes);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxXmlExecute",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecNodeSetDestroy(nodes);
- return(-1);
- }
- /* TODO: don't destroy nodes here */
- xmlSecNodeSetDestroy(nodes);
+ xmlSecNodeSetPtr nodes;
+
+ if((ctx->xptrExpr != NULL) && (xmlStrlen(ctx->xptrExpr) > 0)){
+ /* our xpointer transform takes care of providing correct nodes set */
+ nodes = xmlSecNodeSetCreate(doc, NULL, xmlSecNodeSetNormal);
+ if(nodes == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNodeSetCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ } else {
+ /* we do not want to have comments for empty URI */
+ nodes = xmlSecNodeSetGetChildren(doc, NULL, 0, 0);
+ if(nodes == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNodeSetGetChildren",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ ret = xmlSecTransformCtxXmlExecute(ctx, nodes);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxXmlExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecNodeSetDestroy(nodes);
+ return(-1);
+ }
+ /* TODO: don't destroy nodes here */
+ xmlSecNodeSetDestroy(nodes);
} else {
- ret = xmlSecTransformCtxUriExecute(ctx, ctx->uri);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxUriExecute",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
+ ret = xmlSecTransformCtxUriExecute(ctx, ctx->uri);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxUriExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
return(0);
}
/**
* xmlSecTransformCtxDebugDump:
- * @ctx: the pointer to transforms chain processing context.
- * @output: the pointer to output FILE.
- *
+ * @ctx: the pointer to transforms chain processing context.
+ * @output: the pointer to output FILE.
+ *
* Prints transforms context debug information to @output.
*/
-void
+void
xmlSecTransformCtxDebugDump(xmlSecTransformCtxPtr ctx, FILE* output) {
- xmlSecTransformPtr transform;
-
+ xmlSecTransformPtr transform;
+
xmlSecAssert(ctx != NULL);
xmlSecAssert(output != NULL);
- fprintf(output, "== TRANSFORMS CTX (status=%d)\n", ctx->status);
+ fprintf(output, "== TRANSFORMS CTX (status=%d)\n", ctx->status);
fprintf(output, "== flags: 0x%08x\n", ctx->flags);
fprintf(output, "== flags2: 0x%08x\n", ctx->flags2);
if(xmlSecPtrListGetSize(&(ctx->enabledTransforms)) > 0) {
- fprintf(output, "== enabled transforms: ");
- xmlSecTransformIdListDebugDump(&(ctx->enabledTransforms), output);
+ fprintf(output, "== enabled transforms: ");
+ xmlSecTransformIdListDebugDump(&(ctx->enabledTransforms), output);
} else {
- fprintf(output, "== enabled transforms: all\n");
+ fprintf(output, "== enabled transforms: all\n");
}
-
- fprintf(output, "=== uri: %s\n",
- (ctx->uri != NULL) ? ctx->uri : BAD_CAST "NULL");
- fprintf(output, "=== uri xpointer expr: %s\n",
- (ctx->xptrExpr != NULL) ? ctx->xptrExpr : BAD_CAST "NULL");
+
+ fprintf(output, "=== uri: %s\n",
+ (ctx->uri != NULL) ? ctx->uri : BAD_CAST "NULL");
+ fprintf(output, "=== uri xpointer expr: %s\n",
+ (ctx->xptrExpr != NULL) ? ctx->xptrExpr : BAD_CAST "NULL");
for(transform = ctx->first; transform != NULL; transform = transform->next) {
- xmlSecTransformDebugDump(transform, output);
+ xmlSecTransformDebugDump(transform, output);
}
}
/**
* xmlSecTransformCtxDebugXmlDump:
- * @ctx: the pointer to transforms chain processing context.
- * @output: the pointer to output FILE.
- *
+ * @ctx: the pointer to transforms chain processing context.
+ * @output: the pointer to output FILE.
+ *
* Prints transforms context debug information to @output in XML format.
*/
-void
+void
xmlSecTransformCtxDebugXmlDump(xmlSecTransformCtxPtr ctx, FILE* output) {
- xmlSecTransformPtr transform;
-
+ xmlSecTransformPtr transform;
+
xmlSecAssert(ctx != NULL);
xmlSecAssert(output != NULL);
-
+
fprintf(output, "<TransformCtx status=\"%d\">\n", ctx->status);
fprintf(output, "<Flags>%08x</Flags>\n", ctx->flags);
fprintf(output, "<Flags2>%08x</Flags2>\n", ctx->flags2);
if(xmlSecPtrListGetSize(&(ctx->enabledTransforms)) > 0) {
- fprintf(output, "<EnabledTransforms>\n");
- xmlSecTransformIdListDebugXmlDump(&(ctx->enabledTransforms), output);
- fprintf(output, "</EnabledTransforms>\n");
+ fprintf(output, "<EnabledTransforms>\n");
+ xmlSecTransformIdListDebugXmlDump(&(ctx->enabledTransforms), output);
+ fprintf(output, "</EnabledTransforms>\n");
} else {
- fprintf(output, "<EnabledTransforms>all</EnabledTransforms>\n");
+ fprintf(output, "<EnabledTransforms>all</EnabledTransforms>\n");
}
fprintf(output, "<Uri>");
xmlSecPrintXmlString(output, ctx->uri);
fprintf(output, "</Uri>\n");
-
+
fprintf(output, "<UriXPointer>");
xmlSecPrintXmlString(output, ctx->xptrExpr);
fprintf(output, "</UriXPointer>\n");
for(transform = ctx->first; transform != NULL; transform = transform->next) {
- xmlSecTransformDebugXmlDump(transform, output);
+ xmlSecTransformDebugXmlDump(transform, output);
}
- fprintf(output, "</TransformCtx>\n");
+ fprintf(output, "</TransformCtx>\n");
}
/**************************************************************************
@@ -1390,77 +1400,77 @@ xmlSecTransformCtxDebugXmlDump(xmlSecTransformCtxPtr ctx, FILE* output) {
*************************************************************************/
/**
* xmlSecTransformCreate:
- * @id: the transform id to create.
+ * @id: the transform id to create.
*
* Creates new transform of the @id klass. The caller is responsible for
* destroying returned tansform using #xmlSecTransformDestroy function.
*
* Returns: pointer to newly created transform or NULL if an error occurs.
- */
-xmlSecTransformPtr
+ */
+xmlSecTransformPtr
xmlSecTransformCreate(xmlSecTransformId id) {
xmlSecTransformPtr transform;
int ret;
-
+
xmlSecAssert2(id != NULL, NULL);
xmlSecAssert2(id->klassSize >= sizeof(xmlSecTransformKlass), NULL);
xmlSecAssert2(id->objSize >= sizeof(xmlSecTransform), NULL);
xmlSecAssert2(id->name != NULL, NULL);
-
+
/* Allocate a new xmlSecTransform and fill the fields. */
transform = (xmlSecTransformPtr)xmlMalloc(id->objSize);
if(transform == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", id->objSize);
- return(NULL);
- }
- memset(transform, 0, id->objSize);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", id->objSize);
+ return(NULL);
+ }
+ memset(transform, 0, id->objSize);
transform->id = id;
-
+
if(id->initialize != NULL) {
- ret = (id->initialize)(transform);
+ ret = (id->initialize)(transform);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "id->initialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecTransformDestroy(transform);
- return(NULL);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "id->initialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecTransformDestroy(transform);
+ return(NULL);
+ }
}
ret = xmlSecBufferInitialize(&(transform->inBuf), 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", 0);
- xmlSecTransformDestroy(transform);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", 0);
+ xmlSecTransformDestroy(transform);
+ return(NULL);
}
ret = xmlSecBufferInitialize(&(transform->outBuf), 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", 0);
- xmlSecTransformDestroy(transform);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", 0);
+ xmlSecTransformDestroy(transform);
+ return(NULL);
+ }
+
return(transform);
}
/**
* xmlSecTransformDestroy:
- * @transform: the pointer to transform.
+ * @transform: the pointer to transform.
*
* Destroys transform created with #xmlSecTransformCreate function.
*/
@@ -1468,7 +1478,7 @@ void
xmlSecTransformDestroy(xmlSecTransformPtr transform) {
xmlSecAssert(xmlSecTransformIsValid(transform));
xmlSecAssert(transform->id->objSize > 0);
-
+
/* first need to remove ourselves from chain */
xmlSecTransformRemove(transform);
@@ -1477,23 +1487,23 @@ xmlSecTransformDestroy(xmlSecTransformPtr transform) {
/* we never destroy input nodes, output nodes
* are destroyed if and only if they are different
- * from input nodes
+ * from input nodes
*/
if((transform->outNodes != NULL) && (transform->outNodes != transform->inNodes)) {
- xmlSecNodeSetDestroy(transform->outNodes);
+ xmlSecNodeSetDestroy(transform->outNodes);
}
- if(transform->id->finalize != NULL) {
- (transform->id->finalize)(transform);
+ if(transform->id->finalize != NULL) {
+ (transform->id->finalize)(transform);
}
memset(transform, 0, transform->id->objSize);
xmlFree(transform);
}
-/**
+/**
* xmlSecTransformNodeRead:
- * @node: the pointer to the transform's node.
- * @usage: the transform usage (signature, encryption, ...).
- * @transformCtx: the transform's chaing processing context.
+ * @node: the pointer to the transform's node.
+ * @usage: the transform usage (signature, encryption, ...).
+ * @transformCtx: the transform's chaing processing context.
*
* Reads transform from the @node as follows:
*
@@ -1519,154 +1529,154 @@ xmlSecTransformNodeRead(xmlNodePtr node, xmlSecTransformUsage usage, xmlSecTrans
href = xmlGetProp(node, xmlSecAttrAlgorithm);
if(href == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
- XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
- return(NULL);
- }
-
- id = xmlSecTransformIdListFindByHref(xmlSecTransformIdsGet(), href, usage);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ return(NULL);
+ }
+
+ id = xmlSecTransformIdListFindByHref(xmlSecTransformIdsGet(), href, usage);
if(id == xmlSecTransformIdUnknown) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformIdListFindByHref",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "href=%s",
- xmlSecErrorsSafeString(href));
- xmlFree(href);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdListFindByHref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "href=%s",
+ xmlSecErrorsSafeString(href));
+ xmlFree(href);
+ return(NULL);
}
/* check with enabled transforms list */
if((xmlSecPtrListGetSize(&(transformCtx->enabledTransforms)) > 0) &&
(xmlSecTransformIdListFind(&(transformCtx->enabledTransforms), id) != 1)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)),
- XMLSEC_ERRORS_R_TRANSFORM_DISABLED,
- "href=%s",
- xmlSecErrorsSafeString(href));
- xmlFree(href);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)),
+ XMLSEC_ERRORS_R_TRANSFORM_DISABLED,
+ "href=%s",
+ xmlSecErrorsSafeString(href));
+ xmlFree(href);
+ return(NULL);
+ }
+
transform = xmlSecTransformCreate(id);
if(!xmlSecTransformIsValid(transform)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)));
- xmlFree(href);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)));
+ xmlFree(href);
+ return(NULL);
}
if(transform->id->readNode != NULL) {
- ret = transform->id->readNode(transform, node, transformCtx);
+ ret = transform->id->readNode(transform, node, transformCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "id->readNode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
- xmlSecTransformDestroy(transform);
- xmlFree(href);
- return(NULL);
- }
- }
-
- /* finally remember the transform node */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "id->readNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
+ xmlSecTransformDestroy(transform);
+ xmlFree(href);
+ return(NULL);
+ }
+ }
+
+ /* finally remember the transform node */
transform->hereNode = node;
- xmlFree(href);
+ xmlFree(href);
return(transform);
}
/**
* xmlSecTransformPump:
- * @left: the source pumping transform.
- * @right: the destination pumping transform.
- * @transformCtx: the transform's chaing processing context.
+ * @left: the source pumping transform.
+ * @right: the destination pumping transform.
+ * @transformCtx: the transform's chaing processing context.
*
* Pops data from @left transform and pushes to @right transform until
* no more data is available.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecTransformPump(xmlSecTransformPtr left, xmlSecTransformPtr right, xmlSecTransformCtxPtr transformCtx) {
xmlSecTransformDataType leftType;
xmlSecTransformDataType rightType;
int ret;
-
+
xmlSecAssert2(xmlSecTransformIsValid(left), -1);
xmlSecAssert2(xmlSecTransformIsValid(right), -1);
xmlSecAssert2(transformCtx != NULL, -1);
-
+
leftType = xmlSecTransformGetDataType(left, xmlSecTransformModePop, transformCtx);
rightType = xmlSecTransformGetDataType(right, xmlSecTransformModePush, transformCtx);
- if(((leftType & xmlSecTransformDataTypeXml) != 0) &&
+ if(((leftType & xmlSecTransformDataTypeXml) != 0) &&
((rightType & xmlSecTransformDataTypeXml) != 0)) {
-
+
xmlSecNodeSetPtr nodes = NULL;
ret = xmlSecTransformPopXml(left, &nodes, transformCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(left)),
- "xmlSecTransformPopXml",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(left)),
+ "xmlSecTransformPopXml",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ret = xmlSecTransformPushXml(right, nodes, transformCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(right)),
- "xmlSecTransformPushXml",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(right)),
+ "xmlSecTransformPushXml",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
- } else if(((leftType & xmlSecTransformDataTypeBin) != 0) &&
- ((rightType & xmlSecTransformDataTypeBin) != 0)) {
- xmlSecByte buf[XMLSEC_TRANSFORM_BINARY_CHUNK];
- xmlSecSize bufSize;
- int final;
-
- do {
- ret = xmlSecTransformPopBin(left, buf, sizeof(buf), &bufSize, transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(left)),
- "xmlSecTransformPopBin",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- final = (bufSize == 0) ? 1 : 0;
- ret = xmlSecTransformPushBin(right, buf, bufSize, final, transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(right)),
- "xmlSecTransformPushBin",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- } while(final == 0);
+ } else if(((leftType & xmlSecTransformDataTypeBin) != 0) &&
+ ((rightType & xmlSecTransformDataTypeBin) != 0)) {
+ xmlSecByte buf[XMLSEC_TRANSFORM_BINARY_CHUNK];
+ xmlSecSize bufSize;
+ int final;
+
+ do {
+ ret = xmlSecTransformPopBin(left, buf, sizeof(buf), &bufSize, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(left)),
+ "xmlSecTransformPopBin",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ final = (bufSize == 0) ? 1 : 0;
+ ret = xmlSecTransformPushBin(right, buf, bufSize, final, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(right)),
+ "xmlSecTransformPushBin",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } while(final == 0);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(left)),
- xmlSecErrorsSafeString(xmlSecTransformGetName(right)),
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- "transforms input/output data formats do not match");
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(left)),
+ xmlSecErrorsSafeString(xmlSecTransformGetName(right)),
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ "transforms input/output data formats do not match");
}
return(0);
}
@@ -1674,8 +1684,8 @@ xmlSecTransformPump(xmlSecTransformPtr left, xmlSecTransformPtr right, xmlSecTra
/**
* xmlSecTransformSetKey:
- * @transform: the pointer to transform.
- * @key: the pointer to key.
+ * @transform: the pointer to transform.
+ * @key: the pointer to key.
*
* Sets the transform's key.
*
@@ -1685,17 +1695,17 @@ int
xmlSecTransformSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
xmlSecAssert2(key != NULL, -1);
-
+
if(transform->id->setKey != NULL) {
- return((transform->id->setKey)(transform, key));
+ return((transform->id->setKey)(transform, key));
}
return(0);
}
/**
* xmlSecTransformSetKeyReq:
- * @transform: the pointer to transform.
- * @keyReq: the pointer to keys requirements object.
+ * @transform: the pointer to transform.
+ * @keyReq: the pointer to keys requirements object.
*
* Sets the key requirements for @transform in the @keyReq.
*
@@ -1705,24 +1715,24 @@ int
xmlSecTransformSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
xmlSecAssert2(keyReq != NULL, -1);
-
- keyReq->keyId = xmlSecKeyDataIdUnknown;
- keyReq->keyType = xmlSecKeyDataTypeUnknown;
- keyReq->keyUsage = xmlSecKeyUsageAny;
- keyReq->keyBitsSize = 0;
-
+
+ keyReq->keyId = xmlSecKeyDataIdUnknown;
+ keyReq->keyType = xmlSecKeyDataTypeUnknown;
+ keyReq->keyUsage = xmlSecKeyUsageAny;
+ keyReq->keyBitsSize = 0;
+
if(transform->id->setKeyReq != NULL) {
- return((transform->id->setKeyReq)(transform, keyReq));
+ return((transform->id->setKeyReq)(transform, keyReq));
}
return(0);
}
/**
* xmlSecTransformVerify:
- * @transform: the pointer to transform.
- * @data: the binary data for verification.
- * @dataSize: the data size.
- * @transformCtx: the transform's chaing processing context.
+ * @transform: the pointer to transform.
+ * @data: the binary data for verification.
+ * @dataSize: the data size.
+ * @transformCtx: the transform's chaing processing context.
*
* Verifies the data with transform's processing results
* (for digest, HMAC and signature transforms). The verification
@@ -1730,9 +1740,9 @@ xmlSecTransformSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecTransformVerify(xmlSecTransformPtr transform, const xmlSecByte* data,
- xmlSecSize dataSize, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize dataSize, xmlSecTransformCtxPtr transformCtx) {
xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
xmlSecAssert2(transform->id->verify != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
@@ -1742,56 +1752,56 @@ xmlSecTransformVerify(xmlSecTransformPtr transform, const xmlSecByte* data,
/**
* xmlSecTransformVerifyNodeContent:
- * @transform: the pointer to transform.
- * @node: the pointer to node.
- * @transformCtx: the transform's chaing processing context.
+ * @transform: the pointer to transform.
+ * @node: the pointer to node.
+ * @transformCtx: the transform's chaing processing context.
*
* Gets the @node content, base64 decodes it and calls #xmlSecTransformVerify
* function to verify binary results.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecTransformVerifyNodeContent(xmlSecTransformPtr transform, xmlNodePtr node,
- xmlSecTransformCtxPtr transformCtx) {
+ xmlSecTransformCtxPtr transformCtx) {
xmlSecBuffer buffer;
int ret;
-
+
xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
-
+
ret = xmlSecBufferInitialize(&buffer, 0);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecBufferBase64NodeContentRead(&buffer, node);
if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferBase64NodeContentRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBufferFinalize(&buffer);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferBase64NodeContentRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buffer);
+ return(-1);
+ }
+
ret = xmlSecTransformVerify(transform, xmlSecBufferGetData(&buffer),
- xmlSecBufferGetSize(&buffer), transformCtx);
+ xmlSecBufferGetSize(&buffer), transformCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecTransformVerify",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBufferFinalize(&buffer);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformVerify",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buffer);
+ return(-1);
}
xmlSecBufferFinalize(&buffer);
@@ -1800,125 +1810,125 @@ xmlSecTransformVerifyNodeContent(xmlSecTransformPtr transform, xmlNodePtr node,
/**
* xmlSecTransformGetDataType:
- * @transform: the pointer to transform.
- * @mode: the data mode (push or pop).
- * @transformCtx: the transform's chaing processing context.
+ * @transform: the pointer to transform.
+ * @mode: the data mode (push or pop).
+ * @transformCtx: the transform's chaing processing context.
*
- * Gets transform input (@mode is "push") or output (@mode is "pop") data
+ * Gets transform input (@mode is "push") or output (@mode is "pop") data
* type (binary or XML).
*
* Returns: the transform's data type for the @mode operation.
*/
-xmlSecTransformDataType
-xmlSecTransformGetDataType(xmlSecTransformPtr transform, xmlSecTransformMode mode,
- xmlSecTransformCtxPtr transformCtx) {
+xmlSecTransformDataType
+xmlSecTransformGetDataType(xmlSecTransformPtr transform, xmlSecTransformMode mode,
+ xmlSecTransformCtxPtr transformCtx) {
xmlSecAssert2(xmlSecTransformIsValid(transform), xmlSecTransformDataTypeUnknown);
xmlSecAssert2(transform->id->getDataType != NULL, xmlSecTransformDataTypeUnknown);
-
- return((transform->id->getDataType)(transform, mode, transformCtx));
+
+ return((transform->id->getDataType)(transform, mode, transformCtx));
}
/**
* xmlSecTransformPushBin:
- * @transform: the pointer to transform object.
- * @data: the input binary data,
- * @dataSize: the input data size.
- * @final: the flag: if set to 1 then it's the last
- * data chunk.
- * @transformCtx: the pointer to transform context object.
+ * @transform: the pointer to transform object.
+ * @data: the input binary data,
+ * @dataSize: the input data size.
+ * @final: the flag: if set to 1 then it's the last
+ * data chunk.
+ * @transformCtx: the pointer to transform context object.
*
* Process binary @data and pushes results to next transform.
- *
+ *
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecTransformPushBin(xmlSecTransformPtr transform, const xmlSecByte* data,
- xmlSecSize dataSize, int final, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize dataSize, int final, xmlSecTransformCtxPtr transformCtx) {
xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
xmlSecAssert2(transform->id->pushBin != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
-
- return((transform->id->pushBin)(transform, data, dataSize, final, transformCtx));
+
+ return((transform->id->pushBin)(transform, data, dataSize, final, transformCtx));
}
/**
* xmlSecTransformPopBin:
- * @transform: the pointer to transform object.
- * @data: the buffer to store result data.
- * @maxDataSize: the size of the buffer #data.
- * @dataSize: the pointer to returned data size.
- * @transformCtx: the pointer to transform context object.
- *
- * Pops data from previous transform in the chain, processes data and
- * returns result in the @data buffer. The size of returned data is
+ * @transform: the pointer to transform object.
+ * @data: the buffer to store result data.
+ * @maxDataSize: the size of the buffer #data.
+ * @dataSize: the pointer to returned data size.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * Pops data from previous transform in the chain, processes data and
+ * returns result in the @data buffer. The size of returned data is
* placed in the @dataSize.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecTransformPopBin(xmlSecTransformPtr transform, xmlSecByte* data,
- xmlSecSize maxDataSize, xmlSecSize* dataSize, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize maxDataSize, xmlSecSize* dataSize, xmlSecTransformCtxPtr transformCtx) {
xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
xmlSecAssert2(transform->id->popBin != NULL, -1);
xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(dataSize != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
- return((transform->id->popBin)(transform, data, maxDataSize, dataSize, transformCtx));
+ return((transform->id->popBin)(transform, data, maxDataSize, dataSize, transformCtx));
}
/**
* xmlSecTransformPushXml:
- * @transform: the pointer to transform object.
- * @nodes: the input nodes.
- * @transformCtx: the pointer to transform context object.
+ * @transform: the pointer to transform object.
+ * @nodes: the input nodes.
+ * @transformCtx: the pointer to transform context object.
*
* Processes @nodes and pushes result to the next transform in the chain.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecTransformPushXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr nodes,
- xmlSecTransformCtxPtr transformCtx) {
+ xmlSecTransformCtxPtr transformCtx) {
xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
xmlSecAssert2(transform->id->pushXml != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
- return((transform->id->pushXml)(transform, nodes, transformCtx));
+ return((transform->id->pushXml)(transform, nodes, transformCtx));
}
/**
* xmlSecTransformPopXml:
- * @transform: the pointer to transform object.
- * @nodes: the pointer to store popinter to result nodes.
- * @transformCtx: the pointer to transform context object.
+ * @transform: the pointer to transform object.
+ * @nodes: the pointer to store popinter to result nodes.
+ * @transformCtx: the pointer to transform context object.
*
- * Pops data from previous transform in the chain, processes the data and
+ * Pops data from previous transform in the chain, processes the data and
* returns result in @nodes.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecTransformPopXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr* nodes,
- xmlSecTransformCtxPtr transformCtx) {
+ xmlSecTransformCtxPtr transformCtx) {
xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
xmlSecAssert2(transform->id->popXml != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
- return((transform->id->popXml)(transform, nodes, transformCtx));
+ return((transform->id->popXml)(transform, nodes, transformCtx));
}
/**
* xmlSecTransformExecute:
- * @transform: the pointer to transform.
- * @last: the flag: if set to 1 then it's the last data chunk.
- * @transformCtx: the transform's chaing processing context.
+ * @transform: the pointer to transform.
+ * @last: the flag: if set to 1 then it's the last data chunk.
+ * @transformCtx: the transform's chaing processing context.
*
* Executes transform (used by default popBin/pushBin/popXml/pushXml methods).
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecTransformExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
xmlSecAssert2(transform->id->execute != NULL, -1);
@@ -1929,29 +1939,29 @@ xmlSecTransformExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCt
/**
* xmlSecTransformDebugDump:
- * @transform: the pointer to transform.
- * @output: the pointer to output FILE.
+ * @transform: the pointer to transform.
+ * @output: the pointer to output FILE.
*
* Prints transform's debug information to @output.
*/
-void
+void
xmlSecTransformDebugDump(xmlSecTransformPtr transform, FILE* output) {
xmlSecAssert(xmlSecTransformIsValid(transform));
xmlSecAssert(output != NULL);
-
+
fprintf(output, "=== Transform: %s (href=%s)\n",
- xmlSecErrorsSafeString(transform->id->name),
- xmlSecErrorsSafeString(transform->id->href));
+ xmlSecErrorsSafeString(transform->id->name),
+ xmlSecErrorsSafeString(transform->id->href));
}
/**
* xmlSecTransformDebugXmlDump:
- * @transform: the pointer to transform.
- * @output: the pointer to output FILE.
+ * @transform: the pointer to transform.
+ * @output: the pointer to output FILE.
*
* Prints transform's debug information to @output in XML format.
*/
-void
+void
xmlSecTransformDebugXmlDump(xmlSecTransformPtr transform, FILE* output) {
xmlSecAssert(xmlSecTransformIsValid(transform));
xmlSecAssert(output != NULL);
@@ -1967,41 +1977,41 @@ xmlSecTransformDebugXmlDump(xmlSecTransformPtr transform, FILE* output) {
*
* Operations on transforms chain
*
- ************************************************************************/
+ ************************************************************************/
/**
* xmlSecTransformConnect:
- * @left: the pointer to left (prev) transform.
- * @right: the pointer to right (next) transform.
- * @transformCtx: the transform's chaing processing context.
+ * @left: the pointer to left (prev) transform.
+ * @right: the pointer to right (next) transform.
+ * @transformCtx: the transform's chaing processing context.
*
- * If the data object is a node-set and the next transform requires octets,
- * the signature application MUST attempt to convert the node-set to an octet
- * stream using Canonical XML [XML-C14N].
+ * If the data object is a node-set and the next transform requires octets,
+ * the signature application MUST attempt to convert the node-set to an octet
+ * stream using Canonical XML [XML-C14N].
*
* The story is different if the right transform is base64 decode
* (http://www.w3.org/TR/xmldsig-core/#sec-Base-64):
*
- * This transform requires an octet stream for input. If an XPath node-set
- * (or sufficiently functional alternative) is given as input, then it is
- * converted to an octet stream by performing operations logically equivalent
- * to 1) applying an XPath transform with expression self::text(), then 2)
- * taking the string-value of the node-set. Thus, if an XML element is
- * identified by a barename XPointer in the Reference URI, and its content
- * consists solely of base64 encoded character data, then this transform
- * automatically strips away the start and end tags of the identified element
- * and any of its descendant elements as well as any descendant comments and
+ * This transform requires an octet stream for input. If an XPath node-set
+ * (or sufficiently functional alternative) is given as input, then it is
+ * converted to an octet stream by performing operations logically equivalent
+ * to 1) applying an XPath transform with expression self::text(), then 2)
+ * taking the string-value of the node-set. Thus, if an XML element is
+ * identified by a barename XPointer in the Reference URI, and its content
+ * consists solely of base64 encoded character data, then this transform
+ * automatically strips away the start and end tags of the identified element
+ * and any of its descendant elements as well as any descendant comments and
* processing instructions. The output of this transform is an octet stream.
*
- * Returns: 0 on success or a negative value if an error occurs.
+ * Returns: 0 on success or a negative value if an error occurs.
*/
-int
-xmlSecTransformConnect(xmlSecTransformPtr left, xmlSecTransformPtr right,
- xmlSecTransformCtxPtr transformCtx) {
+int
+xmlSecTransformConnect(xmlSecTransformPtr left, xmlSecTransformPtr right,
+ xmlSecTransformCtxPtr transformCtx) {
xmlSecTransformDataType leftType;
xmlSecTransformDataType rightType;
xmlSecTransformId middleId;
xmlSecTransformPtr middle;
-
+
xmlSecAssert2(xmlSecTransformIsValid(left), -1);
xmlSecAssert2(xmlSecTransformIsValid(right), -1);
xmlSecAssert2(transformCtx != NULL, -1);
@@ -2009,52 +2019,52 @@ xmlSecTransformConnect(xmlSecTransformPtr left, xmlSecTransformPtr right,
leftType = xmlSecTransformGetDataType(left, xmlSecTransformModePop, transformCtx);
rightType = xmlSecTransformGetDataType(right, xmlSecTransformModePush, transformCtx);
- /* happy case first: nothing need to be done */
- if((((leftType & xmlSecTransformDataTypeBin) != 0) &&
- ((rightType & xmlSecTransformDataTypeBin) != 0)) ||
- (((leftType & xmlSecTransformDataTypeXml) != 0) &&
+ /* happy case first: nothing need to be done */
+ if((((leftType & xmlSecTransformDataTypeBin) != 0) &&
+ ((rightType & xmlSecTransformDataTypeBin) != 0)) ||
+ (((leftType & xmlSecTransformDataTypeXml) != 0) &&
((rightType & xmlSecTransformDataTypeXml) != 0))) {
-
- left->next = right;
- right->prev = left;
- return(0);
- }
-
- if(((leftType & xmlSecTransformDataTypeBin) != 0) &&
+
+ left->next = right;
+ right->prev = left;
+ return(0);
+ }
+
+ if(((leftType & xmlSecTransformDataTypeBin) != 0) &&
((rightType & xmlSecTransformDataTypeXml) != 0)) {
-
- /* need to insert parser */
- middleId = xmlSecTransformXmlParserId;
- } else if(((leftType & xmlSecTransformDataTypeXml) != 0) &&
+
+ /* need to insert parser */
+ middleId = xmlSecTransformXmlParserId;
+ } else if(((leftType & xmlSecTransformDataTypeXml) != 0) &&
((rightType & xmlSecTransformDataTypeBin) != 0)) {
-
- /* need to insert c14n or special pre-base64 transform */
- if(xmlSecTransformCheckId(right, xmlSecTransformBase64Id)) {
- middleId = xmlSecTransformRemoveXmlTagsC14NId;
- } else {
- middleId = xmlSecTransformInclC14NId;
- }
+
+ /* need to insert c14n or special pre-base64 transform */
+ if(xmlSecTransformCheckId(right, xmlSecTransformBase64Id)) {
+ middleId = xmlSecTransformRemoveXmlTagsC14NId;
+ } else {
+ middleId = xmlSecTransformInclC14NId;
+ }
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(left)),
- xmlSecErrorsSafeString(xmlSecTransformGetName(right)),
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- "leftType=%d;rightType=%d",
- leftType, rightType);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(left)),
+ xmlSecErrorsSafeString(xmlSecTransformGetName(right)),
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ "leftType=%d;rightType=%d",
+ leftType, rightType);
+ return(-1);
+ }
+
/* insert transform */
middle = xmlSecTransformCreate(middleId);
if(middle == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(left)),
- "xmlSecTransformCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(middleId)));
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(left)),
+ "xmlSecTransformCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(middleId)));
+ return(-1);
+ }
left->next = middle;
middle->prev = left;
middle->next = right;
@@ -2066,17 +2076,17 @@ xmlSecTransformConnect(xmlSecTransformPtr left, xmlSecTransformPtr right,
* xmlSecTransformRemove:
* @transform: the pointer to #xmlSecTransform structure.
*
- * Removes @transform from the chain.
+ * Removes @transform from the chain.
*/
void
xmlSecTransformRemove(xmlSecTransformPtr transform) {
xmlSecAssert(xmlSecTransformIsValid(transform));
if(transform->next != NULL) {
- transform->next->prev = transform->prev;
+ transform->next->prev = transform->prev;
}
if(transform->prev != NULL) {
- transform->prev->next = transform->next;
+ transform->prev->next = transform->next;
}
transform->next = transform->prev = NULL;
}
@@ -2086,184 +2096,184 @@ xmlSecTransformRemove(xmlSecTransformPtr transform) {
*
* Default callbacks, most of the transforms can use them
*
- ************************************************************************/
+ ************************************************************************/
/**
* xmlSecTransformDefaultGetDataType:
- * @transform: the pointer to transform.
- * @mode: the data mode (push or pop).
- * @transformCtx: the transform's chaing processing context.
+ * @transform: the pointer to transform.
+ * @mode: the data mode (push or pop).
+ * @transformCtx: the transform's chaing processing context.
*
- * Gets transform input (@mode is "push") or output (@mode is "pop") data
+ * Gets transform input (@mode is "push") or output (@mode is "pop") data
* type (binary or XML) by analyzing available pushBin/popBin/pushXml/popXml
* methods.
*
* Returns: the transform's data type for the @mode operation.
*/
-xmlSecTransformDataType
+xmlSecTransformDataType
xmlSecTransformDefaultGetDataType(xmlSecTransformPtr transform, xmlSecTransformMode mode,
- xmlSecTransformCtxPtr transformCtx) {
+ xmlSecTransformCtxPtr transformCtx) {
xmlSecTransformDataType type = xmlSecTransformDataTypeUnknown;
-
+
xmlSecAssert2(xmlSecTransformIsValid(transform), xmlSecTransformDataTypeUnknown);
xmlSecAssert2(transformCtx != NULL, xmlSecTransformDataTypeUnknown);
/* we'll try to guess the data type based on the handlers we have */
switch(mode) {
- case xmlSecTransformModePush:
- if(transform->id->pushBin != NULL) {
- type |= xmlSecTransformDataTypeBin;
- }
- if(transform->id->pushXml != NULL) {
- type |= xmlSecTransformDataTypeXml;
- }
- break;
- case xmlSecTransformModePop:
- if(transform->id->popBin != NULL) {
- type |= xmlSecTransformDataTypeBin;
- }
- if(transform->id->popXml != NULL) {
- type |= xmlSecTransformDataTypeXml;
- }
- break;
- default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "mode=%d", mode);
- return(xmlSecTransformDataTypeUnknown);
- }
-
+ case xmlSecTransformModePush:
+ if(transform->id->pushBin != NULL) {
+ type |= xmlSecTransformDataTypeBin;
+ }
+ if(transform->id->pushXml != NULL) {
+ type |= xmlSecTransformDataTypeXml;
+ }
+ break;
+ case xmlSecTransformModePop:
+ if(transform->id->popBin != NULL) {
+ type |= xmlSecTransformDataTypeBin;
+ }
+ if(transform->id->popXml != NULL) {
+ type |= xmlSecTransformDataTypeXml;
+ }
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "mode=%d", mode);
+ return(xmlSecTransformDataTypeUnknown);
+ }
+
return(type);
}
/**
* xmlSecTransformDefaultPushBin:
- * @transform: the pointer to transform object.
- * @data: the input binary data,
- * @dataSize: the input data size.
- * @final: the flag: if set to 1 then it's the last
- * data chunk.
- * @transformCtx: the pointer to transform context object.
- *
- * Process binary @data by calling transform's execute method and pushes
+ * @transform: the pointer to transform object.
+ * @data: the input binary data,
+ * @dataSize: the input data size.
+ * @final: the flag: if set to 1 then it's the last
+ * data chunk.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * Process binary @data by calling transform's execute method and pushes
* results to next transform.
- *
+ *
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecTransformDefaultPushBin(xmlSecTransformPtr transform, const xmlSecByte* data,
- xmlSecSize dataSize, int final, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize dataSize, int final, xmlSecTransformCtxPtr transformCtx) {
xmlSecSize inSize = 0;
xmlSecSize outSize = 0;
int finalData = 0;
int ret;
-
+
xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
xmlSecAssert2(transformCtx != NULL, -1);
-
+
do {
- /* append data to input buffer */
- if(dataSize > 0) {
- xmlSecSize chunkSize;
-
- xmlSecAssert2(data != NULL, -1);
-
- chunkSize = dataSize;
- if(chunkSize > XMLSEC_TRANSFORM_BINARY_CHUNK) {
- chunkSize = XMLSEC_TRANSFORM_BINARY_CHUNK;
- }
-
- ret = xmlSecBufferAppend(&(transform->inBuf), data, chunkSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", chunkSize);
- return(-1);
- }
-
- dataSize -= chunkSize;
- data += chunkSize;
- }
-
- /* process data */
- inSize = xmlSecBufferGetSize(&(transform->inBuf));
- outSize = xmlSecBufferGetSize(&(transform->outBuf));
- finalData = (((dataSize == 0) && (final != 0)) ? 1 : 0);
- ret = xmlSecTransformExecute(transform, finalData, transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecTransformExecute",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "final=%d", final);
- return(-1);
- }
-
- /* push data to the next transform */
- inSize = xmlSecBufferGetSize(&(transform->inBuf));
- outSize = xmlSecBufferGetSize(&(transform->outBuf));
- if(inSize > 0) {
- finalData = 0;
- }
-
- /* we don't want to puch too much */
- if(outSize > XMLSEC_TRANSFORM_BINARY_CHUNK) {
- outSize = XMLSEC_TRANSFORM_BINARY_CHUNK;
- finalData = 0;
- }
- if((transform->next != NULL) && ((outSize > 0) || (finalData != 0))) {
- ret = xmlSecTransformPushBin(transform->next,
- xmlSecBufferGetData(&(transform->outBuf)),
- outSize,
- finalData,
- transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform->next)),
- "xmlSecTransformPushBin",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "final=%d;outSize=%d", final, outSize);
- return(-1);
- }
- }
-
- /* remove data anyway */
- if(outSize > 0) {
- ret = xmlSecBufferRemoveHead(&(transform->outBuf), outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- return(-1);
- }
- }
+ /* append data to input buffer */
+ if(dataSize > 0) {
+ xmlSecSize chunkSize;
+
+ xmlSecAssert2(data != NULL, -1);
+
+ chunkSize = dataSize;
+ if(chunkSize > XMLSEC_TRANSFORM_BINARY_CHUNK) {
+ chunkSize = XMLSEC_TRANSFORM_BINARY_CHUNK;
+ }
+
+ ret = xmlSecBufferAppend(&(transform->inBuf), data, chunkSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", chunkSize);
+ return(-1);
+ }
+
+ dataSize -= chunkSize;
+ data += chunkSize;
+ }
+
+ /* process data */
+ inSize = xmlSecBufferGetSize(&(transform->inBuf));
+ outSize = xmlSecBufferGetSize(&(transform->outBuf));
+ finalData = (((dataSize == 0) && (final != 0)) ? 1 : 0);
+ ret = xmlSecTransformExecute(transform, finalData, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "final=%d", final);
+ return(-1);
+ }
+
+ /* push data to the next transform */
+ inSize = xmlSecBufferGetSize(&(transform->inBuf));
+ outSize = xmlSecBufferGetSize(&(transform->outBuf));
+ if(inSize > 0) {
+ finalData = 0;
+ }
+
+ /* we don't want to puch too much */
+ if(outSize > XMLSEC_TRANSFORM_BINARY_CHUNK) {
+ outSize = XMLSEC_TRANSFORM_BINARY_CHUNK;
+ finalData = 0;
+ }
+ if((transform->next != NULL) && ((outSize > 0) || (finalData != 0))) {
+ ret = xmlSecTransformPushBin(transform->next,
+ xmlSecBufferGetData(&(transform->outBuf)),
+ outSize,
+ finalData,
+ transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform->next)),
+ "xmlSecTransformPushBin",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "final=%d;outSize=%d", final, outSize);
+ return(-1);
+ }
+ }
+
+ /* remove data anyway */
+ if(outSize > 0) {
+ ret = xmlSecBufferRemoveHead(&(transform->outBuf), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+ }
} while((dataSize > 0) || (outSize > 0));
-
+
return(0);
}
/**
* xmlSecTransformDefaultPopBin:
- * @transform: the pointer to transform object.
- * @data: the buffer to store result data.
- * @maxDataSize: the size of the buffer #data.
- * @dataSize: the pointer to returned data size.
- * @transformCtx: the pointer to transform context object.
+ * @transform: the pointer to transform object.
+ * @data: the buffer to store result data.
+ * @maxDataSize: the size of the buffer #data.
+ * @dataSize: the pointer to returned data size.
+ * @transformCtx: the pointer to transform context object.
*
* Pops data from previous transform in the chain, processes data by calling
- * transform's execute method and returns result in the @data buffer. The
+ * transform's execute method and returns result in the @data buffer. The
* size of returned data is placed in the @dataSize.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecTransformDefaultPopBin(xmlSecTransformPtr transform, xmlSecByte* data,
- xmlSecSize maxDataSize, xmlSecSize* dataSize, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize maxDataSize, xmlSecSize* dataSize, xmlSecTransformCtxPtr transformCtx) {
xmlSecSize outSize;
int final = 0;
int ret;
@@ -2274,94 +2284,94 @@ xmlSecTransformDefaultPopBin(xmlSecTransformPtr transform, xmlSecByte* data,
xmlSecAssert2(transformCtx != NULL, -1);
while((xmlSecBufferGetSize(&(transform->outBuf)) == 0) && (final == 0)) {
- /* read data from previous transform if exist */
- if(transform->prev != NULL) {
- xmlSecSize inSize, chunkSize;
-
- inSize = xmlSecBufferGetSize(&(transform->inBuf));
- chunkSize = XMLSEC_TRANSFORM_BINARY_CHUNK;
-
- /* ensure that we have space for at least one data chunk */
- ret = xmlSecBufferSetMaxSize(&(transform->inBuf), inSize + chunkSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize + chunkSize);
- return(-1);
- }
-
- /* get data from previous transform */
- ret = xmlSecTransformPopBin(transform->prev,
- xmlSecBufferGetData(&(transform->inBuf)) + inSize,
- chunkSize, &chunkSize, transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform->prev)),
- "xmlSecTransformPopBin",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* adjust our size if needed */
- if(chunkSize > 0) {
- ret = xmlSecBufferSetSize(&(transform->inBuf), inSize + chunkSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize + chunkSize);
- return(-1);
- }
- final = 0; /* the previous transform returned some data..*/
- } else {
- final = 1; /* no data returned from previous transform, we are done */
- }
- } else {
- final = 1; /* no previous transform, we are "permanently final" */
- }
-
- /* execute our transform */
- ret = xmlSecTransformExecute(transform, final, transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecTransformExecute",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
+ /* read data from previous transform if exist */
+ if(transform->prev != NULL) {
+ xmlSecSize inSize, chunkSize;
+
+ inSize = xmlSecBufferGetSize(&(transform->inBuf));
+ chunkSize = XMLSEC_TRANSFORM_BINARY_CHUNK;
+
+ /* ensure that we have space for at least one data chunk */
+ ret = xmlSecBufferSetMaxSize(&(transform->inBuf), inSize + chunkSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize + chunkSize);
+ return(-1);
+ }
+
+ /* get data from previous transform */
+ ret = xmlSecTransformPopBin(transform->prev,
+ xmlSecBufferGetData(&(transform->inBuf)) + inSize,
+ chunkSize, &chunkSize, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform->prev)),
+ "xmlSecTransformPopBin",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* adjust our size if needed */
+ if(chunkSize > 0) {
+ ret = xmlSecBufferSetSize(&(transform->inBuf), inSize + chunkSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize + chunkSize);
+ return(-1);
+ }
+ final = 0; /* the previous transform returned some data..*/
+ } else {
+ final = 1; /* no data returned from previous transform, we are done */
+ }
+ } else {
+ final = 1; /* no previous transform, we are "permanently final" */
+ }
+
+ /* execute our transform */
+ ret = xmlSecTransformExecute(transform, final, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
/* copy result (if any) */
- outSize = xmlSecBufferGetSize(&(transform->outBuf));
+ outSize = xmlSecBufferGetSize(&(transform->outBuf));
if(outSize > maxDataSize) {
- outSize = maxDataSize;
+ outSize = maxDataSize;
}
-
+
/* we don't want to put too much */
if(outSize > XMLSEC_TRANSFORM_BINARY_CHUNK) {
- outSize = XMLSEC_TRANSFORM_BINARY_CHUNK;
+ outSize = XMLSEC_TRANSFORM_BINARY_CHUNK;
}
if(outSize > 0) {
- xmlSecAssert2(xmlSecBufferGetData(&(transform->outBuf)), -1);
-
- memcpy(data, xmlSecBufferGetData(&(transform->outBuf)), outSize);
-
- ret = xmlSecBufferRemoveHead(&(transform->outBuf), outSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize);
- return(-1);
- }
- }
-
+ xmlSecAssert2(xmlSecBufferGetData(&(transform->outBuf)), -1);
+
+ memcpy(data, xmlSecBufferGetData(&(transform->outBuf)), outSize);
+
+ ret = xmlSecBufferRemoveHead(&(transform->outBuf), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+ }
+
/* set the result size */
(*dataSize) = outSize;
return(0);
@@ -2369,18 +2379,18 @@ xmlSecTransformDefaultPopBin(xmlSecTransformPtr transform, xmlSecByte* data,
/**
* xmlSecTransformDefaultPushXml:
- * @transform: the pointer to transform object.
- * @nodes: the input nodes.
- * @transformCtx: the pointer to transform context object.
+ * @transform: the pointer to transform object.
+ * @nodes: the input nodes.
+ * @transformCtx: the pointer to transform context object.
*
- * Processes @nodes by calling transform's execute method and pushes
+ * Processes @nodes by calling transform's execute method and pushes
* result to the next transform in the chain.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
-xmlSecTransformDefaultPushXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr nodes,
- xmlSecTransformCtxPtr transformCtx) {
+int
+xmlSecTransformDefaultPushXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr nodes,
+ xmlSecTransformCtxPtr transformCtx) {
int ret;
xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
@@ -2392,79 +2402,79 @@ xmlSecTransformDefaultPushXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr nod
transform->inNodes = nodes;
ret = xmlSecTransformExecute(transform, 1, transformCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecTransformExecute",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* push result to the next transform (if exist) */
if(transform->next != NULL) {
- ret = xmlSecTransformPushXml(transform->next, transform->outNodes, transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecTransformPushXml",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
+ ret = xmlSecTransformPushXml(transform->next, transform->outNodes, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformPushXml",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
return(0);
}
/**
* xmlSecTransformDefaultPopXml:
- * @transform: the pointer to transform object.
- * @nodes: the pointer to store popinter to result nodes.
- * @transformCtx: the pointer to transform context object.
+ * @transform: the pointer to transform object.
+ * @nodes: the pointer to store popinter to result nodes.
+ * @transformCtx: the pointer to transform context object.
*
- * Pops data from previous transform in the chain, processes the data
+ * Pops data from previous transform in the chain, processes the data
* by calling transform's execute method and returns result in @nodes.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
-xmlSecTransformDefaultPopXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr* nodes,
- xmlSecTransformCtxPtr transformCtx) {
+int
+xmlSecTransformDefaultPopXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr* nodes,
+ xmlSecTransformCtxPtr transformCtx) {
int ret;
-
+
xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
xmlSecAssert2(transform->inNodes == NULL, -1);
xmlSecAssert2(transform->outNodes == NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
-
+
/* pop result from the prev transform (if exist) */
if(transform->prev != NULL) {
- ret = xmlSecTransformPopXml(transform->prev, &(transform->inNodes), transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecTransformPopXml",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
+ ret = xmlSecTransformPopXml(transform->prev, &(transform->inNodes), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformPopXml",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
/* execute our transform */
ret = xmlSecTransformExecute(transform, 1, transformCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecTransformExecute",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* return result if requested */
if(nodes != NULL) {
- (*nodes) = transform->outNodes;
+ (*nodes) = transform->outNodes;
}
-
+
return(0);
}
@@ -2475,153 +2485,153 @@ xmlSecTransformDefaultPopXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr* nod
**********************************************************************/
static xmlSecPtrListKlass xmlSecTransformIdListKlass = {
BAD_CAST "transform-ids-list",
- NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
- NULL, /* xmlSecPtrDestroyItemMethod destroyItem; */
- NULL, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
- NULL, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+ NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ NULL, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
};
/**
* xmlSecTransformIdListGetKlass:
- *
+ *
* The transform id list klass.
*
* Returns: pointer to the transform id list klass.
*/
-xmlSecPtrListId
+xmlSecPtrListId
xmlSecTransformIdListGetKlass(void) {
return(&xmlSecTransformIdListKlass);
}
/**
* xmlSecTransformIdListFind:
- * @list: the pointer to transform ids list.
- * @transformId: the transform klass.
+ * @list: the pointer to transform ids list.
+ * @transformId: the transform klass.
*
* Lookups @dataId in @list.
*
* Returns: 1 if @dataId is found in the @list, 0 if not and a negative
* value if an error occurs.
*/
-int
+int
xmlSecTransformIdListFind(xmlSecPtrListPtr list, xmlSecTransformId transformId) {
xmlSecSize i, size;
-
+
xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecTransformIdListId), -1);
xmlSecAssert2(transformId != NULL, -1);
-
+
size = xmlSecPtrListGetSize(list);
for(i = 0; i < size; ++i) {
- if((xmlSecTransformId)xmlSecPtrListGetItem(list, i) == transformId) {
- return(1);
- }
+ if((xmlSecTransformId)xmlSecPtrListGetItem(list, i) == transformId) {
+ return(1);
+ }
}
return(0);
}
-/**
+/**
* xmlSecTransformIdListFindByHref:
- * @list: the pointer to transform ids list.
- * @href: the desired transform klass href.
- * @usage: the desired transform usage.
+ * @list: the pointer to transform ids list.
+ * @href: the desired transform klass href.
+ * @usage: the desired transform usage.
*
* Lookups data klass in the list with given @href and @usage in @list.
*
* Returns: transform klass is found and NULL otherwise.
- */
-xmlSecTransformId
+ */
+xmlSecTransformId
xmlSecTransformIdListFindByHref(xmlSecPtrListPtr list, const xmlChar* href,
- xmlSecTransformUsage usage) {
+ xmlSecTransformUsage usage) {
xmlSecTransformId transformId;
xmlSecSize i, size;
-
+
xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecTransformIdListId), xmlSecTransformIdUnknown);
xmlSecAssert2(href != NULL, xmlSecTransformIdUnknown);
-
+
size = xmlSecPtrListGetSize(list);
for(i = 0; i < size; ++i) {
- transformId = (xmlSecTransformId)xmlSecPtrListGetItem(list, i);
- xmlSecAssert2(transformId != xmlSecTransformIdUnknown, xmlSecTransformIdUnknown);
+ transformId = (xmlSecTransformId)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert2(transformId != xmlSecTransformIdUnknown, xmlSecTransformIdUnknown);
- if(((usage & transformId->usage) != 0) && (transformId->href != NULL) &&
- xmlStrEqual(href, transformId->href)) {
- return(transformId);
- }
+ if(((usage & transformId->usage) != 0) && (transformId->href != NULL) &&
+ xmlStrEqual(href, transformId->href)) {
+ return(transformId);
+ }
}
return(xmlSecTransformIdUnknown);
}
-/**
+/**
* xmlSecTransformIdListFindByName:
- * @list: the pointer to transform ids list.
- * @name: the desired transform klass name.
- * @usage: the desired transform usage.
+ * @list: the pointer to transform ids list.
+ * @name: the desired transform klass name.
+ * @usage: the desired transform usage.
*
* Lookups data klass in the list with given @name and @usage in @list.
*
* Returns: transform klass is found and NULL otherwise.
- */
-xmlSecTransformId
-xmlSecTransformIdListFindByName(xmlSecPtrListPtr list, const xmlChar* name,
- xmlSecTransformUsage usage) {
+ */
+xmlSecTransformId
+xmlSecTransformIdListFindByName(xmlSecPtrListPtr list, const xmlChar* name,
+ xmlSecTransformUsage usage) {
xmlSecTransformId transformId;
xmlSecSize i, size;
-
+
xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecTransformIdListId), xmlSecTransformIdUnknown);
xmlSecAssert2(name != NULL, xmlSecTransformIdUnknown);
size = xmlSecPtrListGetSize(list);
for(i = 0; i < size; ++i) {
- transformId = (xmlSecTransformId)xmlSecPtrListGetItem(list, i);
- xmlSecAssert2(transformId != xmlSecTransformIdUnknown, xmlSecTransformIdUnknown);
+ transformId = (xmlSecTransformId)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert2(transformId != xmlSecTransformIdUnknown, xmlSecTransformIdUnknown);
+
+ if(((usage & transformId->usage) != 0) && (transformId->name != NULL) &&
+ xmlStrEqual(name, BAD_CAST transformId->name)) {
- if(((usage & transformId->usage) != 0) && (transformId->name != NULL) &&
- xmlStrEqual(name, BAD_CAST transformId->name)) {
-
- return(transformId);
- }
+ return(transformId);
+ }
}
return(xmlSecTransformIdUnknown);
}
-/**
+/**
* xmlSecTransformIdListDebugDump:
- * @list: the pointer to transform ids list.
- * @output: the pointer to output FILE.
- *
+ * @list: the pointer to transform ids list.
+ * @output: the pointer to output FILE.
+ *
* Prints binary transform debug information to @output.
*/
-void
+void
xmlSecTransformIdListDebugDump(xmlSecPtrListPtr list, FILE* output) {
xmlSecTransformId transformId;
xmlSecSize i, size;
-
+
xmlSecAssert(xmlSecPtrListCheckId(list, xmlSecTransformIdListId));
xmlSecAssert(output != NULL);
size = xmlSecPtrListGetSize(list);
for(i = 0; i < size; ++i) {
- transformId = (xmlSecTransformId)xmlSecPtrListGetItem(list, i);
- xmlSecAssert(transformId != NULL);
- xmlSecAssert(transformId->name != NULL);
-
- if(i > 0) {
- fprintf(output, ",\"%s\"", transformId->name);
- } else {
- fprintf(output, "\"%s\"", transformId->name);
- }
+ transformId = (xmlSecTransformId)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert(transformId != NULL);
+ xmlSecAssert(transformId->name != NULL);
+
+ if(i > 0) {
+ fprintf(output, ",\"%s\"", transformId->name);
+ } else {
+ fprintf(output, "\"%s\"", transformId->name);
+ }
}
fprintf(output, "\n");
}
-/**
+/**
* xmlSecTransformIdListDebugXmlDump:
- * @list: the pointer to transform ids list.
- * @output: the pointer to output FILE.
- *
+ * @list: the pointer to transform ids list.
+ * @output: the pointer to output FILE.
+ *
* Prints binary transform debug information to @output in XML format.
*/
-void
+void
xmlSecTransformIdListDebugXmlDump(xmlSecPtrListPtr list, FILE* output) {
xmlSecTransformId transformId;
xmlSecSize i, size;
@@ -2632,11 +2642,11 @@ xmlSecTransformIdListDebugXmlDump(xmlSecPtrListPtr list, FILE* output) {
fprintf(output, "<TransformIdsList>\n");
size = xmlSecPtrListGetSize(list);
for(i = 0; i < size; ++i) {
- transformId = (xmlSecTransformId)xmlSecPtrListGetItem(list, i);
- xmlSecAssert(transformId != NULL);
- xmlSecAssert(transformId->name != NULL);
-
- fprintf(output, "<TransformId name=\"");
+ transformId = (xmlSecTransformId)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert(transformId != NULL);
+ xmlSecAssert(transformId->name != NULL);
+
+ fprintf(output, "<TransformId name=\"");
xmlSecPrintXmlString(output, transformId->name);
fprintf(output, "\" />");
}
@@ -2647,172 +2657,172 @@ xmlSecTransformIdListDebugXmlDump(xmlSecPtrListPtr list, FILE* output) {
*
* IO buffers for transforms
*
- ************************************************************************/
-typedef struct _xmlSecTransformIOBuffer xmlSecTransformIOBuffer,
- *xmlSecTransformIOBufferPtr;
+ ************************************************************************/
+typedef struct _xmlSecTransformIOBuffer xmlSecTransformIOBuffer,
+ *xmlSecTransformIOBufferPtr;
typedef enum {
xmlSecTransformIOBufferModeRead,
xmlSecTransformIOBufferModeWrite
} xmlSecTransformIOBufferMode;
struct _xmlSecTransformIOBuffer {
- xmlSecTransformIOBufferMode mode;
- xmlSecTransformPtr transform;
- xmlSecTransformCtxPtr transformCtx;
+ xmlSecTransformIOBufferMode mode;
+ xmlSecTransformPtr transform;
+ xmlSecTransformCtxPtr transformCtx;
};
-static xmlSecTransformIOBufferPtr xmlSecTransformIOBufferCreate (xmlSecTransformIOBufferMode mode,
- xmlSecTransformPtr transform,
- xmlSecTransformCtxPtr transformCtx);
-static void xmlSecTransformIOBufferDestroy (xmlSecTransformIOBufferPtr buffer);
-static int xmlSecTransformIOBufferRead (xmlSecTransformIOBufferPtr buffer,
- xmlSecByte *buf,
- xmlSecSize size);
-static int xmlSecTransformIOBufferWrite (xmlSecTransformIOBufferPtr buffer,
- const xmlSecByte *buf,
- xmlSecSize size);
-static int xmlSecTransformIOBufferClose (xmlSecTransformIOBufferPtr buffer);
+static xmlSecTransformIOBufferPtr xmlSecTransformIOBufferCreate (xmlSecTransformIOBufferMode mode,
+ xmlSecTransformPtr transform,
+ xmlSecTransformCtxPtr transformCtx);
+static void xmlSecTransformIOBufferDestroy (xmlSecTransformIOBufferPtr buffer);
+static int xmlSecTransformIOBufferRead (xmlSecTransformIOBufferPtr buffer,
+ xmlSecByte *buf,
+ xmlSecSize size);
+static int xmlSecTransformIOBufferWrite (xmlSecTransformIOBufferPtr buffer,
+ const xmlSecByte *buf,
+ xmlSecSize size);
+static int xmlSecTransformIOBufferClose (xmlSecTransformIOBufferPtr buffer);
/**
* xmlSecTransformCreateOutputBuffer:
- * @transform: the pointer to transform.
- * @transformCtx: the pointer to transform context object.
+ * @transform: the pointer to transform.
+ * @transformCtx: the pointer to transform context object.
*
* Creates output buffer to write data to @transform.
*
* Returns: pointer to new output buffer or NULL if an error occurs.
*/
-xmlOutputBufferPtr
+xmlOutputBufferPtr
xmlSecTransformCreateOutputBuffer(xmlSecTransformPtr transform, xmlSecTransformCtxPtr transformCtx) {
- xmlSecTransformIOBufferPtr buffer;
+ xmlSecTransformIOBufferPtr buffer;
xmlSecTransformDataType type;
xmlOutputBufferPtr output;
-
+
xmlSecAssert2(xmlSecTransformIsValid(transform), NULL);
xmlSecAssert2(transformCtx != NULL, NULL);
-
+
/* check that we have binary push method for this transform */
type = xmlSecTransformDefaultGetDataType(transform, xmlSecTransformModePush, transformCtx);
if((type & xmlSecTransformDataTypeBin) == 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- "push binary data not supported");
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ "push binary data not supported");
+ return(NULL);
+ }
+
buffer = xmlSecTransformIOBufferCreate(xmlSecTransformIOBufferModeWrite, transform, transformCtx);
if(buffer == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecTransformIOBufferCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformIOBufferCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
output = xmlOutputBufferCreateIO((xmlOutputWriteCallback)xmlSecTransformIOBufferWrite,
- (xmlOutputCloseCallback)xmlSecTransformIOBufferClose,
- buffer,
- NULL);
+ (xmlOutputCloseCallback)xmlSecTransformIOBufferClose,
+ buffer,
+ NULL);
if(output == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlOutputBufferCreateIO",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecTransformIOBufferDestroy(buffer);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlOutputBufferCreateIO",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecTransformIOBufferDestroy(buffer);
+ return(NULL);
+ }
+
return(output);
}
/**
* xmlSecTransformCreateInputBuffer:
- * @transform: the pointer to transform.
- * @transformCtx: the pointer to transform context object.
+ * @transform: the pointer to transform.
+ * @transformCtx: the pointer to transform context object.
*
* Creates input buffer to read data from @transform.
*
* Returns: pointer to new input buffer or NULL if an error occurs.
*/
-xmlParserInputBufferPtr
+xmlParserInputBufferPtr
xmlSecTransformCreateInputBuffer(xmlSecTransformPtr transform, xmlSecTransformCtxPtr transformCtx) {
- xmlSecTransformIOBufferPtr buffer;
+ xmlSecTransformIOBufferPtr buffer;
xmlSecTransformDataType type;
xmlParserInputBufferPtr input;
-
+
xmlSecAssert2(xmlSecTransformIsValid(transform), NULL);
xmlSecAssert2(transformCtx != NULL, NULL);
/* check that we have binary pop method for this transform */
type = xmlSecTransformDefaultGetDataType(transform, xmlSecTransformModePop, transformCtx);
if((type & xmlSecTransformDataTypeBin) == 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- "pop binary data not supported");
- return(NULL);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ "pop binary data not supported");
+ return(NULL);
+ }
buffer = xmlSecTransformIOBufferCreate(xmlSecTransformIOBufferModeRead, transform, transformCtx);
if(buffer == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecTransformIOBufferCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformIOBufferCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
input = xmlParserInputBufferCreateIO((xmlInputReadCallback)xmlSecTransformIOBufferRead,
- (xmlInputCloseCallback)xmlSecTransformIOBufferClose,
- buffer,
- XML_CHAR_ENCODING_NONE);
+ (xmlInputCloseCallback)xmlSecTransformIOBufferClose,
+ buffer,
+ XML_CHAR_ENCODING_NONE);
if(input == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlParserInputBufferCreateIO",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecTransformIOBufferDestroy(buffer);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlParserInputBufferCreateIO",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecTransformIOBufferDestroy(buffer);
+ return(NULL);
+ }
+
return(input);
}
-static xmlSecTransformIOBufferPtr
+static xmlSecTransformIOBufferPtr
xmlSecTransformIOBufferCreate(xmlSecTransformIOBufferMode mode, xmlSecTransformPtr transform,
- xmlSecTransformCtxPtr transformCtx) {
+ xmlSecTransformCtxPtr transformCtx) {
xmlSecTransformIOBufferPtr buffer;
-
+
xmlSecAssert2(xmlSecTransformIsValid(transform), NULL);
xmlSecAssert2(transformCtx != NULL, NULL);
-
+
buffer = (xmlSecTransformIOBufferPtr)xmlMalloc(sizeof(xmlSecTransformIOBuffer));
if(buffer == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", sizeof(xmlSecTransformIOBuffer));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", sizeof(xmlSecTransformIOBuffer));
+ return(NULL);
}
memset(buffer, 0, sizeof(xmlSecTransformIOBuffer));
-
+
buffer->mode = mode;
buffer->transform = transform;
buffer->transformCtx = transformCtx;
-
+
return(buffer);
}
-static void
+static void
xmlSecTransformIOBufferDestroy(xmlSecTransformIOBufferPtr buffer) {
xmlSecAssert(buffer != NULL);
@@ -2820,34 +2830,34 @@ xmlSecTransformIOBufferDestroy(xmlSecTransformIOBufferPtr buffer) {
xmlFree(buffer);
}
-static int
-xmlSecTransformIOBufferRead(xmlSecTransformIOBufferPtr buffer,
- xmlSecByte *buf, xmlSecSize size) {
+static int
+xmlSecTransformIOBufferRead(xmlSecTransformIOBufferPtr buffer,
+ xmlSecByte *buf, xmlSecSize size) {
int ret;
-
+
xmlSecAssert2(buffer != NULL, -1);
xmlSecAssert2(buffer->mode == xmlSecTransformIOBufferModeRead, -1);
xmlSecAssert2(xmlSecTransformIsValid(buffer->transform), -1);
xmlSecAssert2(buffer->transformCtx != NULL, -1);
xmlSecAssert2(buf != NULL, -1);
-
+
ret = xmlSecTransformPopBin(buffer->transform, buf, size, &size, buffer->transformCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(buffer->transform)),
- "xmlSecTransformPopBin",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(buffer->transform)),
+ "xmlSecTransformPopBin",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(size);
}
-static int
-xmlSecTransformIOBufferWrite(xmlSecTransformIOBufferPtr buffer,
- const xmlSecByte *buf, xmlSecSize size) {
+static int
+xmlSecTransformIOBufferWrite(xmlSecTransformIOBufferPtr buffer,
+ const xmlSecByte *buf, xmlSecSize size) {
int ret;
-
+
xmlSecAssert2(buffer != NULL, -1);
xmlSecAssert2(buffer->mode == xmlSecTransformIOBufferModeWrite, -1);
xmlSecAssert2(xmlSecTransformIsValid(buffer->transform), -1);
@@ -2856,37 +2866,37 @@ xmlSecTransformIOBufferWrite(xmlSecTransformIOBufferPtr buffer,
ret = xmlSecTransformPushBin(buffer->transform, buf, size, 0, buffer->transformCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(buffer->transform)),
- "xmlSecTransformPushBin",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(buffer->transform)),
+ "xmlSecTransformPushBin",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(size);
}
-static int
+static int
xmlSecTransformIOBufferClose(xmlSecTransformIOBufferPtr buffer) {
int ret;
-
+
xmlSecAssert2(buffer != NULL, -1);
xmlSecAssert2(xmlSecTransformIsValid(buffer->transform), -1);
xmlSecAssert2(buffer->transformCtx != NULL, -1);
-
- /* need to flush write buffer before destroing */
+
+ /* need to flush write buffer before destroying */
if(buffer->mode == xmlSecTransformIOBufferModeWrite) {
ret = xmlSecTransformPushBin(buffer->transform, NULL, 0, 1, buffer->transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(buffer->transform)),
- "xmlSecTransformPushBin",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(buffer->transform)),
+ "xmlSecTransformPushBin",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
xmlSecTransformIOBufferDestroy(buffer);
return(0);
}
diff --git a/src/x509.c b/src/x509.c
index 22f5a196..028030ef 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -1,21 +1,21 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
#ifndef XMLSEC_NO_X509
-
+
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <libxml/tree.h>
-#include <libxml/parser.h>
+#include <libxml/parser.h>
#include <xmlsec/xmlsec.h>
#include <xmlsec/buffer.h>
@@ -29,9 +29,9 @@
/**
* xmlSecX509DataGetNodeContent:
- * @node: the pointer to <dsig:X509Data/> node.
- * @deleteChildren: the flag that indicates whether to remove node children after reading.
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context.
+ * @node: the pointer to <dsig:X509Data/> node.
+ * @deleteChildren: the flag that indicates whether to remove node children after reading.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context.
*
* Reads the contents of <dsig:X509Data/> node and returns it as
* a bits mask.
@@ -41,7 +41,7 @@
*/
int
xmlSecX509DataGetNodeContent (xmlNodePtr node, int deleteChildren,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlNodePtr cur, next;
int deleteCurNode;
int content = 0;
@@ -50,44 +50,44 @@ xmlSecX509DataGetNodeContent (xmlNodePtr node, int deleteChildren,
xmlSecAssert2(keyInfoCtx != NULL, -1);
/* determine the current node content */
- cur = xmlSecGetNextElementNode(node->children);
+ cur = xmlSecGetNextElementNode(node->children);
while(cur != NULL) {
- deleteCurNode = 0;
- if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) {
- if(xmlSecIsEmptyNode(cur) == 1) {
- content |= XMLSEC_X509DATA_CERTIFICATE_NODE;
- deleteCurNode = 1;
- }
- } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
- if(xmlSecIsEmptyNode(cur) == 1) {
- content |= XMLSEC_X509DATA_SUBJECTNAME_NODE;
- deleteCurNode = 1;
- }
- } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
- if(xmlSecIsEmptyNode(cur) == 1) {
- content |= XMLSEC_X509DATA_ISSUERSERIAL_NODE;
- deleteCurNode = 1;
- }
- } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
- if(xmlSecIsEmptyNode(cur) == 1) {
- content |= XMLSEC_X509DATA_SKI_NODE;
- deleteCurNode = 1;
- }
- } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
- if(xmlSecIsEmptyNode(cur) == 1) {
- content |= XMLSEC_X509DATA_CRL_NODE;
- deleteCurNode = 1;
- }
- } else {
- /* todo: fail on unknown child node? */
- }
- next = xmlSecGetNextElementNode(cur->next);
- if((deleteCurNode != 0) && (deleteChildren != 0)) {
- /* remove "template" nodes */
- xmlUnlinkNode(cur);
- xmlFreeNode(cur);
- }
- cur = next;
+ deleteCurNode = 0;
+ if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) {
+ if(xmlSecIsEmptyNode(cur) == 1) {
+ content |= XMLSEC_X509DATA_CERTIFICATE_NODE;
+ deleteCurNode = 1;
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
+ if(xmlSecIsEmptyNode(cur) == 1) {
+ content |= XMLSEC_X509DATA_SUBJECTNAME_NODE;
+ deleteCurNode = 1;
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
+ if(xmlSecIsEmptyNode(cur) == 1) {
+ content |= XMLSEC_X509DATA_ISSUERSERIAL_NODE;
+ deleteCurNode = 1;
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
+ if(xmlSecIsEmptyNode(cur) == 1) {
+ content |= XMLSEC_X509DATA_SKI_NODE;
+ deleteCurNode = 1;
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
+ if(xmlSecIsEmptyNode(cur) == 1) {
+ content |= XMLSEC_X509DATA_CRL_NODE;
+ deleteCurNode = 1;
+ }
+ } else {
+ /* todo: fail on unknown child node? */
+ }
+ next = xmlSecGetNextElementNode(cur->next);
+ if((deleteCurNode != 0) && (deleteChildren != 0)) {
+ /* remove "template" nodes */
+ xmlUnlinkNode(cur);
+ xmlFreeNode(cur);
+ }
+ cur = next;
}
return (content);
diff --git a/src/xkms.c b/src/xkms.c
index 7b475301..d10099bb 100644
--- a/src/xkms.c
+++ b/src/xkms.c
@@ -1,24 +1,24 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* "XML Key Management Specification v 2.0" implementation
* http://www.w3.org/TR/xkms2/
- *
+ *
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
#ifndef XMLSEC_NO_XKMS
-
+
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <libxml/tree.h>
-#include <libxml/parser.h>
+#include <libxml/parser.h>
#include <xmlsec/xmlsec.h>
#include <xmlsec/buffer.h>
@@ -33,119 +33,119 @@
#include <xmlsec/private/xkms.h>
#include <xmlsec/errors.h>
-#define XMLSEC_XKMS_ID_ATTRIBUTE_LEN 32
+#define XMLSEC_XKMS_ID_ATTRIBUTE_LEN 32
/* The ID attribute in XKMS is 'Id' */
static const xmlChar* xmlSecXkmsServerIds[] = { BAD_CAST "Id", NULL };
#ifndef XMLSEC_NO_SOAP
-static int xmlSecXkmsServerCtxWriteSoap11FatalError (xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr envNode);
-static int xmlSecXkmsServerCtxWriteSoap12FatalError (xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr envNode);
+static int xmlSecXkmsServerCtxWriteSoap11FatalError (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr envNode);
+static int xmlSecXkmsServerCtxWriteSoap12FatalError (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr envNode);
#endif /* XMLSEC_NO_SOAP */
-static int xmlSecXkmsServerCtxRequestAbstractTypeNodeRead (xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr* node);
-static int xmlSecXkmsServerCtxSignatureNodeRead (xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node);
-static int xmlSecXkmsServerCtxMessageExtensionNodesRead (xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr* node);
-static int xmlSecXkmsServerCtxOpaqueClientDataNodeRead (xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node);
-static int xmlSecXkmsServerCtxPendingNotificationNodeRead (xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node);
-static int xmlSecXkmsServerCtxRespondWithNodesRead (xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr* node);
-static int xmlSecXkmsServerCtxPendingRequestNodeRead (xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr* node);
-static int xmlSecXkmsServerCtxQueryKeyBindingNodeRead (xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node);
-static int xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeRead(xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr* node);
-static int xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeWrite(xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node,
- xmlSecKeyPtr key);
-static int xmlSecXkmsServerCtxKeyInfoNodeWrite (xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node,
- xmlSecKeyPtr key);
-static int xmlSecXkmsServerCtxUseKeyWithNodesRead (xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr* node);
-static int xmlSecXkmsServerCtxUseKeyWithNodesWrite (xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node,
- xmlSecKeyPtr key);
-static int xmlSecXkmsServerCtxTimeInstantNodeRead (xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node);
-static int xmlSecXkmsServerCtxResultTypeNodeWrite (xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node);
-static int xmlSecXkmsServerCtxRequestSignatureValueNodeWrite(xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node);
-static int xmlSecXkmsServerCtxUnverifiedKeyBindingNodeWrite(xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node,
- xmlSecKeyPtr key);
-static int xmlSecXkmsServerCtxKeyBindingNodeWrite (xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node,
- xmlSecKeyPtr key);
-static int xmlSecXkmsServerCtxValidityIntervalNodeWrite (xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node,
- xmlSecKeyPtr key);
-static int xmlSecXkmsServerCtxKeyBindingStatusNodeWrite (xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node,
- xmlSecKeyPtr key);
-
-
-static const xmlSecQName2IntegerInfo gXmlSecXkmsResultMajorInfo[] =
+static int xmlSecXkmsServerCtxRequestAbstractTypeNodeRead (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr* node);
+static int xmlSecXkmsServerCtxSignatureNodeRead (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerCtxMessageExtensionNodesRead (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr* node);
+static int xmlSecXkmsServerCtxOpaqueClientDataNodeRead (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerCtxPendingNotificationNodeRead (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerCtxRespondWithNodesRead (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr* node);
+static int xmlSecXkmsServerCtxPendingRequestNodeRead (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr* node);
+static int xmlSecXkmsServerCtxQueryKeyBindingNodeRead (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeRead(xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr* node);
+static int xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeWrite(xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node,
+ xmlSecKeyPtr key);
+static int xmlSecXkmsServerCtxKeyInfoNodeWrite (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node,
+ xmlSecKeyPtr key);
+static int xmlSecXkmsServerCtxUseKeyWithNodesRead (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr* node);
+static int xmlSecXkmsServerCtxUseKeyWithNodesWrite (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node,
+ xmlSecKeyPtr key);
+static int xmlSecXkmsServerCtxTimeInstantNodeRead (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerCtxResultTypeNodeWrite (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerCtxRequestSignatureValueNodeWrite(xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerCtxUnverifiedKeyBindingNodeWrite(xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node,
+ xmlSecKeyPtr key);
+static int xmlSecXkmsServerCtxKeyBindingNodeWrite (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node,
+ xmlSecKeyPtr key);
+static int xmlSecXkmsServerCtxValidityIntervalNodeWrite (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node,
+ xmlSecKeyPtr key);
+static int xmlSecXkmsServerCtxKeyBindingStatusNodeWrite (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node,
+ xmlSecKeyPtr key);
+
+
+static const xmlSecQName2IntegerInfo gXmlSecXkmsResultMajorInfo[] =
{
{ xmlSecXkmsNs, xmlSecResultMajorCodeSuccess,
xmlSecXkmsResultMajorSuccess },
{ xmlSecXkmsNs, xmlSecResultMajorCodeVersionMismatch,
xmlSecXkmsResultMajorVersionMismatch },
- { xmlSecXkmsNs, xmlSecResultMajorCodeSender,
+ { xmlSecXkmsNs, xmlSecResultMajorCodeSender,
xmlSecXkmsResultMajorSender },
{ xmlSecXkmsNs, xmlSecResultMajorCodeReceiver,
xmlSecXkmsResultMajorReceiver },
- { xmlSecXkmsNs, xmlSecResultMajorCodeRepresent,
+ { xmlSecXkmsNs, xmlSecResultMajorCodeRepresent,
xmlSecXkmsResultMajorRepresent },
- { xmlSecXkmsNs, xmlSecResultMajorCodePending,
+ { xmlSecXkmsNs, xmlSecResultMajorCodePending,
xmlSecXkmsResultMajorPending, },
- { NULL , NULL, 0 } /* MUST be last in the list */
+ { NULL , NULL, 0 } /* MUST be last in the list */
};
-static const xmlSecQName2IntegerInfo gXmlSecXkmsMinorErrorInfo[] =
+static const xmlSecQName2IntegerInfo gXmlSecXkmsMinorErrorInfo[] =
{
{ xmlSecXkmsNs, xmlSecResultMinorCodeNoMatch,
xmlSecXkmsResultMinorNoMatch },
- { xmlSecXkmsNs, xmlSecResultMinorCodeTooManyResponses,
+ { xmlSecXkmsNs, xmlSecResultMinorCodeTooManyResponses,
xmlSecXkmsResultMinorTooManyResponses },
{ xmlSecXkmsNs, xmlSecResultMinorCodeIncomplete,
xmlSecXkmsResultMinorIncomplete },
- { xmlSecXkmsNs, xmlSecResultMinorCodeFailure,
+ { xmlSecXkmsNs, xmlSecResultMinorCodeFailure,
xmlSecXkmsResultMinorFailure },
- { xmlSecXkmsNs, xmlSecResultMinorCodeRefused,
+ { xmlSecXkmsNs, xmlSecResultMinorCodeRefused,
xmlSecXkmsResultMinorRefused },
- { xmlSecXkmsNs, xmlSecResultMinorCodeNoAuthentication,
+ { xmlSecXkmsNs, xmlSecResultMinorCodeNoAuthentication,
xmlSecXkmsResultMinorNoAuthentication },
- { xmlSecXkmsNs, xmlSecResultMinorCodeMessageNotSupported,
+ { xmlSecXkmsNs, xmlSecResultMinorCodeMessageNotSupported,
xmlSecXkmsResultMinorMessageNotSupported },
- { xmlSecXkmsNs, xmlSecResultMinorCodeUnknownResponseId,
+ { xmlSecXkmsNs, xmlSecResultMinorCodeUnknownResponseId,
xmlSecXkmsResultMinorUnknownResponseId },
- { xmlSecXkmsNs, xmlSecResultMinorCodeNotSynchronous,
+ { xmlSecXkmsNs, xmlSecResultMinorCodeNotSynchronous,
xmlSecXkmsResultMinorSynchronous },
- { NULL, NULL, 0 } /* MUST be last in the list */
+ { NULL, NULL, 0 } /* MUST be last in the list */
};
-static const xmlSecQName2IntegerInfo gXmlSecXkmsKeyBindingStatusInfo[] =
+static const xmlSecQName2IntegerInfo gXmlSecXkmsKeyBindingStatusInfo[] =
{
- { xmlSecXkmsNs, xmlSecKeyBindingStatusValid,
+ { xmlSecXkmsNs, xmlSecKeyBindingStatusValid,
xmlSecXkmsKeyBindingStatusValid },
{ xmlSecXkmsNs, xmlSecKeyBindingStatusInvalid,
xmlSecXkmsKeyBindingStatusInvalid },
- { xmlSecXkmsNs, xmlSecKeyBindingStatusIndeterminate,
+ { xmlSecXkmsNs, xmlSecKeyBindingStatusIndeterminate,
xmlSecXkmsKeyBindingStatusIndeterminate },
- { NULL, NULL, 0 } /* MUST be last in the list */
+ { NULL, NULL, 0 } /* MUST be last in the list */
};
-static const xmlSecQName2BitMaskInfo gXmlSecXkmsKeyUsageInfo[] =
+static const xmlSecQName2BitMaskInfo gXmlSecXkmsKeyUsageInfo[] =
{
{ xmlSecXkmsNs, xmlSecKeyUsageEncryption,
xmlSecKeyUsageEncrypt | xmlSecKeyUsageDecrypt },
@@ -153,10 +153,10 @@ static const xmlSecQName2BitMaskInfo gXmlSecXkmsKeyUsageInfo[] =
xmlSecKeyUsageSign | xmlSecKeyUsageVerify },
{ xmlSecXkmsNs, xmlSecKeyUsageExchange,
xmlSecKeyUsageKeyExchange},
- { NULL, NULL, 0 } /* MUST be last in the list */
+ { NULL, NULL, 0 } /* MUST be last in the list */
};
-static const xmlSecQName2BitMaskInfo gXmlSecXkmsKeyBindingReasonInfo[] =
+static const xmlSecQName2BitMaskInfo gXmlSecXkmsKeyBindingReasonInfo[] =
{
{ xmlSecXkmsNs, xmlSecKeyBindingReasonIssuerTrust,
XMLSEC_XKMS_KEY_BINDING_REASON_MASK_ISSUER_TRAST },
@@ -166,10 +166,10 @@ static const xmlSecQName2BitMaskInfo gXmlSecXkmsKeyBindingReasonInfo[] =
XMLSEC_XKMS_KEY_BINDING_REASON_MASK_VALIDITY_INTERVAL },
{ xmlSecXkmsNs, xmlSecKeyBindingReasonSignature,
XMLSEC_XKMS_KEY_BINDING_REASON_MASK_SIGNATURE },
- { NULL, NULL, 0 } /* MUST be last in the list */
+ { NULL, NULL, 0 } /* MUST be last in the list */
};
-static const xmlSecQName2BitMaskInfo gXmlSecXkmsResponseMechanismInfo[] =
+static const xmlSecQName2BitMaskInfo gXmlSecXkmsResponseMechanismInfo[] =
{
{ xmlSecXkmsNs, xmlSecResponseMechanismRepresent,
XMLSEC_XKMS_RESPONSE_MECHANISM_MASK_REPRESENT },
@@ -177,46 +177,46 @@ static const xmlSecQName2BitMaskInfo gXmlSecXkmsResponseMechanismInfo[] =
XMLSEC_XKMS_RESPONSE_MECHANISM_MASK_PENDING },
{ xmlSecXkmsNs, xmlSecResponseMechanismRequestSignatureValue,
XMLSEC_XKMS_RESPONSE_MECHANISM_MASK_REQUEST_SIGNATURE_VALUE },
- { NULL, NULL, 0 } /* MUST be last in the list */
+ { NULL, NULL, 0 } /* MUST be last in the list */
};
-static const xmlSecQName2IntegerInfo gXmlSecXkmsFormatInfo[] =
+static const xmlSecQName2IntegerInfo gXmlSecXkmsFormatInfo[] =
{
- { NULL, xmlSecXkmsFormatStrPlain,
+ { NULL, xmlSecXkmsFormatStrPlain,
xmlSecXkmsServerFormatPlain },
#ifndef XMLSEC_NO_SOAP
{ NULL, xmlSecXkmsFormatStrSoap11,
xmlSecXkmsServerFormatSoap11 },
- { NULL, xmlSecXkmsFormatStrSoap12,
+ { NULL, xmlSecXkmsFormatStrSoap12,
xmlSecXkmsServerFormatSoap12 },
#endif /* XMLSEC_NO_SOAP */
- { NULL, NULL, 0 } /* MUST be last in the list */
+ { NULL, NULL, 0 } /* MUST be last in the list */
};
/**
* xmlSecXkmsServerFormatFromString:
* @str the string.
- *
+ *
* Gets xmlSecXkmsServerFormat from string @str.
- *
+ *
* Returns: corresponding format or xmlSecXkmsServerFormatUnknown
* if format could not be recognized.
- */
-xmlSecXkmsServerFormat
+ */
+xmlSecXkmsServerFormat
xmlSecXkmsServerFormatFromString(const xmlChar* str) {
int res;
int ret;
xmlSecAssert2(str != NULL, xmlSecXkmsServerFormatUnknown);
-
+
ret = xmlSecQName2IntegerGetInteger(gXmlSecXkmsFormatInfo, NULL, str, &res);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecQName2IntegerGetInteger",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(xmlSecXkmsServerFormatUnknown);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerGetInteger",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecXkmsServerFormatUnknown);
}
return((xmlSecXkmsServerFormat)res);
@@ -230,19 +230,19 @@ xmlSecXkmsServerFormatFromString(const xmlChar* str) {
*
* Returns: string corresponding to @format or NULL if an error occurs.
*/
-const xmlChar*
+const xmlChar*
xmlSecXkmsServerFormatToString (xmlSecXkmsServerFormat format) {
xmlSecQName2IntegerInfoConstPtr info;
-
+
xmlSecAssert2(format != xmlSecXkmsServerFormatUnknown, NULL);
info = xmlSecQName2IntegerGetInfo(gXmlSecXkmsFormatInfo, format);
if(info == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecQName2IntegerGetInfo",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerGetInfo",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
return(info->qnameLocalPart);
@@ -250,125 +250,125 @@ xmlSecXkmsServerFormatToString (xmlSecXkmsServerFormat format) {
/**
* xmlSecXkmsServerCtxCreate:
- * @keysMngr: the pointer to keys manager.
+ * @keysMngr: the pointer to keys manager.
*
* Creates XKMS request server side processing context.
- * The caller is responsible for destroying returend object by calling
+ * The caller is responsible for destroying returned object by calling
* #xmlSecXkmsServerCtxDestroy function.
*
* Returns: pointer to newly allocated context object or NULL if an error
* occurs.
*/
-xmlSecXkmsServerCtxPtr
+xmlSecXkmsServerCtxPtr
xmlSecXkmsServerCtxCreate(xmlSecKeysMngrPtr keysMngr) {
xmlSecXkmsServerCtxPtr ctx;
int ret;
-
+
ctx = (xmlSecXkmsServerCtxPtr) xmlMalloc(sizeof(xmlSecXkmsServerCtx));
if(ctx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "sizeof(xmlSecXkmsServerCtx)=%d",
- sizeof(xmlSecXkmsServerCtx));
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecXkmsServerCtx)=%d",
+ sizeof(xmlSecXkmsServerCtx));
+ return(NULL);
+ }
+
ret = xmlSecXkmsServerCtxInitialize(ctx, keysMngr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxDestroy(ctx);
- return(NULL);
- }
- return(ctx);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxDestroy(ctx);
+ return(NULL);
+ }
+ return(ctx);
}
/**
* xmlSecXkmsServerCtxDestroy:
- * @ctx: the pointer to XKMS processing context.
+ * @ctx: the pointer to XKMS processing context.
*
* Destroy context object created with #xmlSecXkmsServerCtxCreate function.
*/
-void
+void
xmlSecXkmsServerCtxDestroy(xmlSecXkmsServerCtxPtr ctx) {
xmlSecAssert(ctx != NULL);
-
+
xmlSecXkmsServerCtxFinalize(ctx);
xmlFree(ctx);
}
/**
* xmlSecXkmsServerCtxInitialize:
- * @ctx: the pointer to XKMS processing context.
- * @keysMngr: the pointer to keys manager.
+ * @ctx: the pointer to XKMS processing context.
+ * @keysMngr: the pointer to keys manager.
*
* Initializes XKMS element processing context.
- * The caller is responsible for cleaing up returend object by calling
+ * The caller is responsible for cleaning up returned object by calling
* #xmlSecXkmsServerCtxFinalize function.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecXkmsServerCtxInitialize(xmlSecXkmsServerCtxPtr ctx, xmlSecKeysMngrPtr keysMngr) {
int ret;
-
+
xmlSecAssert2(ctx != NULL, -1);
-
+
memset(ctx, 0, sizeof(xmlSecXkmsServerCtx));
- ctx->resultMajor = xmlSecXkmsResultMajorSuccess;
- ctx->resultMinor = xmlSecXkmsResultMinorNone;
+ ctx->resultMajor = xmlSecXkmsResultMajorSuccess;
+ ctx->resultMinor = xmlSecXkmsResultMinorNone;
ctx->responseLimit = XMLSEC_XKMS_NO_RESPONSE_LIMIT;
- ctx->idLen = XMLSEC_XKMS_ID_ATTRIBUTE_LEN;
+ ctx->idLen = XMLSEC_XKMS_ID_ATTRIBUTE_LEN;
/* initialize key info */
ret = xmlSecKeyInfoCtxInitialize(&(ctx->keyInfoReadCtx), keysMngr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyInfoCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ctx->keyInfoReadCtx.mode = xmlSecKeyInfoModeRead;
-
+
ret = xmlSecKeyInfoCtxInitialize(&(ctx->keyInfoWriteCtx), keysMngr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyInfoCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ctx->keyInfoWriteCtx.mode = xmlSecKeyInfoModeWrite;
/* enabled RespondWith */
ret = xmlSecPtrListInitialize(&(ctx->enabledRespondWithIds), xmlSecXkmsRespondWithIdListId);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* enabled ServerRequest */
ret = xmlSecPtrListInitialize(&(ctx->enabledServerRequestIds), xmlSecXkmsServerRequestIdListId);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
@@ -376,23 +376,23 @@ xmlSecXkmsServerCtxInitialize(xmlSecXkmsServerCtxPtr ctx, xmlSecKeysMngrPtr keys
/* initialize keys list */
ret = xmlSecPtrListInitialize(&(ctx->keys), xmlSecKeyPtrListId);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* initialize RespondWith list */
ret = xmlSecPtrListInitialize(&(ctx->respWithList), xmlSecXkmsRespondWithIdListId);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
@@ -400,21 +400,21 @@ xmlSecXkmsServerCtxInitialize(xmlSecXkmsServerCtxPtr ctx, xmlSecKeysMngrPtr keys
/**
* xmlSecXkmsServerCtxFinalize:
- * @ctx: the pointer to XKMS processing context.
+ * @ctx: the pointer to XKMS processing context.
*
* Cleans up @ctx object.
*/
-void
+void
xmlSecXkmsServerCtxFinalize(xmlSecXkmsServerCtxPtr ctx) {
xmlSecAssert(ctx != NULL);
xmlSecXkmsServerCtxReset(ctx);
-
+
if(ctx->expectedService != NULL) {
- xmlFree(ctx->expectedService);
+ xmlFree(ctx->expectedService);
}
if(ctx->idPrefix != NULL) {
- xmlFree(ctx->idPrefix);
+ xmlFree(ctx->idPrefix);
}
xmlSecKeyInfoCtxFinalize(&(ctx->keyInfoReadCtx));
@@ -428,14 +428,14 @@ xmlSecXkmsServerCtxFinalize(xmlSecXkmsServerCtxPtr ctx) {
/**
* xmlSecXkmsServerCtxReset:
- * @ctx: the pointer to XKMS processing context.
+ * @ctx: the pointer to XKMS processing context.
*
* Resets @ctx object, user settings are not touched.
*/
-void
+void
xmlSecXkmsServerCtxReset(xmlSecXkmsServerCtxPtr ctx) {
xmlSecAssert(ctx != NULL);
-
+
ctx->resultMajor = xmlSecXkmsResultMajorSuccess;
ctx->resultMinor = xmlSecXkmsResultMinorNone;
xmlSecKeyInfoCtxReset(&(ctx->keyInfoReadCtx));
@@ -443,145 +443,145 @@ xmlSecXkmsServerCtxReset(xmlSecXkmsServerCtxPtr ctx) {
xmlSecPtrListEmpty(&(ctx->keys));
xmlSecPtrListEmpty(&(ctx->respWithList));
- ctx->requestNode = NULL;
- ctx->opaqueClientDataNode = NULL;
- ctx->firtsMsgExtNode = NULL;
- ctx->keyInfoNode = NULL;
- ctx->requestId = xmlSecXkmsServerRequestIdUnknown;
-
+ ctx->requestNode = NULL;
+ ctx->opaqueClientDataNode = NULL;
+ ctx->firtsMsgExtNode = NULL;
+ ctx->keyInfoNode = NULL;
+ ctx->requestId = xmlSecXkmsServerRequestIdUnknown;
+
if(ctx->id != NULL) {
- xmlFree(ctx->id); ctx->id = NULL;
+ xmlFree(ctx->id); ctx->id = NULL;
}
if(ctx->service != NULL) {
- xmlFree(ctx->service); ctx->service = NULL;
+ xmlFree(ctx->service); ctx->service = NULL;
}
if(ctx->nonce != NULL) {
- xmlFree(ctx->nonce); ctx->nonce = NULL;
+ xmlFree(ctx->nonce); ctx->nonce = NULL;
}
if(ctx->originalRequestId != NULL) {
- xmlFree(ctx->originalRequestId); ctx->originalRequestId = NULL;
+ xmlFree(ctx->originalRequestId); ctx->originalRequestId = NULL;
}
if(ctx->pendingNotificationMechanism != NULL) {
- xmlFree(ctx->pendingNotificationMechanism);
- ctx->pendingNotificationMechanism = NULL;
+ xmlFree(ctx->pendingNotificationMechanism);
+ ctx->pendingNotificationMechanism = NULL;
}
if(ctx->pendingNotificationIdentifier != NULL) {
- xmlFree(ctx->pendingNotificationIdentifier);
- ctx->pendingNotificationIdentifier = NULL;
+ xmlFree(ctx->pendingNotificationIdentifier);
+ ctx->pendingNotificationIdentifier = NULL;
}
if(ctx->compoundRequestContexts != NULL) {
xmlSecPtrListDestroy(ctx->compoundRequestContexts);
ctx->compoundRequestContexts = NULL;
}
-
- ctx->responseLimit = XMLSEC_XKMS_NO_RESPONSE_LIMIT;
+
+ ctx->responseLimit = XMLSEC_XKMS_NO_RESPONSE_LIMIT;
ctx->responseMechanismMask = 0;
}
/**
* xmlSecXkmsServerCtxCopyUserPref:
- * @dst: the pointer to destination context.
- * @src: the pointer to source context.
- *
+ * @dst: the pointer to destination context.
+ * @src: the pointer to source context.
+ *
* Copies user preference from @src context to @dst.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecXkmsServerCtxCopyUserPref(xmlSecXkmsServerCtxPtr dst, xmlSecXkmsServerCtxPtr src) {
int ret;
-
+
xmlSecAssert2(dst != NULL, -1);
xmlSecAssert2(src != NULL, -1);
- dst->userData = src->userData;
- dst->flags = src->flags;
- dst->flags2 = src->flags2;
+ dst->userData = src->userData;
+ dst->flags = src->flags;
+ dst->flags2 = src->flags2;
ret = xmlSecKeyInfoCtxCopyUserPref(&(dst->keyInfoReadCtx), &(src->keyInfoReadCtx));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyInfoCtxCopyUserPref",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ret = xmlSecKeyInfoCtxCopyUserPref(&(dst->keyInfoWriteCtx), &(src->keyInfoWriteCtx));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyInfoCtxCopyUserPref",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
if(src->expectedService != NULL) {
- dst->expectedService = xmlStrdup(src->expectedService);
- if(dst->expectedService == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrdup",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ dst->expectedService = xmlStrdup(src->expectedService);
+ if(dst->expectedService == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
if(src->idPrefix != NULL) {
- dst->idPrefix = xmlStrdup(src->idPrefix);
- if(dst->idPrefix == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrdup",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ dst->idPrefix = xmlStrdup(src->idPrefix);
+ if(dst->idPrefix == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
src->idLen = dst->idLen;
ret = xmlSecPtrListCopy(&(dst->enabledRespondWithIds), &(src->enabledRespondWithIds));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListCopy",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ret = xmlSecPtrListCopy(&(dst->enabledServerRequestIds), &(src->enabledServerRequestIds));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListCopy",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
-}
+}
-/**
- * xmlSecXkmsServerCtxProcess:
- * @ctx: the pointer to XKMS processing context.
- * @node: the pointer to request node.
+/**
+ * xmlSecXkmsServerCtxProcess:
+ * @ctx: the pointer to XKMS processing context.
+ * @node: the pointer to request node.
* @format: the request/response format.
- * @doc: the pointer to response parent XML document (might be NULL).
- *
- * Reads XKMS request from @node and creates response to a newly created node.
+ * @doc: the pointer to response parent XML document (might be NULL).
+ *
+ * Reads XKMS request from @node and creates response to a newly created node.
* Caller is responsible for adding the returned node to the XML document.
*
* Returns: pointer to newly created XKMS response node or NULL
* if an error occurs.
*/
-xmlNodePtr
-xmlSecXkmsServerCtxProcess(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node,
+xmlNodePtr
+xmlSecXkmsServerCtxProcess(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node,
xmlSecXkmsServerFormat format, xmlDocPtr doc) {
int ret;
@@ -592,136 +592,136 @@ xmlSecXkmsServerCtxProcess(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node,
ctx->requestNode = xmlSecXkmsServerCtxRequestUnwrap(ctx, node, format);
if(ctx->requestNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxRequestUnwrap",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(node->name));
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
- goto done;
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxRequestUnwrap",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(node->name));
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ goto done;
+ }
+
ret = xmlSecXkmsServerCtxRequestRead(ctx, ctx->requestNode);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerRequestIdListFindByNode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "ctx->requestNode=%s",
- xmlSecErrorsSafeString(ctx->requestNode->name));
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
- goto done;
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestIdListFindByNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ctx->requestNode=%s",
+ xmlSecErrorsSafeString(ctx->requestNode->name));
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ goto done;
+ }
ret = xmlSecXkmsServerRequestExecute(ctx->requestId, ctx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerRequestExecute",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "ctx->requestNode=%s",
- xmlSecErrorsSafeString(ctx->requestNode->name));
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ctx->requestNode=%s",
+ xmlSecErrorsSafeString(ctx->requestNode->name));
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ goto done;
}
done:
- /* always try to write response back */
+ /* always try to write response back */
if(ctx->requestId != NULL) {
xmlNodePtr respNode;
xmlNodePtr wrappedRespNode;
-
+
respNode = xmlSecXkmsServerCtxResponseWrite(ctx, doc);
if(respNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxResponseWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "ctx->requestNode=%s",
- xmlSecErrorsSafeString(ctx->requestNode->name));
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
- goto error;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxResponseWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ctx->requestNode=%s",
+ xmlSecErrorsSafeString(ctx->requestNode->name));
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ goto error;
}
-
+
wrappedRespNode = xmlSecXkmsServerCtxResponseWrap(ctx, respNode, format, doc);
if(wrappedRespNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxResponseWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "ctx->requestNode=%s",
- xmlSecErrorsSafeString(ctx->requestNode->name));
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxResponseWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ctx->requestNode=%s",
+ xmlSecErrorsSafeString(ctx->requestNode->name));
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
xmlFreeNode(respNode);
- goto error;
+ goto error;
}
return(wrappedRespNode);
}
-
+
error:
/* last attempt: create fatatl error response */
return(xmlSecXkmsServerCtxFatalErrorResponseCreate(ctx, format, doc));
}
-/**
- * xmlSecXkmsServerCtxRequestRead:
- * @ctx: the pointer to XKMS processing context.
- * @node: the pointer to request node.
+/**
+ * xmlSecXkmsServerCtxRequestRead:
+ * @ctx: the pointer to XKMS processing context.
+ * @node: the pointer to request node.
*
* Reads XKMS request from @node and stores data in @ctx.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecXkmsServerCtxRequestRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
int ret;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->requestId == NULL, -1);
xmlSecAssert2(node != NULL, -1);
/* find out what the request is */
if(xmlSecPtrListGetSize(&(ctx->enabledServerRequestIds)) > 0) {
- ctx->requestId = xmlSecXkmsServerRequestIdListFindByNode(&(ctx->enabledServerRequestIds), node);
+ ctx->requestId = xmlSecXkmsServerRequestIdListFindByNode(&(ctx->enabledServerRequestIds), node);
} else {
- ctx->requestId = xmlSecXkmsServerRequestIdListFindByNode(xmlSecXkmsServerRequestIdsGet(), node);
+ ctx->requestId = xmlSecXkmsServerRequestIdListFindByNode(xmlSecXkmsServerRequestIdsGet(), node);
}
if(ctx->requestId == xmlSecXkmsServerRequestIdUnknown) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerRequestIdListFindByNode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(node->name));
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorMessageNotSupported);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestIdListFindByNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(node->name));
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorMessageNotSupported);
+ return(-1);
}
xmlSecAddIDs(node->doc, node, xmlSecXkmsServerIds);
ret = xmlSecXkmsServerRequestNodeRead(ctx->requestId, ctx, node);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerRequestNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "request=%s",
- xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(ctx->requestId)));
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "request=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(ctx->requestId)));
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(-1);
+ }
+
return(0);
}
-/**
- * xmlSecXkmsServerCtxResponseWrite:
- * @ctx: the pointer to XKMS processing context.
- * @doc: the pointer to response parent XML document (might be NULL).
+/**
+ * xmlSecXkmsServerCtxResponseWrite:
+ * @ctx: the pointer to XKMS processing context.
+ * @doc: the pointer to response parent XML document (might be NULL).
*
- * Writes XKMS response from context to a newly created node. Caller is
+ * Writes XKMS response from context to a newly created node. Caller is
* responsible for adding the returned node to the XML document.
*
* Returns: pointer to newly created XKMS response node or NULL
@@ -730,43 +730,43 @@ xmlSecXkmsServerCtxRequestRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
xmlNodePtr
xmlSecXkmsServerCtxResponseWrite(xmlSecXkmsServerCtxPtr ctx, xmlDocPtr doc) {
xmlNodePtr respNode;
-
+
xmlSecAssert2(ctx != NULL, NULL);
xmlSecAssert2(ctx->requestId != NULL, NULL);
/* now write results */
respNode = xmlSecXkmsServerRequestNodeWrite(ctx->requestId, ctx, doc, NULL);
if(respNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerRequestNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "request=%s",
- xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(ctx->requestId)));
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "request=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(ctx->requestId)));
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
return(NULL);
}
-
+
return(respNode);
}
/**
* xmlSecXkmsServerCtxRequestUnwrap:
- * @ctx: the pointer to XKMS processing context.
- * @node: the pointer to request node.
+ * @ctx: the pointer to XKMS processing context.
+ * @node: the pointer to request node.
* @format: the request/response format.
- *
+ *
* Removes SOAP or other envelope from XKMS request.
*
- * Returns: pointer to "real" XKMS request node or NULL if an error occurs.
+ * Returns: pointer to "real" XKMS request node or NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecXkmsServerCtxRequestUnwrap(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecXkmsServerFormat format) {
xmlNodePtr result = NULL;
-
+
xmlSecAssert2(ctx != NULL, NULL);
xmlSecAssert2(node != NULL, NULL);
-
+
switch(format) {
case xmlSecXkmsServerFormatPlain:
result = node;
@@ -776,95 +776,95 @@ xmlSecXkmsServerCtxRequestUnwrap(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, x
/* verify that it is actually soap Envelope node */
if(xmlSecSoap11CheckEnvelope(node) != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap11CheckEnvelope",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
- return(NULL);
- }
-
+ NULL,
+ "xmlSecSoap11CheckEnvelope",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(NULL);
+ }
+
/* check that Body has exactly one entry */
if(xmlSecSoap11GetBodyEntriesNumber(node) != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap11GetBodyEntriesNumber",
- XMLSEC_ERRORS_R_INVALID_DATA,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
- return(NULL);
+ NULL,
+ "xmlSecSoap11GetBodyEntriesNumber",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(NULL);
}
-
+
/* this one enntry is our xkms request */
result = xmlSecSoap11GetBodyEntry(node, 0);
if(result == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap11GetBodyEntry",
- XMLSEC_ERRORS_R_INVALID_DATA,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
- return(NULL);
+ NULL,
+ "xmlSecSoap11GetBodyEntry",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(NULL);
}
-
+
break;
case xmlSecXkmsServerFormatSoap12:
/* verify that it is actually soap Envelope node */
if(xmlSecSoap12CheckEnvelope(node) != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap12CheckEnvelope",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
- return(NULL);
- }
-
+ NULL,
+ "xmlSecSoap12CheckEnvelope",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(NULL);
+ }
+
/* check that Body has exactly one entry */
if(xmlSecSoap12GetBodyEntriesNumber(node) != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap12GetBodyEntriesNumber",
- XMLSEC_ERRORS_R_INVALID_DATA,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
- return(NULL);
+ NULL,
+ "xmlSecSoap12GetBodyEntriesNumber",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(NULL);
}
-
+
/* this one enntry is our xkms request */
result = xmlSecSoap12GetBodyEntry(node, 0);
if(result == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap12GetBodyEntry",
- XMLSEC_ERRORS_R_INVALID_DATA,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
- return(NULL);
+ NULL,
+ "xmlSecSoap12GetBodyEntry",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(NULL);
}
-
+
break;
#endif /* XMLSEC_NO_SOAP */
default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- "format=%d",
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ "format=%d",
format);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
- return(NULL);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(NULL);
}
-
+
return(result);
}
-/**
- * xmlSecXkmsServerCtxResponseWrap:
- * @ctx: the pointer to XKMS processing context.
- * @node: the pointer to response node.
+/**
+ * xmlSecXkmsServerCtxResponseWrap:
+ * @ctx: the pointer to XKMS processing context.
+ * @node: the pointer to response node.
* @format: the request/response format.
- * @doc: the pointer to response parent XML document (might be NULL).
+ * @doc: the pointer to response parent XML document (might be NULL).
*
* Creates SOAP or other envelope around XKMS response.
* Caller is responsible for adding the returned node to the XML document.
@@ -872,13 +872,13 @@ xmlSecXkmsServerCtxRequestUnwrap(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, x
* Returns: pointer to newly created response envelope node or NULL
* if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecXkmsServerCtxResponseWrap(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecXkmsServerFormat format, xmlDocPtr doc) {
xmlNodePtr result = NULL;
-
+
xmlSecAssert2(ctx != NULL, NULL);
xmlSecAssert2(node != NULL, NULL);
-
+
switch(format) {
case xmlSecXkmsServerFormatPlain:
result = node; /* do nothing */
@@ -888,95 +888,95 @@ xmlSecXkmsServerCtxResponseWrap(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xml
result = xmlSecSoap11CreateEnvelope(doc);
if(result == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap11CreateEnvelope",
- XMLSEC_ERRORS_R_INVALID_DATA,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
- return(NULL);
+ NULL,
+ "xmlSecSoap11CreateEnvelope",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(NULL);
}
-
+
if(xmlSecSoap11AddBodyEntry(result, node) == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap11AddBodyEntry",
- XMLSEC_ERRORS_R_INVALID_DATA,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
- return(NULL);
+ NULL,
+ "xmlSecSoap11AddBodyEntry",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(NULL);
}
break;
case xmlSecXkmsServerFormatSoap12:
result = xmlSecSoap12CreateEnvelope(doc);
if(result == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap12CreateEnvelope",
- XMLSEC_ERRORS_R_INVALID_DATA,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
- return(NULL);
+ NULL,
+ "xmlSecSoap12CreateEnvelope",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(NULL);
}
-
+
if(xmlSecSoap12AddBodyEntry(result, node) == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap12AddBodyEntry",
- XMLSEC_ERRORS_R_INVALID_DATA,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
- return(NULL);
+ NULL,
+ "xmlSecSoap12AddBodyEntry",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(NULL);
}
break;
#endif /* XMLSEC_NO_SOAP */
default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- "format=%d",
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ "format=%d",
format);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
- return(NULL);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(NULL);
}
-
+
return(result);
}
-/**
- * xmlSecXkmsServerCtxFatalErrorResponseCreate:
- * @ctx: the pointer to XKMS processing context.
+/**
+ * xmlSecXkmsServerCtxFatalErrorResponseCreate:
+ * @ctx: the pointer to XKMS processing context.
* @format: the request/response format.
- * @doc: the pointer to response parent XML document (might be NULL).
+ * @doc: the pointer to response parent XML document (might be NULL).
*
- * Creates a "fatal error" SOAP or other envelope respons. Caller is
+ * Creates a "fatal error" SOAP or other envelope respons. Caller is
* responsible for adding the returned node to the XML document.
*
* Returns: pointer to newly created fatal error response (it might be NULL).
*/
-xmlNodePtr
+xmlNodePtr
xmlSecXkmsServerCtxFatalErrorResponseCreate(xmlSecXkmsServerCtxPtr ctx, xmlSecXkmsServerFormat format, xmlDocPtr doc) {
xmlNodePtr result = NULL;
int ret;
-
+
xmlSecAssert2(ctx != NULL, NULL);
/* make sure that we have an error */
if(ctx->resultMajor == xmlSecXkmsResultMajorSuccess) {
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
}
-
+
switch(format) {
case xmlSecXkmsServerFormatPlain:
/* try to create fatal error response with XKMS Status request */
result = xmlSecXkmsServerRequestNodeWrite(xmlSecXkmsServerRequestResultId, ctx, doc, NULL);
if(result == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerRequestNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ NULL,
+ "xmlSecXkmsServerRequestNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
break;
#ifndef XMLSEC_NO_SOAP
@@ -984,75 +984,75 @@ xmlSecXkmsServerCtxFatalErrorResponseCreate(xmlSecXkmsServerCtxPtr ctx, xmlSecXk
result = xmlSecSoap11CreateEnvelope(doc);
if(result == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap11CreateEnvelope",
- XMLSEC_ERRORS_R_INVALID_DATA,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
- return(NULL);
+ NULL,
+ "xmlSecSoap11CreateEnvelope",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(NULL);
}
-
+
ret = xmlSecXkmsServerCtxWriteSoap11FatalError(ctx, result);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxWriteSoap11FatalError",
- XMLSEC_ERRORS_R_INVALID_DATA,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ NULL,
+ "xmlSecXkmsServerCtxWriteSoap11FatalError",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
xmlFreeNode(result);
- return(NULL);
+ return(NULL);
}
-
+
break;
case xmlSecXkmsServerFormatSoap12:
result = xmlSecSoap12CreateEnvelope(doc);
if(result == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap12CreateEnvelope",
- XMLSEC_ERRORS_R_INVALID_DATA,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
- return(NULL);
+ NULL,
+ "xmlSecSoap12CreateEnvelope",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(NULL);
}
-
+
ret = xmlSecXkmsServerCtxWriteSoap12FatalError(ctx, result);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxWriteSoap12FatalError",
- XMLSEC_ERRORS_R_INVALID_DATA,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ NULL,
+ "xmlSecXkmsServerCtxWriteSoap12FatalError",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
xmlFreeNode(result);
- return(NULL);
+ return(NULL);
}
-
+
break;
#endif /* XMLSEC_NO_SOAP */
default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- "format=%d",
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ "format=%d",
format);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
- return(NULL);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(NULL);
}
-
+
return(result);
}
#ifndef XMLSEC_NO_SOAP
-static int
+static int
xmlSecXkmsServerCtxWriteSoap11FatalError(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr envNode) {
const xmlChar* faultCodeHref = NULL;
const xmlChar* faultCodeLocalPart = NULL;
xmlChar* faultString = NULL;
int len;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(envNode != NULL, -1);
@@ -1064,14 +1064,14 @@ xmlSecXkmsServerCtxWriteSoap11FatalError(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr
faultString = xmlStrdup(xmlSecXkmsSoapFaultReasonUnsupportedVersion);
if(faultString == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrdup",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
return(-1);
}
- } else if((ctx->resultMajor == xmlSecXkmsResultMajorSender) &&
+ } else if((ctx->resultMajor == xmlSecXkmsResultMajorSender) &&
(ctx->requestId == NULL)) {
/* we understood the request but were not able to parse input message */
faultCodeHref = xmlSecSoap11Ns;
@@ -1082,15 +1082,15 @@ xmlSecXkmsServerCtxWriteSoap11FatalError(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr
faultString = xmlMalloc(len + 1);
if(faultString == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlMalloc",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
return(-1);
}
xmlSecStrPrintf(faultString, len , xmlSecXkmsSoapFaultReasonMessageInvalid,
- xmlSecErrorsSafeString(ctx->requestNode->name));
+ xmlSecErrorsSafeString(ctx->requestNode->name));
} else if((ctx->resultMajor == xmlSecXkmsResultMajorReceiver) &&
(ctx->requestId == NULL)) {
/* we understood the request but were not able to process it */
@@ -1099,11 +1099,11 @@ xmlSecXkmsServerCtxWriteSoap11FatalError(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr
faultString = xmlStrdup(xmlSecXkmsSoapFaultReasonServiceUnavailable);
if(faultString == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrdup",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
return(-1);
}
} else if((ctx->requestId == NULL) && (ctx->requestNode != NULL)) {
@@ -1111,16 +1111,16 @@ xmlSecXkmsServerCtxWriteSoap11FatalError(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr
faultCodeHref = xmlSecSoap11Ns;
faultCodeLocalPart = xmlSecSoapFaultCodeClient;
- len = xmlStrlen(BAD_CAST xmlSecErrorsSafeString(ctx->requestNode->name)) +
+ len = xmlStrlen(BAD_CAST xmlSecErrorsSafeString(ctx->requestNode->name)) +
xmlStrlen(xmlSecXkmsSoapFaultReasonMessageNotSupported) + 1;
faultString = xmlMalloc(len + 1);
if(faultString == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlMalloc",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
return(-1);
}
xmlSecStrPrintf(faultString, len , xmlSecXkmsSoapFaultReasonMessageNotSupported,
@@ -1132,31 +1132,31 @@ xmlSecXkmsServerCtxWriteSoap11FatalError(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr
faultString = xmlStrdup(xmlSecXkmsSoapFaultReasonServiceUnavailable);
if(faultString == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrdup",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
return(-1);
}
}
-
+
if(xmlSecSoap11AddFaultEntry(envNode, faultCodeHref, faultCodeLocalPart, faultString, NULL) == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap11AddFaultEntry",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
- xmlFree(faultString);
+ NULL,
+ "xmlSecSoap11AddFaultEntry",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ xmlFree(faultString);
return(-1);
}
- xmlFree(faultString);
+ xmlFree(faultString);
return(0);
}
-static int
+static int
xmlSecXkmsServerCtxWriteSoap12FatalError(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr envNode) {
xmlSecSoap12FaultCode faultCode = xmlSecSoap12FaultCodeUnknown;
const xmlChar* faultSubCodeHref = NULL;
@@ -1164,7 +1164,7 @@ xmlSecXkmsServerCtxWriteSoap12FatalError(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr
xmlChar* faultReason = NULL;
int len;
xmlNodePtr faultNode;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(envNode != NULL, -1);
@@ -1175,14 +1175,14 @@ xmlSecXkmsServerCtxWriteSoap12FatalError(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr
faultReason = xmlStrdup(xmlSecXkmsSoapFaultReasonUnsupportedVersion);
if(faultReason == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrdup",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
return(-1);
}
- } else if((ctx->resultMajor == xmlSecXkmsResultMajorSender) &&
+ } else if((ctx->resultMajor == xmlSecXkmsResultMajorSender) &&
(ctx->requestId == NULL)) {
/* we understood the request but were not able to parse input message */
faultCode = xmlSecSoap12FaultCodeSender;
@@ -1194,15 +1194,15 @@ xmlSecXkmsServerCtxWriteSoap12FatalError(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr
faultReason = xmlMalloc(len + 1);
if(faultReason == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlMalloc",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
return(-1);
}
xmlSecStrPrintf(faultReason, len , xmlSecXkmsSoapFaultReasonMessageInvalid,
- xmlSecErrorsSafeString(ctx->requestNode->name));
+ xmlSecErrorsSafeString(ctx->requestNode->name));
} else if((ctx->resultMajor == xmlSecXkmsResultMajorReceiver) &&
(ctx->requestId == NULL)) {
/* we understood the request but were not able to process it */
@@ -1210,11 +1210,11 @@ xmlSecXkmsServerCtxWriteSoap12FatalError(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr
faultReason = xmlStrdup(xmlSecXkmsSoapFaultReasonServiceUnavailable);
if(faultReason == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrdup",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
return(-1);
}
} else if((ctx->requestId == NULL) && (ctx->requestNode != NULL)) {
@@ -1223,16 +1223,16 @@ xmlSecXkmsServerCtxWriteSoap12FatalError(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr
faultSubCodeHref = xmlSecXkmsNs;
faultSubCodeLocalPart = xmlSecXkmsSoapSubcodeValueBadMessage;
- len = xmlStrlen(BAD_CAST xmlSecErrorsSafeString(ctx->requestNode->name)) +
+ len = xmlStrlen(BAD_CAST xmlSecErrorsSafeString(ctx->requestNode->name)) +
xmlStrlen(xmlSecXkmsSoapFaultReasonMessageNotSupported) + 1;
faultReason = xmlMalloc(len + 1);
if(faultReason == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlMalloc",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
return(-1);
}
xmlSecStrPrintf(faultReason, len , xmlSecXkmsSoapFaultReasonMessageNotSupported,
@@ -1243,50 +1243,50 @@ xmlSecXkmsServerCtxWriteSoap12FatalError(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr
faultReason = xmlStrdup(xmlSecXkmsSoapFaultReasonServiceUnavailable);
if(faultReason == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrdup",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
return(-1);
}
}
xmlSecAssert2(faultCode != xmlSecSoap12FaultCodeUnknown, -1);
xmlSecAssert2(faultReason != NULL, -1);
-
- faultNode = xmlSecSoap12AddFaultEntry(envNode, faultCode, faultReason,
+
+ faultNode = xmlSecSoap12AddFaultEntry(envNode, faultCode, faultReason,
xmlSecXkmsSoapFaultReasonLang, NULL, NULL);
if(faultNode == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap12AddFaultEntry",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
- xmlFree(faultReason);
+ NULL,
+ "xmlSecSoap12AddFaultEntry",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ xmlFree(faultReason);
return(-1);
}
- xmlFree(faultReason);
+ xmlFree(faultReason);
if((faultSubCodeHref != NULL) && (faultSubCodeLocalPart != NULL)) {
/* make sure that we have subcode (xkms) namespace declared */
if(xmlNewNs(faultNode, faultSubCodeHref, BAD_CAST "xkms") == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewNs",
- XMLSEC_ERRORS_R_XML_FAILED,
- "ns=%s",
- xmlSecErrorsSafeString(faultSubCodeHref));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "ns=%s",
+ xmlSecErrorsSafeString(faultSubCodeHref));
return(-1);
}
if(xmlSecSoap12AddFaultSubcode(faultNode, faultSubCodeHref, faultSubCodeLocalPart) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSoap12AddFaultSubcode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "href=%s,value=%s",
- xmlSecErrorsSafeString(faultSubCodeHref),
- xmlSecErrorsSafeString(faultSubCodeLocalPart));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap12AddFaultSubcode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "href=%s,value=%s",
+ xmlSecErrorsSafeString(faultSubCodeHref),
+ xmlSecErrorsSafeString(faultSubCodeLocalPart));
return(-1);
}
}
@@ -1297,79 +1297,79 @@ xmlSecXkmsServerCtxWriteSoap12FatalError(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr
#endif /* XMLSEC_NO_SOAP */
-/**
- * xmlSecXkmsServerCtxSetResult:
- * @ctx: the pointer to XKMS processing context.
+/**
+ * xmlSecXkmsServerCtxSetResult:
+ * @ctx: the pointer to XKMS processing context.
* @resultMajor: the major result code.
* @resultMinor: the minor result code.
- *
+ *
* Sets the major/minor result code in the context if no other result is already
* reported.
*/
-void
-xmlSecXkmsServerCtxSetResult(xmlSecXkmsServerCtxPtr ctx, xmlSecXkmsResultMajor resultMajor,
+void
+xmlSecXkmsServerCtxSetResult(xmlSecXkmsServerCtxPtr ctx, xmlSecXkmsResultMajor resultMajor,
xmlSecXkmsResultMinor resultMinor) {
xmlSecAssert(ctx != NULL);
-
- if((ctx->resultMajor == xmlSecXkmsResultMajorSuccess) &&
+
+ if((ctx->resultMajor == xmlSecXkmsResultMajorSuccess) &&
(resultMinor != xmlSecXkmsResultMajorSuccess)) {
- ctx->resultMajor = resultMajor;
- ctx->resultMinor = resultMinor;
- } else if((ctx->resultMajor == xmlSecXkmsResultMajorSuccess) &&
+ ctx->resultMajor = resultMajor;
+ ctx->resultMinor = resultMinor;
+ } else if((ctx->resultMajor == xmlSecXkmsResultMajorSuccess) &&
(ctx->resultMinor == xmlSecXkmsResultMinorNone)) {
- xmlSecAssert(resultMajor == xmlSecXkmsResultMajorSuccess);
-
- ctx->resultMinor = resultMinor;
+ xmlSecAssert(resultMajor == xmlSecXkmsResultMajorSuccess);
+
+ ctx->resultMinor = resultMinor;
}
}
/**
* xmlSecXkmsServerCtxDebugDump:
- * @ctx: the pointer to XKMS processing context.
- * @output: the pointer to output FILE.
+ * @ctx: the pointer to XKMS processing context.
+ * @output: the pointer to output FILE.
*
* Prints the debug information about @ctx to @output.
*/
-void
+void
xmlSecXkmsServerCtxDebugDump(xmlSecXkmsServerCtxPtr ctx, FILE* output) {
xmlSecAssert(ctx != NULL);
xmlSecAssert(output != NULL);
-
+
fprintf(output, "= XKMS SERVER CONTEXT: %s\n",
- (ctx->requestId != xmlSecXkmsServerRequestIdUnknown &&
- xmlSecXkmsServerRequestKlassGetName(ctx->requestId)) ?
- xmlSecXkmsServerRequestKlassGetName(ctx->requestId) :
- BAD_CAST "NULL");
-
- xmlSecQName2IntegerDebugDump(gXmlSecXkmsResultMajorInfo,
- ctx->resultMajor, BAD_CAST "resultMajor", output);
- xmlSecQName2IntegerDebugDump(gXmlSecXkmsMinorErrorInfo,
- ctx->resultMinor, BAD_CAST "resultMinor", output);
-
- fprintf(output, "== id: %s\n",
- (ctx->id) ? ctx->id : BAD_CAST "");
- fprintf(output, "== service: %s\n",
- (ctx->service) ? ctx->service : BAD_CAST "");
- fprintf(output, "== nonce: %s\n",
- (ctx->nonce) ? ctx->nonce : BAD_CAST "");
- fprintf(output, "== originalRequestId: %s\n",
- (ctx->originalRequestId) ? ctx->originalRequestId : BAD_CAST "");
- fprintf(output, "== pendingNotificationMechanism: %s\n",
- (ctx->pendingNotificationMechanism) ?
- ctx->pendingNotificationMechanism :
- BAD_CAST "");
- fprintf(output, "== pendingNotificationIdentifier: %s\n",
- (ctx->pendingNotificationIdentifier) ?
- ctx->pendingNotificationIdentifier :
- BAD_CAST "");
+ (ctx->requestId != xmlSecXkmsServerRequestIdUnknown &&
+ xmlSecXkmsServerRequestKlassGetName(ctx->requestId)) ?
+ xmlSecXkmsServerRequestKlassGetName(ctx->requestId) :
+ BAD_CAST "NULL");
+
+ xmlSecQName2IntegerDebugDump(gXmlSecXkmsResultMajorInfo,
+ ctx->resultMajor, BAD_CAST "resultMajor", output);
+ xmlSecQName2IntegerDebugDump(gXmlSecXkmsMinorErrorInfo,
+ ctx->resultMinor, BAD_CAST "resultMinor", output);
+
+ fprintf(output, "== id: %s\n",
+ (ctx->id) ? ctx->id : BAD_CAST "");
+ fprintf(output, "== service: %s\n",
+ (ctx->service) ? ctx->service : BAD_CAST "");
+ fprintf(output, "== nonce: %s\n",
+ (ctx->nonce) ? ctx->nonce : BAD_CAST "");
+ fprintf(output, "== originalRequestId: %s\n",
+ (ctx->originalRequestId) ? ctx->originalRequestId : BAD_CAST "");
+ fprintf(output, "== pendingNotificationMechanism: %s\n",
+ (ctx->pendingNotificationMechanism) ?
+ ctx->pendingNotificationMechanism :
+ BAD_CAST "");
+ fprintf(output, "== pendingNotificationIdentifier: %s\n",
+ (ctx->pendingNotificationIdentifier) ?
+ ctx->pendingNotificationIdentifier :
+ BAD_CAST "");
if(ctx->responseLimit != XMLSEC_XKMS_NO_RESPONSE_LIMIT) {
fprintf(output, "== ResponseLimit: %d\n", ctx->responseLimit);
}
- xmlSecQName2BitMaskDebugDump(gXmlSecXkmsResponseMechanismInfo,
- ctx->responseMechanismMask, BAD_CAST "responseMechanism", output);
+ xmlSecQName2BitMaskDebugDump(gXmlSecXkmsResponseMechanismInfo,
+ ctx->responseMechanismMask, BAD_CAST "responseMechanism", output);
- if(ctx->expectedService != NULL) {
+ if(ctx->expectedService != NULL) {
fprintf(output, "== expected service: %s\n", ctx->expectedService);
}
fprintf(output, "== flags: 0x%08x\n", ctx->flags);
@@ -1377,22 +1377,22 @@ xmlSecXkmsServerCtxDebugDump(xmlSecXkmsServerCtxPtr ctx, FILE* output) {
fprintf(output, "== Key Info Read Ctx:\n");
xmlSecKeyInfoCtxDebugDump(&(ctx->keyInfoReadCtx), output);
-
+
fprintf(output, "== Key Info Write Ctx:\n");
xmlSecKeyInfoCtxDebugDump(&(ctx->keyInfoWriteCtx), output);
if(xmlSecPtrListGetSize(&(ctx->enabledRespondWithIds)) > 0) {
- fprintf(output, "== Enabled RespondWith: ");
- xmlSecTransformIdListDebugDump(&(ctx->enabledRespondWithIds), output);
+ fprintf(output, "== Enabled RespondWith: ");
+ xmlSecTransformIdListDebugDump(&(ctx->enabledRespondWithIds), output);
} else {
- fprintf(output, "== Enabled RespondWith: all\n");
+ fprintf(output, "== Enabled RespondWith: all\n");
}
if(xmlSecPtrListGetSize(&(ctx->enabledServerRequestIds)) > 0) {
- fprintf(output, "== Enabled ServerRequest: ");
- xmlSecTransformIdListDebugDump(&(ctx->enabledServerRequestIds), output);
+ fprintf(output, "== Enabled ServerRequest: ");
+ xmlSecTransformIdListDebugDump(&(ctx->enabledServerRequestIds), output);
} else {
- fprintf(output, "== Enabled ServerRequest: all\n");
+ fprintf(output, "== Enabled ServerRequest: all\n");
}
fprintf(output, "== RespondWith List:\n");
@@ -1400,7 +1400,7 @@ xmlSecXkmsServerCtxDebugDump(xmlSecXkmsServerCtxPtr ctx, FILE* output) {
fprintf(output, "== Keys:\n");
xmlSecPtrListDebugDump(&(ctx->keys), output);
-
+
if(ctx->compoundRequestContexts != NULL) {
fprintf(output, "== Compound Request:\n");
xmlSecPtrListDebugDump(ctx->compoundRequestContexts, output);
@@ -1409,28 +1409,28 @@ xmlSecXkmsServerCtxDebugDump(xmlSecXkmsServerCtxPtr ctx, FILE* output) {
/**
* xmlSecXkmsServerCtxDebugXmlDump:
- * @ctx: the pointer to XKMS processing context.
- * @output: the pointer to output FILE.
+ * @ctx: the pointer to XKMS processing context.
+ * @output: the pointer to output FILE.
*
* Prints the debug information about @ctx to @output in XML format.
*/
-void
+void
xmlSecXkmsServerCtxDebugXmlDump(xmlSecXkmsServerCtxPtr ctx, FILE* output) {
xmlSecAssert(ctx != NULL);
xmlSecAssert(output != NULL);
fprintf(output, "<XkmsServerRequestContext name=\"");
- xmlSecPrintXmlString(output,
- (ctx->requestId != xmlSecXkmsServerRequestIdUnknown) ?
- xmlSecXkmsServerRequestKlassGetName(ctx->requestId) :
- BAD_CAST "NULL"
+ xmlSecPrintXmlString(output,
+ (ctx->requestId != xmlSecXkmsServerRequestIdUnknown) ?
+ xmlSecXkmsServerRequestKlassGetName(ctx->requestId) :
+ BAD_CAST "NULL"
);
fprintf(output, "\">\n");
- xmlSecQName2IntegerDebugXmlDump(gXmlSecXkmsResultMajorInfo,
- ctx->resultMajor, BAD_CAST "MajorError", output);
- xmlSecQName2IntegerDebugXmlDump(gXmlSecXkmsMinorErrorInfo,
- ctx->resultMinor, BAD_CAST "MinorError", output);
+ xmlSecQName2IntegerDebugXmlDump(gXmlSecXkmsResultMajorInfo,
+ ctx->resultMajor, BAD_CAST "MajorError", output);
+ xmlSecQName2IntegerDebugXmlDump(gXmlSecXkmsMinorErrorInfo,
+ ctx->resultMinor, BAD_CAST "MinorError", output);
fprintf(output, "<Id>");
xmlSecPrintXmlString(output, ctx->id);
@@ -1447,7 +1447,7 @@ xmlSecXkmsServerCtxDebugXmlDump(xmlSecXkmsServerCtxPtr ctx, FILE* output) {
fprintf(output, "<OriginalRequestId>");
xmlSecPrintXmlString(output, ctx->originalRequestId);
fprintf(output, "</OriginalRequestId>\n");
-
+
fprintf(output, "<PendingNotificationMechanism>");
xmlSecPrintXmlString(output, ctx->pendingNotificationMechanism);
fprintf(output, "</PendingNotificationMechanism>\n");
@@ -1459,14 +1459,14 @@ xmlSecXkmsServerCtxDebugXmlDump(xmlSecXkmsServerCtxPtr ctx, FILE* output) {
if(ctx->responseLimit != XMLSEC_XKMS_NO_RESPONSE_LIMIT) {
fprintf(output, "<ResponseLimit>%d</ResponseLimit>\n", ctx->responseLimit);
}
- xmlSecQName2BitMaskDebugXmlDump(gXmlSecXkmsResponseMechanismInfo,
- ctx->responseMechanismMask, BAD_CAST "ResponseMechanism", output);
+ xmlSecQName2BitMaskDebugXmlDump(gXmlSecXkmsResponseMechanismInfo,
+ ctx->responseMechanismMask, BAD_CAST "ResponseMechanism", output);
fprintf(output, "<ExpectedService>");
xmlSecPrintXmlString(output, ctx->expectedService);
fprintf(output, "</ExpectedService>\n");
-
+
fprintf(output, "<Flags>%08x</Flags>\n", ctx->flags);
fprintf(output, "<Flags2>%08x</Flags2>\n", ctx->flags2);
@@ -1479,19 +1479,19 @@ xmlSecXkmsServerCtxDebugXmlDump(xmlSecXkmsServerCtxPtr ctx, FILE* output) {
fprintf(output, "</KeyInfoWriteCtx>\n");
if(xmlSecPtrListGetSize(&(ctx->enabledRespondWithIds)) > 0) {
- fprintf(output, "<EnabledRespondWith>\n");
- xmlSecTransformIdListDebugXmlDump(&(ctx->enabledRespondWithIds), output);
- fprintf(output, "</EnabledRespondWith>\n");
+ fprintf(output, "<EnabledRespondWith>\n");
+ xmlSecTransformIdListDebugXmlDump(&(ctx->enabledRespondWithIds), output);
+ fprintf(output, "</EnabledRespondWith>\n");
} else {
- fprintf(output, "<EnabledRespondWith>all</EnabledRespondWith>\n");
+ fprintf(output, "<EnabledRespondWith>all</EnabledRespondWith>\n");
}
if(xmlSecPtrListGetSize(&(ctx->enabledServerRequestIds)) > 0) {
- fprintf(output, "<EnabledServerRequest>\n");
- xmlSecTransformIdListDebugXmlDump(&(ctx->enabledServerRequestIds), output);
- fprintf(output, "</EnabledServerRequest>\n");
+ fprintf(output, "<EnabledServerRequest>\n");
+ xmlSecTransformIdListDebugXmlDump(&(ctx->enabledServerRequestIds), output);
+ fprintf(output, "</EnabledServerRequest>\n");
} else {
- fprintf(output, "<EnabledServerRequest>all</EnabledServerRequest>\n");
+ fprintf(output, "<EnabledServerRequest>all</EnabledServerRequest>\n");
}
@@ -1519,7 +1519,7 @@ xmlSecXkmsServerCtxDebugXmlDump(xmlSecXkmsServerCtxPtr ctx, FILE* output) {
* (<xkms:OpaqueClientData>
* <xkms:OpaqueData>?
* )?
- *
+ *
* <xkms:RequestAbstractType Id Service Nonce? OriginalRequestId? ResponseLimit?>
* <ds:Signature>?
* <xkms:MessageExtension>*
@@ -1537,13 +1537,13 @@ xmlSecXkmsServerCtxDebugXmlDump(xmlSecXkmsServerCtxPtr ctx, FILE* output) {
* <complexContent>
* <extension base="xkms:MessageAbstractType">
* <sequence>
- * <element ref="xkms:ResponseMechanism" minOccurs="0"
+ * <element ref="xkms:ResponseMechanism" minOccurs="0"
* maxOccurs="unbounded"/>
- * <element ref="xkms:RespondWith" minOccurs="0"
+ * <element ref="xkms:RespondWith" minOccurs="0"
* maxOccurs="unbounded"/>
* <element ref="xkms:PendingNotification" minOccurs="0"/>
* </sequence>
- * <attribute name="OriginalRequestId" type="anyURI"
+ * <attribute name="OriginalRequestId" type="anyURI"
* use="optional"/>
* <attribute name="ResponseLimit" type="integer" use="optional"/>
* </extension>
@@ -1555,7 +1555,7 @@ xmlSecXkmsServerCtxDebugXmlDump(xmlSecXkmsServerCtxPtr ctx, FILE* output) {
* <complexType name="MessageAbstractType" abstract="true">
* <sequence>
* <element ref="ds:Signature" minOccurs="0"/>
- * <element ref="xkms:MessageExtension" minOccurs="0"
+ * <element ref="xkms:MessageExtension" minOccurs="0"
* maxOccurs="unbounded"/>
* <element ref="xkms:OpaqueClientData" minOccurs="0"/>
* </sequence>
@@ -1565,7 +1565,7 @@ xmlSecXkmsServerCtxDebugXmlDump(xmlSecXkmsServerCtxPtr ctx, FILE* output) {
* </complexType>
* <!-- /MessageAbstractType -->
*/
-static int
+static int
xmlSecXkmsServerCtxRequestAbstractTypeNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr* node) {
xmlNodePtr cur;
xmlChar* tmp;
@@ -1574,7 +1574,7 @@ xmlSecXkmsServerCtxRequestAbstractTypeNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNo
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2((*node) != NULL, -1);
-
+
cur = (*node);
xmlSecAssert2(cur != NULL, -1);
@@ -1582,40 +1582,40 @@ xmlSecXkmsServerCtxRequestAbstractTypeNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNo
xmlSecAssert2(ctx->id == NULL, -1);
ctx->id = xmlGetProp(cur, xmlSecAttrId);
if(ctx->id == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlGetProp",
- XMLSEC_ERRORS_R_XML_FAILED,
- "name=%s;node=%s",
- xmlSecErrorsSafeString(xmlSecAttrId),
- xmlSecErrorsSafeString(cur->name));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlGetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s;node=%s",
+ xmlSecErrorsSafeString(xmlSecAttrId),
+ xmlSecErrorsSafeString(cur->name));
+ return(-1);
+ }
+
/* required Service attribute */
xmlSecAssert2(ctx->service == NULL, -1);
ctx->service = xmlGetProp(cur, xmlSecAttrService);
if(ctx->service == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlGetProp",
- XMLSEC_ERRORS_R_XML_FAILED,
- "name=%s;node=%s",
- xmlSecErrorsSafeString(xmlSecAttrService),
- xmlSecErrorsSafeString(cur->name));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlGetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s;node=%s",
+ xmlSecErrorsSafeString(xmlSecAttrService),
+ xmlSecErrorsSafeString(cur->name));
+ return(-1);
+ }
+
/* check service */
if((ctx->expectedService != NULL) && (!xmlStrEqual(ctx->expectedService, ctx->service))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "expectedService=%s;actualService=%s",
- xmlSecErrorsSafeString(ctx->expectedService),
- xmlSecErrorsSafeString(ctx->service));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "expectedService=%s;actualService=%s",
+ xmlSecErrorsSafeString(ctx->expectedService),
+ xmlSecErrorsSafeString(ctx->service));
+ return(-1);
}
/* optional Nonce attribute */
@@ -1630,106 +1630,106 @@ xmlSecXkmsServerCtxRequestAbstractTypeNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNo
xmlSecAssert2(ctx->responseLimit == XMLSEC_XKMS_NO_RESPONSE_LIMIT, -1);
tmp = xmlGetProp(cur, xmlSecAttrResponseLimit);
if(tmp != NULL) {
- ctx->responseLimit = atoi((char*)tmp);
- xmlFree(tmp);
+ ctx->responseLimit = atoi((char*)tmp);
+ xmlFree(tmp);
}
- /* now read children */
+ /* now read children */
cur = xmlSecGetNextElementNode(cur->children);
-
+
/* first node is optional <dsig:Signature/> node */
if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeSignature, xmlSecDSigNs)) {
- ret = xmlSecXkmsServerCtxSignatureNodeRead(ctx, cur);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxSignatureNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- cur = xmlSecGetNextElementNode(cur->next);
- }
-
+ ret = xmlSecXkmsServerCtxSignatureNodeRead(ctx, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxSignatureNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
/* next is zero or more <xkms:MessageExtension/> nodes */
ret = xmlSecXkmsServerCtxMessageExtensionNodesRead(ctx, &cur);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxMessageExtensionNodesRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxMessageExtensionNodesRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
/* next is optional <xkms:OpaqueClientData/> node */
if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeOpaqueClientData, xmlSecXkmsNs)) {
- ret = xmlSecXkmsServerCtxOpaqueClientDataNodeRead(ctx, cur);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxOpaqueClientDataNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- cur = xmlSecGetNextElementNode(cur->next);
+ ret = xmlSecXkmsServerCtxOpaqueClientDataNodeRead(ctx, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxOpaqueClientDataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
}
/* next is zero or more <xkms:ResponseMechanism/> nodes */
- ret = xmlSecQName2BitMaskNodesRead(gXmlSecXkmsResponseMechanismInfo, &cur,
- xmlSecNodeResponseMechanism, xmlSecXkmsNs,
- ((ctx->flags & XMLSEC_XKMS_SERVER_FLAGS_STOP_ON_UNKNOWN_RESPONSE_MECHANISM) != 0) ? 1 : 0,
- &ctx->responseMechanismMask);
+ ret = xmlSecQName2BitMaskNodesRead(gXmlSecXkmsResponseMechanismInfo, &cur,
+ xmlSecNodeResponseMechanism, xmlSecXkmsNs,
+ ((ctx->flags & XMLSEC_XKMS_SERVER_FLAGS_STOP_ON_UNKNOWN_RESPONSE_MECHANISM) != 0) ? 1 : 0,
+ &ctx->responseMechanismMask);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecQName2BitMaskNodesRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecNodeResponseMechanism));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2BitMaskNodesRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecNodeResponseMechanism));
+ return(-1);
+ }
+
/* next is zero or more <xkms:RespondWith/> nodes */
ret = xmlSecXkmsServerCtxRespondWithNodesRead(ctx, &cur);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxRespondWithNodesRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxRespondWithNodesRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* next is optional <xkms:PendingNotification/> node */
if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodePendingNotification, xmlSecXkmsNs)) {
- ret = xmlSecXkmsServerCtxPendingNotificationNodeRead(ctx, cur);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxPendingNotificationNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- cur = xmlSecGetNextElementNode(cur->next);
- }
-
- (*node) = cur;
+ ret = xmlSecXkmsServerCtxPendingNotificationNodeRead(ctx, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxPendingNotificationNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ (*node) = cur;
return(0);
}
-static int
+static int
xmlSecXkmsServerCtxSignatureNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
-
+
/* todo: verify signature and make sure that correct data was signed */
return(0);
}
-/**
+/**
* <!-- MessageExtension -->
* <element name="MessageExtension" type="xkms:MessageExtensionAbstractType"
* abstract="true"/>
@@ -1746,17 +1746,17 @@ xmlSecXkmsServerCtxMessageExtensionNodesRead(xmlSecXkmsServerCtxPtr ctx, xmlNode
cur = (*node);
while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeMessageExtension, xmlSecXkmsNs)) {
- if(ctx->firtsMsgExtNode == NULL) {
- ctx->firtsMsgExtNode = cur;
- }
- cur = xmlSecGetNextElementNode(cur->next);
+ if(ctx->firtsMsgExtNode == NULL) {
+ ctx->firtsMsgExtNode = cur;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
}
- (*node) = cur;
+ (*node) = cur;
return(0);
}
-static int
+static int
xmlSecXkmsServerCtxOpaqueClientDataNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->opaqueClientDataNode == NULL, -1);
@@ -1777,48 +1777,48 @@ xmlSecXkmsServerCtxRespondWithNodesRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr*
cur = (*node);
while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeRespondWith, xmlSecXkmsNs)) {
- xmlSecXkmsRespondWithId id = xmlSecXkmsRespondWithIdUnknown;
-
- if(xmlSecPtrListGetSize(&(ctx->enabledRespondWithIds)) > 0) {
- id = xmlSecXkmsRespondWithIdListFindByNodeValue(&(ctx->enabledRespondWithIds), cur);
- } else {
- id = xmlSecXkmsRespondWithIdListFindByNodeValue(xmlSecXkmsRespondWithIdsGet(), cur);
- }
-
- if(id != xmlSecXkmsRespondWithIdUnknown) {
- ret = xmlSecXkmsRespondWithNodeRead(id, ctx, cur);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecCreateTree",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- } else if((ctx->flags & XMLSEC_XKMS_SERVER_FLAGS_STOP_ON_UNKNOWN_RESPOND_WITH) != 0) {
+ xmlSecXkmsRespondWithId id = xmlSecXkmsRespondWithIdUnknown;
+
+ if(xmlSecPtrListGetSize(&(ctx->enabledRespondWithIds)) > 0) {
+ id = xmlSecXkmsRespondWithIdListFindByNodeValue(&(ctx->enabledRespondWithIds), cur);
+ } else {
+ id = xmlSecXkmsRespondWithIdListFindByNodeValue(xmlSecXkmsRespondWithIdsGet(), cur);
+ }
+
+ if(id != xmlSecXkmsRespondWithIdUnknown) {
+ ret = xmlSecXkmsRespondWithNodeRead(id, ctx, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCreateTree",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else if((ctx->flags & XMLSEC_XKMS_SERVER_FLAGS_STOP_ON_UNKNOWN_RESPOND_WITH) != 0) {
xmlChar* content ;
-
+
content = xmlNodeGetContent(cur);
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s,value=%s",
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s,value=%s",
xmlSecErrorsSafeString(cur->name),
xmlSecErrorsSafeString(content));
if(content != NULL) {
xmlFree(content);
}
- return(-1);
- }
- cur = xmlSecGetNextElementNode(cur->next);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
}
-
- (*node) = cur;
+
+ (*node) = cur;
return(0);
}
-/**
+/**
* XML Schema:
* <!-- PendingNotification -->
* <element name="PendingNotification" type="xkms:PendingNotificationType"/>
@@ -1828,7 +1828,7 @@ xmlSecXkmsServerCtxRespondWithNodesRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr*
* </complexType>
* <!-- /PendingNotification -->
*/
-static int
+static int
xmlSecXkmsServerCtxPendingNotificationNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
@@ -1836,29 +1836,29 @@ xmlSecXkmsServerCtxPendingNotificationNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNo
xmlSecAssert2(ctx->pendingNotificationMechanism == NULL, -1);
ctx->pendingNotificationMechanism = xmlGetProp(node, xmlSecAttrMechanism);
if(ctx->pendingNotificationMechanism == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlGetProp",
- XMLSEC_ERRORS_R_XML_FAILED,
- "name=%s;node=%s",
- xmlSecErrorsSafeString(xmlSecAttrMechanism),
- xmlSecErrorsSafeString(node->name));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlGetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s;node=%s",
+ xmlSecErrorsSafeString(xmlSecAttrMechanism),
+ xmlSecErrorsSafeString(node->name));
+ return(-1);
}
xmlSecAssert2(ctx->pendingNotificationIdentifier == NULL, -1);
ctx->pendingNotificationIdentifier = xmlGetProp(node, xmlSecAttrIdentifier);
if(ctx->pendingNotificationIdentifier == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlGetProp",
- XMLSEC_ERRORS_R_XML_FAILED,
- "name=%s;node=%s",
- xmlSecErrorsSafeString(xmlSecAttrIdentifier),
- xmlSecErrorsSafeString(node->name));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlGetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s;node=%s",
+ xmlSecErrorsSafeString(xmlSecAttrIdentifier),
+ xmlSecErrorsSafeString(node->name));
+ return(-1);
+ }
+
return(0);
}
@@ -1872,11 +1872,11 @@ xmlSecXkmsServerCtxPendingNotificationNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNo
* <xkms:ResponseMechanism>*
* <xkms:RespondWith>*
* <xkms:PendingNotification Mechanism Identifier>?
- *
+ *
* XML Schema:
*
- * <!-- PendingRequest -->
- * <element name="PendingRequest" type="xkms:PendingRequestType"/>
+ * <!-- PendingRequest -->
+ * <element name="PendingRequest" type="xkms:PendingRequestType"/>
* <complexType name="PendingRequestType">
* <complexContent>
* <extension base="xkms:RequestAbstractType">
@@ -1884,24 +1884,24 @@ xmlSecXkmsServerCtxPendingNotificationNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNo
* </extension>
* </complexContent>
* </complexType>
- * <!-- /PendingRequest --> *
+ * <!-- /PendingRequest --> *
*/
-static int
+static int
xmlSecXkmsServerCtxPendingRequestNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr* node) {
int ret;
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
-
+
/* first read "parent" type */
ret = xmlSecXkmsServerCtxRequestAbstractTypeNodeRead(ctx, node);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxRequestAbstractTypeNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxRequestAbstractTypeNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* todo: read responseId */
@@ -1914,67 +1914,67 @@ xmlSecXkmsServerCtxPendingRequestNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr
* <xkms:KeyUsage>?
* <xkms:KeyUsage>?
* <xkms:KeyUsage>?
- * <xkms:UseKeyWith Application Identifier>*
+ * <xkms:UseKeyWith Application Identifier>*
* <xkms:TimeInstant Time>?
- *
+ *
* XML Schema:
* <!-- QueryKeyBinding -->
* <element name="QueryKeyBinding" type="xkms:QueryKeyBindingType"/>
* <complexType name="QueryKeyBindingType">
* <complexContent>
* <extension base="xkms:KeyBindingAbstractType">
- * <sequence>
- * <element ref="xkms:TimeInstant" minOccurs="0"/>
- * </sequence>
- * </extension>
- * </complexContent>
+ * <sequence>
+ * <element ref="xkms:TimeInstant" minOccurs="0"/>
+ * </sequence>
+ * </extension>
+ * </complexContent>
* </complexType>
* <!-- /QueryKeyBinding -->
*/
-static int
+static int
xmlSecXkmsServerCtxQueryKeyBindingNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
-
+
/* first read "parent" type */
cur = node;
ret = xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeRead(ctx, &cur);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* next is optional <xkms:TimeInstant/> node */
if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeTimeInstant, xmlSecXkmsNs)) {
- ret = xmlSecXkmsServerCtxTimeInstantNodeRead(ctx, cur);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxTimeInstantNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- cur = xmlSecGetNextElementNode(cur->next);
+ ret = xmlSecXkmsServerCtxTimeInstantNodeRead(ctx, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxTimeInstantNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
}
/* check that there is nothing after the last node */
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
return(0);
}
@@ -1992,66 +1992,66 @@ xmlSecXkmsServerCtxQueryKeyBindingNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePt
* <sequence>
* <element ref="ds:KeyInfo" minOccurs="0"/>
* <element ref="xkms:KeyUsage" minOccurs="0" maxOccurs="3"/>
- * <element ref="xkms:UseKeyWith" minOccurs="0"
+ * <element ref="xkms:UseKeyWith" minOccurs="0"
* maxOccurs="unbounded"/>
* </sequence>
* <attribute name="Id" type="ID" use="optional"/>
* </complexType>
* <!-- /KeyBindingAbstractType-->
*/
-static int
+static int
xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr* node) {
xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2((*node) != NULL, -1);
-
+
cur = (*node);
xmlSecAssert2(cur != NULL, -1);
-
+
/* we don't care about Id attribute in this node */
cur = xmlSecGetNextElementNode(cur->children);
-
+
/* first node is optional <dsig:KeyInfo/> node. for now we only remember pointer */
xmlSecAssert2(ctx->keyInfoNode == NULL, -1);
if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) {
- ctx->keyInfoNode = cur;
- cur = xmlSecGetNextElementNode(cur->next);
+ ctx->keyInfoNode = cur;
+ cur = xmlSecGetNextElementNode(cur->next);
}
-
+
/* next is zero or more <xkms:KeyUsage/> nodes */
ret = xmlSecQName2BitMaskNodesRead(gXmlSecXkmsKeyUsageInfo, &cur,
- xmlSecNodeKeyUsage, xmlSecXkmsNs,
+ xmlSecNodeKeyUsage, xmlSecXkmsNs,
((ctx->flags & XMLSEC_XKMS_SERVER_FLAGS_STOP_ON_UNKNOWN_KEY_USAGE) != 0) ? 1 : 0,
- &(ctx->keyInfoReadCtx.keyReq.keyUsage));
+ &(ctx->keyInfoReadCtx.keyReq.keyUsage));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecQName2BitMaskNodesRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecNodeKeyUsage));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2BitMaskNodesRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyUsage));
+ return(-1);
+ }
+
/* next is zero or more <xkms:UseKeyWith/> nodes */
ret = xmlSecXkmsServerCtxUseKeyWithNodesRead(ctx, &cur);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxUseKeyWithNodesRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxUseKeyWithNodesRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
(*node) = cur;
return(0);
}
-static int
+static int
xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecKeyPtr key) {
xmlNodePtr cur;
int ret;
@@ -2063,65 +2063,65 @@ xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeWrite(xmlSecXkmsServerCtxPtr ctx, x
/* generate and add Id attribute */
ret = xmlSecGenerateAndAddID(node, xmlSecAttrId, ctx->idPrefix, ctx->idLen);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGenerateAndAddID",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGenerateAndAddID",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* <dsig:KeyInfo/> node */
cur = xmlSecAddChild(node, xmlSecNodeKeyInfo, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
+ return(-1);
}
ret = xmlSecXkmsServerCtxKeyInfoNodeWrite(ctx, cur, key);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxKeyInfoNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxKeyInfoNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
/* next is <xkms:KeyUsage/> node */
ret = xmlSecQName2BitMaskNodesWrite(gXmlSecXkmsKeyUsageInfo, node,
- xmlSecNodeKeyUsage, xmlSecXkmsNs,
- key->usage);
+ xmlSecNodeKeyUsage, xmlSecXkmsNs,
+ key->usage);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecQName2BitMaskNodesWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecNodeKeyUsage));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2BitMaskNodesWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyUsage));
+ return(-1);
}
/* and the last node is <xkms:UseKeyWith/> */
ret = xmlSecXkmsServerCtxUseKeyWithNodesWrite(ctx, node, key);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxUseKeyWithNodesWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxUseKeyWithNodesWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
return(0);
}
-static int
+static int
xmlSecXkmsServerCtxKeyInfoNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecKeyPtr key) {
int ret;
@@ -2132,22 +2132,22 @@ xmlSecXkmsServerCtxKeyInfoNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node,
/* add child nodes as requested in <xkms:RespondWith/> nodes */
ret = xmlSecXkmsRespondWithIdListWrite(&(ctx->respWithList), ctx, node);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsRespondWithIdListWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdListWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ret = xmlSecKeyInfoNodeWrite(node, key, &(ctx->keyInfoWriteCtx));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyInfoNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
@@ -2172,7 +2172,7 @@ xmlSecXkmsServerCtxUseKeyWithNodesRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr* n
xmlChar* application;
xmlChar* identifier;
int ret;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
@@ -2181,64 +2181,64 @@ xmlSecXkmsServerCtxUseKeyWithNodesRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr* n
cur = (*node);
while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeUseKeyWith, xmlSecXkmsNs)) {
- application = xmlGetProp(cur, xmlSecAttrApplication);
- if(application == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlGetProp",
- XMLSEC_ERRORS_R_XML_FAILED,
- "name=%s;node=%s",
- xmlSecErrorsSafeString(xmlSecAttrApplication),
- xmlSecErrorsSafeString(cur->name));
- return(-1);
- }
-
- identifier = xmlGetProp(cur, xmlSecAttrIdentifier);
- if(identifier == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlGetProp",
- XMLSEC_ERRORS_R_XML_FAILED,
- "name=%s;node=%s",
- xmlSecErrorsSafeString(xmlSecAttrIdentifier),
- xmlSecErrorsSafeString(cur->name));
- xmlFree(application);
- return(-1);
- }
-
- keyUseWith = xmlSecKeyUseWithCreate(application, identifier);
- if(keyUseWith == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyUseWithCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(application);
- xmlFree(identifier);
- return(-1);
- }
- xmlFree(application);
- xmlFree(identifier);
-
- ret = xmlSecPtrListAdd(list, keyUseWith);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyUseWithDestroy(keyUseWith);
- return(-1);
- }
-
- cur = xmlSecGetNextElementNode(cur->next);
- }
-
- (*node) = cur;
+ application = xmlGetProp(cur, xmlSecAttrApplication);
+ if(application == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlGetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s;node=%s",
+ xmlSecErrorsSafeString(xmlSecAttrApplication),
+ xmlSecErrorsSafeString(cur->name));
+ return(-1);
+ }
+
+ identifier = xmlGetProp(cur, xmlSecAttrIdentifier);
+ if(identifier == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlGetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s;node=%s",
+ xmlSecErrorsSafeString(xmlSecAttrIdentifier),
+ xmlSecErrorsSafeString(cur->name));
+ xmlFree(application);
+ return(-1);
+ }
+
+ keyUseWith = xmlSecKeyUseWithCreate(application, identifier);
+ if(keyUseWith == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyUseWithCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(application);
+ xmlFree(identifier);
+ return(-1);
+ }
+ xmlFree(application);
+ xmlFree(identifier);
+
+ ret = xmlSecPtrListAdd(list, keyUseWith);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyUseWithDestroy(keyUseWith);
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ (*node) = cur;
return(0);
}
-static int
+static int
xmlSecXkmsServerCtxUseKeyWithNodesWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecKeyPtr key) {
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
@@ -2249,7 +2249,7 @@ xmlSecXkmsServerCtxUseKeyWithNodesWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr n
}
-static int
+static int
xmlSecXkmsServerCtxTimeInstantNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
@@ -2275,174 +2275,174 @@ xmlSecXkmsServerCtxTimeInstantNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr no
* <extension base="xkms:MessageAbstractType">
* <sequence>
* <element ref="xkms:RequestSignatureValue" minOccurs="0"/>
- * </sequence>
- * <attribute name="ResultMajor" type="QName" use="required"/>
- * <attribute name="ResultMinor" type="QName" use="optional"/>
- * <attribute name="RequestId" type="anyURI" use="optional"/>
- * </extension>
- * </complexContent>
+ * </sequence>
+ * <attribute name="ResultMajor" type="QName" use="required"/>
+ * <attribute name="ResultMinor" type="QName" use="optional"/>
+ * <attribute name="RequestId" type="anyURI" use="optional"/>
+ * </extension>
+ * </complexContent>
* </complexType>
* <!-- /ResultType -->
*/
-static int
+static int
xmlSecXkmsServerCtxResultTypeNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
int ret;
-
+
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
/* generate and add Id attribute */
ret = xmlSecGenerateAndAddID(node, xmlSecAttrId, ctx->idPrefix, ctx->idLen);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGenerateAndAddID",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGenerateAndAddID",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* todo: generate nonce? */
- /* set Service atribute (required) */
+ /* set Service atribute (required) */
if((ctx->service == NULL) || (xmlSetProp(node, xmlSecAttrService, ctx->service) == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSetProp",
- XMLSEC_ERRORS_R_XML_FAILED,
- "name=%s,value=%s",
- xmlSecErrorsSafeString(xmlSecAttrService),
- xmlSecErrorsSafeString(ctx->service));
- return(-1);
- }
-
-
- /* set RequestId atribute (optional) */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrService),
+ xmlSecErrorsSafeString(ctx->service));
+ return(-1);
+ }
+
+
+ /* set RequestId atribute (optional) */
if((ctx->id != NULL) && (xmlSetProp(node, xmlSecAttrRequestId, ctx->id) == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSetProp",
- XMLSEC_ERRORS_R_XML_FAILED,
- "name=%s,value=%s",
- xmlSecErrorsSafeString(xmlSecAttrRequestId),
- xmlSecErrorsSafeString(ctx->id));
- return(-1);
- }
-
-
- /* set major code (required) */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrRequestId),
+ xmlSecErrorsSafeString(ctx->id));
+ return(-1);
+ }
+
+
+ /* set major code (required) */
ret = xmlSecQName2IntegerAttributeWrite(gXmlSecXkmsResultMajorInfo, node,
- xmlSecAttrResultMajor, ctx->resultMajor);
+ xmlSecAttrResultMajor, ctx->resultMajor);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecQName2IntegerAttributeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s,value=%d",
- xmlSecErrorsSafeString(xmlSecAttrResultMajor),
- ctx->resultMajor);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerAttributeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s,value=%d",
+ xmlSecErrorsSafeString(xmlSecAttrResultMajor),
+ ctx->resultMajor);
+ return(-1);
}
- /* set minor code (optional) */
+ /* set minor code (optional) */
if(ctx->resultMinor != xmlSecXkmsResultMinorNone) {
ret = xmlSecQName2IntegerAttributeWrite(gXmlSecXkmsMinorErrorInfo, node,
- xmlSecAttrResultMinor, ctx->resultMinor);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecQName2IntegerAttributeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s,value=%d",
- xmlSecErrorsSafeString(xmlSecAttrResultMinor),
- ctx->resultMinor);
- return(-1);
- }
+ xmlSecAttrResultMinor, ctx->resultMinor);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerAttributeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s,value=%d",
+ xmlSecErrorsSafeString(xmlSecAttrResultMinor),
+ ctx->resultMinor);
+ return(-1);
+ }
}
/* todo: create signature template */
-
+
/* todo: create message extension nodes? */
- /* <xkms:OpaqueClientData/>: An XKMS service SHOULD return the value of
- * the <OpaqueClientData> element unmodified in a request in a response
+ /* <xkms:OpaqueClientData/>: An XKMS service SHOULD return the value of
+ * the <OpaqueClientData> element unmodified in a request in a response
* with status code Succes */
if((ctx->resultMajor == xmlSecXkmsResultMajorSuccess) && (ctx->opaqueClientDataNode != NULL)) {
xmlNodePtr copyNode;
- copyNode = xmlDocCopyNode(ctx->opaqueClientDataNode, node->doc, 1);
- if(copyNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSetProp",
- XMLSEC_ERRORS_R_XML_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(ctx->opaqueClientDataNode->name));
- return(-1);
- }
-
- if(xmlSecAddChildNode(node, copyNode) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChildNode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(copyNode->name));
- return(-1);
- }
+ copyNode = xmlDocCopyNode(ctx->opaqueClientDataNode, node->doc, 1);
+ if(copyNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(ctx->opaqueClientDataNode->name));
+ return(-1);
+ }
+
+ if(xmlSecAddChildNode(node, copyNode) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChildNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(copyNode->name));
+ return(-1);
+ }
}
ret = xmlSecXkmsServerCtxRequestSignatureValueNodeWrite(ctx, node);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxRequestSignatureValueNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxRequestSignatureValueNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
-/**
- * A service SHOULD include the <RequestSignatureValue> element in a response
- * if the following conditions are satisfied and MUST NOT include the value
+/**
+ * A service SHOULD include the <RequestSignatureValue> element in a response
+ * if the following conditions are satisfied and MUST NOT include the value
* otherwise:
*
*
* - The <ds:Signature> element was present in the corresponding request
- * - The service successfully verified the <ds:Signature> element in the
+ * - The service successfully verified the <ds:Signature> element in the
* corresponding request, and
* - The ResponseMechanism RequestSignatureValue was specified.
- *
+ *
*/
-static int
+static int
xmlSecXkmsServerCtxRequestSignatureValueNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
-
+
/* todo: check all conditions for RequestSignatureValue */
if((ctx->responseMechanismMask & XMLSEC_XKMS_RESPONSE_MECHANISM_MASK_REQUEST_SIGNATURE_VALUE) == 0) {
- /* The ResponseMechanism RequestSignatureValue was not specified. */
- return(0);
+ /* The ResponseMechanism RequestSignatureValue was not specified. */
+ return(0);
}
-
+
/* todo: write RequestSignatureValue */
return(0);
}
-/**
- *
+/**
+ *
* <xkms:UnverifiedKeyBindingType Id?>
* <ds:KeyInfo>?
* <xkms:KeyUsage>?
* <xkms:KeyUsage>?
* <xkms:KeyUsage>?
- * <xkms:UseKeyWith Application Identifier>*
+ * <xkms:UseKeyWith Application Identifier>*
* <xkms:ValidityInterval NotBefore NotOnOrAfter>?
- *
+ *
* XML Schema:
*
* <!-- UnverifiedKeyBinding -->
@@ -2458,7 +2458,7 @@ xmlSecXkmsServerCtxRequestSignatureValueNodeWrite(xmlSecXkmsServerCtxPtr ctx, xm
* </complexType>
* <!-- /UnverifiedKeyBinding -->
*/
-static int
+static int
xmlSecXkmsServerCtxUnverifiedKeyBindingNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecKeyPtr key) {
int ret;
@@ -2467,47 +2467,47 @@ xmlSecXkmsServerCtxUnverifiedKeyBindingNodeWrite(xmlSecXkmsServerCtxPtr ctx, xml
xmlSecAssert2(node != NULL, -1);
/* first write "parent" type */
- ret = xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeWrite(ctx, node, key);
+ ret = xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeWrite(ctx, node, key);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
/* <xkms:ValidityInterval/> node */
- ret = xmlSecXkmsServerCtxValidityIntervalNodeWrite(ctx, node, key);
+ ret = xmlSecXkmsServerCtxValidityIntervalNodeWrite(ctx, node, key);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxValidityIntervalNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxValidityIntervalNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
-static int
+static int
xmlSecXkmsServerCtxValidityIntervalNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecKeyPtr key) {
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(node != NULL, -1);
-
+
/* todo: write key validity interval */
return(0);
}
-/**
+/**
* <xkms:KeyBinding Id?>
* <ds:KeyInfo>?
* <xkms:KeyUsage>?
* <xkms:KeyUsage>?
* <xkms:KeyUsage>?
- * <xkms:UseKeyWith Application Identifier>*
+ * <xkms:UseKeyWith Application Identifier>*
* <xkms:ValidityInterval NotBefore NotOnOrAfter>?
* <xkms:Status StatusValue>
* (<xkms:ValidReason>?
@@ -2516,13 +2516,13 @@ xmlSecXkmsServerCtxValidityIntervalNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNode
* )*
*
* XML Schema:
- *
- * <!-- KeyBinding -->
- * <element name="KeyBinding" type="xkms:KeyBindingType"/>
- * <complexType name="KeyBindingType">
- * <complexContent>
- * <extension base="xkms:UnverifiedKeyBindingType">
- * <sequence>
+ *
+ * <!-- KeyBinding -->
+ * <element name="KeyBinding" type="xkms:KeyBindingType"/>
+ * <complexType name="KeyBindingType">
+ * <complexContent>
+ * <extension base="xkms:UnverifiedKeyBindingType">
+ * <sequence>
* <element ref="xkms:Status"/>
* </sequence>
* </extension>
@@ -2530,7 +2530,7 @@ xmlSecXkmsServerCtxValidityIntervalNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNode
* </complexType>
* <!-- /KeyBinding -->
*/
-static int
+static int
xmlSecXkmsServerCtxKeyBindingNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecKeyPtr key) {
int ret;
@@ -2539,25 +2539,25 @@ xmlSecXkmsServerCtxKeyBindingNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr no
xmlSecAssert2(node != NULL, -1);
/* first write "parent" type */
- ret = xmlSecXkmsServerCtxUnverifiedKeyBindingNodeWrite(ctx, node, key);
+ ret = xmlSecXkmsServerCtxUnverifiedKeyBindingNodeWrite(ctx, node, key);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* <xkms:Status/> node */
- ret = xmlSecXkmsServerCtxKeyBindingStatusNodeWrite(ctx, node, key);
+ ret = xmlSecXkmsServerCtxKeyBindingStatusNodeWrite(ctx, node, key);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxKeyBindingStatusNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxKeyBindingStatusNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
@@ -2569,21 +2569,21 @@ xmlSecXkmsServerCtxKeyBindingNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr no
* <xkms:IndeterminateReason>?
* <xkms:InvalidReason>?
* )*
- *
+ *
* XML Schema:
*
- * <!-- Status -->
+ * <!-- Status -->
* <element name="Status" type="xkms:StatusType"/>
* <complexType name="StatusType">
* <sequence>
- * <element ref="xkms:ValidReason" minOccurs="0"
+ * <element ref="xkms:ValidReason" minOccurs="0"
* maxOccurs="unbounded"/>
- * <element ref="xkms:IndeterminateReason" minOccurs="0"
+ * <element ref="xkms:IndeterminateReason" minOccurs="0"
* maxOccurs="unbounded"/>
- * <element ref="xkms:InvalidReason" minOccurs="0"
+ * <element ref="xkms:InvalidReason" minOccurs="0"
* maxOccurs="unbounded"/>
* </sequence>
- * <attribute name="StatusValue" type="xkms:KeyBindingStatus"
+ * <attribute name="StatusValue" type="xkms:KeyBindingStatus"
* use="required"/>
* </complexType>
* <simpleType name="KeyBindingStatus">
@@ -2595,7 +2595,7 @@ xmlSecXkmsServerCtxKeyBindingNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr no
* </simpleType>
* <!-- /Status -->
*/
-static int
+static int
xmlSecXkmsServerCtxKeyBindingStatusNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecKeyPtr key) {
xmlNodePtr cur;
int ret;
@@ -2606,28 +2606,28 @@ xmlSecXkmsServerCtxKeyBindingStatusNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNode
cur = xmlSecAddChild(node, xmlSecNodeStatus, xmlSecXkmsNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeStatus));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeStatus));
+ return(-1);
}
/* if we are here then the key was validated */
- ret = xmlSecQName2IntegerAttributeWrite(gXmlSecXkmsKeyBindingStatusInfo, cur,
- xmlSecAttrStatusValue, xmlSecXkmsKeyBindingStatusValid);
+ ret = xmlSecQName2IntegerAttributeWrite(gXmlSecXkmsKeyBindingStatusInfo, cur,
+ xmlSecAttrStatusValue, xmlSecXkmsKeyBindingStatusValid);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecQName2IntegerAttributeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecAttrStatusValue));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerAttributeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecAttrStatusValue));
+ return(-1);
+ }
+
/* todo: write the reasons */
return(0);
}
@@ -2636,16 +2636,16 @@ xmlSecXkmsServerCtxKeyBindingStatusNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNode
*
* xmlSecXkmsServerCtx list
*
- ************************************************************************/
+ ************************************************************************/
static xmlSecPtrListKlass xmlSecXkmsServerCtxPtrListKlass = {
BAD_CAST "xkms-server-ctx-list",
- NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
- (xmlSecPtrDestroyItemMethod)xmlSecXkmsServerCtxDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
- (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsServerCtxDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
- (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsServerCtxDebugXmlDump, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+ NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ (xmlSecPtrDestroyItemMethod)xmlSecXkmsServerCtxDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsServerCtxDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsServerCtxDebugXmlDump, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
};
-xmlSecPtrListId
+xmlSecPtrListId
xmlSecXkmsServerCtxPtrListGetKlass(void) {
return(&xmlSecXkmsServerCtxPtrListKlass);
}
@@ -2659,11 +2659,11 @@ xmlSecXkmsServerCtxPtrListGetKlass(void) {
static xmlSecPtrList xmlSecAllXkmsRespondWithIds;
-/**
+/**
* xmlSecXkmsRespondWithIdsGet:
*
* Gets global registered RespondWith klasses list.
- *
+ *
* Returns: the pointer to list of all registered RespondWith klasses.
*/
xmlSecPtrListPtr
@@ -2671,45 +2671,45 @@ xmlSecXkmsRespondWithIdsGet(void) {
return(&xmlSecAllXkmsRespondWithIds);
}
-/**
+/**
* xmlSecXkmsRespondWithIdsInit:
*
- * Initializes the RespondWith klasses. This function is called from the
+ * Initializes the RespondWith klasses. This function is called from the
* #xmlSecInit function and the application should not call it directly.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecXkmsRespondWithIdsInit(void) {
int ret;
-
+
ret = xmlSecPtrListInitialize(xmlSecXkmsRespondWithIdsGet(), xmlSecXkmsRespondWithIdListId);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListPtrInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecXkmsRespondWithIdListId");
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListPtrInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecXkmsRespondWithIdListId");
return(-1);
}
-
+
ret = xmlSecXkmsRespondWithIdsRegisterDefault();
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsRespondWithIdsRegisterDefault",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsRegisterDefault",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
+
return(0);
}
/**
* xmlSecXkmsRespondWithIdsShutdown:
- *
- * Shuts down the keys data klasses. This function is called from the
+ *
+ * Shuts down the keys data klasses. This function is called from the
* #xmlSecShutdown function and the application should not call it directly.
*/
void
@@ -2717,32 +2717,32 @@ xmlSecXkmsRespondWithIdsShutdown(void) {
xmlSecPtrListFinalize(xmlSecXkmsRespondWithIdsGet());
}
-/**
+/**
* xmlSecXkmsRespondWithIdsRegister:
- * @id: the RespondWith klass.
+ * @id: the RespondWith klass.
*
* Registers @id in the global list of RespondWith klasses.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithId id) {
int ret;
-
+
xmlSecAssert2(id != xmlSecXkmsRespondWithIdUnknown, -1);
-
+
ret = xmlSecPtrListAdd(xmlSecXkmsRespondWithIdsGet(), (xmlSecPtr)id);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "RespondWith=%s",
- xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "RespondWith=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)));
return(-1);
}
-
- return(0);
+
+ return(0);
}
/**
@@ -2753,98 +2753,98 @@ xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithId id) {
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecXkmsRespondWithIdsRegisterDefault(void) {
if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithKeyNameId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsRespondWithIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithKeyNameId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithKeyNameId)));
+ return(-1);
}
if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithKeyValueId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsRespondWithIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithKeyValueId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithKeyValueId)));
+ return(-1);
}
if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithPrivateKeyId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsRespondWithIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithPrivateKeyId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithPrivateKeyId)));
+ return(-1);
}
if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithRetrievalMethodId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsRespondWithIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithRetrievalMethodId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithRetrievalMethodId)));
+ return(-1);
}
if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithX509CertId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsRespondWithIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithX509CertId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithX509CertId)));
+ return(-1);
}
if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithX509ChainId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsRespondWithIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithX509ChainId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithX509ChainId)));
+ return(-1);
}
if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithX509CRLId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsRespondWithIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithX509CRLId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithX509CRLId)));
+ return(-1);
}
/* TODO: OCSP, PGP, PGPWeb, SPKI */
/*
if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithPGPId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsRespondWithIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithPGPId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithPGPId)));
+ return(-1);
}
if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithSPKIId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsRespondWithIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithSPKIId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithSPKIId)));
+ return(-1);
}
*/
return(0);
@@ -2855,78 +2855,78 @@ xmlSecXkmsRespondWithIdsRegisterDefault(void) {
*
* XKMS RespondWith Klass
*
- ************************************************************************/
+ ************************************************************************/
/**
* xmlSecXkmsRespondWithNodeRead:
- * @id: the RespondWith class.
- * @ctx: the XKMS request processing context.
- * @node: the pointer to <xkms:RespondWith/> node.
+ * @id: the RespondWith class.
+ * @ctx: the XKMS request processing context.
+ * @node: the pointer to <xkms:RespondWith/> node.
*
* Reads the content of the <xkms:RespondWith/> @node.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecXkmsRespondWithNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node) {
+ xmlNodePtr node) {
xmlSecAssert2(id != xmlSecXkmsRespondWithIdUnknown, -1);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
if(id->readNode != NULL) {
- return((id->readNode)(id, ctx, node));
+ return((id->readNode)(id, ctx, node));
}
return(0);
}
/**
* xmlSecXkmsRespondWithNodeWrite:
- * @id: the RespondWith class.
- * @ctx: the XKMS request processing context.
- * @node: the pointer to <xkms:RespondWith/> node.
+ * @id: the RespondWith class.
+ * @ctx: the XKMS request processing context.
+ * @node: the pointer to <xkms:RespondWith/> node.
*
* Writes the content of the <xkms:RespondWith/> @node.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecXkmsRespondWithNodeWrite(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node) {
+ xmlNodePtr node) {
xmlSecAssert2(id != xmlSecXkmsRespondWithIdUnknown, -1);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
if(id->writeNode != NULL) {
- return((id->writeNode)(id, ctx, node));
+ return((id->writeNode)(id, ctx, node));
}
return(0);
}
/**
* xmlSecXkmsRespondWithDebugDump:
- * @id: the RespondWith class.
- * @output: the output file.
+ * @id: the RespondWith class.
+ * @output: the output file.
*
* Writes debug information about @id into the @output.
*/
-void
+void
xmlSecXkmsRespondWithDebugDump(xmlSecXkmsRespondWithId id, FILE* output) {
xmlSecAssert(id != xmlSecXkmsRespondWithIdUnknown);
xmlSecAssert(output != NULL);
- fprintf(output, "=== RespondWith: \"%s\" (href=\"%s\")\n",
+ fprintf(output, "=== RespondWith: \"%s\" (href=\"%s\")\n",
xmlSecErrorsSafeString(id->valueName),
xmlSecErrorsSafeString(id->valueNs));
}
/**
* xmlSecXkmsRespondWithDebugXmlDump:
- * @id: the RespondWith class.
- * @output: the output file.
+ * @id: the RespondWith class.
+ * @output: the output file.
*
* Writes debug information about @id into the @output in XML format.
*/
-void
+void
xmlSecXkmsRespondWithDebugXmlDump(xmlSecXkmsRespondWithId id, FILE* output) {
xmlSecAssert(id != xmlSecXkmsRespondWithIdUnknown);
xmlSecAssert(output != NULL);
@@ -2938,9 +2938,9 @@ xmlSecXkmsRespondWithDebugXmlDump(xmlSecXkmsRespondWithId id, FILE* output) {
fprintf(output, "</RespondWith>\n");
}
-int
+int
xmlSecXkmsRespondWithDefaultNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node) {
+ xmlNodePtr node) {
int ret;
xmlSecAssert2(id != xmlSecXkmsRespondWithIdUnknown, -1);
@@ -2949,33 +2949,33 @@ xmlSecXkmsRespondWithDefaultNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServe
ret = xmlSecXkmsRespondWithIdListFind(&(ctx->respWithList), id);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
- "xmlSecXkmsRespondWithIdListFind",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
+ "xmlSecXkmsRespondWithIdListFind",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
} else if(ret > 0) {
- /* do nothing, we already have it in the list */
- return(0);
- }
-
+ /* do nothing, we already have it in the list */
+ return(0);
+ }
+
ret = xmlSecPtrListAdd(&(ctx->respWithList), id);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
-int
+int
xmlSecXkmsRespondWithDefaultNodeWrite(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node) {
+ xmlNodePtr node) {
xmlNodePtr cur;
xmlSecAssert2(id != xmlSecXkmsRespondWithIdUnknown, -1);
@@ -2985,13 +2985,13 @@ xmlSecXkmsRespondWithDefaultNodeWrite(xmlSecXkmsRespondWithId id, xmlSecXkmsServ
cur = xmlSecAddChild(node, id->nodeName, id->nodeNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(id->nodeName));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(id->nodeName));
+ return(-1);
}
return(0);
@@ -3001,37 +3001,37 @@ xmlSecXkmsRespondWithDefaultNodeWrite(xmlSecXkmsRespondWithId id, xmlSecXkmsServ
*
* XKMS RespondWith Klass List
*
- ************************************************************************/
+ ************************************************************************/
static xmlSecPtrListKlass xmlSecXkmsRespondWithIdListKlass = {
BAD_CAST "respond-with-ids-list",
- NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
- NULL, /* xmlSecPtrDestroyItemMethod destroyItem; */
- (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsRespondWithDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
- (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsRespondWithDebugXmlDump, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+ NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ NULL, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsRespondWithDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsRespondWithDebugXmlDump, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
};
-xmlSecPtrListId
+xmlSecPtrListId
xmlSecXkmsRespondWithIdListGetKlass(void) {
return(&xmlSecXkmsRespondWithIdListKlass);
}
-int
+int
xmlSecXkmsRespondWithIdListFind(xmlSecPtrListPtr list, xmlSecXkmsRespondWithId id) {
xmlSecSize i, size;
-
+
xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecXkmsRespondWithIdListId), -1);
xmlSecAssert2(id != xmlSecXkmsRespondWithIdUnknown, -1);
-
+
size = xmlSecPtrListGetSize(list);
for(i = 0; i < size; ++i) {
- if((xmlSecXkmsRespondWithId)xmlSecPtrListGetItem(list, i) == id) {
- return(1);
- }
+ if((xmlSecXkmsRespondWithId)xmlSecPtrListGetItem(list, i) == id) {
+ return(1);
+ }
}
return(0);
}
-xmlSecXkmsRespondWithId
+xmlSecXkmsRespondWithId
xmlSecXkmsRespondWithIdListFindByNodeValue(xmlSecPtrListPtr list, xmlNodePtr node) {
xmlSecXkmsRespondWithId result = xmlSecXkmsRespondWithIdUnknown;
xmlSecXkmsRespondWithId id;
@@ -3041,19 +3041,19 @@ xmlSecXkmsRespondWithIdListFindByNodeValue(xmlSecPtrListPtr list, xmlNodePtr nod
const xmlChar* qnameHref;
xmlNsPtr ns;
xmlSecSize i, size;
-
+
xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecXkmsRespondWithIdListId), xmlSecXkmsRespondWithIdUnknown);
xmlSecAssert2(node != NULL, xmlSecXkmsRespondWithIdUnknown);
content = xmlNodeGetContent(node);
if(content == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
- "xmlNodeGetContent",
- XMLSEC_ERRORS_R_XML_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(node->name));
- return(xmlSecXkmsRespondWithIdUnknown);
+ "xmlNodeGetContent",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(node->name));
+ return(xmlSecXkmsRespondWithIdUnknown);
}
qnameLocalPart = (xmlChar*)xmlStrchr(content, ':');
@@ -3064,38 +3064,38 @@ xmlSecXkmsRespondWithIdListFindByNodeValue(xmlSecPtrListPtr list, xmlNodePtr nod
qnamePrefix = NULL;
qnameLocalPart = content;
}
-
+
/* search namespace href */
ns = xmlSearchNs(node->doc, node, qnamePrefix);
if((ns == NULL) && (qnamePrefix != NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSearchNs",
- XMLSEC_ERRORS_R_XML_FAILED,
- "node=%s,qnamePrefix=%s",
- xmlSecErrorsSafeString(node->name),
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSearchNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s,qnamePrefix=%s",
+ xmlSecErrorsSafeString(node->name),
xmlSecErrorsSafeString(qnamePrefix));
xmlFree(content);
- return(xmlSecXkmsRespondWithIdUnknown);
+ return(xmlSecXkmsRespondWithIdUnknown);
}
qnameHref = (ns != NULL) ? ns->href : BAD_CAST NULL;
size = xmlSecPtrListGetSize(list);
for(i = 0; i < size; ++i) {
- id = (xmlSecXkmsRespondWithId)xmlSecPtrListGetItem(list, i);
- if((id != xmlSecXkmsRespondWithIdUnknown) &&
+ id = (xmlSecXkmsRespondWithId)xmlSecPtrListGetItem(list, i);
+ if((id != xmlSecXkmsRespondWithIdUnknown) &&
xmlStrEqual(id->valueName, qnameLocalPart) &&
xmlStrEqual(id->valueNs, qnameHref)) {
- result = id;
+ result = id;
break;
- }
+ }
}
-
+
xmlFree(content);
- return(result);
+ return(result);
}
-int
+int
xmlSecXkmsRespondWithIdListWrite(xmlSecPtrListPtr list, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
xmlSecXkmsRespondWithId id;
xmlSecSize i, size;
@@ -3107,35 +3107,35 @@ xmlSecXkmsRespondWithIdListWrite(xmlSecPtrListPtr list, xmlSecXkmsServerCtxPtr c
size = xmlSecPtrListGetSize(list);
for(i = 0; i < size; ++i) {
- id = (xmlSecXkmsRespondWithId)xmlSecPtrListGetItem(list, i);
- if(id != xmlSecXkmsRespondWithIdUnknown) {
- ret = xmlSecXkmsRespondWithNodeWrite(id, ctx, node);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
- "xmlSecXkmsRespondWithNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
+ id = (xmlSecXkmsRespondWithId)xmlSecPtrListGetItem(list, i);
+ if(id != xmlSecXkmsRespondWithIdUnknown) {
+ ret = xmlSecXkmsRespondWithNodeWrite(id, ctx, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
+ "xmlSecXkmsRespondWithNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
}
return(0);
}
-/********************************************************************
+/********************************************************************
*
* XML Sec Library RespondWith Ids
*
*******************************************************************/
static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithKeyNameKlass = {
- xmlSecRespondWithKeyName, /* const xmlChar* valueName; */
- xmlSecXkmsNs, /* const xmlChar* valueNs; */
- xmlSecNodeKeyName, /* const xmlChar* nodeName; */
- xmlSecDSigNs, /* const xmlChar* nodeNs; */
- xmlSecXkmsRespondWithDefaultNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
- xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
+ xmlSecRespondWithKeyName, /* const xmlChar* valueName; */
+ xmlSecXkmsNs, /* const xmlChar* valueNs; */
+ xmlSecNodeKeyName, /* const xmlChar* nodeName; */
+ xmlSecDSigNs, /* const xmlChar* nodeNs; */
+ xmlSecXkmsRespondWithDefaultNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
+ xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
NULL, /* void* reserved1; */
NULL /* void* reserved2; */
};
@@ -3146,24 +3146,24 @@ static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithKeyNameKlass = {
* The respond with KeyName klass.
*
* Returns: respond with KeyName klass.
- */
-xmlSecXkmsRespondWithId
+ */
+xmlSecXkmsRespondWithId
xmlSecXkmsRespondWithKeyNameGetKlass(void) {
return(&xmlSecXkmsRespondWithKeyNameKlass);
}
-static int xmlSecXkmsRespondWithKeyValueNodeRead (xmlSecXkmsRespondWithId id,
- xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node);
+static int xmlSecXkmsRespondWithKeyValueNodeRead (xmlSecXkmsRespondWithId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithKeyValueKlass = {
- xmlSecRespondWithKeyValue, /* const xmlChar* valueName; */
- xmlSecXkmsNs, /* const xmlChar* valueNs; */
- xmlSecNodeKeyValue, /* const xmlChar* nodeName; */
- xmlSecDSigNs, /* const xmlChar* nodeNs; */
- xmlSecXkmsRespondWithKeyValueNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
- xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
+ xmlSecRespondWithKeyValue, /* const xmlChar* valueName; */
+ xmlSecXkmsNs, /* const xmlChar* valueNs; */
+ xmlSecNodeKeyValue, /* const xmlChar* nodeName; */
+ xmlSecDSigNs, /* const xmlChar* nodeNs; */
+ xmlSecXkmsRespondWithKeyValueNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
+ xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
NULL, /* void* reserved1; */
NULL /* void* reserved2; */
};
@@ -3174,15 +3174,15 @@ static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithKeyValueKlass = {
* The respond with KeyValue klass.
*
* Returns: respond with KeyValue klass.
- */
-xmlSecXkmsRespondWithId
+ */
+xmlSecXkmsRespondWithId
xmlSecXkmsRespondWithKeyValueGetKlass(void) {
return(&xmlSecXkmsRespondWithKeyValueKlass);
}
-static int
+static int
xmlSecXkmsRespondWithKeyValueNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node) {
+ xmlNodePtr node) {
int ret;
xmlSecAssert2(id == xmlSecXkmsRespondWithKeyValueId, -1);
@@ -3192,15 +3192,15 @@ xmlSecXkmsRespondWithKeyValueNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServ
/* do usual stuff */
ret = xmlSecXkmsRespondWithDefaultNodeRead(id, ctx, node);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
- "xmlSecXkmsRespondWithDefaultNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* and now set some parameters in the ctx to look for a public or private
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
+ "xmlSecXkmsRespondWithDefaultNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* and now set some parameters in the ctx to look for a public or private
* key and to write a public key
*/
ctx->keyInfoReadCtx.keyReq.keyType |= (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate);
@@ -3209,16 +3209,16 @@ xmlSecXkmsRespondWithKeyValueNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServ
return(0);
}
-static int xmlSecXkmsRespondWithPrivateKeyNodeRead (xmlSecXkmsRespondWithId id,
- xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node);
+static int xmlSecXkmsRespondWithPrivateKeyNodeRead (xmlSecXkmsRespondWithId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithPrivateKeyKlass = {
- xmlSecRespondWithPrivateKey, /* const xmlChar* valueName; */
- xmlSecXkmsNs, /* const xmlChar* valueNs; */
- xmlSecNodeKeyValue, /* const xmlChar* nodeName; */
- xmlSecDSigNs, /* const xmlChar* nodeNs; */
- xmlSecXkmsRespondWithPrivateKeyNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
- xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
+ xmlSecRespondWithPrivateKey, /* const xmlChar* valueName; */
+ xmlSecXkmsNs, /* const xmlChar* valueNs; */
+ xmlSecNodeKeyValue, /* const xmlChar* nodeName; */
+ xmlSecDSigNs, /* const xmlChar* nodeNs; */
+ xmlSecXkmsRespondWithPrivateKeyNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
+ xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
NULL, /* void* reserved1; */
NULL /* void* reserved2; */
};
@@ -3229,15 +3229,15 @@ static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithPrivateKeyKlass = {
* The respond with PrivateKey klass.
*
* Returns: respond with PrivateKey klass.
- */
-xmlSecXkmsRespondWithId
+ */
+xmlSecXkmsRespondWithId
xmlSecXkmsRespondWithPrivateKeyGetKlass(void) {
return(&xmlSecXkmsRespondWithPrivateKeyKlass);
}
-static int
+static int
xmlSecXkmsRespondWithPrivateKeyNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node) {
+ xmlNodePtr node) {
int ret;
xmlSecAssert2(id == xmlSecXkmsRespondWithPrivateKeyId, -1);
@@ -3247,15 +3247,15 @@ xmlSecXkmsRespondWithPrivateKeyNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsSe
/* do usual stuff */
ret = xmlSecXkmsRespondWithDefaultNodeRead(id, ctx, node);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
- "xmlSecXkmsRespondWithDefaultNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* and now set some parameters in the ctx to look for a private
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
+ "xmlSecXkmsRespondWithDefaultNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* and now set some parameters in the ctx to look for a private
* key and to write a private key
*/
ctx->keyInfoReadCtx.keyReq.keyType |= xmlSecKeyDataTypePrivate;
@@ -3265,12 +3265,12 @@ xmlSecXkmsRespondWithPrivateKeyNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsSe
}
static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithRetrievalMethodKlass = {
- xmlSecRespondWithRetrievalMethod, /* const xmlChar* valueName; */
- xmlSecXkmsNs, /* const xmlChar* valueNs; */
- xmlSecNodeRetrievalMethod, /* const xmlChar* nodeName; */
- xmlSecDSigNs, /* const xmlChar* nodeNs; */
- xmlSecXkmsRespondWithDefaultNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
- xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
+ xmlSecRespondWithRetrievalMethod, /* const xmlChar* valueName; */
+ xmlSecXkmsNs, /* const xmlChar* valueNs; */
+ xmlSecNodeRetrievalMethod, /* const xmlChar* nodeName; */
+ xmlSecDSigNs, /* const xmlChar* nodeNs; */
+ xmlSecXkmsRespondWithDefaultNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
+ xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
NULL, /* void* reserved1; */
NULL /* void* reserved2; */
};
@@ -3281,24 +3281,24 @@ static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithRetrievalMethodKlass = {
* The respond with RetrievalMethod klass.
*
* Returns: respond with RetrievalMethod klass.
- */
-xmlSecXkmsRespondWithId
+ */
+xmlSecXkmsRespondWithId
xmlSecXkmsRespondWithRetrievalMethodGetKlass(void) {
return(&xmlSecXkmsRespondWithRetrievalMethodKlass);
}
-static int xmlSecXkmsRespondWithX509CertNodeRead (xmlSecXkmsRespondWithId id,
- xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node);
+static int xmlSecXkmsRespondWithX509CertNodeRead (xmlSecXkmsRespondWithId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithX509CertKlass = {
- xmlSecRespondWithX509Cert, /* const xmlChar* valueName; */
- xmlSecXkmsNs, /* const xmlChar* valueNs; */
- xmlSecNodeX509Data, /* const xmlChar* nodeName; */
- xmlSecDSigNs, /* const xmlChar* nodeNs; */
- xmlSecXkmsRespondWithX509CertNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
- xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
+ xmlSecRespondWithX509Cert, /* const xmlChar* valueName; */
+ xmlSecXkmsNs, /* const xmlChar* valueNs; */
+ xmlSecNodeX509Data, /* const xmlChar* nodeName; */
+ xmlSecDSigNs, /* const xmlChar* nodeNs; */
+ xmlSecXkmsRespondWithX509CertNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
+ xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
NULL, /* void* reserved1; */
NULL /* void* reserved2; */
};
@@ -3309,15 +3309,15 @@ static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithX509CertKlass = {
* The respond with X509Cert klass.
*
* Returns: respond with X509Cert klass.
- */
-xmlSecXkmsRespondWithId
+ */
+xmlSecXkmsRespondWithId
xmlSecXkmsRespondWithX509CertGetKlass(void) {
return(&xmlSecXkmsRespondWithX509CertKlass);
}
-static int
+static int
xmlSecXkmsRespondWithX509CertNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node) {
+ xmlNodePtr node) {
int ret;
xmlSecAssert2(id == xmlSecXkmsRespondWithX509CertId, -1);
@@ -3327,27 +3327,27 @@ xmlSecXkmsRespondWithX509CertNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServ
/* do usual stuff */
ret = xmlSecXkmsRespondWithDefaultNodeRead(id, ctx, node);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
- "xmlSecXkmsRespondWithDefaultNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
+ "xmlSecXkmsRespondWithDefaultNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
return(0);
}
-static int xmlSecXkmsRespondWithX509ChainNodeRead (xmlSecXkmsRespondWithId id,
- xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node);
+static int xmlSecXkmsRespondWithX509ChainNodeRead (xmlSecXkmsRespondWithId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithX509ChainKlass = {
- xmlSecRespondWithX509Chain, /* const xmlChar* valueName; */
- xmlSecXkmsNs, /* const xmlChar* valueNs; */
- xmlSecNodeX509Data, /* const xmlChar* nodeName; */
- xmlSecDSigNs, /* const xmlChar* nodeNs; */
- xmlSecXkmsRespondWithX509ChainNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
- xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
+ xmlSecRespondWithX509Chain, /* const xmlChar* valueName; */
+ xmlSecXkmsNs, /* const xmlChar* valueNs; */
+ xmlSecNodeX509Data, /* const xmlChar* nodeName; */
+ xmlSecDSigNs, /* const xmlChar* nodeNs; */
+ xmlSecXkmsRespondWithX509ChainNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
+ xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
NULL, /* void* reserved1; */
NULL /* void* reserved2; */
};
@@ -3358,15 +3358,15 @@ static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithX509ChainKlass = {
* The respond with X509Chain klass.
*
* Returns: respond with X509Chain klass.
- */
-xmlSecXkmsRespondWithId
+ */
+xmlSecXkmsRespondWithId
xmlSecXkmsRespondWithX509ChainGetKlass(void) {
return(&xmlSecXkmsRespondWithX509ChainKlass);
}
-static int
+static int
xmlSecXkmsRespondWithX509ChainNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node) {
+ xmlNodePtr node) {
int ret;
xmlSecAssert2(id == xmlSecXkmsRespondWithX509ChainId, -1);
@@ -3376,27 +3376,27 @@ xmlSecXkmsRespondWithX509ChainNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsSer
/* do usual stuff */
ret = xmlSecXkmsRespondWithDefaultNodeRead(id, ctx, node);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
- "xmlSecXkmsRespondWithDefaultNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
+ "xmlSecXkmsRespondWithDefaultNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
return(0);
}
-static int xmlSecXkmsRespondWithX509CRLNodeRead (xmlSecXkmsRespondWithId id,
- xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node);
+static int xmlSecXkmsRespondWithX509CRLNodeRead (xmlSecXkmsRespondWithId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithX509CRLKlass = {
- xmlSecRespondWithX509CRL, /* const xmlChar* valueName; */
- xmlSecXkmsNs, /* const xmlChar* valueNs; */
- xmlSecNodeX509Data, /* const xmlChar* nodeName; */
- xmlSecDSigNs, /* const xmlChar* nodeNs; */
- xmlSecXkmsRespondWithX509CRLNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
- xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
+ xmlSecRespondWithX509CRL, /* const xmlChar* valueName; */
+ xmlSecXkmsNs, /* const xmlChar* valueNs; */
+ xmlSecNodeX509Data, /* const xmlChar* nodeName; */
+ xmlSecDSigNs, /* const xmlChar* nodeNs; */
+ xmlSecXkmsRespondWithX509CRLNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
+ xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
NULL, /* void* reserved1; */
NULL /* void* reserved2; */
};
@@ -3407,15 +3407,15 @@ static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithX509CRLKlass = {
* The respond with X509CRL klass.
*
* Returns: respond with X509CRL klass.
- */
-xmlSecXkmsRespondWithId
+ */
+xmlSecXkmsRespondWithId
xmlSecXkmsRespondWithX509CRLGetKlass(void) {
return(&xmlSecXkmsRespondWithX509CRLKlass);
}
-static int
+static int
xmlSecXkmsRespondWithX509CRLNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node) {
+ xmlNodePtr node) {
int ret;
xmlSecAssert2(id == xmlSecXkmsRespondWithX509CRLId, -1);
@@ -3425,24 +3425,24 @@ xmlSecXkmsRespondWithX509CRLNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServe
/* do usual stuff */
ret = xmlSecXkmsRespondWithDefaultNodeRead(id, ctx, node);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
- "xmlSecXkmsRespondWithDefaultNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
+ "xmlSecXkmsRespondWithDefaultNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
return(0);
}
static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithPGPKlass = {
- xmlSecRespondWithPGP, /* const xmlChar* valueName; */
- xmlSecXkmsNs, /* const xmlChar* valueNs; */
- xmlSecNodePGPData, /* const xmlChar* nodeName; */
- xmlSecDSigNs, /* const xmlChar* nodeNs; */
- xmlSecXkmsRespondWithDefaultNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
- xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
+ xmlSecRespondWithPGP, /* const xmlChar* valueName; */
+ xmlSecXkmsNs, /* const xmlChar* valueNs; */
+ xmlSecNodePGPData, /* const xmlChar* nodeName; */
+ xmlSecDSigNs, /* const xmlChar* nodeNs; */
+ xmlSecXkmsRespondWithDefaultNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
+ xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
NULL, /* void* reserved1; */
NULL /* void* reserved2; */
};
@@ -3453,19 +3453,19 @@ static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithPGPKlass = {
* The respond with PGP klass.
*
* Returns: respond with PGP klass.
- */
-xmlSecXkmsRespondWithId
+ */
+xmlSecXkmsRespondWithId
xmlSecXkmsRespondWithPGPGetKlass(void) {
return(&xmlSecXkmsRespondWithPGPKlass);
}
static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithSPKIKlass = {
- xmlSecRespondWithSPKI, /* const xmlChar* valueName; */
- xmlSecXkmsNs, /* const xmlChar* valueNs; */
- xmlSecNodeSPKIData, /* const xmlChar* nodeName; */
- xmlSecDSigNs, /* const xmlChar* nodeNs; */
- xmlSecXkmsRespondWithDefaultNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
- xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
+ xmlSecRespondWithSPKI, /* const xmlChar* valueName; */
+ xmlSecXkmsNs, /* const xmlChar* valueNs; */
+ xmlSecNodeSPKIData, /* const xmlChar* nodeName; */
+ xmlSecDSigNs, /* const xmlChar* nodeNs; */
+ xmlSecXkmsRespondWithDefaultNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
+ xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
NULL, /* void* reserved1; */
NULL /* void* reserved2; */
};
@@ -3476,8 +3476,8 @@ static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithSPKIKlass = {
* The respond with SPKI klass.
*
* Returns: respond with SPKI klass.
- */
-xmlSecXkmsRespondWithId
+ */
+xmlSecXkmsRespondWithId
xmlSecXkmsRespondWithSPKIGetKlass(void) {
return(&xmlSecXkmsRespondWithSPKIKlass);
}
@@ -3490,11 +3490,11 @@ xmlSecXkmsRespondWithSPKIGetKlass(void) {
static xmlSecPtrList xmlSecAllXkmsServerRequestIds;
-/**
+/**
* xmlSecXkmsServerRequestIdsGet:
*
* Gets global registered ServerRequest klasses list.
- *
+ *
* Returns: the pointer to list of all registered ServerRequest klasses.
*/
xmlSecPtrListPtr
@@ -3502,45 +3502,45 @@ xmlSecXkmsServerRequestIdsGet(void) {
return(&xmlSecAllXkmsServerRequestIds);
}
-/**
+/**
* xmlSecXkmsServerRequestIdsInit:
*
- * Initializes the ServerRequest klasses. This function is called from the
+ * Initializes the ServerRequest klasses. This function is called from the
* #xmlSecInit function and the application should not call it directly.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecXkmsServerRequestIdsInit(void) {
int ret;
-
+
ret = xmlSecPtrListInitialize(xmlSecXkmsServerRequestIdsGet(), xmlSecXkmsServerRequestIdListId);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListPtrInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecXkmsServerRequestIdListId");
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListPtrInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecXkmsServerRequestIdListId");
return(-1);
}
-
+
ret = xmlSecXkmsServerRequestIdsRegisterDefault();
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerRequestIdsRegisterDefault",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestIdsRegisterDefault",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
+
return(0);
}
/**
* xmlSecXkmsServerRequestIdsShutdown:
- *
- * Shuts down the keys data klasses. This function is called from the
+ *
+ * Shuts down the keys data klasses. This function is called from the
* #xmlSecShutdown function and the application should not call it directly.
*/
void
@@ -3548,32 +3548,32 @@ xmlSecXkmsServerRequestIdsShutdown(void) {
xmlSecPtrListFinalize(xmlSecXkmsServerRequestIdsGet());
}
-/**
+/**
* xmlSecXkmsServerRequestIdsRegister:
- * @id: the ServerRequest klass.
+ * @id: the ServerRequest klass.
*
* Registers @id in the global list of ServerRequest klasses.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecXkmsServerRequestIdsRegister(xmlSecXkmsServerRequestId id) {
int ret;
-
+
xmlSecAssert2(id != xmlSecXkmsServerRequestIdUnknown, -1);
-
+
ret = xmlSecPtrListAdd(xmlSecXkmsServerRequestIdsGet(), (xmlSecPtr)id);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "ServerRequest=%s",
- xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(id)));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ServerRequest=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(id)));
return(-1);
}
-
- return(0);
+
+ return(0);
}
/**
@@ -3584,56 +3584,56 @@ xmlSecXkmsServerRequestIdsRegister(xmlSecXkmsServerRequestId id) {
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecXkmsServerRequestIdsRegisterDefault(void) {
if(xmlSecXkmsServerRequestIdsRegister(xmlSecXkmsServerRequestResultId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerRequestIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(xmlSecXkmsServerRequestResultId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(xmlSecXkmsServerRequestResultId)));
+ return(-1);
}
if(xmlSecXkmsServerRequestIdsRegister(xmlSecXkmsServerRequestStatusId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerRequestIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(xmlSecXkmsServerRequestStatusId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(xmlSecXkmsServerRequestStatusId)));
+ return(-1);
}
if(xmlSecXkmsServerRequestIdsRegister(xmlSecXkmsServerRequestCompoundId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerRequestIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(xmlSecXkmsServerRequestCompoundId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(xmlSecXkmsServerRequestCompoundId)));
+ return(-1);
}
if(xmlSecXkmsServerRequestIdsRegister(xmlSecXkmsServerRequestLocateId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerRequestIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(xmlSecXkmsServerRequestLocateId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(xmlSecXkmsServerRequestLocateId)));
+ return(-1);
}
if(xmlSecXkmsServerRequestIdsRegister(xmlSecXkmsServerRequestValidateId) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerRequestIdsRegister",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "name=%s",
- xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(xmlSecXkmsServerRequestValidateId)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(xmlSecXkmsServerRequestValidateId)));
+ return(-1);
}
return(0);
@@ -3644,46 +3644,46 @@ xmlSecXkmsServerRequestIdsRegisterDefault(void) {
*
* XKMS ServerRequest Klass
*
- ************************************************************************/
+ ************************************************************************/
/**
* xmlSecXkmsServerRequestNodeRead:
- * @id: the ServerRequest class.
- * @ctx: the XKMS request processing context.
- * @node: the pointer to <xkms:ServerRequest/> node.
+ * @id: the ServerRequest class.
+ * @ctx: the XKMS request processing context.
+ * @node: the pointer to <xkms:ServerRequest/> node.
*
* Reads the content of the <xkms:ServerRequest/> @node.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecXkmsServerRequestNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node) {
+ xmlNodePtr node) {
xmlSecAssert2(id != xmlSecXkmsServerRequestIdUnknown, -1);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
if(id->readNode != NULL) {
- return((id->readNode)(id, ctx, node));
+ return((id->readNode)(id, ctx, node));
}
return(0);
}
/**
* xmlSecXkmsServerExecute:
- * @id: the ServerRequest class.
- * @ctx: the XKMS request processing context.
+ * @id: the ServerRequest class.
+ * @ctx: the XKMS request processing context.
*
* Executes XKMS server request.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecXkmsServerRequestExecute(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx) {
xmlSecAssert2(id != xmlSecXkmsServerRequestIdUnknown, -1);
xmlSecAssert2(ctx != NULL, -1);
if(id->execute != NULL) {
- return((id->execute)(id, ctx));
+ return((id->execute)(id, ctx));
}
return(0);
}
@@ -3691,48 +3691,48 @@ xmlSecXkmsServerRequestExecute(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtx
/**
* xmlSecXkmsServerResponseNodeWrite:
- * @id: the ServerRequest class.
- * @ctx: the XKMS request processing context.
- * @doc: the pointer to response parent XML document (might be NULL).
+ * @id: the ServerRequest class.
+ * @ctx: the XKMS request processing context.
+ * @doc: the pointer to response parent XML document (might be NULL).
* @node: the pointer to response parent XML node (might be NULL).
*
- * Writes XKMS response from context to a newly created node. Caller is
+ * Writes XKMS response from context to a newly created node. Caller is
* responsible for adding the returned node to the XML document.
*
* Returns: pointer to newly created XKMS response node or NULL
* if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecXkmsServerRequestNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx,
- xmlDocPtr doc, xmlNodePtr node) {
+ xmlDocPtr doc, xmlNodePtr node) {
xmlNodePtr respNode;
int ret;
-
+
xmlSecAssert2(id != xmlSecXkmsServerRequestIdUnknown, NULL);
xmlSecAssert2(ctx != NULL, NULL);
/* create the response root node */
if(node == NULL) {
xmlNsPtr ns;
-
+
respNode = xmlNewDocNode(doc, NULL, id->resultNodeName, NULL);
if(respNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewDocNode",
- XMLSEC_ERRORS_R_XML_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(id->resultNodeName));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewDocNode",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(id->resultNodeName));
return(NULL);
}
ns = xmlNewNs(respNode, id->resultNodeNs, NULL);
if(ns == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewNs",
- XMLSEC_ERRORS_R_XML_FAILED,
- "ns=%s",
- xmlSecErrorsSafeString(id->resultNodeNs));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "ns=%s",
+ xmlSecErrorsSafeString(id->resultNodeNs));
xmlFreeNode(respNode);
return(NULL);
}
@@ -3740,41 +3740,41 @@ xmlSecXkmsServerRequestNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkmsServerC
} else {
respNode = xmlSecAddChild(node, id->resultNodeName, id->resultNodeNs);
if(respNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(id->resultNodeName));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(id->resultNodeName));
return(NULL);
}
}
-
+
if(id->writeNode != NULL) {
- ret = (id->writeNode)(id, ctx, respNode);
- if(ret < 0) {
+ ret = (id->writeNode)(id, ctx, respNode);
+ if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "writeNode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(id->resultNodeName));
+ NULL,
+ "writeNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(id->resultNodeName));
xmlFreeNode(respNode);
return(NULL);
}
}
-
+
return(respNode);
}
/**
* xmlSecXkmsServerRequestDebugDump:
- * @id: the ServerRequest class.
- * @output: the output file.
+ * @id: the ServerRequest class.
+ * @output: the output file.
*
* Writes debug information about @id into the @output.
*/
-void
+void
xmlSecXkmsServerRequestDebugDump(xmlSecXkmsServerRequestId id, FILE* output) {
xmlSecAssert(id != xmlSecXkmsServerRequestIdUnknown);
xmlSecAssert(output != NULL);
@@ -3784,12 +3784,12 @@ xmlSecXkmsServerRequestDebugDump(xmlSecXkmsServerRequestId id, FILE* output) {
/**
* xmlSecXkmsServerRequestDebugXmlDump:
- * @id: the ServerRequest class.
- * @output: the output file.
+ * @id: the ServerRequest class.
+ * @output: the output file.
*
* Writes debug information about @id into the @output in XML format.
*/
-void
+void
xmlSecXkmsServerRequestDebugXmlDump(xmlSecXkmsServerRequestId id, FILE* output) {
xmlSecAssert(id != xmlSecXkmsServerRequestIdUnknown);
xmlSecAssert(output != NULL);
@@ -3803,100 +3803,100 @@ xmlSecXkmsServerRequestDebugXmlDump(xmlSecXkmsServerRequestId id, FILE* output)
*
* XKMS ServerRequest Klass List
*
- ************************************************************************/
+ ************************************************************************/
static xmlSecPtrListKlass xmlSecXkmsServerRequestIdListKlass = {
BAD_CAST "xkms-server-request-ids-list",
- NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
- NULL, /* xmlSecPtrDestroyItemMethod destroyItem; */
- (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsServerRequestDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
- (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsServerRequestDebugXmlDump, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+ NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ NULL, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsServerRequestDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsServerRequestDebugXmlDump, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
};
-xmlSecPtrListId
+xmlSecPtrListId
xmlSecXkmsServerRequestIdListGetKlass(void) {
return(&xmlSecXkmsServerRequestIdListKlass);
}
-int
+int
xmlSecXkmsServerRequestIdListFind(xmlSecPtrListPtr list, xmlSecXkmsServerRequestId id) {
xmlSecSize i, size;
-
+
xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecXkmsServerRequestIdListId), -1);
xmlSecAssert2(id != xmlSecXkmsServerRequestIdUnknown, -1);
-
+
size = xmlSecPtrListGetSize(list);
for(i = 0; i < size; ++i) {
- if((xmlSecXkmsServerRequestId)xmlSecPtrListGetItem(list, i) == id) {
- return(1);
- }
+ if((xmlSecXkmsServerRequestId)xmlSecPtrListGetItem(list, i) == id) {
+ return(1);
+ }
}
return(0);
}
-xmlSecXkmsServerRequestId
+xmlSecXkmsServerRequestId
xmlSecXkmsServerRequestIdListFindByName(xmlSecPtrListPtr list, const xmlChar* name) {
xmlSecXkmsServerRequestId id;
xmlSecSize i, size;
-
+
xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecXkmsServerRequestIdListId), xmlSecXkmsServerRequestIdUnknown);
xmlSecAssert2(name != NULL, xmlSecXkmsServerRequestIdUnknown);
size = xmlSecPtrListGetSize(list);
for(i = 0; i < size; ++i) {
- id = (xmlSecXkmsServerRequestId)xmlSecPtrListGetItem(list, i);
- if((id != xmlSecXkmsServerRequestIdUnknown) && xmlStrEqual(id->name, name)) {
- return(id);
- }
+ id = (xmlSecXkmsServerRequestId)xmlSecPtrListGetItem(list, i);
+ if((id != xmlSecXkmsServerRequestIdUnknown) && xmlStrEqual(id->name, name)) {
+ return(id);
+ }
}
- return(xmlSecXkmsServerRequestIdUnknown);
+ return(xmlSecXkmsServerRequestIdUnknown);
}
-xmlSecXkmsServerRequestId
+xmlSecXkmsServerRequestId
xmlSecXkmsServerRequestIdListFindByNode(xmlSecPtrListPtr list, xmlNodePtr node) {
xmlSecXkmsServerRequestId id;
xmlSecSize i, size;
-
+
xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecXkmsServerRequestIdListId), xmlSecXkmsServerRequestIdUnknown);
xmlSecAssert2(node != NULL, xmlSecXkmsServerRequestIdUnknown);
size = xmlSecPtrListGetSize(list);
for(i = 0; i < size; ++i) {
- id = (xmlSecXkmsServerRequestId)xmlSecPtrListGetItem(list, i);
- if((id != xmlSecXkmsServerRequestIdUnknown) &&
+ id = (xmlSecXkmsServerRequestId)xmlSecPtrListGetItem(list, i);
+ if((id != xmlSecXkmsServerRequestIdUnknown) &&
xmlSecCheckNodeName(node, id->requestNodeName, id->requestNodeNs)) {
- return(id);
- }
+ return(id);
+ }
}
- return(xmlSecXkmsServerRequestIdUnknown);
+ return(xmlSecXkmsServerRequestIdUnknown);
}
-/********************************************************************
+/********************************************************************
*
* XML Sec Library ServerRequest Ids
*
*******************************************************************/
-/********************************************************************
+/********************************************************************
*
* Result response
*
*******************************************************************/
-static int xmlSecXkmsServerRequestResultNodeWrite (xmlSecXkmsServerRequestId id,
- xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node);
+static int xmlSecXkmsServerRequestResultNodeWrite (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
static xmlSecXkmsServerRequestKlass xmlSecXkmsServerRequestResultKlass = {
- xmlSecXkmsServerRequestResultName, /* const xmlChar* name; */
- NULL, /* const xmlChar* requestNodeName; */
- NULL, /* const xmlChar* requestNodeNs; */
- xmlSecNodeResult, /* const xmlChar* responseNodeName; */
- xmlSecXkmsNs, /* const xmlChar* responseNodeNs; */
+ xmlSecXkmsServerRequestResultName, /* const xmlChar* name; */
+ NULL, /* const xmlChar* requestNodeName; */
+ NULL, /* const xmlChar* requestNodeNs; */
+ xmlSecNodeResult, /* const xmlChar* responseNodeName; */
+ xmlSecXkmsNs, /* const xmlChar* responseNodeNs; */
0, /* xmlSecBitMask flags; */
- NULL, /* xmlSecXkmsServerRequestNodeReadMethod readNode; */
- xmlSecXkmsServerRequestResultNodeWrite, /* xmlSecXkmsServerRequestNodeWriteMethod writeNode; */
- NULL, /* xmlSecXkmsServerRequestExecuteMethod execute; */
+ NULL, /* xmlSecXkmsServerRequestNodeReadMethod readNode; */
+ xmlSecXkmsServerRequestResultNodeWrite, /* xmlSecXkmsServerRequestNodeWriteMethod writeNode; */
+ NULL, /* xmlSecXkmsServerRequestExecuteMethod execute; */
NULL, /* void* reserved1; */
NULL /* void* reserved2; */
};
@@ -3907,69 +3907,69 @@ static xmlSecXkmsServerRequestKlass xmlSecXkmsServerRequestResultKlass = {
* The Result response klass.
*
* Returns: Result response klass.
- */
-xmlSecXkmsServerRequestId
+ */
+xmlSecXkmsServerRequestId
xmlSecXkmsServerRequestResultGetKlass(void) {
return(&xmlSecXkmsServerRequestResultKlass);
}
-static int
+static int
xmlSecXkmsServerRequestResultNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
int ret;
-
+
xmlSecAssert2(id == xmlSecXkmsServerRequestResultId, -1);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
/* set missing parameters (if any) */
if(ctx->service == NULL) {
- ctx->service = xmlStrdup((ctx->expectedService != NULL) ? ctx->expectedService : BAD_CAST "");
- if(ctx->service == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrdup",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
+ ctx->service = xmlStrdup((ctx->expectedService != NULL) ? ctx->expectedService : BAD_CAST "");
+ if(ctx->service == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
/* first write the "parent" type */
ret = xmlSecXkmsServerCtxResultTypeNodeWrite(ctx, node);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxResultTypeNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxResultTypeNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
-/********************************************************************
+/********************************************************************
*
* StatusRequest/StatusResponse
*
*******************************************************************/
-static int xmlSecXkmsServerRequestStatusNodeRead (xmlSecXkmsServerRequestId id,
- xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node);
-static int xmlSecXkmsServerRequestStatusNodeWrite (xmlSecXkmsServerRequestId id,
- xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node);
+static int xmlSecXkmsServerRequestStatusNodeRead (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerRequestStatusNodeWrite (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
static xmlSecXkmsServerRequestKlass xmlSecXkmsServerRequestStatusKlass = {
- xmlSecXkmsServerRequestStatusName, /* const xmlChar* name; */
- xmlSecNodeStatusRequest, /* const xmlChar* requestNodeName; */
- xmlSecXkmsNs, /* const xmlChar* requestNodeNs; */
- xmlSecNodeStatusResult, /* const xmlChar* responseNodeName; */
- xmlSecXkmsNs, /* const xmlChar* responseNodeNs; */
+ xmlSecXkmsServerRequestStatusName, /* const xmlChar* name; */
+ xmlSecNodeStatusRequest, /* const xmlChar* requestNodeName; */
+ xmlSecXkmsNs, /* const xmlChar* requestNodeNs; */
+ xmlSecNodeStatusResult, /* const xmlChar* responseNodeName; */
+ xmlSecXkmsNs, /* const xmlChar* responseNodeNs; */
0, /* xmlSecBitMask flags; */
- xmlSecXkmsServerRequestStatusNodeRead, /* xmlSecXkmsServerRequestNodeReadMethod readNode; */
- xmlSecXkmsServerRequestStatusNodeWrite, /* xmlSecXkmsServerRequestNodeWriteMethod writeNode; */
- NULL, /* xmlSecXkmsServerRequestExecuteMethod execute; */
+ xmlSecXkmsServerRequestStatusNodeRead, /* xmlSecXkmsServerRequestNodeReadMethod readNode; */
+ xmlSecXkmsServerRequestStatusNodeWrite, /* xmlSecXkmsServerRequestNodeWriteMethod writeNode; */
+ NULL, /* xmlSecXkmsServerRequestExecuteMethod execute; */
NULL, /* void* reserved1; */
NULL /* void* reserved2; */
};
@@ -3980,14 +3980,14 @@ static xmlSecXkmsServerRequestKlass xmlSecXkmsServerRequestStatusKlass = {
* The StatusRequest klass.
*
* Returns: StatusRequest klass.
- */
-xmlSecXkmsServerRequestId
+ */
+xmlSecXkmsServerRequestId
xmlSecXkmsServerRequestStatusGetKlass(void) {
return(&xmlSecXkmsServerRequestStatusKlass);
}
/**
- *
+ *
* <xkms:StatusRequest Id Service Nonce? OriginalRequestId? ResponseLimit? ResponseId?>
* <ds:Signature>?
* <xkms:MessageExtension>*
@@ -3997,54 +3997,54 @@ xmlSecXkmsServerRequestStatusGetKlass(void) {
* <xkms:ResponseMechanism>*
* <xkms:RespondWith>*
* <xkms:PendingNotification Mechanism Identifier>?
- *
+ *
* XML Schema:
- * <!-- StatusRequest -->
- * <element name="StatusRequest" type="xkms:StatusRequestType"/>
- * <complexType name="StatusRequestType">
- * <complexContent>
- * <extension base="xkms:PendingRequestType"/>
- * </complexContent>
- * </complexType>
+ * <!-- StatusRequest -->
+ * <element name="StatusRequest" type="xkms:StatusRequestType"/>
+ * <complexType name="StatusRequestType">
+ * <complexContent>
+ * <extension base="xkms:PendingRequestType"/>
+ * </complexContent>
+ * </complexType>
* <!-- /StatusRequest -->
*/
-static int
+static int
xmlSecXkmsServerRequestStatusNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(id == xmlSecXkmsServerRequestStatusId, -1);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
cur = node;
-
+
/* first read "parent" type */
ret = xmlSecXkmsServerCtxPendingRequestNodeRead(ctx, &cur);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxPendingRequestNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxPendingRequestNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* check that there is nothing after the last node */
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
/**
- *
+ *
* <xkms:StatusResult Id Service Nonce? ResultMajor ResultMinor? RequestId? Success? Failure? Pending?>
* <ds:Signature>?
* <xkms:MessageExtension>*
@@ -4054,10 +4054,10 @@ xmlSecXkmsServerRequestStatusNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkmsSe
* <xkms:RequestSignatureValue>*
*
* XML Schema:
- *
- * <!-- StatusResult -->
- * <element name="StatusResult" type="xkms:StatusResultType"/>
- * <complexType name="StatusResultType">
+ *
+ * <!-- StatusResult -->
+ * <element name="StatusResult" type="xkms:StatusResultType"/>
+ * <complexType name="StatusResultType">
* <complexContent>
* <extension base="xkms:ResultType">
* <attribute name="Success" type="integer" use="optional"/>
@@ -4067,8 +4067,8 @@ xmlSecXkmsServerRequestStatusNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkmsSe
* </complexContent>
* </complexType>
* <!-- /StatusResult --> *
- */
-static int
+ */
+static int
xmlSecXkmsServerRequestStatusNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
int ret;
@@ -4079,42 +4079,42 @@ xmlSecXkmsServerRequestStatusNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkmsS
/* first write the "parent" type */
ret = xmlSecXkmsServerCtxResultTypeNodeWrite(ctx, node);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxResultTypeNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxResultTypeNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
/* todo: add optional StatusResult attributes */
return(0);
}
-/********************************************************************
+/********************************************************************
*
* CompoundRequest/CompoundResponse
*
*******************************************************************/
-static int xmlSecXkmsServerRequestCompoundNodeRead (xmlSecXkmsServerRequestId id,
- xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node);
-static int xmlSecXkmsServerRequestCompoundNodeWrite(xmlSecXkmsServerRequestId id,
- xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node);
-static int xmlSecXkmsServerRequestCompoundExecute (xmlSecXkmsServerRequestId id,
- xmlSecXkmsServerCtxPtr ctx);
+static int xmlSecXkmsServerRequestCompoundNodeRead (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerRequestCompoundNodeWrite(xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerRequestCompoundExecute (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx);
static xmlSecXkmsServerRequestKlass xmlSecXkmsServerRequestCompoundKlass = {
- xmlSecXkmsServerRequestCompoundName, /* const xmlChar* name; */
- xmlSecNodeCompoundRequest, /* const xmlChar* requestNodeName; */
- xmlSecXkmsNs, /* const xmlChar* requestNodeNs; */
- xmlSecNodeCompoundResult, /* const xmlChar* responseNodeName; */
- xmlSecXkmsNs, /* const xmlChar* responseNodeNs; */
+ xmlSecXkmsServerRequestCompoundName, /* const xmlChar* name; */
+ xmlSecNodeCompoundRequest, /* const xmlChar* requestNodeName; */
+ xmlSecXkmsNs, /* const xmlChar* requestNodeNs; */
+ xmlSecNodeCompoundResult, /* const xmlChar* responseNodeName; */
+ xmlSecXkmsNs, /* const xmlChar* responseNodeNs; */
0, /* xmlSecBitMask flags; */
- xmlSecXkmsServerRequestCompoundNodeRead, /* xmlSecXkmsServerRequestNodeReadMethod readNode; */
- xmlSecXkmsServerRequestCompoundNodeWrite, /* xmlSecXkmsServerRequestNodeWriteMethod writeNode; */
- xmlSecXkmsServerRequestCompoundExecute, /* xmlSecXkmsServerRequestExecuteMethod execute; */
+ xmlSecXkmsServerRequestCompoundNodeRead, /* xmlSecXkmsServerRequestNodeReadMethod readNode; */
+ xmlSecXkmsServerRequestCompoundNodeWrite, /* xmlSecXkmsServerRequestNodeWriteMethod writeNode; */
+ xmlSecXkmsServerRequestCompoundExecute, /* xmlSecXkmsServerRequestExecuteMethod execute; */
NULL, /* void* reserved1; */
NULL /* void* reserved2; */
};
@@ -4125,8 +4125,8 @@ static xmlSecXkmsServerRequestKlass xmlSecXkmsServerRequestCompoundKlass = {
* The CompoundRequest klass.
*
* Returns: CompoundRequest klass.
- */
-xmlSecXkmsServerRequestId
+ */
+xmlSecXkmsServerRequestId
xmlSecXkmsServerRequestCompoundGetKlass(void) {
return(&xmlSecXkmsServerRequestCompoundKlass);
}
@@ -4149,144 +4149,144 @@ xmlSecXkmsServerRequestCompoundGetKlass(void) {
* <xkms:RecoverRequest>?
* <xkms:RevokeRequest>?
* )*
- *
+ *
* XML Schema:
*
- * <!-- CompoundRequest -->
- * <element name="CompoundRequest" type="xkms:CompoundRequestType"/>
- * <complexType name="CompoundRequestType">
- * <complexContent>
- * <extension base="xkms:RequestAbstractType">
- * <choice maxOccurs="unbounded">
- * <element ref="xkms:LocateRequest"/>
- * <element ref="xkms:ValidateRequest"/>
- * <element ref="xkms:RegisterRequest"/>
- * <element ref="xkms:ReissueRequest"/>
- * <element ref="xkms:RecoverRequest"/>
- * <element ref="xkms:RevokeRequest"/>
- * </choice>
- * </extension>
- * </complexContent>
- * </complexType>
+ * <!-- CompoundRequest -->
+ * <element name="CompoundRequest" type="xkms:CompoundRequestType"/>
+ * <complexType name="CompoundRequestType">
+ * <complexContent>
+ * <extension base="xkms:RequestAbstractType">
+ * <choice maxOccurs="unbounded">
+ * <element ref="xkms:LocateRequest"/>
+ * <element ref="xkms:ValidateRequest"/>
+ * <element ref="xkms:RegisterRequest"/>
+ * <element ref="xkms:ReissueRequest"/>
+ * <element ref="xkms:RecoverRequest"/>
+ * <element ref="xkms:RevokeRequest"/>
+ * </choice>
+ * </extension>
+ * </complexContent>
+ * </complexType>
* <!-- /CompoundRequest -->
*/
-static int
+static int
xmlSecXkmsServerRequestCompoundNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
xmlSecPtrListPtr serverRequestIdsList;
xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(id == xmlSecXkmsServerRequestCompoundId, -1);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
cur = node;
-
+
/* first read "parent" type */
ret = xmlSecXkmsServerCtxRequestAbstractTypeNodeRead(ctx, &cur);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxRequestAbstractTypeNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxRequestAbstractTypeNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* create list for compound requests */
xmlSecAssert2(ctx->compoundRequestContexts == NULL, -1);
ctx->compoundRequestContexts = xmlSecPtrListCreate(xmlSecXkmsServerCtxPtrListId);
if(ctx->compoundRequestContexts == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* get the list of enabled or all request klasses */
if(xmlSecPtrListGetSize(&(ctx->enabledServerRequestIds)) > 0) {
- serverRequestIdsList = &(ctx->enabledServerRequestIds);
+ serverRequestIdsList = &(ctx->enabledServerRequestIds);
} else {
- serverRequestIdsList = xmlSecXkmsServerRequestIdsGet();
+ serverRequestIdsList = xmlSecXkmsServerRequestIdsGet();
}
- xmlSecAssert2(serverRequestIdsList != NULL, -1);
-
+ xmlSecAssert2(serverRequestIdsList != NULL, -1);
+
while(cur != NULL) {
- xmlSecXkmsServerCtxPtr ctxChild;
-
+ xmlSecXkmsServerCtxPtr ctxChild;
+
/* create a new context */
ctxChild = xmlSecXkmsServerCtxCreate(ctx->keyInfoReadCtx.keysMngr);
if(ctxChild == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ NULL,
+ "xmlSecXkmsServerCtxCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* copy all settings from us */
ret = xmlSecXkmsServerCtxCopyUserPref(ctxChild, ctx);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxCopyUserPref",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ NULL,
+ "xmlSecXkmsServerCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXkmsServerCtxDestroy(ctxChild);
- return(-1);
+ return(-1);
}
/* add it to the list */
ret = xmlSecPtrListAdd(ctx->compoundRequestContexts, ctxChild);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXkmsServerCtxDestroy(ctxChild);
- return(-1);
+ return(-1);
}
/* and now process request from current node */
ctxChild->requestId = xmlSecXkmsServerRequestIdListFindByNode(serverRequestIdsList, cur);
- if((ctxChild->requestId == xmlSecXkmsServerRequestIdUnknown) ||
+ if((ctxChild->requestId == xmlSecXkmsServerRequestIdUnknown) ||
((ctxChild->requestId->flags & XMLSEC_XKMS_SERVER_REQUEST_KLASS_ALLOWED_IN_COUMPOUND) == 0)) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerRequestIdListFindByNode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(node->name));
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorMessageNotSupported);
- return(-1);
+ NULL,
+ "xmlSecXkmsServerRequestIdListFindByNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(node->name));
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorMessageNotSupported);
+ return(-1);
}
ret = xmlSecXkmsServerRequestNodeRead(ctxChild->requestId, ctxChild, cur);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerRequestNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "request=%s",
- xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(ctxChild->requestId)));
- xmlSecXkmsServerCtxSetResult(ctxChild, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "request=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(ctxChild->requestId)));
+ xmlSecXkmsServerCtxSetResult(ctxChild, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
}
/* check that there is nothing after the last node */
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
@@ -4309,15 +4309,15 @@ xmlSecXkmsServerRequestCompoundNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkms
* <xkms:RevokeResult>?
* )*
*
- *
+ *
* XML Schema:
*
- * <!-- CompoundResponse -->
- * <element name="CompoundResult" type="xkms:CompoundResultType"/>
- * <complexType name="CompoundResultType">
- * <complexContent>
- * <extension base="xkms:ResultType">
- * <choice maxOccurs="unbounded">
+ * <!-- CompoundResponse -->
+ * <element name="CompoundResult" type="xkms:CompoundResultType"/>
+ * <complexType name="CompoundResultType">
+ * <complexContent>
+ * <extension base="xkms:ResultType">
+ * <choice maxOccurs="unbounded">
* <element ref="xkms:LocateResult"/>
* <element ref="xkms:ValidateResult"/>
* <element ref="xkms:RegisterResult"/>
@@ -4329,8 +4329,8 @@ xmlSecXkmsServerRequestCompoundNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkms
* </complexContent>
* </complexType>
* <!-- /CompoundResponse -->
- */
-static int
+ */
+static int
xmlSecXkmsServerRequestCompoundNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
int ret;
@@ -4347,32 +4347,32 @@ xmlSecXkmsServerRequestCompoundNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkm
ctxChild = (xmlSecXkmsServerCtxPtr)xmlSecPtrListGetItem(ctx->compoundRequestContexts, pos);
if(ctxChild == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListGetItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListGetItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if(ctxChild->resultMajor != xmlSecXkmsResultMajorSuccess) {
+ xmlSecXkmsServerCtxSetResult(ctx, ctxChild->resultMajor, ctxChild->resultMinor);
+ break;
}
-
- if(ctxChild->resultMajor != xmlSecXkmsResultMajorSuccess) {
- xmlSecXkmsServerCtxSetResult(ctx, ctxChild->resultMajor, ctxChild->resultMinor);
- break;
- }
- }
- }
-
+ }
+ }
+
/* first write the "parent" type */
ret = xmlSecXkmsServerCtxResultTypeNodeWrite(ctx, node);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxResultTypeNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxResultTypeNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
/* write compound result */
if(ctx->compoundRequestContexts != NULL) {
xmlSecSize pos;
@@ -4383,44 +4383,44 @@ xmlSecXkmsServerRequestCompoundNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkm
ctxChild = (xmlSecXkmsServerCtxPtr)xmlSecPtrListGetItem(ctx->compoundRequestContexts, pos);
if(ctxChild == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListGetItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListGetItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
cur = xmlSecXkmsServerRequestNodeWrite(ctxChild->requestId, ctxChild, node->doc, node);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerRequestNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "request=%s",
- xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(ctxChild->requestId)));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "request=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(ctxChild->requestId)));
return(-1);
}
-
+
if(xmlSecAddChildNode(node, cur) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChildNode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChildNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
xmlFreeNode(cur);
return(-1);
- }
+ }
}
}
return(0);
}
-static int
+static int
xmlSecXkmsServerRequestCompoundExecute(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx) {
int ret;
-
+
xmlSecAssert2(id == xmlSecXkmsServerRequestCompoundId, -1);
xmlSecAssert2(ctx != NULL, -1);
@@ -4432,25 +4432,25 @@ xmlSecXkmsServerRequestCompoundExecute(xmlSecXkmsServerRequestId id, xmlSecXkmsS
ctxChild = (xmlSecXkmsServerCtxPtr)xmlSecPtrListGetItem(ctx->compoundRequestContexts, pos);
if(ctxChild == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListGetItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
- continue;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListGetItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ continue;
}
-
+
ret = xmlSecXkmsServerRequestExecute(ctxChild->requestId, ctxChild);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerRequestExecute",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "request=%s",
- xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(ctxChild->requestId)));
- xmlSecXkmsServerCtxSetResult(ctxChild, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
- continue;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "request=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(ctxChild->requestId)));
+ xmlSecXkmsServerCtxSetResult(ctxChild, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ continue;
}
}
}
@@ -4459,30 +4459,30 @@ xmlSecXkmsServerRequestCompoundExecute(xmlSecXkmsServerRequestId id, xmlSecXkmsS
}
-/********************************************************************
+/********************************************************************
*
* LocateRequest/LocateResponse
*
*******************************************************************/
-static int xmlSecXkmsServerRequestLocateNodeRead (xmlSecXkmsServerRequestId id,
- xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node);
-static int xmlSecXkmsServerRequestLocateNodeWrite (xmlSecXkmsServerRequestId id,
- xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node);
-static int xmlSecXkmsServerRequestLocateExecute (xmlSecXkmsServerRequestId id,
- xmlSecXkmsServerCtxPtr ctx);
+static int xmlSecXkmsServerRequestLocateNodeRead (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerRequestLocateNodeWrite (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerRequestLocateExecute (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx);
static xmlSecXkmsServerRequestKlass xmlSecXkmsServerRequestLocateKlass = {
- xmlSecXkmsServerRequestLocateName, /* const xmlChar* name; */
- xmlSecNodeLocateRequest, /* const xmlChar* requestNodeName; */
- xmlSecXkmsNs, /* const xmlChar* requestNodeNs; */
- xmlSecNodeLocateResult, /* const xmlChar* responseNodeName; */
- xmlSecXkmsNs, /* const xmlChar* responseNodeNs; */
+ xmlSecXkmsServerRequestLocateName, /* const xmlChar* name; */
+ xmlSecNodeLocateRequest, /* const xmlChar* requestNodeName; */
+ xmlSecXkmsNs, /* const xmlChar* requestNodeNs; */
+ xmlSecNodeLocateResult, /* const xmlChar* responseNodeName; */
+ xmlSecXkmsNs, /* const xmlChar* responseNodeNs; */
XMLSEC_XKMS_SERVER_REQUEST_KLASS_ALLOWED_IN_COUMPOUND, /* xmlSecBitMask flags; */
- xmlSecXkmsServerRequestLocateNodeRead, /* xmlSecXkmsServerRequestNodeReadMethod readNode; */
- xmlSecXkmsServerRequestLocateNodeWrite, /* xmlSecXkmsServerRequestNodeWriteMethod writeNode; */
- xmlSecXkmsServerRequestLocateExecute, /* xmlSecXkmsServerRequestExecuteMethod execute; */
+ xmlSecXkmsServerRequestLocateNodeRead, /* xmlSecXkmsServerRequestNodeReadMethod readNode; */
+ xmlSecXkmsServerRequestLocateNodeWrite, /* xmlSecXkmsServerRequestNodeWriteMethod writeNode; */
+ xmlSecXkmsServerRequestLocateExecute, /* xmlSecXkmsServerRequestExecuteMethod execute; */
NULL, /* void* reserved1; */
NULL /* void* reserved2; */
};
@@ -4493,8 +4493,8 @@ static xmlSecXkmsServerRequestKlass xmlSecXkmsServerRequestLocateKlass = {
* The LocateRequest klass.
*
* Returns: LocateRequest klass.
- */
-xmlSecXkmsServerRequestId
+ */
+xmlSecXkmsServerRequestId
xmlSecXkmsServerRequestLocateGetKlass(void) {
return(&xmlSecXkmsServerRequestLocateKlass);
}
@@ -4514,7 +4514,7 @@ xmlSecXkmsServerRequestLocateGetKlass(void) {
* <xkms:KeyUsage>?
* <xkms:KeyUsage>?
* <xkms:KeyUsage>?
- * <xkms:UseKeyWith Application Identifier>*
+ * <xkms:UseKeyWith Application Identifier>*
* <xkms:TimeInstant Time>?
*
* XML Schema:
@@ -4532,59 +4532,59 @@ xmlSecXkmsServerRequestLocateGetKlass(void) {
* </complexType>
* <!-- /LocateRequest -->
*/
-static int
+static int
xmlSecXkmsServerRequestLocateNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(id == xmlSecXkmsServerRequestLocateId, -1);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
cur = node;
-
+
/* first read "parent" type */
ret = xmlSecXkmsServerCtxRequestAbstractTypeNodeRead(ctx, &cur);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxRequestAbstractTypeNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxRequestAbstractTypeNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* now read required <xkms:QueryKeyBinding/> node */
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeQueryKeyBinding, xmlSecXkmsNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeQueryKeyBinding));
- return(-1);
- }
-
- /* read <xkms:QueryKeyBinding/> node */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeQueryKeyBinding));
+ return(-1);
+ }
+
+ /* read <xkms:QueryKeyBinding/> node */
ret = xmlSecXkmsServerCtxQueryKeyBindingNodeRead(ctx, cur);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxQueryKeyBindingNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxQueryKeyBindingNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
/* check that there is nothing after the last node */
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
@@ -4603,26 +4603,26 @@ xmlSecXkmsServerRequestLocateNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkmsSe
* <xkms:KeyUsage>?
* <xkms:KeyUsage>?
* <xkms:KeyUsage>?
- * <xkms:UseKeyWith Application Identifier>*
+ * <xkms:UseKeyWith Application Identifier>*
* <xkms:ValidityInterval NotBefore NotOnOrAfter>?
* )*
- *
+ *
* XML Schema:
* <!-- LocateResult -->
* <element name="LocateResult" type="xkms:LocateResultType"/>
* <complexType name="LocateResultType">
* <complexContent>
- * <extension base="xkms:ResultType">
- * <sequence>
- * <element ref="xkms:UnverifiedKeyBinding" minOccurs="0"
- * maxOccurs="unbounded"/>
- * </sequence>
- * </extension>
- * </complexContent>
+ * <extension base="xkms:ResultType">
+ * <sequence>
+ * <element ref="xkms:UnverifiedKeyBinding" minOccurs="0"
+ * maxOccurs="unbounded"/>
+ * </sequence>
+ * </extension>
+ * </complexContent>
* </complexType>
* <!-- /LocateResult -->
- */
-static int
+ */
+static int
xmlSecXkmsServerRequestLocateNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
xmlSecSize pos, size;
xmlSecKeyPtr key;
@@ -4636,110 +4636,110 @@ xmlSecXkmsServerRequestLocateNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkmsS
/* first write the "parent" type */
ret = xmlSecXkmsServerCtxResultTypeNodeWrite(ctx, node);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxResultTypeNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxResultTypeNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
/* write keys in <xkms:UnverifiedKeyBinding> nodes */
size = xmlSecPtrListGetSize(&(ctx->keys));
for(pos = 0; pos < size; ++pos) {
- key = (xmlSecKeyPtr)xmlSecPtrListGetItem(&(ctx->keys), pos);
- if(key == NULL) {
- continue;
- }
-
- cur = xmlSecAddChild(node, xmlSecNodeUnverifiedKeyBinding, xmlSecXkmsNs);
- if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeUnverifiedKeyBinding));
- return(-1);
- }
-
- ret = xmlSecXkmsServerCtxUnverifiedKeyBindingNodeWrite(ctx, cur, key);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxUnverifiedKeyBindingNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ key = (xmlSecKeyPtr)xmlSecPtrListGetItem(&(ctx->keys), pos);
+ if(key == NULL) {
+ continue;
+ }
+
+ cur = xmlSecAddChild(node, xmlSecNodeUnverifiedKeyBinding, xmlSecXkmsNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeUnverifiedKeyBinding));
+ return(-1);
+ }
+
+ ret = xmlSecXkmsServerCtxUnverifiedKeyBindingNodeWrite(ctx, cur, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxUnverifiedKeyBindingNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
return(0);
}
-static int
+static int
xmlSecXkmsServerRequestLocateExecute(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx) {
xmlSecKeyPtr key = NULL;
int ret;
-
+
xmlSecAssert2(id == xmlSecXkmsServerRequestLocateId, -1);
xmlSecAssert2(ctx != NULL, -1);
/* now we are ready to search for key */
if((ctx->keyInfoReadCtx.keysMngr != NULL) && (ctx->keyInfoReadCtx.keysMngr->getKey != NULL)) {
- /* todo: set parameters to locate but not validate the key */
- key = (ctx->keyInfoReadCtx.keysMngr->getKey)(ctx->keyInfoNode, &(ctx->keyInfoReadCtx));
+ /* todo: set parameters to locate but not validate the key */
+ key = (ctx->keyInfoReadCtx.keysMngr->getKey)(ctx->keyInfoNode, &(ctx->keyInfoReadCtx));
}
-
+
/* check that we got what we needed */
if((key == NULL) || (!xmlSecKeyMatch(key, NULL, &(ctx->keyInfoReadCtx.keyReq)))) {
- if(key != NULL) {
- xmlSecKeyDestroy(key);
- }
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorNoMatch);
- return(-1);
- }
-
+ if(key != NULL) {
+ xmlSecKeyDestroy(key);
+ }
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorNoMatch);
+ return(-1);
+ }
+
xmlSecAssert2(key != NULL, -1);
ret = xmlSecPtrListAdd(&(ctx->keys), key);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDestroy(key);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ return(-1);
+ }
+
return(0);
}
-/********************************************************************
+/********************************************************************
*
* ValidateRequest/ValidateResponse
*
*******************************************************************/
-static int xmlSecXkmsServerRequestValidateNodeRead (xmlSecXkmsServerRequestId id,
- xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node);
-static int xmlSecXkmsServerRequestValidateNodeWrite(xmlSecXkmsServerRequestId id,
- xmlSecXkmsServerCtxPtr ctx,
- xmlNodePtr node);
-static int xmlSecXkmsServerRequestValidateExecute (xmlSecXkmsServerRequestId id,
- xmlSecXkmsServerCtxPtr ctx);
+static int xmlSecXkmsServerRequestValidateNodeRead (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerRequestValidateNodeWrite(xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerRequestValidateExecute (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx);
static xmlSecXkmsServerRequestKlass xmlSecXkmsServerRequestValidateKlass = {
- xmlSecXkmsServerRequestValidateName, /* const xmlChar* name; */
- xmlSecNodeValidateRequest, /* const xmlChar* requestNodeName; */
- xmlSecXkmsNs, /* const xmlChar* requestNodeNs; */
- xmlSecNodeValidateResult, /* const xmlChar* responseNodeName; */
- xmlSecXkmsNs, /* const xmlChar* responseNodeNs; */
+ xmlSecXkmsServerRequestValidateName, /* const xmlChar* name; */
+ xmlSecNodeValidateRequest, /* const xmlChar* requestNodeName; */
+ xmlSecXkmsNs, /* const xmlChar* requestNodeNs; */
+ xmlSecNodeValidateResult, /* const xmlChar* responseNodeName; */
+ xmlSecXkmsNs, /* const xmlChar* responseNodeNs; */
XMLSEC_XKMS_SERVER_REQUEST_KLASS_ALLOWED_IN_COUMPOUND, /* xmlSecBitMask flags; */
- xmlSecXkmsServerRequestValidateNodeRead, /* xmlSecXkmsServerRequestNodeReadMethod readNode; */
- xmlSecXkmsServerRequestValidateNodeWrite, /* xmlSecXkmsServerRequestNodeWriteMethod writeNode; */
- xmlSecXkmsServerRequestValidateExecute, /* xmlSecXkmsServerRequestExecuteMethod execute; */
+ xmlSecXkmsServerRequestValidateNodeRead, /* xmlSecXkmsServerRequestNodeReadMethod readNode; */
+ xmlSecXkmsServerRequestValidateNodeWrite, /* xmlSecXkmsServerRequestNodeWriteMethod writeNode; */
+ xmlSecXkmsServerRequestValidateExecute, /* xmlSecXkmsServerRequestExecuteMethod execute; */
NULL, /* void* reserved1; */
NULL /* void* reserved2; */
};
@@ -4750,8 +4750,8 @@ static xmlSecXkmsServerRequestKlass xmlSecXkmsServerRequestValidateKlass = {
* The ValidateRequest klass.
*
* Returns: ValidateRequest klass.
- */
-xmlSecXkmsServerRequestId
+ */
+xmlSecXkmsServerRequestId
xmlSecXkmsServerRequestValidateGetKlass(void) {
return(&xmlSecXkmsServerRequestValidateKlass);
}
@@ -4771,77 +4771,77 @@ xmlSecXkmsServerRequestValidateGetKlass(void) {
* <xkms:KeyUsage>?
* <xkms:KeyUsage>?
* <xkms:KeyUsage>?
- * <xkms:UseKeyWith Application Identifier>*
+ * <xkms:UseKeyWith Application Identifier>*
* <xkms:TimeInstant Time>?
- *
+ *
* XML Schema:
- *
- * <!-- ValidateRequest -->
- * <element name="ValidateRequest" type="xkms:ValidateRequestType"/>
- * <complexType name="ValidateRequestType">
- * <complexContent>
+ *
+ * <!-- ValidateRequest -->
+ * <element name="ValidateRequest" type="xkms:ValidateRequestType"/>
+ * <complexType name="ValidateRequestType">
+ * <complexContent>
* <extension base="xkms:RequestAbstractType">
* <sequence>
* <element ref="xkms:QueryKeyBinding"/>
* </sequence>
- * </extension>
- * </complexContent>
+ * </extension>
+ * </complexContent>
* </complexType>
- * <!-- /ValidateRequest -->
+ * <!-- /ValidateRequest -->
*/
-static int
+static int
xmlSecXkmsServerRequestValidateNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(id == xmlSecXkmsServerRequestValidateId, -1);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
cur = node;
-
+
/* first read "parent" type */
ret = xmlSecXkmsServerCtxRequestAbstractTypeNodeRead(ctx, &cur);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxRequestAbstractTypeNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxRequestAbstractTypeNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* now read required <xkms:QueryKeyBinding/> node */
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeQueryKeyBinding, xmlSecXkmsNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeQueryKeyBinding));
- return(-1);
- }
-
- /* read <xkms:QueryKeyBinding/> node */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeQueryKeyBinding));
+ return(-1);
+ }
+
+ /* read <xkms:QueryKeyBinding/> node */
ret = xmlSecXkmsServerCtxQueryKeyBindingNodeRead(ctx, cur);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxQueryKeyBindingNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxQueryKeyBindingNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
/* check that there is nothing after the last node */
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
@@ -4860,7 +4860,7 @@ xmlSecXkmsServerRequestValidateNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkms
* <xkms:KeyUsage>?
* <xkms:KeyUsage>?
* <xkms:KeyUsage>?
- * <xkms:UseKeyWith Application Identifier>*
+ * <xkms:UseKeyWith Application Identifier>*
* <xkms:ValidityInterval NotBefore NotOnOrAfter>?
* <xkms:Status StatusValue>
* (<xkms:ValidReason>?
@@ -4868,24 +4868,24 @@ xmlSecXkmsServerRequestValidateNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkms
* <xkms:InvalidReason>?
* )*
* )*
- *
+ *
* XML Schema:
*
- * <!-- ValidateResult -->
+ * <!-- ValidateResult -->
* <element name="ValidateResult" type="xkms:ValidateResultType"/>
* <complexType name="ValidateResultType">
* <complexContent>
* <extension base="xkms:ResultType">
* <sequence>
- * <element ref="xkms:KeyBinding" minOccurs="0"
- * maxOccurs="unbounded"/>
+ * <element ref="xkms:KeyBinding" minOccurs="0"
+ * maxOccurs="unbounded"/>
* </sequence>
* </extension>
* </complexContent>
* </complexType>
* <!-- /ValidateResult -->
- */
-static int
+ */
+static int
xmlSecXkmsServerRequestValidateNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
xmlSecSize pos, size;
xmlSecKeyPtr key;
@@ -4899,81 +4899,81 @@ xmlSecXkmsServerRequestValidateNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkm
/* first write the "parent" type */
ret = xmlSecXkmsServerCtxResultTypeNodeWrite(ctx, node);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxResultTypeNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxResultTypeNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
/* write keys in <xkms:UnverifiedKeyBinding> nodes */
size = xmlSecPtrListGetSize(&(ctx->keys));
for(pos = 0; pos < size; ++pos) {
- key = (xmlSecKeyPtr)xmlSecPtrListGetItem(&(ctx->keys), pos);
- if(key == NULL) {
- continue;
- }
-
- cur = xmlSecAddChild(node, xmlSecNodeUnverifiedKeyBinding, xmlSecXkmsNs);
- if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeUnverifiedKeyBinding));
- return(-1);
- }
-
- ret = xmlSecXkmsServerCtxKeyBindingNodeWrite(ctx, cur, key);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerCtxKeyBindingNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ key = (xmlSecKeyPtr)xmlSecPtrListGetItem(&(ctx->keys), pos);
+ if(key == NULL) {
+ continue;
+ }
+
+ cur = xmlSecAddChild(node, xmlSecNodeUnverifiedKeyBinding, xmlSecXkmsNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeUnverifiedKeyBinding));
+ return(-1);
+ }
+
+ ret = xmlSecXkmsServerCtxKeyBindingNodeWrite(ctx, cur, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxKeyBindingNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
}
return(0);
}
-static int
+static int
xmlSecXkmsServerRequestValidateExecute(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx) {
xmlSecKeyPtr key = NULL;
int ret;
-
+
xmlSecAssert2(id == xmlSecXkmsServerRequestValidateId, -1);
xmlSecAssert2(ctx != NULL, -1);
/* now we are ready to search for key */
if((ctx->keyInfoReadCtx.keysMngr != NULL) && (ctx->keyInfoReadCtx.keysMngr->getKey != NULL)) {
- key = (ctx->keyInfoReadCtx.keysMngr->getKey)(ctx->keyInfoNode, &(ctx->keyInfoReadCtx));
+ key = (ctx->keyInfoReadCtx.keysMngr->getKey)(ctx->keyInfoNode, &(ctx->keyInfoReadCtx));
}
-
+
/* check that we got what we needed */
if((key == NULL) || (!xmlSecKeyMatch(key, NULL, &(ctx->keyInfoReadCtx.keyReq)))) {
- if(key != NULL) {
- xmlSecKeyDestroy(key);
- }
- xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorNoMatch);
- return(-1);
- }
-
+ if(key != NULL) {
+ xmlSecKeyDestroy(key);
+ }
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorNoMatch);
+ return(-1);
+ }
+
xmlSecAssert2(key != NULL, -1);
ret = xmlSecPtrListAdd(&(ctx->keys), key);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDestroy(key);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ return(-1);
+ }
+
return(0);
}
diff --git a/src/xmldsig.c b/src/xmldsig.c
index cbd825e5..b08b8b11 100644
--- a/src/xmldsig.c
+++ b/src/xmldsig.c
@@ -1,13 +1,13 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* "XML Digital Signature" implementation
* http://www.w3.org/TR/xmldsig-core/
* http://www.w3.org/Signature/Overview.html
- *
+ *
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -19,7 +19,7 @@
#include <string.h>
#include <libxml/tree.h>
-#include <libxml/parser.h>
+#include <libxml/parser.h>
#include <xmlsec/xmlsec.h>
#include <xmlsec/buffer.h>
@@ -36,113 +36,113 @@
* xmlSecDSigCtx
*
*************************************************************************/
-static int xmlSecDSigCtxProcessSignatureNode (xmlSecDSigCtxPtr dsigCtx,
- xmlNodePtr node);
-static int xmlSecDSigCtxProcessSignedInfoNode (xmlSecDSigCtxPtr dsigCtx,
- xmlNodePtr node);
-static int xmlSecDSigCtxProcessKeyInfoNode (xmlSecDSigCtxPtr dsigCtx,
- xmlNodePtr node);
-static int xmlSecDSigCtxProcessObjectNode (xmlSecDSigCtxPtr dsigCtx,
- xmlNodePtr node);
-static int xmlSecDSigCtxProcessManifestNode (xmlSecDSigCtxPtr dsigCtx,
- xmlNodePtr node);
+static int xmlSecDSigCtxProcessSignatureNode (xmlSecDSigCtxPtr dsigCtx,
+ xmlNodePtr node);
+static int xmlSecDSigCtxProcessSignedInfoNode (xmlSecDSigCtxPtr dsigCtx,
+ xmlNodePtr node);
+static int xmlSecDSigCtxProcessKeyInfoNode (xmlSecDSigCtxPtr dsigCtx,
+ xmlNodePtr node);
+static int xmlSecDSigCtxProcessObjectNode (xmlSecDSigCtxPtr dsigCtx,
+ xmlNodePtr node);
+static int xmlSecDSigCtxProcessManifestNode (xmlSecDSigCtxPtr dsigCtx,
+ xmlNodePtr node);
/* The ID attribute in XMLDSig is 'Id' */
-static const xmlChar* xmlSecDSigIds[] = { xmlSecAttrId, NULL };
+static const xmlChar* xmlSecDSigIds[] = { xmlSecAttrId, NULL };
/**
* xmlSecDSigCtxCreate:
- * @keysMngr: the pointer to keys manager.
+ * @keysMngr: the pointer to keys manager.
*
* Creates <dsig:Signature/> element processing context.
- * The caller is responsible for destroying returend object by calling
+ * The caller is responsible for destroying returned object by calling
* #xmlSecDSigCtxDestroy function.
*
* Returns: pointer to newly allocated context object or NULL if an error
* occurs.
*/
-xmlSecDSigCtxPtr
+xmlSecDSigCtxPtr
xmlSecDSigCtxCreate(xmlSecKeysMngrPtr keysMngr) {
xmlSecDSigCtxPtr dsigCtx;
int ret;
-
+
dsigCtx = (xmlSecDSigCtxPtr) xmlMalloc(sizeof(xmlSecDSigCtx));
if(dsigCtx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "sizeof(xmlSecDSigCtx)=%d",
- sizeof(xmlSecDSigCtx));
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecDSigCtx)=%d",
+ sizeof(xmlSecDSigCtx));
+ return(NULL);
+ }
+
ret = xmlSecDSigCtxInitialize(dsigCtx, keysMngr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecDSigCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecDSigCtxDestroy(dsigCtx);
- return(NULL);
- }
- return(dsigCtx);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecDSigCtxDestroy(dsigCtx);
+ return(NULL);
+ }
+ return(dsigCtx);
}
/**
* xmlSecDSigCtxDestroy:
- * @dsigCtx: the pointer to <dsig:Signature/> processing context.
+ * @dsigCtx: the pointer to <dsig:Signature/> processing context.
*
* Destroy context object created with #xmlSecDSigCtxCreate function.
*/
-void
+void
xmlSecDSigCtxDestroy(xmlSecDSigCtxPtr dsigCtx) {
xmlSecAssert(dsigCtx != NULL);
-
+
xmlSecDSigCtxFinalize(dsigCtx);
xmlFree(dsigCtx);
}
/**
* xmlSecDSigCtxInitialize:
- * @dsigCtx: the pointer to <dsig:Signature/> processing context.
- * @keysMngr: the pointer to keys manager.
+ * @dsigCtx: the pointer to <dsig:Signature/> processing context.
+ * @keysMngr: the pointer to keys manager.
*
* Initializes <dsig:Signature/> element processing context.
- * The caller is responsible for cleaing up returend object by calling
+ * The caller is responsible for cleaning up returned object by calling
* #xmlSecDSigCtxFinalize function.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecDSigCtxInitialize(xmlSecDSigCtxPtr dsigCtx, xmlSecKeysMngrPtr keysMngr) {
int ret;
-
+
xmlSecAssert2(dsigCtx != NULL, -1);
-
+
memset(dsigCtx, 0, sizeof(xmlSecDSigCtx));
/* initialize key info */
ret = xmlSecKeyInfoCtxInitialize(&(dsigCtx->keyInfoReadCtx), keysMngr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyInfoCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
dsigCtx->keyInfoReadCtx.mode = xmlSecKeyInfoModeRead;
-
+
ret = xmlSecKeyInfoCtxInitialize(&(dsigCtx->keyInfoWriteCtx), keysMngr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyInfoCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
dsigCtx->keyInfoWriteCtx.mode = xmlSecKeyInfoModeWrite;
/* it's not wise to write private key :) */
@@ -151,19 +151,19 @@ xmlSecDSigCtxInitialize(xmlSecDSigCtxPtr dsigCtx, xmlSecKeysMngrPtr keysMngr) {
/* initializes transforms dsigCtx */
ret = xmlSecTransformCtxInitialize(&(dsigCtx->transformCtx));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* references lists from SignedInfo and Manifest elements */
- xmlSecPtrListInitialize(&(dsigCtx->signedInfoReferences),
- xmlSecDSigReferenceCtxListId);
- xmlSecPtrListInitialize(&(dsigCtx->manifestReferences),
- xmlSecDSigReferenceCtxListId);
+ xmlSecPtrListInitialize(&(dsigCtx->signedInfoReferences),
+ xmlSecDSigReferenceCtxListId);
+ xmlSecPtrListInitialize(&(dsigCtx->manifestReferences),
+ xmlSecDSigReferenceCtxListId);
dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeAny;
return(0);
@@ -171,11 +171,11 @@ xmlSecDSigCtxInitialize(xmlSecDSigCtxPtr dsigCtx, xmlSecKeysMngrPtr keysMngr) {
/**
* xmlSecDSigCtxFinalize:
- * @dsigCtx: the pointer to <dsig:Signature/> processing context.
+ * @dsigCtx: the pointer to <dsig:Signature/> processing context.
*
* Cleans up @dsigCtx object initialized with #xmlSecDSigCtxInitialize function.
*/
-void
+void
xmlSecDSigCtxFinalize(xmlSecDSigCtxPtr dsigCtx) {
xmlSecAssert(dsigCtx != NULL);
@@ -186,68 +186,68 @@ xmlSecDSigCtxFinalize(xmlSecDSigCtxPtr dsigCtx) {
xmlSecPtrListFinalize(&(dsigCtx->manifestReferences));
if(dsigCtx->enabledReferenceTransforms != NULL) {
- xmlSecPtrListDestroy(dsigCtx->enabledReferenceTransforms);
+ xmlSecPtrListDestroy(dsigCtx->enabledReferenceTransforms);
}
if(dsigCtx->signKey != NULL) {
- xmlSecKeyDestroy(dsigCtx->signKey);
+ xmlSecKeyDestroy(dsigCtx->signKey);
}
if(dsigCtx->id != NULL) {
- xmlFree(dsigCtx->id);
- }
+ xmlFree(dsigCtx->id);
+ }
memset(dsigCtx, 0, sizeof(xmlSecDSigCtx));
}
/**
* xmlSecDSigCtxEnableReferenceTransform:
- * @dsigCtx: the pointer to <dsig:Signature/> processing context.
- * @transformId: the transform klass.
+ * @dsigCtx: the pointer to <dsig:Signature/> processing context.
+ * @transformId: the transform klass.
*
* Enables @transformId for <dsig:Reference/> elements processing.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecDSigCtxEnableReferenceTransform(xmlSecDSigCtxPtr dsigCtx, xmlSecTransformId transformId) {
int ret;
-
+
xmlSecAssert2(dsigCtx != NULL, -1);
xmlSecAssert2(dsigCtx->result == NULL, -1);
xmlSecAssert2(transformId != xmlSecTransformIdUnknown, -1);
if(dsigCtx->enabledReferenceTransforms == NULL) {
- dsigCtx->enabledReferenceTransforms = xmlSecPtrListCreate(xmlSecTransformIdListId);
- if(dsigCtx->enabledReferenceTransforms == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
+ dsigCtx->enabledReferenceTransforms = xmlSecPtrListCreate(xmlSecTransformIdListId);
+ if(dsigCtx->enabledReferenceTransforms == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
ret = xmlSecPtrListAdd(dsigCtx->enabledReferenceTransforms, (void*)transformId);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
/**
* xmlSecDSigCtxEnableSignatureTransform:
- * @dsigCtx: the pointer to <dsig:Signature/> processing context.
- * @transformId: the transform klass.
+ * @dsigCtx: the pointer to <dsig:Signature/> processing context.
+ * @transformId: the transform klass.
*
* Enables @transformId for <dsig:SignedInfo/> element processing.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecDSigCtxEnableSignatureTransform(xmlSecDSigCtxPtr dsigCtx, xmlSecTransformId transformId) {
xmlSecAssert2(dsigCtx != NULL, -1);
xmlSecAssert2(dsigCtx->result == NULL, -1);
@@ -258,138 +258,138 @@ xmlSecDSigCtxEnableSignatureTransform(xmlSecDSigCtxPtr dsigCtx, xmlSecTransformI
/**
* xmlSecDSigCtxGetPreSignBuffer:
- * @dsigCtx: the pointer to <dsig:Signature/> processing context.
- *
+ * @dsigCtx: the pointer to <dsig:Signature/> processing context.
+ *
* Gets pointer to the buffer with serialized <dsig:SignedInfo/> element
- * just before signature claculation (valid if and only if
+ * just before signature claculation (valid if and only if
* #XMLSEC_DSIG_FLAGS_STORE_SIGNATURE context flag is set.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-xmlSecBufferPtr
+xmlSecBufferPtr
xmlSecDSigCtxGetPreSignBuffer(xmlSecDSigCtxPtr dsigCtx) {
xmlSecAssert2(dsigCtx != NULL, NULL);
-
- return((dsigCtx->preSignMemBufMethod != NULL) ?
- xmlSecTransformMemBufGetBuffer(dsigCtx->preSignMemBufMethod) : NULL);
+
+ return((dsigCtx->preSignMemBufMethod != NULL) ?
+ xmlSecTransformMemBufGetBuffer(dsigCtx->preSignMemBufMethod) : NULL);
}
/**
* xmlSecDSigCtxSign:
- * @dsigCtx: the pointer to <dsig:Signature/> processing context.
- * @tmpl: the pointer to <dsig:Signature/> node with signature template.
+ * @dsigCtx: the pointer to <dsig:Signature/> processing context.
+ * @tmpl: the pointer to <dsig:Signature/> node with signature template.
*
* Signs the data as described in @tmpl node.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecDSigCtxSign(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr tmpl) {
int ret;
-
+
xmlSecAssert2(dsigCtx != NULL, -1);
xmlSecAssert2(dsigCtx->result == NULL, -1);
xmlSecAssert2(tmpl != NULL, -1);
xmlSecAssert2(tmpl->doc != NULL, -1);
/* add ids for Signature nodes */
- dsigCtx->operation = xmlSecTransformOperationSign;
- dsigCtx->status = xmlSecDSigStatusUnknown;
+ dsigCtx->operation = xmlSecTransformOperationSign;
+ dsigCtx->status = xmlSecDSigStatusUnknown;
xmlSecAddIDs(tmpl->doc, tmpl, xmlSecDSigIds);
/* read signature template */
ret = xmlSecDSigCtxProcessSignatureNode(dsigCtx, tmpl);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecDSigCtxSigantureProcessNode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigCtxSignatureProcessNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
xmlSecAssert2(dsigCtx->signMethod != NULL, -1);
xmlSecAssert2(dsigCtx->signValueNode != NULL, -1);
/* references processing might change the status */
if(dsigCtx->status != xmlSecDSigStatusUnknown) {
- return(0);
+ return(0);
}
/* check what we've got */
dsigCtx->result = dsigCtx->transformCtx.result;
if((dsigCtx->result == NULL) || (xmlSecBufferGetData(dsigCtx->result) == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_RESULT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_RESULT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* write signed data to xml */
xmlNodeSetContentLen(dsigCtx->signValueNode,
- xmlSecBufferGetData(dsigCtx->result),
- xmlSecBufferGetSize(dsigCtx->result));
-
+ xmlSecBufferGetData(dsigCtx->result),
+ xmlSecBufferGetSize(dsigCtx->result));
+
/* set success status and we are done */
dsigCtx->status = xmlSecDSigStatusSucceeded;
- return(0);
+ return(0);
}
/**
* xmlSecDSigCtxVerify:
- * @dsigCtx: the pointer to <dsig:Signature/> processing context.
- * @node: the pointer with <dsig:Signature/> node.
- *
+ * @dsigCtx: the pointer to <dsig:Signature/> processing context.
+ * @node: the pointer with <dsig:Signature/> node.
+ *
* Vaidates signature in the @node. The verification result is returned
* in #status member of the @dsigCtx object.
*
- * Returns: 0 on success (check #status member of @dsigCtx to get
+ * Returns: 0 on success (check #status member of @dsigCtx to get
* signature verification result) or a negative value if an error occurs.
*/
-int
+int
xmlSecDSigCtxVerify(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
int ret;
-
+
xmlSecAssert2(dsigCtx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(node->doc != NULL, -1);
/* add ids for Signature nodes */
- dsigCtx->operation = xmlSecTransformOperationVerify;
- dsigCtx->status = xmlSecDSigStatusUnknown;
+ dsigCtx->operation = xmlSecTransformOperationVerify;
+ dsigCtx->status = xmlSecDSigStatusUnknown;
xmlSecAddIDs(node->doc, node, xmlSecDSigIds);
-
- /* read siganture info */
+
+ /* read signature info */
ret = xmlSecDSigCtxProcessSignatureNode(dsigCtx, node);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecDSigCtxSigantureProcessNode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigCtxSignatureProcessNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
xmlSecAssert2(dsigCtx->signMethod != NULL, -1);
xmlSecAssert2(dsigCtx->signValueNode != NULL, -1);
/* references processing might change the status */
if(dsigCtx->status != xmlSecDSigStatusUnknown) {
- return(0);
+ return(0);
}
/* verify SignatureValue node content */
ret = xmlSecTransformVerifyNodeContent(dsigCtx->signMethod, dsigCtx->signValueNode,
- &(dsigCtx->transformCtx));
+ &(dsigCtx->transformCtx));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformVerifyNodeContent",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformVerifyNodeContent",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
/* set status and we are done */
if(dsigCtx->signMethod->status == xmlSecTransformStatusOk) {
dsigCtx->status = xmlSecDSigStatusSucceeded;
@@ -404,47 +404,47 @@ xmlSecDSigCtxVerify(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
*
* The Signature element (http://www.w3.org/TR/xmldsig-core/#sec-Signature)
*
- * The Signature element is the root element of an XML Signature.
- * Implementation MUST generate laxly schema valid [XML-schema] Signature
+ * The Signature element is the root element of an XML Signature.
+ * Implementation MUST generate laxly schema valid [XML-schema] Signature
* elements as specified by the following schema:
- * The way in which the SignedInfo element is presented to the
- * canonicalization method is dependent on that method. The following
+ * The way in which the SignedInfo element is presented to the
+ * canonicalization method is dependent on that method. The following
* applies to algorithms which process XML as nodes or characters:
*
- * - XML based canonicalization implementations MUST be provided with
- * a [XPath] node-set originally formed from the document containing
+ * - XML based canonicalization implementations MUST be provided with
+ * a [XPath] node-set originally formed from the document containing
* the SignedInfo and currently indicating the SignedInfo, its descendants,
- * and the attribute and namespace nodes of SignedInfo and its descendant
+ * and the attribute and namespace nodes of SignedInfo and its descendant
* elements.
*
- * - Text based canonicalization algorithms (such as CRLF and charset
- * normalization) should be provided with the UTF-8 octets that represent
- * the well-formed SignedInfo element, from the first character to the
- * last character of the XML representation, inclusive. This includes
- * the entire text of the start and end tags of the SignedInfo element
- * as well as all descendant markup and character data (i.e., the text)
- * between those tags. Use of text based canonicalization of SignedInfo
- * is NOT RECOMMENDED.
+ * - Text based canonicalization algorithms (such as CRLF and charset
+ * normalization) should be provided with the UTF-8 octets that represent
+ * the well-formed SignedInfo element, from the first character to the
+ * last character of the XML representation, inclusive. This includes
+ * the entire text of the start and end tags of the SignedInfo element
+ * as well as all descendant markup and character data (i.e., the text)
+ * between those tags. Use of text based canonicalization of SignedInfo
+ * is NOT RECOMMENDED.
*
* =================================
- * we do not support any non XML based C14N
+ * we do not support any non XML based C14N
*
* Schema Definition:
*
* <element name="Signature" type="ds:SignatureType"/>
* <complexType name="SignatureType">
- * <sequence>
- * <element ref="ds:SignedInfo"/>
- * <element ref="ds:SignatureValue"/>
- * <element ref="ds:KeyInfo" minOccurs="0"/>
- * <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
+ * <sequence>
+ * <element ref="ds:SignedInfo"/>
+ * <element ref="ds:SignatureValue"/>
+ * <element ref="ds:KeyInfo" minOccurs="0"/>
+ * <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
* </sequence> <attribute name="Id" type="ID" use="optional"/>
* </complexType>
- *
+ *
* DTD:
- *
+ *
* <!ELEMENT Signature (SignedInfo, SignatureValue, KeyInfo?, Object*) >
- * <!ATTLIST Signature
+ * <!ATTLIST Signature
* xmlns CDATA #FIXED 'http://www.w3.org/2000/09/xmldsig#'
* Id ID #IMPLIED >
*
@@ -456,7 +456,7 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
xmlNodePtr keyInfoNode = NULL;
xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(dsigCtx != NULL, -1);
xmlSecAssert2((dsigCtx->operation == xmlSecTransformOperationSign) || (dsigCtx->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(dsigCtx->status == xmlSecDSigStatusUnknown, -1);
@@ -466,13 +466,13 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
xmlSecAssert2(node != NULL, -1);
if(!xmlSecCheckNodeName(node, xmlSecNodeSignature, xmlSecDSigNs)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "expected=%s",
- xmlSecErrorsSafeString(xmlSecNodeSignature));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected=%s",
+ xmlSecErrorsSafeString(xmlSecNodeSignature));
+ return(-1);
}
/* read node data */
@@ -480,14 +480,14 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
dsigCtx->id = xmlGetProp(node, xmlSecAttrId);
/* first node is required SignedInfo */
- cur = xmlSecGetNextElementNode(node->children);
+ cur = xmlSecGetNextElementNode(node->children);
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeSignedInfo, xmlSecDSigNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "expected=%s",
- xmlSecErrorsSafeString(xmlSecNodeSignedInfo));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected=%s",
+ xmlSecErrorsSafeString(xmlSecNodeSignedInfo));
return(-1);
}
signedInfoNode = cur;
@@ -495,441 +495,441 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
/* next node is required SignatureValue */
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeSignatureValue, xmlSecDSigNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "expected=%s",
- xmlSecErrorsSafeString(xmlSecNodeSignatureValue));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected=%s",
+ xmlSecErrorsSafeString(xmlSecNodeSignatureValue));
+ return(-1);
}
dsigCtx->signValueNode = cur;
cur = xmlSecGetNextElementNode(cur->next);
/* next node is optional KeyInfo */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs))) {
- keyInfoNode = cur;
- cur = xmlSecGetNextElementNode(cur->next);
+ keyInfoNode = cur;
+ cur = xmlSecGetNextElementNode(cur->next);
} else {
- keyInfoNode = NULL;
+ keyInfoNode = NULL;
}
-
+
/* next nodes are optional Object nodes */
while((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeObject, xmlSecDSigNs))) {
- /* read manifests from objects */
- if((dsigCtx->flags & XMLSEC_DSIG_FLAGS_IGNORE_MANIFESTS) == 0) {
- ret = xmlSecDSigCtxProcessObjectNode(dsigCtx, cur);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecDSigCtxProcessObjectNode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
- cur = xmlSecGetNextElementNode(cur->next);
- }
-
+ /* read manifests from objects */
+ if((dsigCtx->flags & XMLSEC_DSIG_FLAGS_IGNORE_MANIFESTS) == 0) {
+ ret = xmlSecDSigCtxProcessObjectNode(dsigCtx, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigCtxProcessObjectNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
/* if there is something left than it's an error */
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* now validated all the references and prepare transform */
ret = xmlSecDSigCtxProcessSignedInfoNode(dsigCtx, signedInfoNode);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecDSigCtxProcessSignedInfoNode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigCtxProcessSignedInfoNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
/* references processing might change the status */
if(dsigCtx->status != xmlSecDSigStatusUnknown) {
- return(0);
+ return(0);
}
-
- /* as the result, we should have sign and c14n methods set */
+
+ /* as the result, we should have sign and c14n methods set */
xmlSecAssert2(dsigCtx->signMethod != NULL, -1);
xmlSecAssert2(dsigCtx->c14nMethod != NULL, -1);
ret = xmlSecDSigCtxProcessKeyInfoNode(dsigCtx, keyInfoNode);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecDSigCtxProcessKeyInfoNode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigCtxProcessKeyInfoNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
/* as the result, we should have a key */
xmlSecAssert2(dsigCtx->signKey != NULL, -1);
/* if we need to write result to xml node then we need base64 encode result */
- if(dsigCtx->operation == xmlSecTransformOperationSign) {
- xmlSecTransformPtr base64Encode;
-
- /* we need to add base64 encode transform */
- base64Encode = xmlSecTransformCtxCreateAndAppend(&(dsigCtx->transformCtx),
- xmlSecTransformBase64Id);
- if(base64Encode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxCreateAndAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- base64Encode->operation = xmlSecTransformOperationEncode;
- }
-
- firstType = xmlSecTransformGetDataType(dsigCtx->transformCtx.first,
- xmlSecTransformModePush,
- &(dsigCtx->transformCtx));
+ if(dsigCtx->operation == xmlSecTransformOperationSign) {
+ xmlSecTransformPtr base64Encode;
+
+ /* we need to add base64 encode transform */
+ base64Encode = xmlSecTransformCtxCreateAndAppend(&(dsigCtx->transformCtx),
+ xmlSecTransformBase64Id);
+ if(base64Encode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ base64Encode->operation = xmlSecTransformOperationEncode;
+ }
+
+ firstType = xmlSecTransformGetDataType(dsigCtx->transformCtx.first,
+ xmlSecTransformModePush,
+ &(dsigCtx->transformCtx));
if((firstType & xmlSecTransformDataTypeXml) != 0) {
- xmlSecNodeSetPtr nodeset = NULL;
+ xmlSecNodeSetPtr nodeset = NULL;
- xmlSecAssert2(signedInfoNode != NULL, -1);
+ xmlSecAssert2(signedInfoNode != NULL, -1);
nodeset = xmlSecNodeSetGetChildren(signedInfoNode->doc, signedInfoNode, 1, 0);
- if(nodeset == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNodeSetGetChildren",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(signedInfoNode)));
- return(-1);
- }
-
- /* calculate the signature */
- ret = xmlSecTransformCtxXmlExecute(&(dsigCtx->transformCtx), nodeset);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxXmlExecute",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecNodeSetDestroy(nodeset);
- return(-1);
- }
- xmlSecNodeSetDestroy(nodeset);
+ if(nodeset == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNodeSetGetChildren",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(signedInfoNode)));
+ return(-1);
+ }
+
+ /* calculate the signature */
+ ret = xmlSecTransformCtxXmlExecute(&(dsigCtx->transformCtx), nodeset);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxXmlExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecNodeSetDestroy(nodeset);
+ return(-1);
+ }
+ xmlSecNodeSetDestroy(nodeset);
} else {
- /* TODO */
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "the binary c14n transforms are not supported yet",
- XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "the binary c14n transforms are not supported yet",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
-/**
+/**
* xmlSecDSigCtxProcessSignedInfoNode:
*
* The SignedInfo Element (http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo)
- *
- * The structure of SignedInfo includes the canonicalization algorithm,
- * a result algorithm, and one or more references. The SignedInfo element
- * may contain an optional ID attribute that will allow it to be referenced by
+ *
+ * The structure of SignedInfo includes the canonicalization algorithm,
+ * a result algorithm, and one or more references. The SignedInfo element
+ * may contain an optional ID attribute that will allow it to be referenced by
* other signatures and objects.
*
* SignedInfo does not include explicit result or digest properties (such as
- * calculation time, cryptographic device serial number, etc.). If an
- * application needs to associate properties with the result or digest,
- * it may include such information in a SignatureProperties element within
+ * calculation time, cryptographic device serial number, etc.). If an
+ * application needs to associate properties with the result or digest,
+ * it may include such information in a SignatureProperties element within
* an Object element.
*
* Schema Definition:
*
- * <element name="SignedInfo" type="ds:SignedInfoType"/>
+ * <element name="SignedInfo" type="ds:SignedInfoType"/>
* <complexType name="SignedInfoType">
- * <sequence>
+ * <sequence>
* <element ref="ds:CanonicalizationMethod"/>
- * <element ref="ds:SignatureMethod"/>
- * <element ref="ds:Reference" maxOccurs="unbounded"/>
- * </sequence>
- * <attribute name="Id" type="ID" use="optional"/>
+ * <element ref="ds:SignatureMethod"/>
+ * <element ref="ds:Reference" maxOccurs="unbounded"/>
+ * </sequence>
+ * <attribute name="Id" type="ID" use="optional"/>
* </complexType>
- *
+ *
* DTD:
- *
+ *
* <!ELEMENT SignedInfo (CanonicalizationMethod, SignatureMethod, Reference+) >
* <!ATTLIST SignedInfo Id ID #IMPLIED>
- *
+ *
*/
-static int
+static int
xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
xmlSecDSigReferenceCtxPtr dsigRefCtx;
xmlNodePtr cur;
int ret;
-
- xmlSecAssert2(dsigCtx != NULL, -1);
+
+ xmlSecAssert2(dsigCtx != NULL, -1);
xmlSecAssert2(dsigCtx->status == xmlSecDSigStatusUnknown, -1);
xmlSecAssert2(dsigCtx->signMethod == NULL, -1);
xmlSecAssert2(dsigCtx->c14nMethod == NULL, -1);
xmlSecAssert2((dsigCtx->operation == xmlSecTransformOperationSign) || (dsigCtx->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) == 0, -1);
xmlSecAssert2(node != NULL, -1);
-
+
/* first node is required CanonicalizationMethod. */
cur = xmlSecGetNextElementNode(node->children);
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCanonicalizationMethod, xmlSecDSigNs))) {
- dsigCtx->c14nMethod = xmlSecTransformCtxNodeRead(&(dsigCtx->transformCtx),
- cur, xmlSecTransformUsageC14NMethod);
- if(dsigCtx->c14nMethod == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
+ dsigCtx->c14nMethod = xmlSecTransformCtxNodeRead(&(dsigCtx->transformCtx),
+ cur, xmlSecTransformUsageC14NMethod);
+ if(dsigCtx->c14nMethod == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
} else if(dsigCtx->defC14NMethodId != xmlSecTransformIdUnknown) {
- /* the dsig spec does require CanonicalizationMethod node
- * to be present but in some case it application might decide to
- * minimize traffic */
- dsigCtx->c14nMethod = xmlSecTransformCtxCreateAndAppend(&(dsigCtx->transformCtx),
- dsigCtx->defC14NMethodId);
- if(dsigCtx->c14nMethod == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ /* the dsig spec does require CanonicalizationMethod node
+ * to be present but in some case it application might decide to
+ * minimize traffic */
+ dsigCtx->c14nMethod = xmlSecTransformCtxCreateAndAppend(&(dsigCtx->transformCtx),
+ dsigCtx->defC14NMethodId);
+ if(dsigCtx->c14nMethod == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CanonicalizationMethod",
- XMLSEC_ERRORS_R_INVALID_NODE,
- "expected=%s",
- xmlSecErrorsSafeString(xmlSecNodeCanonicalizationMethod));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CanonicalizationMethod",
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected=%s",
+ xmlSecErrorsSafeString(xmlSecNodeCanonicalizationMethod));
+ return(-1);
+ }
+
/* insert membuf if requested */
if((dsigCtx->flags & XMLSEC_DSIG_FLAGS_STORE_SIGNATURE) != 0) {
- xmlSecAssert2(dsigCtx->preSignMemBufMethod == NULL, -1);
- dsigCtx->preSignMemBufMethod = xmlSecTransformCtxCreateAndAppend(&(dsigCtx->transformCtx),
- xmlSecTransformMemBufId);
- if(dsigCtx->preSignMemBufMethod == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxCreateAndAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformMemBufId)));
- }
- }
-
+ xmlSecAssert2(dsigCtx->preSignMemBufMethod == NULL, -1);
+ dsigCtx->preSignMemBufMethod = xmlSecTransformCtxCreateAndAppend(&(dsigCtx->transformCtx),
+ xmlSecTransformMemBufId);
+ if(dsigCtx->preSignMemBufMethod == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformMemBufId)));
+ }
+ }
+
/* next node is required SignatureMethod. */
cur = xmlSecGetNextElementNode( ((cur != NULL) ? cur->next : node->children) );
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeSignatureMethod, xmlSecDSigNs))) {
- dsigCtx->signMethod = xmlSecTransformCtxNodeRead(&(dsigCtx->transformCtx),
- cur, xmlSecTransformUsageSignatureMethod);
- if(dsigCtx->signMethod == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
+ dsigCtx->signMethod = xmlSecTransformCtxNodeRead(&(dsigCtx->transformCtx),
+ cur, xmlSecTransformUsageSignatureMethod);
+ if(dsigCtx->signMethod == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
} else if(dsigCtx->defSignMethodId != xmlSecTransformIdUnknown) {
- /* the dsig spec does require SignatureMethod node
- * to be present but in some case it application might decide to
- * minimize traffic */
- dsigCtx->signMethod = xmlSecTransformCtxCreateAndAppend(&(dsigCtx->transformCtx),
- dsigCtx->defSignMethodId);
- if(dsigCtx->signMethod == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ /* the dsig spec does require SignatureMethod node
+ * to be present but in some case it application might decide to
+ * minimize traffic */
+ dsigCtx->signMethod = xmlSecTransformCtxCreateAndAppend(&(dsigCtx->transformCtx),
+ dsigCtx->defSignMethodId);
+ if(dsigCtx->signMethod == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "expected=%s",
- xmlSecErrorsSafeString(xmlSecNodeSignatureMethod));
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected=%s",
+ xmlSecErrorsSafeString(xmlSecNodeSignatureMethod));
+ return(-1);
+ }
dsigCtx->signMethod->operation = dsigCtx->operation;
-
+
/* calculate references */
cur = xmlSecGetNextElementNode(cur->next);
while((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeReference, xmlSecDSigNs))) {
/* create reference */
- dsigRefCtx = xmlSecDSigReferenceCtxCreate(dsigCtx, xmlSecDSigReferenceOriginSignedInfo);
- if(dsigRefCtx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecDSigReferenceCtxCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* add to the list */
- ret = xmlSecPtrListAdd(&(dsigCtx->signedInfoReferences), dsigRefCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecDSigReferenceCtxDestroy(dsigRefCtx);
- return(-1);
- }
-
- /* process */
- ret = xmlSecDSigReferenceCtxProcessNode(dsigRefCtx, cur);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecDSigReferenceCtxProcessNode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
-
- /* bail out if next Reference processing failed */
- if(dsigRefCtx->status != xmlSecDSigStatusSucceeded) {
- dsigCtx->status = xmlSecDSigStatusInvalid;
- return(0);
- }
- cur = xmlSecGetNextElementNode(cur->next);
+ dsigRefCtx = xmlSecDSigReferenceCtxCreate(dsigCtx, xmlSecDSigReferenceOriginSignedInfo);
+ if(dsigRefCtx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigReferenceCtxCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* add to the list */
+ ret = xmlSecPtrListAdd(&(dsigCtx->signedInfoReferences), dsigRefCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecDSigReferenceCtxDestroy(dsigRefCtx);
+ return(-1);
+ }
+
+ /* process */
+ ret = xmlSecDSigReferenceCtxProcessNode(dsigRefCtx, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigReferenceCtxProcessNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+
+ /* bail out if next Reference processing failed */
+ if(dsigRefCtx->status != xmlSecDSigStatusSucceeded) {
+ dsigCtx->status = xmlSecDSigStatusInvalid;
+ return(0);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
}
/* check that we have at least one Reference */
if(xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) == 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_DSIG_NO_REFERENCES,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_DSIG_NO_REFERENCES,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* if there is something left than it's an error */
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
-static int
+static int
xmlSecDSigCtxProcessKeyInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
int ret;
-
+
xmlSecAssert2(dsigCtx != NULL, -1);
xmlSecAssert2(dsigCtx->signMethod != NULL, -1);
/* set key requirements */
ret = xmlSecTransformSetKeyReq(dsigCtx->signMethod, &(dsigCtx->keyInfoReadCtx.keyReq));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformSetKeyReq",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformGetName(dsigCtx->signMethod)));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformSetKeyReq",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(dsigCtx->signMethod)));
+ return(-1);
+ }
+
/* ignore <dsig:KeyInfo /> if there is the key is already set */
/* todo: throw an error if key is set and node != NULL? */
- if((dsigCtx->signKey == NULL) && (dsigCtx->keyInfoReadCtx.keysMngr != NULL)
- && (dsigCtx->keyInfoReadCtx.keysMngr->getKey != NULL)) {
- dsigCtx->signKey = (dsigCtx->keyInfoReadCtx.keysMngr->getKey)(node, &(dsigCtx->keyInfoReadCtx));
+ if((dsigCtx->signKey == NULL) && (dsigCtx->keyInfoReadCtx.keysMngr != NULL)
+ && (dsigCtx->keyInfoReadCtx.keysMngr->getKey != NULL)) {
+ dsigCtx->signKey = (dsigCtx->keyInfoReadCtx.keysMngr->getKey)(node, &(dsigCtx->keyInfoReadCtx));
}
-
+
/* check that we have exactly what we want */
if((dsigCtx->signKey == NULL) || (!xmlSecKeyMatch(dsigCtx->signKey, NULL, &(dsigCtx->keyInfoReadCtx.keyReq)))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_KEY_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_KEY_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
/* set the key to the transform */
ret = xmlSecTransformSetKey(dsigCtx->signMethod, dsigCtx->signKey);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformSetKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformGetName(dsigCtx->signMethod)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformSetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(dsigCtx->signMethod)));
+ return(-1);
}
/* if we are signing document, update <dsig:KeyInfo/> node */
- if((node != NULL) && (dsigCtx->operation == xmlSecTransformOperationSign)) {
- ret = xmlSecKeyInfoNodeWrite(node, dsigCtx->signKey, &(dsigCtx->keyInfoWriteCtx));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyInfoNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
+ if((node != NULL) && (dsigCtx->operation == xmlSecTransformOperationSign)) {
+ ret = xmlSecKeyInfoNodeWrite(node, dsigCtx->signKey, &(dsigCtx->keyInfoWriteCtx));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
return(0);
}
/**
* xmlSecDSigCtxProcessObjectNode:
- *
+ *
* The Object Element (http://www.w3.org/TR/xmldsig-core/#sec-Object)
- *
- * Object is an optional element that may occur one or more times. When
- * present, this element may contain any data. The Object element may include
+ *
+ * Object is an optional element that may occur one or more times. When
+ * present, this element may contain any data. The Object element may include
* optional MIME type, ID, and encoding attributes.
- *
+ *
* Schema Definition:
- *
- * <element name="Object" type="ds:ObjectType"/>
+ *
+ * <element name="Object" type="ds:ObjectType"/>
* <complexType name="ObjectType" mixed="true">
* <sequence minOccurs="0" maxOccurs="unbounded">
* <any namespace="##any" processContents="lax"/>
* </sequence>
- * <attribute name="Id" type="ID" use="optional"/>
+ * <attribute name="Id" type="ID" use="optional"/>
* <attribute name="MimeType" type="string" use="optional"/>
- * <attribute name="Encoding" type="anyURI" use="optional"/>
+ * <attribute name="Encoding" type="anyURI" use="optional"/>
* </complexType>
- *
+ *
* DTD:
- *
+ *
* <!ELEMENT Object (#PCDATA|Signature|SignatureProperties|Manifest %Object.ANY;)* >
- * <!ATTLIST Object Id ID #IMPLIED
- * MimeType CDATA #IMPLIED
+ * <!ATTLIST Object Id ID #IMPLIED
+ * MimeType CDATA #IMPLIED
* Encoding CDATA #IMPLIED >
*/
static int
@@ -937,54 +937,54 @@ xmlSecDSigCtxProcessObjectNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
xmlNodePtr cur;
int ret;
- xmlSecAssert2(dsigCtx != NULL, -1);
+ xmlSecAssert2(dsigCtx != NULL, -1);
xmlSecAssert2(dsigCtx->status == xmlSecDSigStatusUnknown, -1);
xmlSecAssert2(node != NULL, -1);
-
+
/* we care about Manifest nodes only; ignore everything else */
cur = xmlSecGetNextElementNode(node->children);
while(cur != NULL) {
- if(xmlSecCheckNodeName(cur, xmlSecNodeManifest, xmlSecDSigNs)) {
- ret = xmlSecDSigCtxProcessManifestNode(dsigCtx, cur);
- if(ret < 0){
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecDSigCtxProcessManifestNode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
- cur = xmlSecGetNextElementNode(cur->next);
+ if(xmlSecCheckNodeName(cur, xmlSecNodeManifest, xmlSecDSigNs)) {
+ ret = xmlSecDSigCtxProcessManifestNode(dsigCtx, cur);
+ if(ret < 0){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigCtxProcessManifestNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
}
return(0);
}
/**
- * xmlSecDSigCtxProcessManifestNode:
+ * xmlSecDSigCtxProcessManifestNode:
*
* The Manifest Element (http://www.w3.org/TR/xmldsig-core/#sec-Manifest)
*
- * The Manifest element provides a list of References. The difference from
- * the list in SignedInfo is that it is application defined which, if any, of
- * the digests are actually checked against the objects referenced and what to
- * do if the object is inaccessible or the digest compare fails. If a Manifest
- * is pointed to from SignedInfo, the digest over the Manifest itself will be
- * checked by the core result validation behavior. The digests within such
- * a Manifest are checked at the application's discretion. If a Manifest is
- * referenced from another Manifest, even the overall digest of this two level
+ * The Manifest element provides a list of References. The difference from
+ * the list in SignedInfo is that it is application defined which, if any, of
+ * the digests are actually checked against the objects referenced and what to
+ * do if the object is inaccessible or the digest compare fails. If a Manifest
+ * is pointed to from SignedInfo, the digest over the Manifest itself will be
+ * checked by the core result validation behavior. The digests within such
+ * a Manifest are checked at the application's discretion. If a Manifest is
+ * referenced from another Manifest, even the overall digest of this two level
* deep Manifest might not be checked.
- *
+ *
* Schema Definition:
- *
- * <element name="Manifest" type="ds:ManifestType"/>
+ *
+ * <element name="Manifest" type="ds:ManifestType"/>
* <complexType name="ManifestType">
* <sequence>
- * <element ref="ds:Reference" maxOccurs="unbounded"/>
- * </sequence>
- * <attribute name="Id" type="ID" use="optional"/>
+ * <element ref="ds:Reference" maxOccurs="unbounded"/>
+ * </sequence>
+ * <attribute name="Id" type="ID" use="optional"/>
* </complexType>
- *
+ *
* DTD:
*
* <!ELEMENT Manifest (Reference+) >
@@ -996,7 +996,7 @@ xmlSecDSigCtxProcessManifestNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
xmlNodePtr cur;
int ret;
- xmlSecAssert2(dsigCtx != NULL, -1);
+ xmlSecAssert2(dsigCtx != NULL, -1);
xmlSecAssert2(dsigCtx->status == xmlSecDSigStatusUnknown, -1);
xmlSecAssert2(node != NULL, -1);
@@ -1004,92 +1004,92 @@ xmlSecDSigCtxProcessManifestNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
cur = xmlSecGetNextElementNode(node->children);
while((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeReference, xmlSecDSigNs))) {
/* create reference */
- dsigRefCtx = xmlSecDSigReferenceCtxCreate(dsigCtx, xmlSecDSigReferenceOriginManifest);
- if(dsigRefCtx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecDSigReferenceCtxCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* add to the list */
- ret = xmlSecPtrListAdd(&(dsigCtx->manifestReferences), dsigRefCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecDSigReferenceCtxDestroy(dsigRefCtx);
- return(-1);
- }
-
- /* process */
- ret = xmlSecDSigReferenceCtxProcessNode(dsigRefCtx, cur);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecDSigReferenceCtxProcessNode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
-
- /* we don;t care if Reference processing failed because
- * it's Manifest node */
- cur = xmlSecGetNextElementNode(cur->next);
+ dsigRefCtx = xmlSecDSigReferenceCtxCreate(dsigCtx, xmlSecDSigReferenceOriginManifest);
+ if(dsigRefCtx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigReferenceCtxCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* add to the list */
+ ret = xmlSecPtrListAdd(&(dsigCtx->manifestReferences), dsigRefCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecDSigReferenceCtxDestroy(dsigRefCtx);
+ return(-1);
+ }
+
+ /* process */
+ ret = xmlSecDSigReferenceCtxProcessNode(dsigRefCtx, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigReferenceCtxProcessNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+
+ /* we don;t care if Reference processing failed because
+ * it's Manifest node */
+ cur = xmlSecGetNextElementNode(cur->next);
}
/* we should have nothing else here */
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
return(0);
}
/**
* xmlSecDSigCtxDebugDump:
- * @dsigCtx: the pointer to <dsig:Signature/> processing context.
- * @output: the pointer to output FILE.
+ * @dsigCtx: the pointer to <dsig:Signature/> processing context.
+ * @output: the pointer to output FILE.
*
* Prints the debug information about @dsigCtx to @output.
*/
-void
+void
xmlSecDSigCtxDebugDump(xmlSecDSigCtxPtr dsigCtx, FILE* output) {
xmlSecAssert(dsigCtx != NULL);
xmlSecAssert(output != NULL);
- if(dsigCtx->operation == xmlSecTransformOperationSign) {
- fprintf(output, "= SIGNATURE CONTEXT\n");
+ if(dsigCtx->operation == xmlSecTransformOperationSign) {
+ fprintf(output, "= SIGNATURE CONTEXT\n");
} else {
- fprintf(output, "= VERIFICATION CONTEXT\n");
+ fprintf(output, "= VERIFICATION CONTEXT\n");
}
switch(dsigCtx->status) {
- case xmlSecDSigStatusUnknown:
- fprintf(output, "== Status: unknown\n");
- break;
- case xmlSecDSigStatusSucceeded:
- fprintf(output, "== Status: succeeded\n");
- break;
- case xmlSecDSigStatusInvalid:
- fprintf(output, "== Status: invalid\n");
- break;
+ case xmlSecDSigStatusUnknown:
+ fprintf(output, "== Status: unknown\n");
+ break;
+ case xmlSecDSigStatusSucceeded:
+ fprintf(output, "== Status: succeeded\n");
+ break;
+ case xmlSecDSigStatusInvalid:
+ fprintf(output, "== Status: invalid\n");
+ break;
}
fprintf(output, "== flags: 0x%08x\n", dsigCtx->flags);
fprintf(output, "== flags2: 0x%08x\n", dsigCtx->flags2);
if(dsigCtx->id != NULL) {
- fprintf(output, "== Id: \"%s\"\n", dsigCtx->id);
+ fprintf(output, "== Id: \"%s\"\n", dsigCtx->id);
}
-
+
fprintf(output, "== Key Info Read Ctx:\n");
xmlSecKeyInfoCtxDebugDump(&(dsigCtx->keyInfoReadCtx), output);
fprintf(output, "== Key Info Write Ctx:\n");
@@ -1100,68 +1100,68 @@ xmlSecDSigCtxDebugDump(xmlSecDSigCtxPtr dsigCtx, FILE* output) {
if(dsigCtx->signMethod != NULL) {
fprintf(output, "== Signature Method:\n");
- xmlSecTransformDebugDump(dsigCtx->signMethod, output);
+ xmlSecTransformDebugDump(dsigCtx->signMethod, output);
}
if(dsigCtx->signKey != NULL) {
fprintf(output, "== Signature Key:\n");
- xmlSecKeyDebugDump(dsigCtx->signKey, output);
+ xmlSecKeyDebugDump(dsigCtx->signKey, output);
}
-
+
fprintf(output, "== SignedInfo References List:\n");
xmlSecPtrListDebugDump(&(dsigCtx->signedInfoReferences), output);
fprintf(output, "== Manifest References List:\n");
xmlSecPtrListDebugDump(&(dsigCtx->manifestReferences), output);
-
- if((dsigCtx->result != NULL) &&
+
+ if((dsigCtx->result != NULL) &&
(xmlSecBufferGetData(dsigCtx->result) != NULL)) {
- fprintf(output, "== Result - start buffer:\n");
- fwrite(xmlSecBufferGetData(dsigCtx->result),
- xmlSecBufferGetSize(dsigCtx->result),
- 1, output);
- fprintf(output, "\n== Result - end buffer\n");
+ fprintf(output, "== Result - start buffer:\n");
+ fwrite(xmlSecBufferGetData(dsigCtx->result),
+ xmlSecBufferGetSize(dsigCtx->result),
+ 1, output);
+ fprintf(output, "\n== Result - end buffer\n");
}
if(((dsigCtx->flags & XMLSEC_DSIG_FLAGS_STORE_SIGNATURE) != 0) &&
(xmlSecDSigCtxGetPreSignBuffer(dsigCtx) != NULL) &&
(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)) != NULL)) {
-
- fprintf(output, "== PreSigned data - start buffer:\n");
- fwrite(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)),
- xmlSecBufferGetSize(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)),
- 1, output);
- fprintf(output, "\n== PreSigned data - end buffer\n");
+
+ fprintf(output, "== PreSigned data - start buffer:\n");
+ fwrite(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)),
+ xmlSecBufferGetSize(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)),
+ 1, output);
+ fprintf(output, "\n== PreSigned data - end buffer\n");
}
}
/**
* xmlSecDSigCtxDebugXmlDump:
- * @dsigCtx: the pointer to <dsig:Signature/> processing context.
- * @output: the pointer to output FILE.
+ * @dsigCtx: the pointer to <dsig:Signature/> processing context.
+ * @output: the pointer to output FILE.
*
* Prints the debug information about @dsigCtx to @output in XML format.
*/
-void
+void
xmlSecDSigCtxDebugXmlDump(xmlSecDSigCtxPtr dsigCtx, FILE* output) {
xmlSecAssert(dsigCtx != NULL);
xmlSecAssert(output != NULL);
- if(dsigCtx->operation == xmlSecTransformOperationSign) {
- fprintf(output, "<SignatureContext \n");
+ if(dsigCtx->operation == xmlSecTransformOperationSign) {
+ fprintf(output, "<SignatureContext \n");
} else {
- fprintf(output, "<VerificationContext \n");
+ fprintf(output, "<VerificationContext \n");
}
switch(dsigCtx->status) {
- case xmlSecDSigStatusUnknown:
- fprintf(output, "status=\"unknown\" >\n");
- break;
- case xmlSecDSigStatusSucceeded:
- fprintf(output, "status=\"succeeded\" >\n");
- break;
- case xmlSecDSigStatusInvalid:
- fprintf(output, "status=\"invalid\" >\n");
- break;
+ case xmlSecDSigStatusUnknown:
+ fprintf(output, "status=\"unknown\" >\n");
+ break;
+ case xmlSecDSigStatusSucceeded:
+ fprintf(output, "status=\"succeeded\" >\n");
+ break;
+ case xmlSecDSigStatusInvalid:
+ fprintf(output, "status=\"invalid\" >\n");
+ break;
}
fprintf(output, "<Flags>%08x</Flags>\n", dsigCtx->flags);
@@ -1185,13 +1185,13 @@ xmlSecDSigCtxDebugXmlDump(xmlSecDSigCtxPtr dsigCtx, FILE* output) {
if(dsigCtx->signMethod != NULL) {
fprintf(output, "<SignatureMethod>\n");
- xmlSecTransformDebugXmlDump(dsigCtx->signMethod, output);
+ xmlSecTransformDebugXmlDump(dsigCtx->signMethod, output);
fprintf(output, "</SignatureMethod>\n");
}
if(dsigCtx->signKey != NULL) {
fprintf(output, "<SignatureKey>\n");
- xmlSecKeyDebugXmlDump(dsigCtx->signKey, output);
+ xmlSecKeyDebugXmlDump(dsigCtx->signKey, output);
fprintf(output, "</SignatureKey>\n");
}
@@ -1203,30 +1203,30 @@ xmlSecDSigCtxDebugXmlDump(xmlSecDSigCtxPtr dsigCtx, FILE* output) {
xmlSecPtrListDebugXmlDump(&(dsigCtx->manifestReferences), output);
fprintf(output, "</ManifestReferences>\n");
- if((dsigCtx->result != NULL) &&
+ if((dsigCtx->result != NULL) &&
(xmlSecBufferGetData(dsigCtx->result) != NULL)) {
- fprintf(output, "<Result>");
- fwrite(xmlSecBufferGetData(dsigCtx->result),
- xmlSecBufferGetSize(dsigCtx->result),
- 1, output);
- fprintf(output, "</Result>\n");
+ fprintf(output, "<Result>");
+ fwrite(xmlSecBufferGetData(dsigCtx->result),
+ xmlSecBufferGetSize(dsigCtx->result),
+ 1, output);
+ fprintf(output, "</Result>\n");
}
if(((dsigCtx->flags & XMLSEC_DSIG_FLAGS_STORE_SIGNATURE) != 0) &&
(xmlSecDSigCtxGetPreSignBuffer(dsigCtx) != NULL) &&
(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)) != NULL)) {
-
- fprintf(output, "<PreSignedData>");
- fwrite(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)),
- xmlSecBufferGetSize(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)),
- 1, output);
- fprintf(output, "</PreSignedData>\n");
+
+ fprintf(output, "<PreSignedData>");
+ fwrite(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)),
+ xmlSecBufferGetSize(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)),
+ 1, output);
+ fprintf(output, "</PreSignedData>\n");
}
- if(dsigCtx->operation == xmlSecTransformOperationSign) {
- fprintf(output, "</SignatureContext>\n");
+ if(dsigCtx->operation == xmlSecTransformOperationSign) {
+ fprintf(output, "</SignatureContext>\n");
} else {
- fprintf(output, "</VerificationContext>\n");
+ fprintf(output, "</VerificationContext>\n");
}
}
@@ -1237,8 +1237,8 @@ xmlSecDSigCtxDebugXmlDump(xmlSecDSigCtxPtr dsigCtx, FILE* output) {
*************************************************************************/
/**
* xmlSecDSigReferenceCtxCreate:
- * @dsigCtx: the pointer to parent <dsig:Signature/> node processing context.
- * @origin: the reference origin (<dsig:SignedInfo/> or <dsig:Manifest/> node).
+ * @dsigCtx: the pointer to parent <dsig:Signature/> node processing context.
+ * @origin: the reference origin (<dsig:SignedInfo/> or <dsig:Manifest/> node).
*
* Creates new <dsig:Reference/> element processing context. Caller is responsible
* for destroying the returned context by calling #xmlSecDSigReferenceCtxDestroy
@@ -1246,56 +1246,56 @@ xmlSecDSigCtxDebugXmlDump(xmlSecDSigCtxPtr dsigCtx, FILE* output) {
*
* Returns: pointer to newly created context or NULL if an error occurs.
*/
-xmlSecDSigReferenceCtxPtr
+xmlSecDSigReferenceCtxPtr
xmlSecDSigReferenceCtxCreate(xmlSecDSigCtxPtr dsigCtx, xmlSecDSigReferenceOrigin origin) {
xmlSecDSigReferenceCtxPtr dsigRefCtx;
int ret;
-
+
xmlSecAssert2(dsigCtx != NULL, NULL);
-
+
dsigRefCtx = (xmlSecDSigReferenceCtxPtr) xmlMalloc(sizeof(xmlSecDSigReferenceCtx));
if(dsigRefCtx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "sizeof(xmlSecDSigReferenceCtx)=%d",
- sizeof(xmlSecDSigReferenceCtx));
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecDSigReferenceCtx)=%d",
+ sizeof(xmlSecDSigReferenceCtx));
+ return(NULL);
+ }
+
ret = xmlSecDSigReferenceCtxInitialize(dsigRefCtx, dsigCtx, origin);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecDSigReferenceCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecDSigReferenceCtxDestroy(dsigRefCtx);
- return(NULL);
- }
- return(dsigRefCtx);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigReferenceCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecDSigReferenceCtxDestroy(dsigRefCtx);
+ return(NULL);
+ }
+ return(dsigRefCtx);
}
-/**
+/**
* xmlSecDSigReferenceCtxDestroy:
- * @dsigRefCtx: the pointer to <dsig:Reference/> element processing context.
+ * @dsigRefCtx: the pointer to <dsig:Reference/> element processing context.
*
* Destroy context object created with #xmlSecDSigReferenceCtxCreate function.
*/
-void
+void
xmlSecDSigReferenceCtxDestroy(xmlSecDSigReferenceCtxPtr dsigRefCtx) {
xmlSecAssert(dsigRefCtx != NULL);
-
+
xmlSecDSigReferenceCtxFinalize(dsigRefCtx);
xmlFree(dsigRefCtx);
}
/**
* xmlSecDSigReferenceCtxInitialize:
- * @dsigRefCtx: the pointer to <dsig:Reference/> element processing context.
- * @dsigCtx: the pointer to parent <dsig:Signature/> node processing context.
- * @origin: the reference origin (<dsig:SignedInfo/> or <dsig:Manifest/> node).
+ * @dsigRefCtx: the pointer to <dsig:Reference/> element processing context.
+ * @dsigCtx: the pointer to parent <dsig:Signature/> node processing context.
+ * @origin: the reference origin (<dsig:SignedInfo/> or <dsig:Manifest/> node).
*
* Initializes new <dsig:Reference/> element processing context. Caller is responsible
* for cleaning up the returned context by calling #xmlSecDSigReferenceCtxFinalize
@@ -1303,79 +1303,79 @@ xmlSecDSigReferenceCtxDestroy(xmlSecDSigReferenceCtxPtr dsigRefCtx) {
*
* Returns: 0 on succes or aa negative value otherwise.
*/
-int
+int
xmlSecDSigReferenceCtxInitialize(xmlSecDSigReferenceCtxPtr dsigRefCtx, xmlSecDSigCtxPtr dsigCtx,
- xmlSecDSigReferenceOrigin origin) {
+ xmlSecDSigReferenceOrigin origin) {
int ret;
-
+
xmlSecAssert2(dsigCtx != NULL, -1);
xmlSecAssert2(dsigRefCtx != NULL, -1);
-
+
memset(dsigRefCtx, 0, sizeof(xmlSecDSigReferenceCtx));
-
+
dsigRefCtx->dsigCtx = dsigCtx;
dsigRefCtx->origin = origin;
-
+
/* initializes transforms dsigRefCtx */
ret = xmlSecTransformCtxInitialize(&(dsigRefCtx->transformCtx));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
/* copy enabled transforms */
if(dsigCtx->enabledReferenceTransforms != NULL) {
- ret = xmlSecPtrListCopy(&(dsigRefCtx->transformCtx.enabledTransforms),
- dsigCtx->enabledReferenceTransforms);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListCopy",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
+ ret = xmlSecPtrListCopy(&(dsigRefCtx->transformCtx.enabledTransforms),
+ dsigCtx->enabledReferenceTransforms);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
dsigRefCtx->transformCtx.preExecCallback = dsigCtx->referencePreExecuteCallback;
dsigRefCtx->transformCtx.enabledUris = dsigCtx->enabledReferenceUris;
if((dsigCtx->flags & XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK) != 0) {
- dsigRefCtx->transformCtx.flags |= XMLSEC_TRANSFORMCTX_FLAGS_USE_VISA3D_HACK;
+ dsigRefCtx->transformCtx.flags |= XMLSEC_TRANSFORMCTX_FLAGS_USE_VISA3D_HACK;
}
return(0);
}
-/**
+/**
* xmlSecDSigReferenceCtxFinalize:
- * @dsigRefCtx: the pointer to <dsig:Reference/> element processing context.
+ * @dsigRefCtx: the pointer to <dsig:Reference/> element processing context.
*
* Cleans up context object created with #xmlSecDSigReferenceCtxInitialize function.
*/
-void
+void
xmlSecDSigReferenceCtxFinalize(xmlSecDSigReferenceCtxPtr dsigRefCtx) {
xmlSecAssert(dsigRefCtx != NULL);
xmlSecTransformCtxFinalize(&(dsigRefCtx->transformCtx));
if(dsigRefCtx->id != NULL) {
- xmlFree(dsigRefCtx->id);
- }
+ xmlFree(dsigRefCtx->id);
+ }
if(dsigRefCtx->uri != NULL) {
- xmlFree(dsigRefCtx->uri);
- }
+ xmlFree(dsigRefCtx->uri);
+ }
if(dsigRefCtx->type != NULL) {
- xmlFree(dsigRefCtx->type);
- }
+ xmlFree(dsigRefCtx->type);
+ }
memset(dsigRefCtx, 0, sizeof(xmlSecDSigReferenceCtx));
}
/**
* xmlSecDSigReferenceCtxGetPreDigestBuffer:
- * @dsigRefCtx: the pointer to <dsig:Reference/> element processing context.
- *
+ * @dsigRefCtx: the pointer to <dsig:Reference/> element processing context.
+ *
* Gets the results of <dsig:Reference/> node processing just before digesting
* (valid only if #XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES or
* #XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES flas of signature context
@@ -1383,41 +1383,41 @@ xmlSecDSigReferenceCtxFinalize(xmlSecDSigReferenceCtxPtr dsigRefCtx) {
*
* Returns: pointer to the buffer or NULL if an error occurs.
*/
-xmlSecBufferPtr
+xmlSecBufferPtr
xmlSecDSigReferenceCtxGetPreDigestBuffer(xmlSecDSigReferenceCtxPtr dsigRefCtx) {
xmlSecAssert2(dsigRefCtx != NULL, NULL);
-
- return((dsigRefCtx->preDigestMemBufMethod != NULL) ?
- xmlSecTransformMemBufGetBuffer(dsigRefCtx->preDigestMemBufMethod) : NULL);
+
+ return((dsigRefCtx->preDigestMemBufMethod != NULL) ?
+ xmlSecTransformMemBufGetBuffer(dsigRefCtx->preDigestMemBufMethod) : NULL);
}
/**
* xmlSecDSigReferenceCtxProcessNode:
- * @dsigRefCtx: the pointer to <dsig:Reference/> element processing context.
- * @node: the pointer to <dsig:Reference/> node.
+ * @dsigRefCtx: the pointer to <dsig:Reference/> element processing context.
+ * @node: the pointer to <dsig:Reference/> node.
* The Reference Element (http://www.w3.org/TR/xmldsig-core/#sec-Reference)
- *
- * Reference is an element that may occur one or more times. It specifies
- * a digest algorithm and digest value, and optionally an identifier of the
- * object being signed, the type of the object, and/or a list of transforms
- * to be applied prior to digesting. The identification (URI) and transforms
- * describe how the digested content (i.e., the input to the digest method)
- * was created. The Type attribute facilitates the processing of referenced
- * data. For example, while this specification makes no requirements over
- * external data, an application may wish to signal that the referent is a
- * Manifest. An optional ID attribute permits a Reference to be referenced
+ *
+ * Reference is an element that may occur one or more times. It specifies
+ * a digest algorithm and digest value, and optionally an identifier of the
+ * object being signed, the type of the object, and/or a list of transforms
+ * to be applied prior to digesting. The identification (URI) and transforms
+ * describe how the digested content (i.e., the input to the digest method)
+ * was created. The Type attribute facilitates the processing of referenced
+ * data. For example, while this specification makes no requirements over
+ * external data, an application may wish to signal that the referent is a
+ * Manifest. An optional ID attribute permits a Reference to be referenced
* from elsewhere.
*
* Returns: 0 on succes or aa negative value otherwise.
*/
-int
+int
xmlSecDSigReferenceCtxProcessNode(xmlSecDSigReferenceCtxPtr dsigRefCtx, xmlNodePtr node) {
xmlSecTransformCtxPtr transformCtx;
xmlNodePtr digestValueNode;
xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(dsigRefCtx != NULL, -1);
xmlSecAssert2(dsigRefCtx->dsigCtx != NULL, -1);
xmlSecAssert2(dsigRefCtx->digestMethod == NULL, -1);
@@ -1436,183 +1436,183 @@ xmlSecDSigReferenceCtxProcessNode(xmlSecDSigReferenceCtxPtr dsigRefCtx, xmlNodeP
/* set start URI (and check that it is enabled!) */
ret = xmlSecTransformCtxSetUri(transformCtx, dsigRefCtx->uri, node);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxSetUri",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "uri=%s",
- xmlSecErrorsSafeString(dsigRefCtx->uri));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxSetUri",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s",
+ xmlSecErrorsSafeString(dsigRefCtx->uri));
+ return(-1);
}
/* first is optional Transforms node */
cur = xmlSecGetNextElementNode(node->children);
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeTransforms, xmlSecDSigNs))) {
- ret = xmlSecTransformCtxNodesListRead(transformCtx,
- cur, xmlSecTransformUsageDSigTransform);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxNodesListRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
-
- cur = xmlSecGetNextElementNode(cur->next);
+ ret = xmlSecTransformCtxNodesListRead(transformCtx,
+ cur, xmlSecTransformUsageDSigTransform);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxNodesListRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(cur->next);
}
/* insert membuf if requested */
if(((dsigRefCtx->origin == xmlSecDSigReferenceOriginSignedInfo) &&
- ((dsigRefCtx->dsigCtx->flags & XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES) != 0)) ||
+ ((dsigRefCtx->dsigCtx->flags & XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES) != 0)) ||
((dsigRefCtx->origin == xmlSecDSigReferenceOriginManifest) &&
- ((dsigRefCtx->dsigCtx->flags & XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES) != 0))) {
-
- xmlSecAssert2(dsigRefCtx->preDigestMemBufMethod == NULL, -1);
- dsigRefCtx->preDigestMemBufMethod = xmlSecTransformCtxCreateAndAppend(
- transformCtx,
- xmlSecTransformMemBufId);
- if(dsigRefCtx->preDigestMemBufMethod == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxCreateAndAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformMemBufId)));
- return(-1);
- }
- }
-
+ ((dsigRefCtx->dsigCtx->flags & XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES) != 0))) {
+
+ xmlSecAssert2(dsigRefCtx->preDigestMemBufMethod == NULL, -1);
+ dsigRefCtx->preDigestMemBufMethod = xmlSecTransformCtxCreateAndAppend(
+ transformCtx,
+ xmlSecTransformMemBufId);
+ if(dsigRefCtx->preDigestMemBufMethod == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformMemBufId)));
+ return(-1);
+ }
+ }
+
/* next node is required DigestMethod. */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs))) {
- dsigRefCtx->digestMethod = xmlSecTransformCtxNodeRead(&(dsigRefCtx->transformCtx),
- cur, xmlSecTransformUsageDigestMethod);
- if(dsigRefCtx->digestMethod == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
-
- cur = xmlSecGetNextElementNode(cur->next);
+ dsigRefCtx->digestMethod = xmlSecTransformCtxNodeRead(&(dsigRefCtx->transformCtx),
+ cur, xmlSecTransformUsageDigestMethod);
+ if(dsigRefCtx->digestMethod == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(cur->next);
} else if(dsigRefCtx->dsigCtx->defSignMethodId != xmlSecTransformIdUnknown) {
- /* the dsig spec does require DigestMethod node
- * to be present but in some case it application might decide to
- * minimize traffic */
- dsigRefCtx->digestMethod = xmlSecTransformCtxCreateAndAppend(&(dsigRefCtx->transformCtx),
- dsigRefCtx->dsigCtx->defSignMethodId);
- if(dsigRefCtx->digestMethod == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ /* the dsig spec does require DigestMethod node
+ * to be present but in some case it application might decide to
+ * minimize traffic */
+ dsigRefCtx->digestMethod = xmlSecTransformCtxCreateAndAppend(&(dsigRefCtx->transformCtx),
+ dsigRefCtx->dsigCtx->defSignMethodId);
+ if(dsigRefCtx->digestMethod == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "expected=%s",
- xmlSecErrorsSafeString(xmlSecNodeDigestMethod));
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDigestMethod));
+ return(-1);
+ }
dsigRefCtx->digestMethod->operation = dsigRefCtx->dsigCtx->operation;
/* last node is required DigestValue */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDigestValue, xmlSecDSigNs))) {
- digestValueNode = cur;
- cur = xmlSecGetNextElementNode(cur->next);
+ digestValueNode = cur;
+ cur = xmlSecGetNextElementNode(cur->next);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeDigestValue));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDigestValue));
+ return(-1);
}
/* if we have something else then it's an error */
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* if we need to write result to xml node then we need base64 encode result */
- if(dsigRefCtx->dsigCtx->operation == xmlSecTransformOperationSign) {
- xmlSecTransformPtr base64Encode;
-
- /* we need to add base64 encode transform */
- base64Encode = xmlSecTransformCtxCreateAndAppend(transformCtx, xmlSecTransformBase64Id);
- if(base64Encode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxCreateAndAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- base64Encode->operation = xmlSecTransformOperationEncode;
+ if(dsigRefCtx->dsigCtx->operation == xmlSecTransformOperationSign) {
+ xmlSecTransformPtr base64Encode;
+
+ /* we need to add base64 encode transform */
+ base64Encode = xmlSecTransformCtxCreateAndAppend(transformCtx, xmlSecTransformBase64Id);
+ if(base64Encode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ base64Encode->operation = xmlSecTransformOperationEncode;
}
/* finally get transforms results */
ret = xmlSecTransformCtxExecute(transformCtx, node->doc);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxExecute",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
dsigRefCtx->result = transformCtx->result;
- if(dsigRefCtx->dsigCtx->operation == xmlSecTransformOperationSign) {
- if((dsigRefCtx->result == NULL) || (xmlSecBufferGetData(dsigRefCtx->result) == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxExecute",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* write signed data to xml */
- xmlNodeSetContentLen(digestValueNode,
- xmlSecBufferGetData(dsigRefCtx->result),
- xmlSecBufferGetSize(dsigRefCtx->result));
-
- /* set success status and we are done */
- dsigRefCtx->status = xmlSecDSigStatusSucceeded;
+ if(dsigRefCtx->dsigCtx->operation == xmlSecTransformOperationSign) {
+ if((dsigRefCtx->result == NULL) || (xmlSecBufferGetData(dsigRefCtx->result) == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* write signed data to xml */
+ xmlNodeSetContentLen(digestValueNode,
+ xmlSecBufferGetData(dsigRefCtx->result),
+ xmlSecBufferGetSize(dsigRefCtx->result));
+
+ /* set success status and we are done */
+ dsigRefCtx->status = xmlSecDSigStatusSucceeded;
} else {
- /* verify SignatureValue node content */
- ret = xmlSecTransformVerifyNodeContent(dsigRefCtx->digestMethod,
- digestValueNode, transformCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformVerifyNodeContent",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ /* verify SignatureValue node content */
+ ret = xmlSecTransformVerifyNodeContent(dsigRefCtx->digestMethod,
+ digestValueNode, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformVerifyNodeContent",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
/* set status and we are done */
- if(dsigRefCtx->digestMethod->status == xmlSecTransformStatusOk) {
- dsigRefCtx->status = xmlSecDSigStatusSucceeded;
- } else {
- dsigRefCtx->status = xmlSecDSigStatusInvalid;
- }
+ if(dsigRefCtx->digestMethod->status == xmlSecTransformStatusOk) {
+ dsigRefCtx->status = xmlSecDSigStatusSucceeded;
+ } else {
+ dsigRefCtx->status = xmlSecDSigStatusInvalid;
+ }
}
return(0);
@@ -1620,41 +1620,41 @@ xmlSecDSigReferenceCtxProcessNode(xmlSecDSigReferenceCtxPtr dsigRefCtx, xmlNodeP
/**
* xmlSecDSigReferenceCtxDebugDump:
- * @dsigRefCtx: the pointer to <dsig:Reference/> element processing context.
- * @output: the pointer to output FILE.
+ * @dsigRefCtx: the pointer to <dsig:Reference/> element processing context.
+ * @output: the pointer to output FILE.
*
* Prints debug information about @dsigRefCtx to @output.
*/
-void
+void
xmlSecDSigReferenceCtxDebugDump(xmlSecDSigReferenceCtxPtr dsigRefCtx, FILE* output) {
xmlSecAssert(dsigRefCtx != NULL);
xmlSecAssert(dsigRefCtx->dsigCtx != NULL);
xmlSecAssert(output != NULL);
- if(dsigRefCtx->dsigCtx->operation == xmlSecTransformOperationSign) {
- fprintf(output, "= REFERENCE CALCULATION CONTEXT\n");
+ if(dsigRefCtx->dsigCtx->operation == xmlSecTransformOperationSign) {
+ fprintf(output, "= REFERENCE CALCULATION CONTEXT\n");
} else {
- fprintf(output, "= REFERENCE VERIFICATION CONTEXT\n");
+ fprintf(output, "= REFERENCE VERIFICATION CONTEXT\n");
}
switch(dsigRefCtx->status) {
- case xmlSecDSigStatusUnknown:
- fprintf(output, "== Status: unknown\n");
- break;
- case xmlSecDSigStatusSucceeded:
- fprintf(output, "== Status: succeeded\n");
- break;
- case xmlSecDSigStatusInvalid:
- fprintf(output, "== Status: invalid\n");
- break;
+ case xmlSecDSigStatusUnknown:
+ fprintf(output, "== Status: unknown\n");
+ break;
+ case xmlSecDSigStatusSucceeded:
+ fprintf(output, "== Status: succeeded\n");
+ break;
+ case xmlSecDSigStatusInvalid:
+ fprintf(output, "== Status: invalid\n");
+ break;
}
if(dsigRefCtx->id != NULL) {
- fprintf(output, "== Id: \"%s\"\n", dsigRefCtx->id);
+ fprintf(output, "== Id: \"%s\"\n", dsigRefCtx->id);
}
if(dsigRefCtx->uri != NULL) {
- fprintf(output, "== URI: \"%s\"\n", dsigRefCtx->uri);
+ fprintf(output, "== URI: \"%s\"\n", dsigRefCtx->uri);
}
if(dsigRefCtx->type != NULL) {
- fprintf(output, "== Type: \"%s\"\n", dsigRefCtx->type);
+ fprintf(output, "== Type: \"%s\"\n", dsigRefCtx->type);
}
fprintf(output, "== Reference Transform Ctx:\n");
@@ -1662,58 +1662,58 @@ xmlSecDSigReferenceCtxDebugDump(xmlSecDSigReferenceCtxPtr dsigRefCtx, FILE* outp
if(dsigRefCtx->digestMethod != NULL) {
fprintf(output, "== Digest Method:\n");
- xmlSecTransformDebugDump(dsigRefCtx->digestMethod, output);
+ xmlSecTransformDebugDump(dsigRefCtx->digestMethod, output);
}
if((xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx) != NULL) &&
(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)) != NULL)) {
-
- fprintf(output, "== PreDigest data - start buffer:\n");
- fwrite(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)),
- xmlSecBufferGetSize(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)),
- 1, output);
- fprintf(output, "\n== PreDigest data - end buffer\n");
+
+ fprintf(output, "== PreDigest data - start buffer:\n");
+ fwrite(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)),
+ xmlSecBufferGetSize(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)),
+ 1, output);
+ fprintf(output, "\n== PreDigest data - end buffer\n");
}
- if((dsigRefCtx->result != NULL) &&
+ if((dsigRefCtx->result != NULL) &&
(xmlSecBufferGetData(dsigRefCtx->result) != NULL)) {
- fprintf(output, "== Result - start buffer:\n");
- fwrite(xmlSecBufferGetData(dsigRefCtx->result),
- xmlSecBufferGetSize(dsigRefCtx->result), 1,
- output);
- fprintf(output, "\n== Result - end buffer\n");
+ fprintf(output, "== Result - start buffer:\n");
+ fwrite(xmlSecBufferGetData(dsigRefCtx->result),
+ xmlSecBufferGetSize(dsigRefCtx->result), 1,
+ output);
+ fprintf(output, "\n== Result - end buffer\n");
}
}
/**
* xmlSecDSigReferenceCtxDebugXmlDump:
- * @dsigRefCtx: the pointer to <dsig:Reference/> element processing context.
- * @output: the pointer to output FILE.
+ * @dsigRefCtx: the pointer to <dsig:Reference/> element processing context.
+ * @output: the pointer to output FILE.
*
* Prints debug information about @dsigRefCtx to @output in output format.
*/
-void
+void
xmlSecDSigReferenceCtxDebugXmlDump(xmlSecDSigReferenceCtxPtr dsigRefCtx, FILE* output) {
xmlSecAssert(dsigRefCtx != NULL);
xmlSecAssert(dsigRefCtx->dsigCtx != NULL);
xmlSecAssert(output != NULL);
- if(dsigRefCtx->dsigCtx->operation == xmlSecTransformOperationSign) {
- fprintf(output, "<ReferenceCalculationContext ");
+ if(dsigRefCtx->dsigCtx->operation == xmlSecTransformOperationSign) {
+ fprintf(output, "<ReferenceCalculationContext ");
} else {
- fprintf(output, "<ReferenceVerificationContext ");
+ fprintf(output, "<ReferenceVerificationContext ");
}
switch(dsigRefCtx->status) {
- case xmlSecDSigStatusUnknown:
- fprintf(output, "status=\"unknown\" >\n");
- break;
- case xmlSecDSigStatusSucceeded:
- fprintf(output, "status=\"succeeded\" >\n");
- break;
- case xmlSecDSigStatusInvalid:
- fprintf(output, "status=\"invalid\" >\n");
- break;
+ case xmlSecDSigStatusUnknown:
+ fprintf(output, "status=\"unknown\" >\n");
+ break;
+ case xmlSecDSigStatusSucceeded:
+ fprintf(output, "status=\"succeeded\" >\n");
+ break;
+ case xmlSecDSigStatusInvalid:
+ fprintf(output, "status=\"invalid\" >\n");
+ break;
}
fprintf(output, "<Id>");
@@ -1734,33 +1734,33 @@ xmlSecDSigReferenceCtxDebugXmlDump(xmlSecDSigReferenceCtxPtr dsigRefCtx, FILE* o
if(dsigRefCtx->digestMethod != NULL) {
fprintf(output, "<DigestMethod>\n");
- xmlSecTransformDebugXmlDump(dsigRefCtx->digestMethod, output);
+ xmlSecTransformDebugXmlDump(dsigRefCtx->digestMethod, output);
fprintf(output, "</DigestMethod>\n");
}
- if((dsigRefCtx->result != NULL) &&
+ if((dsigRefCtx->result != NULL) &&
(xmlSecBufferGetData(dsigRefCtx->result) != NULL)) {
- fprintf(output, "<Result>");
- fwrite(xmlSecBufferGetData(dsigRefCtx->result),
- xmlSecBufferGetSize(dsigRefCtx->result), 1,
- output);
- fprintf(output, "</Result>\n");
+ fprintf(output, "<Result>");
+ fwrite(xmlSecBufferGetData(dsigRefCtx->result),
+ xmlSecBufferGetSize(dsigRefCtx->result), 1,
+ output);
+ fprintf(output, "</Result>\n");
}
if((xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx) != NULL) &&
(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)) != NULL)) {
-
- fprintf(output, "<PreDigestData>");
- fwrite(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)),
- xmlSecBufferGetSize(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)),
- 1, output);
- fprintf(output, "</PreDigestData>\n");
- }
- if(dsigRefCtx->dsigCtx->operation == xmlSecTransformOperationSign) {
- fprintf(output, "</ReferenceCalculationContext>\n");
+
+ fprintf(output, "<PreDigestData>");
+ fwrite(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)),
+ xmlSecBufferGetSize(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)),
+ 1, output);
+ fprintf(output, "</PreDigestData>\n");
+ }
+ if(dsigRefCtx->dsigCtx->operation == xmlSecTransformOperationSign) {
+ fprintf(output, "</ReferenceCalculationContext>\n");
} else {
- fprintf(output, "</ReferenceVerificationContext>\n");
+ fprintf(output, "</ReferenceVerificationContext>\n");
}
}
@@ -1772,10 +1772,10 @@ xmlSecDSigReferenceCtxDebugXmlDump(xmlSecDSigReferenceCtxPtr dsigRefCtx, FILE* o
*************************************************************************/
static xmlSecPtrListKlass xmlSecDSigReferenceCtxListKlass = {
BAD_CAST "dsig-reference-list",
- NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
- (xmlSecPtrDestroyItemMethod)xmlSecDSigReferenceCtxDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
- (xmlSecPtrDebugDumpItemMethod)xmlSecDSigReferenceCtxDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
- (xmlSecPtrDebugDumpItemMethod)xmlSecDSigReferenceCtxDebugXmlDump, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+ NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ (xmlSecPtrDestroyItemMethod)xmlSecDSigReferenceCtxDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecDSigReferenceCtxDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecDSigReferenceCtxDebugXmlDump, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
};
/**
@@ -1785,7 +1785,7 @@ static xmlSecPtrListKlass xmlSecDSigReferenceCtxListKlass = {
*
* Returns: <dsig:Reference/> element processing context list klass.
*/
-xmlSecPtrListId
+xmlSecPtrListId
xmlSecDSigReferenceCtxListGetKlass(void) {
return(&xmlSecDSigReferenceCtxListKlass);
}
diff --git a/src/xmlenc.c b/src/xmlenc.c
index cd226a5a..44c98779 100644
--- a/src/xmlenc.c
+++ b/src/xmlenc.c
@@ -1,24 +1,24 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* "XML Encryption" implementation
* http://www.w3.org/TR/xmlenc-core
- *
+ *
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
#ifndef XMLSEC_NO_XMLENC
-
+
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <libxml/tree.h>
-#include <libxml/parser.h>
+#include <libxml/parser.h>
#include <xmlsec/xmlsec.h>
#include <xmlsec/buffer.h>
@@ -30,111 +30,111 @@
#include <xmlsec/xmlenc.h>
#include <xmlsec/errors.h>
-static int xmlSecEncCtxEncDataNodeRead (xmlSecEncCtxPtr encCtx,
- xmlNodePtr node);
-static int xmlSecEncCtxEncDataNodeWrite (xmlSecEncCtxPtr encCtx);
-static int xmlSecEncCtxCipherDataNodeRead (xmlSecEncCtxPtr encCtx,
- xmlNodePtr node);
-static int xmlSecEncCtxCipherReferenceNodeRead (xmlSecEncCtxPtr encCtx,
- xmlNodePtr node);
+static int xmlSecEncCtxEncDataNodeRead (xmlSecEncCtxPtr encCtx,
+ xmlNodePtr node);
+static int xmlSecEncCtxEncDataNodeWrite (xmlSecEncCtxPtr encCtx);
+static int xmlSecEncCtxCipherDataNodeRead (xmlSecEncCtxPtr encCtx,
+ xmlNodePtr node);
+static int xmlSecEncCtxCipherReferenceNodeRead (xmlSecEncCtxPtr encCtx,
+ xmlNodePtr node);
/* The ID attribute in XMLEnc is 'Id' */
-static const xmlChar* xmlSecEncIds[] = { BAD_CAST "Id", NULL };
+static const xmlChar* xmlSecEncIds[] = { BAD_CAST "Id", NULL };
/**
* xmlSecEncCtxCreate:
- * @keysMngr: the pointer to keys manager.
+ * @keysMngr: the pointer to keys manager.
*
* Creates <enc:EncryptedData/> element processing context.
- * The caller is responsible for destroying returend object by calling
+ * The caller is responsible for destroying returned object by calling
* #xmlSecEncCtxDestroy function.
*
* Returns: pointer to newly allocated context object or NULL if an error
* occurs.
*/
-xmlSecEncCtxPtr
+xmlSecEncCtxPtr
xmlSecEncCtxCreate(xmlSecKeysMngrPtr keysMngr) {
xmlSecEncCtxPtr encCtx;
int ret;
-
+
encCtx = (xmlSecEncCtxPtr) xmlMalloc(sizeof(xmlSecEncCtx));
if(encCtx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "sizeof(xmlSecEncCtx)=%d",
- sizeof(xmlSecEncCtx));
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecEncCtx)=%d",
+ sizeof(xmlSecEncCtx));
+ return(NULL);
+ }
+
ret = xmlSecEncCtxInitialize(encCtx, keysMngr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecEncCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecEncCtxDestroy(encCtx);
- return(NULL);
- }
- return(encCtx);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecEncCtxDestroy(encCtx);
+ return(NULL);
+ }
+ return(encCtx);
}
/**
* xmlSecEncCtxDestroy:
- * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
*
* Destroy context object created with #xmlSecEncCtxCreate function.
*/
-void
+void
xmlSecEncCtxDestroy(xmlSecEncCtxPtr encCtx) {
xmlSecAssert(encCtx != NULL);
-
+
xmlSecEncCtxFinalize(encCtx);
xmlFree(encCtx);
}
/**
* xmlSecEncCtxInitialize:
- * @encCtx: the pointer to <enc:EncryptedData/> processing context.
- * @keysMngr: the pointer to keys manager.
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ * @keysMngr: the pointer to keys manager.
*
* Initializes <enc:EncryptedData/> element processing context.
- * The caller is responsible for cleaing up returend object by calling
+ * The caller is responsible for cleaning up returned object by calling
* #xmlSecEncCtxFinalize function.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecEncCtxInitialize(xmlSecEncCtxPtr encCtx, xmlSecKeysMngrPtr keysMngr) {
int ret;
-
+
xmlSecAssert2(encCtx != NULL, -1);
-
+
memset(encCtx, 0, sizeof(xmlSecEncCtx));
/* initialize key info */
ret = xmlSecKeyInfoCtxInitialize(&(encCtx->keyInfoReadCtx), keysMngr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyInfoCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
encCtx->keyInfoReadCtx.mode = xmlSecKeyInfoModeRead;
-
+
ret = xmlSecKeyInfoCtxInitialize(&(encCtx->keyInfoWriteCtx), keysMngr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyInfoCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
encCtx->keyInfoWriteCtx.mode = xmlSecKeyInfoModeWrite;
/* it's not wise to write private key :) */
@@ -143,12 +143,12 @@ xmlSecEncCtxInitialize(xmlSecEncCtxPtr encCtx, xmlSecKeysMngrPtr keysMngr) {
/* initializes transforms encCtx */
ret = xmlSecTransformCtxInitialize(&(encCtx->transformCtx));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
@@ -156,16 +156,16 @@ xmlSecEncCtxInitialize(xmlSecEncCtxPtr encCtx, xmlSecKeysMngrPtr keysMngr) {
/**
* xmlSecEncCtxFinalize:
- * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
*
* Cleans up @encCtx object.
*/
-void
+void
xmlSecEncCtxFinalize(xmlSecEncCtxPtr encCtx) {
xmlSecAssert(encCtx != NULL);
xmlSecEncCtxReset(encCtx);
-
+
xmlSecTransformCtxFinalize(&(encCtx->transformCtx));
xmlSecKeyInfoCtxFinalize(&(encCtx->keyInfoReadCtx));
xmlSecKeyInfoCtxFinalize(&(encCtx->keyInfoWriteCtx));
@@ -175,290 +175,290 @@ xmlSecEncCtxFinalize(xmlSecEncCtxPtr encCtx) {
/**
* xmlSecEncCtxReset:
- * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
*
* Resets @encCtx object, user settings are not touched.
*/
-void
+void
xmlSecEncCtxReset(xmlSecEncCtxPtr encCtx) {
xmlSecAssert(encCtx != NULL);
-
+
xmlSecTransformCtxReset(&(encCtx->transformCtx));
xmlSecKeyInfoCtxReset(&(encCtx->keyInfoReadCtx));
xmlSecKeyInfoCtxReset(&(encCtx->keyInfoWriteCtx));
- encCtx->operation = xmlSecTransformOperationNone;
- encCtx->result = NULL;
+ encCtx->operation = xmlSecTransformOperationNone;
+ encCtx->result = NULL;
encCtx->resultBase64Encoded = 0;
- encCtx->resultReplaced = 0;
- encCtx->encMethod = NULL;
-
- if (encCtx->replacedNodeList != NULL) {
- xmlFreeNodeList(encCtx->replacedNodeList);
- encCtx->replacedNodeList = NULL;
- }
-
+ encCtx->resultReplaced = 0;
+ encCtx->encMethod = NULL;
+
+ if (encCtx->replacedNodeList != NULL) {
+ xmlFreeNodeList(encCtx->replacedNodeList);
+ encCtx->replacedNodeList = NULL;
+ }
+
if(encCtx->encKey != NULL) {
- xmlSecKeyDestroy(encCtx->encKey);
- encCtx->encKey = NULL;
+ xmlSecKeyDestroy(encCtx->encKey);
+ encCtx->encKey = NULL;
}
-
+
if(encCtx->id != NULL) {
- xmlFree(encCtx->id);
- encCtx->id = NULL;
- }
+ xmlFree(encCtx->id);
+ encCtx->id = NULL;
+ }
if(encCtx->type != NULL) {
- xmlFree(encCtx->type);
- encCtx->type = NULL;
+ xmlFree(encCtx->type);
+ encCtx->type = NULL;
}
if(encCtx->mimeType != NULL) {
- xmlFree(encCtx->mimeType);
- encCtx->mimeType = NULL;
+ xmlFree(encCtx->mimeType);
+ encCtx->mimeType = NULL;
}
if(encCtx->encoding != NULL) {
- xmlFree(encCtx->encoding);
- encCtx->encoding = NULL;
- }
+ xmlFree(encCtx->encoding);
+ encCtx->encoding = NULL;
+ }
if(encCtx->recipient != NULL) {
- xmlFree(encCtx->recipient);
- encCtx->recipient = NULL;
+ xmlFree(encCtx->recipient);
+ encCtx->recipient = NULL;
}
if(encCtx->carriedKeyName != NULL) {
- xmlFree(encCtx->carriedKeyName);
- encCtx->carriedKeyName = NULL;
+ xmlFree(encCtx->carriedKeyName);
+ encCtx->carriedKeyName = NULL;
}
-
- encCtx->encDataNode = encCtx->encMethodNode =
- encCtx->keyInfoNode = encCtx->cipherValueNode = NULL;
+
+ encCtx->encDataNode = encCtx->encMethodNode =
+ encCtx->keyInfoNode = encCtx->cipherValueNode = NULL;
}
/**
* xmlSecEncCtxCopyUserPref:
- * @dst: the pointer to destination context.
- * @src: the pointer to source context.
- *
+ * @dst: the pointer to destination context.
+ * @src: the pointer to source context.
+ *
* Copies user preference from @src context to @dst.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecEncCtxCopyUserPref(xmlSecEncCtxPtr dst, xmlSecEncCtxPtr src) {
int ret;
-
+
xmlSecAssert2(dst != NULL, -1);
xmlSecAssert2(src != NULL, -1);
- dst->userData = src->userData;
- dst->flags = src->flags;
- dst->flags2 = src->flags2;
+ dst->userData = src->userData;
+ dst->flags = src->flags;
+ dst->flags2 = src->flags2;
dst->defEncMethodId = src->defEncMethodId;
- dst->mode = src->mode;
-
+ dst->mode = src->mode;
+
ret = xmlSecTransformCtxCopyUserPref(&(dst->transformCtx), &(src->transformCtx));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxCopyUserPref",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ret = xmlSecKeyInfoCtxCopyUserPref(&(dst->keyInfoReadCtx), &(src->keyInfoReadCtx));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyInfoCtxCopyUserPref",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ret = xmlSecKeyInfoCtxCopyUserPref(&(dst->keyInfoWriteCtx), &(src->keyInfoWriteCtx));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyInfoCtxCopyUserPref",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
-}
+}
/**
* xmlSecEncCtxBinaryEncrypt:
- * @encCtx: the pointer to <enc:EncryptedData/> processing context.
- * @tmpl: the pointer to <enc:EncryptedData/> template node.
- * @data: the pointer for binary buffer.
- * @dataSize: the @data buffer size.
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ * @tmpl: the pointer to <enc:EncryptedData/> template node.
+ * @data: the pointer for binary buffer.
+ * @dataSize: the @data buffer size.
*
* Encrypts @data according to template @tmpl.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
-xmlSecEncCtxBinaryEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl,
- const xmlSecByte* data, xmlSecSize dataSize) {
+int
+xmlSecEncCtxBinaryEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl,
+ const xmlSecByte* data, xmlSecSize dataSize) {
int ret;
-
+
xmlSecAssert2(encCtx != NULL, -1);
xmlSecAssert2(encCtx->result == NULL, -1);
xmlSecAssert2(tmpl != NULL, -1);
xmlSecAssert2(data != NULL, -1);
- /* initialize context and add ID atributes to the list of known ids */
+ /* initialize context and add ID atributes to the list of known ids */
encCtx->operation = xmlSecTransformOperationEncrypt;
xmlSecAddIDs(tmpl->doc, tmpl, xmlSecEncIds);
/* read the template and set encryption method, key, etc. */
ret = xmlSecEncCtxEncDataNodeRead(encCtx, tmpl);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecEncCtxEncDataNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxEncDataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ret = xmlSecTransformCtxBinaryExecute(&(encCtx->transformCtx), data, dataSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxBinaryExecute",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "dataSize=%d",
- dataSize);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxBinaryExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "dataSize=%d",
+ dataSize);
+ return(-1);
}
encCtx->result = encCtx->transformCtx.result;
xmlSecAssert2(encCtx->result != NULL, -1);
-
+
ret = xmlSecEncCtxEncDataNodeWrite(encCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecEncCtxEncDataNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxEncDataNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
}
/**
* xmlSecEncCtxXmlEncrypt:
- * @encCtx: the pointer to <enc:EncryptedData/> processing context.
- * @tmpl: the pointer to <enc:EncryptedData/> template node.
- * @node: the pointer to node for encryption.
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ * @tmpl: the pointer to <enc:EncryptedData/> template node.
+ * @node: the pointer to node for encryption.
*
* Encrypts @node according to template @tmpl. If requested, @node is replaced
* with result <enc:EncryptedData/> node.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecEncCtxXmlEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl, xmlNodePtr node) {
xmlOutputBufferPtr output;
int ret;
-
+
xmlSecAssert2(encCtx != NULL, -1);
xmlSecAssert2(encCtx->result == NULL, -1);
xmlSecAssert2(tmpl != NULL, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(node->doc != NULL, -1);
- /* initialize context and add ID atributes to the list of known ids */
+ /* initialize context and add ID atributes to the list of known ids */
encCtx->operation = xmlSecTransformOperationEncrypt;
xmlSecAddIDs(tmpl->doc, tmpl, xmlSecEncIds);
/* read the template and set encryption method, key, etc. */
ret = xmlSecEncCtxEncDataNodeRead(encCtx, tmpl);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecEncCtxEncDataNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxEncDataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ret = xmlSecTransformCtxPrepare(&(encCtx->transformCtx), xmlSecTransformDataTypeBin);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxPrepare",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "type=bin");
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxPrepare",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "type=bin");
+ return(-1);
+ }
+
xmlSecAssert2(encCtx->transformCtx.first != NULL, -1);
- output = xmlSecTransformCreateOutputBuffer(encCtx->transformCtx.first,
- &(encCtx->transformCtx));
+ output = xmlSecTransformCreateOutputBuffer(encCtx->transformCtx.first,
+ &(encCtx->transformCtx));
if(output == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->transformCtx.first)),
- "xmlSecTransformCreateOutputBuffer",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->transformCtx.first)),
+ "xmlSecTransformCreateOutputBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* push data thru */
if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncElement)) {
- /* get the content of the node */
- xmlNodeDumpOutput(output, node->doc, node, 0, 0, NULL);
+ /* get the content of the node */
+ xmlNodeDumpOutput(output, node->doc, node, 0, 0, NULL);
} else if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncContent)) {
- xmlNodePtr cur;
+ xmlNodePtr cur;
- /* get the content of the nodes childs */
- for(cur = node->children; cur != NULL; cur = cur->next) {
- xmlNodeDumpOutput(output, node->doc, cur, 0, 0, NULL);
- }
+ /* get the content of the nodes childs */
+ for(cur = node->children; cur != NULL; cur = cur->next) {
+ xmlNodeDumpOutput(output, node->doc, cur, 0, 0, NULL);
+ }
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_TYPE,
- "type=%s",
- xmlSecErrorsSafeString(encCtx->type));
- xmlOutputBufferClose(output);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TYPE,
+ "type=%s",
+ xmlSecErrorsSafeString(encCtx->type));
+ xmlOutputBufferClose(output);
+ return(-1);
+ }
+
/* close the buffer and flush everything */
ret = xmlOutputBufferClose(output);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlOutputBufferClose",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlOutputBufferClose",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
encCtx->result = encCtx->transformCtx.result;
xmlSecAssert2(encCtx->result != NULL, -1);
-
+
ret = xmlSecEncCtxEncDataNodeWrite(encCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecEncCtxEncDataNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxEncDataNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
/* now we need to update our original document */
if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncElement)) {
/* check if we need to return the replaced node */
@@ -477,213 +477,213 @@ xmlSecEncCtxXmlEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl, xmlNodePtr node)
ret = xmlSecReplaceNode(node, tmpl);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecReplaceNode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ NULL,
+ "xmlSecReplaceNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
return(-1);
}
}
- encCtx->resultReplaced = 1;
+ encCtx->resultReplaced = 1;
} else if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncContent)) {
/* check if we need to return the replaced node */
- if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) {
+ if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) {
ret = xmlSecReplaceContentAndReturn(node, tmpl, &(encCtx->replacedNodeList));
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecReplaceContentAndReturn",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ NULL,
+ "xmlSecReplaceContentAndReturn",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
return(-1);
}
} else {
ret = xmlSecReplaceContent(node, tmpl);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecReplaceContent",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ NULL,
+ "xmlSecReplaceContent",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
return(-1);
}
}
- encCtx->resultReplaced = 1;
+ encCtx->resultReplaced = 1;
} else {
- /* we should've catached this error before */
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_TYPE,
- "type=%s",
- xmlSecErrorsSafeString(encCtx->type));
- return(-1);
- }
- return(0);
+ /* we should've catached this error before */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TYPE,
+ "type=%s",
+ xmlSecErrorsSafeString(encCtx->type));
+ return(-1);
+ }
+ return(0);
}
/**
* xmlSecEncCtxUriEncrypt:
- * @encCtx: the pointer to <enc:EncryptedData/> processing context.
- * @tmpl: the pointer to <enc:EncryptedData/> template node.
- * @uri: the URI.
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ * @tmpl: the pointer to <enc:EncryptedData/> template node.
+ * @uri: the URI.
*
* Encrypts data from @uri according to template @tmpl.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecEncCtxUriEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl, const xmlChar *uri) {
int ret;
-
+
xmlSecAssert2(encCtx != NULL, -1);
xmlSecAssert2(encCtx->result == NULL, -1);
xmlSecAssert2(tmpl != NULL, -1);
xmlSecAssert2(uri != NULL, -1);
- /* initialize context and add ID atributes to the list of known ids */
+ /* initialize context and add ID atributes to the list of known ids */
encCtx->operation = xmlSecTransformOperationEncrypt;
xmlSecAddIDs(tmpl->doc, tmpl, xmlSecEncIds);
/* we need to add input uri transform first */
ret = xmlSecTransformCtxSetUri(&(encCtx->transformCtx), uri, tmpl);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxSetUri",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "uri=%s",
- xmlSecErrorsSafeString(uri));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxSetUri",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s",
+ xmlSecErrorsSafeString(uri));
+ return(-1);
}
/* read the template and set encryption method, key, etc. */
ret = xmlSecEncCtxEncDataNodeRead(encCtx, tmpl);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecEncCtxEncDataNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxEncDataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* encrypt the data */
ret = xmlSecTransformCtxExecute(&(encCtx->transformCtx), tmpl->doc);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxExecute",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
encCtx->result = encCtx->transformCtx.result;
xmlSecAssert2(encCtx->result != NULL, -1);
-
+
ret = xmlSecEncCtxEncDataNodeWrite(encCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecEncCtxEncDataNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxEncDataNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
return(0);
}
/**
* xmlSecEncCtxDecrypt:
- * @encCtx: the pointer to <enc:EncryptedData/> processing context.
- * @node: the pointer to <enc:EncryptedData/> node.
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ * @node: the pointer to <enc:EncryptedData/> node.
*
* Decrypts @node and if necessary replaces @node with decrypted data.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecEncCtxDecrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
xmlSecBufferPtr buffer;
int ret;
-
+
xmlSecAssert2(encCtx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
-
+
/* decrypt */
buffer = xmlSecEncCtxDecryptToBuffer(encCtx, node);
if(buffer == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecEncCtxDecryptToBuffer",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxDecryptToBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
/* replace original node if requested */
if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncElement)) {
/* check if we need to return the replaced node */
if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) {
- ret = xmlSecReplaceNodeBufferAndReturn(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), &(encCtx->replacedNodeList));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecReplaceNodeBufferAndReturn",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
- return(-1);
- }
+ ret = xmlSecReplaceNodeBufferAndReturn(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), &(encCtx->replacedNodeList));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecReplaceNodeBufferAndReturn",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ return(-1);
+ }
} else {
- ret = xmlSecReplaceNodeBuffer(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecReplaceNodeBuffer",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
- return(-1);
- }
+ ret = xmlSecReplaceNodeBuffer(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecReplaceNodeBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ return(-1);
+ }
}
- encCtx->resultReplaced = 1;
+ encCtx->resultReplaced = 1;
} else if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncContent)) {
/* replace the node with the buffer */
/* check if we need to return the replaced node */
if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) {
- ret = xmlSecReplaceNodeBufferAndReturn(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), &(encCtx->replacedNodeList));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecReplaceNodeBufferAndReturn",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
- return(-1);
- }
+ ret = xmlSecReplaceNodeBufferAndReturn(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), &(encCtx->replacedNodeList));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecReplaceNodeBufferAndReturn",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ return(-1);
+ }
} else {
ret = xmlSecReplaceNodeBuffer(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecReplaceNodeBuffer",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
- return(-1);
- }
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecReplaceNodeBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ return(-1);
+ }
}
- encCtx->resultReplaced = 1;
+ encCtx->resultReplaced = 1;
}
return(0);
@@ -691,9 +691,9 @@ xmlSecEncCtxDecrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
/**
* xmlSecEncCtxDecryptToBuffer:
- * @encCtx: the pointer to <enc:EncryptedData/> processing context.
- * @node: the pointer to <enc:EncryptedData/> node.
- *
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ * @node: the pointer to <enc:EncryptedData/> node.
+ *
* Decrypts @node data to the @encCtx buffer.
*
* Returns: 0 on success or a negative value if an error occurs.
@@ -701,23 +701,23 @@ xmlSecEncCtxDecrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
xmlSecBufferPtr
xmlSecEncCtxDecryptToBuffer(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
int ret;
-
+
xmlSecAssert2(encCtx != NULL, NULL);
xmlSecAssert2(encCtx->result == NULL, NULL);
xmlSecAssert2(node != NULL, NULL);
- /* initialize context and add ID atributes to the list of known ids */
+ /* initialize context and add ID atributes to the list of known ids */
encCtx->operation = xmlSecTransformOperationDecrypt;
xmlSecAddIDs(node->doc, node, xmlSecEncIds);
ret = xmlSecEncCtxEncDataNodeRead(encCtx, node);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecEncCtxEncDataNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxEncDataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
/* decrypt the data */
@@ -725,84 +725,84 @@ xmlSecEncCtxDecryptToBuffer(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
xmlChar* data = NULL;
xmlSecSize dataSize = 0;
- data = xmlNodeGetContent(encCtx->cipherValueNode);
- if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->cipherValueNode)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
- dataSize = xmlStrlen(data);
+ data = xmlNodeGetContent(encCtx->cipherValueNode);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->cipherValueNode)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ dataSize = xmlStrlen(data);
ret = xmlSecTransformCtxBinaryExecute(&(encCtx->transformCtx), data, dataSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxBinaryExecute",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- if(data != NULL) {
- xmlFree(data);
- }
- return(NULL);
- }
- if(data != NULL) {
- xmlFree(data);
- }
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxBinaryExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ if(data != NULL) {
+ xmlFree(data);
+ }
+ return(NULL);
+ }
+ if(data != NULL) {
+ xmlFree(data);
+ }
} else {
ret = xmlSecTransformCtxExecute(&(encCtx->transformCtx), node->doc);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxBinaryExecute",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
- }
-
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxBinaryExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ }
+
encCtx->result = encCtx->transformCtx.result;
xmlSecAssert2(encCtx->result != NULL, NULL);
-
+
return(encCtx->result);
}
-static int
+static int
xmlSecEncCtxEncDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(encCtx != NULL, -1);
xmlSecAssert2((encCtx->operation == xmlSecTransformOperationEncrypt) || (encCtx->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(node != NULL, -1);
switch(encCtx->mode) {
- case xmlEncCtxModeEncryptedData:
- if(!xmlSecCheckNodeName(node, xmlSecNodeEncryptedData, xmlSecEncNs)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "expected=%s",
- xmlSecErrorsSafeString(xmlSecNodeEncryptedData));
- return(-1);
- }
- break;
- case xmlEncCtxModeEncryptedKey:
- if(!xmlSecCheckNodeName(node, xmlSecNodeEncryptedKey, xmlSecEncNs)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "expected=%s",
- xmlSecErrorsSafeString(xmlSecNodeEncryptedKey));
- return(-1);
- }
- break;
- }
-
+ case xmlEncCtxModeEncryptedData:
+ if(!xmlSecCheckNodeName(node, xmlSecNodeEncryptedData, xmlSecEncNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected=%s",
+ xmlSecErrorsSafeString(xmlSecNodeEncryptedData));
+ return(-1);
+ }
+ break;
+ case xmlEncCtxModeEncryptedKey:
+ if(!xmlSecCheckNodeName(node, xmlSecNodeEncryptedKey, xmlSecEncNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected=%s",
+ xmlSecErrorsSafeString(xmlSecNodeEncryptedKey));
+ return(-1);
+ }
+ break;
+ }
+
/* first read node data */
xmlSecAssert2(encCtx->id == NULL, -1);
xmlSecAssert2(encCtx->type == NULL, -1);
@@ -810,390 +810,390 @@ xmlSecEncCtxEncDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
xmlSecAssert2(encCtx->encoding == NULL, -1);
xmlSecAssert2(encCtx->recipient == NULL, -1);
xmlSecAssert2(encCtx->carriedKeyName == NULL, -1);
-
+
encCtx->id = xmlGetProp(node, xmlSecAttrId);
encCtx->type = xmlGetProp(node, xmlSecAttrType);
encCtx->mimeType = xmlGetProp(node, xmlSecAttrMimeType);
- encCtx->encoding = xmlGetProp(node, xmlSecAttrEncoding);
+ encCtx->encoding = xmlGetProp(node, xmlSecAttrEncoding);
if(encCtx->mode == xmlEncCtxModeEncryptedKey) {
- encCtx->recipient = xmlGetProp(node, xmlSecAttrRecipient);
- /* todo: check recipient? */
+ encCtx->recipient = xmlGetProp(node, xmlSecAttrRecipient);
+ /* todo: check recipient? */
}
cur = xmlSecGetNextElementNode(node->children);
-
+
/* first node is optional EncryptionMethod, we'll read it later */
xmlSecAssert2(encCtx->encMethodNode == NULL, -1);
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeEncryptionMethod, xmlSecEncNs))) {
- encCtx->encMethodNode = cur;
+ encCtx->encMethodNode = cur;
cur = xmlSecGetNextElementNode(cur->next);
}
/* next node is optional KeyInfo, we'll process it later */
xmlSecAssert2(encCtx->keyInfoNode == NULL, -1);
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs))) {
- encCtx->keyInfoNode = cur;
- cur = xmlSecGetNextElementNode(cur->next);
- }
+ encCtx->keyInfoNode = cur;
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
/* next is required CipherData node */
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeCipherData, xmlSecEncNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeCipherData));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeCipherData));
+ return(-1);
+ }
+
ret = xmlSecEncCtxCipherDataNodeRead(encCtx, cur);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecEncCtxCipherDataNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ NULL,
+ "xmlSecEncCtxCipherDataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
/* next is optional EncryptionProperties node (we simply ignore it) */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeEncryptionProperties, xmlSecEncNs))) {
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
}
/* there are more possible nodes for the <EncryptedKey> node */
if(encCtx->mode == xmlEncCtxModeEncryptedKey) {
- /* next is optional ReferenceList node (we simply ignore it) */
+ /* next is optional ReferenceList node (we simply ignore it) */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeReferenceList, xmlSecEncNs))) {
- cur = xmlSecGetNextElementNode(cur->next);
- }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
/* next is optional CarriedKeyName node (we simply ignore it) */
- if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCarriedKeyName, xmlSecEncNs))) {
- encCtx->carriedKeyName = xmlNodeGetContent(cur);
- if(encCtx->carriedKeyName == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeCipherData));
- return(-1);
- }
- /* TODO: decode the name? */
- cur = xmlSecGetNextElementNode(cur->next);
- }
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCarriedKeyName, xmlSecEncNs))) {
+ encCtx->carriedKeyName = xmlNodeGetContent(cur);
+ if(encCtx->carriedKeyName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeCipherData));
+ return(-1);
+ }
+ /* TODO: decode the name? */
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
}
/* if there is something left than it's an error */
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* now read the encryption method node */
xmlSecAssert2(encCtx->encMethod == NULL, -1);
if(encCtx->encMethodNode != NULL) {
- encCtx->encMethod = xmlSecTransformCtxNodeRead(&(encCtx->transformCtx), encCtx->encMethodNode,
- xmlSecTransformUsageEncryptionMethod);
- if(encCtx->encMethod == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->encMethodNode)));
- return(-1);
- }
+ encCtx->encMethod = xmlSecTransformCtxNodeRead(&(encCtx->transformCtx), encCtx->encMethodNode,
+ xmlSecTransformUsageEncryptionMethod);
+ if(encCtx->encMethod == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->encMethodNode)));
+ return(-1);
+ }
} else if(encCtx->defEncMethodId != xmlSecTransformIdUnknown) {
- encCtx->encMethod = xmlSecTransformCtxCreateAndAppend(&(encCtx->transformCtx),
- encCtx->defEncMethodId);
- if(encCtx->encMethod == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ encCtx->encMethod = xmlSecTransformCtxCreateAndAppend(&(encCtx->transformCtx),
+ encCtx->defEncMethodId);
+ if(encCtx->encMethod == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "encryption method not specified");
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "encryption method not specified");
+ return(-1);
}
encCtx->encMethod->operation = encCtx->operation;
-
+
/* we have encryption method, find key */
ret = xmlSecTransformSetKeyReq(encCtx->encMethod, &(encCtx->keyInfoReadCtx.keyReq));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformSetKeyReq",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->encMethod)));
- return(-1);
- }
-
- /* TODO: KeyInfo node != NULL and encKey != NULL */
- if((encCtx->encKey == NULL) && (encCtx->keyInfoReadCtx.keysMngr != NULL)
- && (encCtx->keyInfoReadCtx.keysMngr->getKey != NULL)) {
- encCtx->encKey = (encCtx->keyInfoReadCtx.keysMngr->getKey)(encCtx->keyInfoNode,
- &(encCtx->keyInfoReadCtx));
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformSetKeyReq",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->encMethod)));
+ return(-1);
+ }
+
+ /* TODO: KeyInfo node != NULL and encKey != NULL */
+ if((encCtx->encKey == NULL) && (encCtx->keyInfoReadCtx.keysMngr != NULL)
+ && (encCtx->keyInfoReadCtx.keysMngr->getKey != NULL)) {
+ encCtx->encKey = (encCtx->keyInfoReadCtx.keysMngr->getKey)(encCtx->keyInfoNode,
+ &(encCtx->keyInfoReadCtx));
+ }
+
/* check that we have exactly what we want */
- if((encCtx->encKey == NULL) ||
+ if((encCtx->encKey == NULL) ||
(!xmlSecKeyMatch(encCtx->encKey, NULL, &(encCtx->keyInfoReadCtx.keyReq)))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_KEY_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_KEY_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
/* set the key to the transform */
ret = xmlSecTransformSetKey(encCtx->encMethod, encCtx->encKey);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformSetKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "transform=%s",
- xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->encMethod)));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformSetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->encMethod)));
+ return(-1);
}
/* if we need to write result to xml node then we need base64 encode it */
- if((encCtx->operation == xmlSecTransformOperationEncrypt) && (encCtx->cipherValueNode != NULL)) {
- xmlSecTransformPtr base64Encode;
-
- /* we need to add base64 encode transform */
- base64Encode = xmlSecTransformCtxCreateAndAppend(&(encCtx->transformCtx), xmlSecTransformBase64Id);
- if(base64Encode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxCreateAndAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- base64Encode->operation = xmlSecTransformOperationEncode;
- encCtx->resultBase64Encoded = 1;
- }
-
+ if((encCtx->operation == xmlSecTransformOperationEncrypt) && (encCtx->cipherValueNode != NULL)) {
+ xmlSecTransformPtr base64Encode;
+
+ /* we need to add base64 encode transform */
+ base64Encode = xmlSecTransformCtxCreateAndAppend(&(encCtx->transformCtx), xmlSecTransformBase64Id);
+ if(base64Encode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ base64Encode->operation = xmlSecTransformOperationEncode;
+ encCtx->resultBase64Encoded = 1;
+ }
+
return(0);
}
-static int
+static int
xmlSecEncCtxEncDataNodeWrite(xmlSecEncCtxPtr encCtx) {
int ret;
-
+
xmlSecAssert2(encCtx != NULL, -1);
xmlSecAssert2(encCtx->result != NULL, -1);
xmlSecAssert2(encCtx->encKey != NULL, -1);
-
+
/* write encrypted data to xml (if requested) */
- if(encCtx->cipherValueNode != NULL) {
- xmlSecAssert2(xmlSecBufferGetData(encCtx->result) != NULL, -1);
+ if(encCtx->cipherValueNode != NULL) {
+ xmlSecAssert2(xmlSecBufferGetData(encCtx->result) != NULL, -1);
- xmlNodeSetContentLen(encCtx->cipherValueNode,
- xmlSecBufferGetData(encCtx->result),
- xmlSecBufferGetSize(encCtx->result));
- encCtx->resultReplaced = 1;
+ xmlNodeSetContentLen(encCtx->cipherValueNode,
+ xmlSecBufferGetData(encCtx->result),
+ xmlSecBufferGetSize(encCtx->result));
+ encCtx->resultReplaced = 1;
}
/* update <enc:KeyInfo/> node */
if(encCtx->keyInfoNode != NULL) {
- ret = xmlSecKeyInfoNodeWrite(encCtx->keyInfoNode, encCtx->encKey, &(encCtx->keyInfoWriteCtx));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyInfoNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
+ ret = xmlSecKeyInfoNodeWrite(encCtx->keyInfoNode, encCtx->encKey, &(encCtx->keyInfoWriteCtx));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
return(0);
}
-static int
+static int
xmlSecEncCtxCipherDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
xmlNodePtr cur;
int ret;
-
+
xmlSecAssert2(encCtx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
-
+
cur = xmlSecGetNextElementNode(node->children);
-
+
/* we either have CipherValue or CipherReference node */
xmlSecAssert2(encCtx->cipherValueNode == NULL, -1);
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCipherValue, xmlSecEncNs))) {
/* don't need data from CipherData node when we are encrypting */
- if(encCtx->operation == xmlSecTransformOperationDecrypt) {
- xmlSecTransformPtr base64Decode;
-
- /* we need to add base64 decode transform */
- base64Decode = xmlSecTransformCtxCreateAndPrepend(&(encCtx->transformCtx), xmlSecTransformBase64Id);
- if(base64Decode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxCreateAndPrepend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
- encCtx->cipherValueNode = cur;
+ if(encCtx->operation == xmlSecTransformOperationDecrypt) {
+ xmlSecTransformPtr base64Decode;
+
+ /* we need to add base64 decode transform */
+ base64Decode = xmlSecTransformCtxCreateAndPrepend(&(encCtx->transformCtx), xmlSecTransformBase64Id);
+ if(base64Decode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndPrepend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ encCtx->cipherValueNode = cur;
cur = xmlSecGetNextElementNode(cur->next);
} else if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCipherReference, xmlSecEncNs))) {
/* don't need data from CipherReference node when we are encrypting */
- if(encCtx->operation == xmlSecTransformOperationDecrypt) {
- ret = xmlSecEncCtxCipherReferenceNodeRead(encCtx, cur);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecEncCtxCipherReferenceNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
- }
+ if(encCtx->operation == xmlSecTransformOperationDecrypt) {
+ ret = xmlSecEncCtxCipherReferenceNodeRead(encCtx, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxCipherReferenceNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ }
cur = xmlSecGetNextElementNode(cur->next);
}
-
+
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
-static int
+static int
xmlSecEncCtxCipherReferenceNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
xmlNodePtr cur;
xmlChar* uri;
int ret;
-
+
xmlSecAssert2(encCtx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
-
+
/* first read the optional uri attr and check that we can process it */
uri = xmlGetProp(node, xmlSecAttrURI);
ret = xmlSecTransformCtxSetUri(&(encCtx->transformCtx), uri, node);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxSetUri",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "uri=%s",
- xmlSecErrorsSafeString(uri));
- xmlFree(uri);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxSetUri",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s",
+ xmlSecErrorsSafeString(uri));
+ xmlFree(uri);
+ return(-1);
+ }
xmlFree(uri);
cur = xmlSecGetNextElementNode(node->children);
-
+
/* the only one node is optional Transforms node */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeTransforms, xmlSecEncNs))) {
- ret = xmlSecTransformCtxNodesListRead(&(encCtx->transformCtx), cur,
- xmlSecTransformUsageDSigTransform);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformCtxNodesListRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->encMethodNode)));
- return(-1);
- }
+ ret = xmlSecTransformCtxNodesListRead(&(encCtx->transformCtx), cur,
+ xmlSecTransformUsageDSigTransform);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxNodesListRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->encMethodNode)));
+ return(-1);
+ }
cur = xmlSecGetNextElementNode(cur->next);
}
-
+
/* if there is something left than it's an error */
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
/**
* xmlSecEncCtxDebugDump:
- * @encCtx: the pointer to <enc:EncryptedData/> processing context.
- * @output: the pointer to output FILE.
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ * @output: the pointer to output FILE.
*
* Prints the debug information about @encCtx to @output.
*/
-void
+void
xmlSecEncCtxDebugDump(xmlSecEncCtxPtr encCtx, FILE* output) {
xmlSecAssert(encCtx != NULL);
xmlSecAssert(output != NULL);
switch(encCtx->mode) {
- case xmlEncCtxModeEncryptedData:
- if(encCtx->operation == xmlSecTransformOperationEncrypt) {
- fprintf(output, "= DATA ENCRYPTION CONTEXT\n");
- } else {
- fprintf(output, "= DATA DECRYPTION CONTEXT\n");
- }
- break;
- case xmlEncCtxModeEncryptedKey:
- if(encCtx->operation == xmlSecTransformOperationEncrypt) {
- fprintf(output, "= KEY ENCRYPTION CONTEXT\n");
- } else {
- fprintf(output, "= KEY DECRYPTION CONTEXT\n");
- }
- break;
+ case xmlEncCtxModeEncryptedData:
+ if(encCtx->operation == xmlSecTransformOperationEncrypt) {
+ fprintf(output, "= DATA ENCRYPTION CONTEXT\n");
+ } else {
+ fprintf(output, "= DATA DECRYPTION CONTEXT\n");
+ }
+ break;
+ case xmlEncCtxModeEncryptedKey:
+ if(encCtx->operation == xmlSecTransformOperationEncrypt) {
+ fprintf(output, "= KEY ENCRYPTION CONTEXT\n");
+ } else {
+ fprintf(output, "= KEY DECRYPTION CONTEXT\n");
+ }
+ break;
}
fprintf(output, "== Status: %s\n",
- (encCtx->resultReplaced) ? "replaced" : "not-replaced" );
+ (encCtx->resultReplaced) ? "replaced" : "not-replaced" );
fprintf(output, "== flags: 0x%08x\n", encCtx->flags);
fprintf(output, "== flags2: 0x%08x\n", encCtx->flags2);
if(encCtx->id != NULL) {
- fprintf(output, "== Id: \"%s\"\n", encCtx->id);
+ fprintf(output, "== Id: \"%s\"\n", encCtx->id);
}
if(encCtx->type != NULL) {
- fprintf(output, "== Type: \"%s\"\n", encCtx->type);
+ fprintf(output, "== Type: \"%s\"\n", encCtx->type);
}
if(encCtx->mimeType != NULL) {
- fprintf(output, "== MimeType: \"%s\"\n", encCtx->mimeType);
+ fprintf(output, "== MimeType: \"%s\"\n", encCtx->mimeType);
}
if(encCtx->encoding != NULL) {
- fprintf(output, "== Encoding: \"%s\"\n", encCtx->encoding);
+ fprintf(output, "== Encoding: \"%s\"\n", encCtx->encoding);
}
if(encCtx->recipient != NULL) {
- fprintf(output, "== Recipient: \"%s\"\n", encCtx->recipient);
+ fprintf(output, "== Recipient: \"%s\"\n", encCtx->recipient);
}
if(encCtx->carriedKeyName != NULL) {
- fprintf(output, "== CarriedKeyName: \"%s\"\n", encCtx->carriedKeyName);
+ fprintf(output, "== CarriedKeyName: \"%s\"\n", encCtx->carriedKeyName);
}
-
+
fprintf(output, "== Key Info Read Ctx:\n");
xmlSecKeyInfoCtxDebugDump(&(encCtx->keyInfoReadCtx), output);
@@ -1205,53 +1205,53 @@ xmlSecEncCtxDebugDump(xmlSecEncCtxPtr encCtx, FILE* output) {
if(encCtx->encMethod != NULL) {
fprintf(output, "== Encryption Method:\n");
- xmlSecTransformDebugDump(encCtx->encMethod, output);
+ xmlSecTransformDebugDump(encCtx->encMethod, output);
}
if(encCtx->encKey != NULL) {
fprintf(output, "== Encryption Key:\n");
- xmlSecKeyDebugDump(encCtx->encKey, output);
+ xmlSecKeyDebugDump(encCtx->encKey, output);
}
-
- if((encCtx->result != NULL) &&
- (xmlSecBufferGetData(encCtx->result) != NULL) &&
+
+ if((encCtx->result != NULL) &&
+ (xmlSecBufferGetData(encCtx->result) != NULL) &&
(encCtx->resultBase64Encoded != 0)) {
- fprintf(output, "== Result - start buffer:\n");
- fwrite(xmlSecBufferGetData(encCtx->result),
- xmlSecBufferGetSize(encCtx->result), 1,
- output);
- fprintf(output, "\n== Result - end buffer\n");
+ fprintf(output, "== Result - start buffer:\n");
+ fwrite(xmlSecBufferGetData(encCtx->result),
+ xmlSecBufferGetSize(encCtx->result), 1,
+ output);
+ fprintf(output, "\n== Result - end buffer\n");
}
}
/**
* xmlSecEncCtxDebugXmlDump:
- * @encCtx: the pointer to <enc:EncryptedData/> processing context.
- * @output: the pointer to output FILE.
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ * @output: the pointer to output FILE.
*
* Prints the debug information about @encCtx to @output in XML format.
*/
-void
+void
xmlSecEncCtxDebugXmlDump(xmlSecEncCtxPtr encCtx, FILE* output) {
xmlSecAssert(encCtx != NULL);
xmlSecAssert(output != NULL);
switch(encCtx->mode) {
- case xmlEncCtxModeEncryptedData:
- if(encCtx->operation == xmlSecTransformOperationEncrypt) {
- fprintf(output, "<DataEncryptionContext ");
- } else {
- fprintf(output, "<DataDecryptionContext ");
- }
- break;
- case xmlEncCtxModeEncryptedKey:
- if(encCtx->operation == xmlSecTransformOperationEncrypt) {
- fprintf(output, "<KeyEncryptionContext ");
- } else {
- fprintf(output, "<KeyDecryptionContext ");
- }
- break;
+ case xmlEncCtxModeEncryptedData:
+ if(encCtx->operation == xmlSecTransformOperationEncrypt) {
+ fprintf(output, "<DataEncryptionContext ");
+ } else {
+ fprintf(output, "<DataDecryptionContext ");
+ }
+ break;
+ case xmlEncCtxModeEncryptedKey:
+ if(encCtx->operation == xmlSecTransformOperationEncrypt) {
+ fprintf(output, "<KeyEncryptionContext ");
+ } else {
+ fprintf(output, "<KeyDecryptionContext ");
+ }
+ break;
}
fprintf(output, "status=\"%s\" >\n", (encCtx->resultReplaced) ? "replaced" : "not-replaced" );
@@ -1265,7 +1265,7 @@ xmlSecEncCtxDebugXmlDump(xmlSecEncCtxPtr encCtx, FILE* output) {
fprintf(output, "<Type>");
xmlSecPrintXmlString(output, encCtx->type);
fprintf(output, "</Type>");
-
+
fprintf(output, "<MimeType>");
xmlSecPrintXmlString(output, encCtx->mimeType);
fprintf(output, "</MimeType>");
@@ -1296,42 +1296,42 @@ xmlSecEncCtxDebugXmlDump(xmlSecEncCtxPtr encCtx, FILE* output) {
if(encCtx->encMethod != NULL) {
fprintf(output, "<EncryptionMethod>\n");
- xmlSecTransformDebugXmlDump(encCtx->encMethod, output);
+ xmlSecTransformDebugXmlDump(encCtx->encMethod, output);
fprintf(output, "</EncryptionMethod>\n");
}
if(encCtx->encKey != NULL) {
fprintf(output, "<EncryptionKey>\n");
- xmlSecKeyDebugXmlDump(encCtx->encKey, output);
+ xmlSecKeyDebugXmlDump(encCtx->encKey, output);
fprintf(output, "</EncryptionKey>\n");
}
-
- if((encCtx->result != NULL) &&
- (xmlSecBufferGetData(encCtx->result) != NULL) &&
+
+ if((encCtx->result != NULL) &&
+ (xmlSecBufferGetData(encCtx->result) != NULL) &&
(encCtx->resultBase64Encoded != 0)) {
- fprintf(output, "<Result>");
- fwrite(xmlSecBufferGetData(encCtx->result),
- xmlSecBufferGetSize(encCtx->result), 1,
- output);
- fprintf(output, "</Result>\n");
+ fprintf(output, "<Result>");
+ fwrite(xmlSecBufferGetData(encCtx->result),
+ xmlSecBufferGetSize(encCtx->result), 1,
+ output);
+ fprintf(output, "</Result>\n");
}
switch(encCtx->mode) {
- case xmlEncCtxModeEncryptedData:
- if(encCtx->operation == xmlSecTransformOperationEncrypt) {
- fprintf(output, "</DataEncryptionContext>\n");
- } else {
- fprintf(output, "</DataDecryptionContext>\n");
- }
- break;
- case xmlEncCtxModeEncryptedKey:
- if(encCtx->operation == xmlSecTransformOperationEncrypt) {
- fprintf(output, "</KeyEncryptionContext>\n");
- } else {
- fprintf(output, "</KeyDecryptionContext>\n");
- }
- break;
+ case xmlEncCtxModeEncryptedData:
+ if(encCtx->operation == xmlSecTransformOperationEncrypt) {
+ fprintf(output, "</DataEncryptionContext>\n");
+ } else {
+ fprintf(output, "</DataDecryptionContext>\n");
+ }
+ break;
+ case xmlEncCtxModeEncryptedKey:
+ if(encCtx->operation == xmlSecTransformOperationEncrypt) {
+ fprintf(output, "</KeyEncryptionContext>\n");
+ } else {
+ fprintf(output, "</KeyDecryptionContext>\n");
+ }
+ break;
}
}
diff --git a/src/xmlsec.c b/src/xmlsec.c
index 3baa81a0..8b6d0cab 100644
--- a/src/xmlsec.c
+++ b/src/xmlsec.c
@@ -1,11 +1,11 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* General functions.
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -36,52 +36,52 @@ int
xmlSecInit(void) {
xmlSecErrorsInit();
xmlSecIOInit();
-
+
#ifndef XMLSEC_NO_CRYPTO_DYNAMIC_LOADING
if(xmlSecCryptoDLInit() < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecCryptoDLInit",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoDLInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
#endif /* XMLSEC_NO_CRYPTO_DYNAMIC_LOADING */
-
+
if(xmlSecKeyDataIdsInit() < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataIdsInit",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataIdsInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
if(xmlSecTransformIdsInit() < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecTransformIdsInit",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
-#ifndef XMLSEC_NO_XKMS
+
+#ifndef XMLSEC_NO_XKMS
if(xmlSecXkmsRespondWithIdsInit() < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsRespondWithIdsInit",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
if(xmlSecXkmsServerRequestIdsInit() < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXkmsServerRequestIdsInit",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestIdsInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
#endif /* XMLSEC_NO_XKMS */
@@ -99,9 +99,9 @@ xmlSecInit(void) {
*/
int
xmlSecShutdown(void) {
- int res = 0;
+ int res = 0;
-#ifndef XMLSEC_NO_XKMS
+#ifndef XMLSEC_NO_XKMS
xmlSecXkmsServerRequestIdsShutdown();
xmlSecXkmsRespondWithIdsShutdown();
#endif /* XMLSEC_NO_XKMS */
@@ -111,74 +111,74 @@ xmlSecShutdown(void) {
#ifndef XMLSEC_NO_CRYPTO_DYNAMIC_LOADING
if(xmlSecCryptoDLShutdown() < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecCryptoDLShutdown",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- res = -1;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoDLShutdown",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ res = -1;
}
#endif /* XMLSEC_NO_CRYPTO_DYNAMIC_LOADING */
xmlSecIOShutdown();
- xmlSecErrorsShutdown();
+ xmlSecErrorsShutdown();
return(res);
}
-/**
+/**
* xmlSecCheckVersionExt:
- * @major: the major version number.
- * @minor: the minor version number.
- * @subminor: the subminor version number.
- * @mode: the version check mode.
+ * @major: the major version number.
+ * @minor: the minor version number.
+ * @subminor: the subminor version number.
+ * @mode: the version check mode.
*
* Checks if the loaded version of xmlsec library could be used.
*
* Returns: 1 if the loaded xmlsec library version is OK to use
* 0 if it is not or a negative value if an error occurs.
*/
-int
+int
xmlSecCheckVersionExt(int major, int minor, int subminor, xmlSecCheckVersionMode mode) {
/* we always want to have a match for major version number */
if(major != XMLSEC_VERSION_MAJOR) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "expected major version=%d;real major version=%d",
- XMLSEC_VERSION_MAJOR, major);
- return(0);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "expected major version=%d;real major version=%d",
+ XMLSEC_VERSION_MAJOR, major);
+ return(0);
}
-
+
switch(mode) {
case xmlSecCheckVersionExactMatch:
- if((minor != XMLSEC_VERSION_MINOR) || (subminor != XMLSEC_VERSION_SUBMINOR)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "mode=exact;expected minor version=%d;real minor version=%d;expected subminor version=%d;real subminor version=%d",
- XMLSEC_VERSION_MINOR, minor,
- XMLSEC_VERSION_SUBMINOR, subminor);
- return(0);
- }
- break;
+ if((minor != XMLSEC_VERSION_MINOR) || (subminor != XMLSEC_VERSION_SUBMINOR)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "mode=exact;expected minor version=%d;real minor version=%d;expected subminor version=%d;real subminor version=%d",
+ XMLSEC_VERSION_MINOR, minor,
+ XMLSEC_VERSION_SUBMINOR, subminor);
+ return(0);
+ }
+ break;
case xmlSecCheckVersionABICompatible:
- if((minor < XMLSEC_VERSION_MINOR) ||
- ((minor == XMLSEC_VERSION_MINOR) &&
- (subminor < XMLSEC_VERSION_SUBMINOR))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "mode=abi compatible;expected minor version=%d;real minor version=%d;expected subminor version=%d;real subminor version=%d",
- XMLSEC_VERSION_MINOR, minor,
- XMLSEC_VERSION_SUBMINOR, subminor);
- return(0);
- }
- break;
+ if((minor > XMLSEC_VERSION_MINOR) ||
+ ((minor == XMLSEC_VERSION_MINOR) &&
+ (subminor > XMLSEC_VERSION_SUBMINOR))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "mode=abi compatible;expected minor version=%d;real minor version=%d;expected subminor version=%d;real subminor version=%d",
+ XMLSEC_VERSION_MINOR, minor,
+ XMLSEC_VERSION_SUBMINOR, subminor);
+ return(0);
+ }
+ break;
}
-
+
return(1);
}
diff --git a/src/xmltree.c b/src/xmltree.c
index 96ea53c1..27ad09e2 100644
--- a/src/xmltree.c
+++ b/src/xmltree.c
@@ -1,11 +1,11 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* Common XML Doc utility functions
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -14,7 +14,7 @@
#include <string.h>
#include <ctype.h>
#include <errno.h>
-
+
#include <libxml/tree.h>
#include <libxml/valid.h>
#include <libxml/xpath.h>
@@ -29,128 +29,128 @@
/**
* xmlSecFindChild:
- * @parent: the pointer to XML node.
- * @name: the name.
- * @ns: the namespace href (may be NULL).
+ * @parent: the pointer to XML node.
+ * @name: the name.
+ * @ns: the namespace href (may be NULL).
*
- * Searches a direct child of the @parent node having given name and
+ * Searches a direct child of the @parent node having given name and
* namespace href.
- *
- * Returns: the pointer to the found node or NULL if an error occurs or
+ *
+ * Returns: the pointer to the found node or NULL if an error occurs or
* node is not found.
*/
xmlNodePtr
xmlSecFindChild(const xmlNodePtr parent, const xmlChar *name, const xmlChar *ns) {
xmlNodePtr cur;
-
+
xmlSecAssert2(parent != NULL, NULL);
xmlSecAssert2(name != NULL, NULL);
-
+
cur = parent->children;
while(cur != NULL) {
if(cur->type == XML_ELEMENT_NODE) {
- if(xmlSecCheckNodeName(cur, name, ns)) {
- return(cur);
- }
- }
- cur = cur->next;
+ if(xmlSecCheckNodeName(cur, name, ns)) {
+ return(cur);
+ }
+ }
+ cur = cur->next;
}
return(NULL);
}
/**
* xmlSecFindParent:
- * @cur: the pointer to an XML node.
- * @name: the name.
- * @ns: the namespace href (may be NULL).
+ * @cur: the pointer to an XML node.
+ * @name: the name.
+ * @ns: the namespace href (may be NULL).
*
- * Searches the ancestors axis of the @cur node for a node having given name
+ * Searches the ancestors axis of the @cur node for a node having given name
* and namespace href.
- *
- * Returns: the pointer to the found node or NULL if an error occurs or
+ *
+ * Returns: the pointer to the found node or NULL if an error occurs or
* node is not found.
*/
xmlNodePtr
xmlSecFindParent(const xmlNodePtr cur, const xmlChar *name, const xmlChar *ns) {
xmlSecAssert2(cur != NULL, NULL);
- xmlSecAssert2(name != NULL, NULL);
+ xmlSecAssert2(name != NULL, NULL);
if(xmlSecCheckNodeName(cur, name, ns)) {
- return(cur);
+ return(cur);
} else if(cur->parent != NULL) {
- return(xmlSecFindParent(cur->parent, name, ns));
+ return(xmlSecFindParent(cur->parent, name, ns));
}
return(NULL);
}
/**
* xmlSecFindNode:
- * @parent: the pointer to XML node.
- * @name: the name.
- * @ns: the namespace href (may be NULL).
+ * @parent: the pointer to XML node.
+ * @name: the name.
+ * @ns: the namespace href (may be NULL).
*
- * Searches all children of the @parent node having given name and
+ * Searches all children of the @parent node having given name and
* namespace href.
- *
- * Returns: the pointer to the found node or NULL if an error occurs or
+ *
+ * Returns: the pointer to the found node or NULL if an error occurs or
* node is not found.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecFindNode(const xmlNodePtr parent, const xmlChar *name, const xmlChar *ns) {
xmlNodePtr cur;
xmlNodePtr ret;
-
- xmlSecAssert2(name != NULL, NULL);
-
+
+ xmlSecAssert2(name != NULL, NULL);
+
cur = parent;
while(cur != NULL) {
if((cur->type == XML_ELEMENT_NODE) && xmlSecCheckNodeName(cur, name, ns)) {
- return(cur);
- }
- if(cur->children != NULL) {
- ret = xmlSecFindNode(cur->children, name, ns);
- if(ret != NULL) {
- return(ret);
- }
- }
- cur = cur->next;
+ return(cur);
+ }
+ if(cur->children != NULL) {
+ ret = xmlSecFindNode(cur->children, name, ns);
+ if(ret != NULL) {
+ return(ret);
+ }
+ }
+ cur = cur->next;
}
return(NULL);
}
/**
* xmlSecGetNodeNsHref:
- * @cur: the pointer to node.
+ * @cur: the pointer to node.
*
* Get's node's namespace href.
*
* Returns: node's namespace href.
*/
-const xmlChar*
+const xmlChar*
xmlSecGetNodeNsHref(const xmlNodePtr cur) {
xmlNsPtr ns;
-
+
xmlSecAssert2(cur != NULL, NULL);
-
+
/* do we have a namespace in the node? */
if(cur->ns != NULL) {
- return(cur->ns->href);
+ return(cur->ns->href);
}
-
+
/* search for default namespace */
ns = xmlSearchNs(cur->doc, cur, NULL);
if(ns != NULL) {
- return(ns->href);
+ return(ns->href);
}
-
+
return(NULL);
}
-/**
+/**
* xmlSecCheckNodeName:
- * @cur: the pointer to an XML node.
- * @name: the name,
- * @ns: the namespace href.
+ * @cur: the pointer to an XML node.
+ * @name: the name,
+ * @ns: the namespace href.
*
* Checks that the node has a given name and a given namespace href.
*
@@ -159,74 +159,74 @@ xmlSecGetNodeNsHref(const xmlNodePtr cur) {
int
xmlSecCheckNodeName(const xmlNodePtr cur, const xmlChar *name, const xmlChar *ns) {
xmlSecAssert2(cur != NULL, 0);
-
- return(xmlStrEqual(cur->name, name) &&
- xmlStrEqual(xmlSecGetNodeNsHref(cur), ns));
+
+ return(xmlStrEqual(cur->name, name) &&
+ xmlStrEqual(xmlSecGetNodeNsHref(cur), ns));
}
/**
* xmlSecAddChild:
- * @parent: the pointer to an XML node.
- * @name: the new node name.
- * @ns: the new node namespace.
+ * @parent: the pointer to an XML node.
+ * @name: the new node name.
+ * @ns: the new node namespace.
*
* Adds a child to the node @parent with given @name and namespace @ns.
*
* Returns: pointer to the new node or NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecAddChild(xmlNodePtr parent, const xmlChar *name, const xmlChar *ns) {
xmlNodePtr cur;
xmlNodePtr text;
xmlSecAssert2(parent != NULL, NULL);
- xmlSecAssert2(name != NULL, NULL);
+ xmlSecAssert2(name != NULL, NULL);
if(parent->children == NULL) {
/* TODO: add indents */
- text = xmlNewText(xmlSecStringCR);
- if(text == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewText",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
- xmlAddChild(parent, text);
+ text = xmlNewText(xmlSecStringCR);
+ if(text == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewText",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ xmlAddChild(parent, text);
}
cur = xmlNewChild(parent, NULL, name, NULL);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewChild",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewChild",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
/* namespaces support */
if(ns != NULL) {
- xmlNsPtr nsPtr;
-
+ xmlNsPtr nsPtr;
+
/* find namespace by href and check that its prefix is not overwritten */
- nsPtr = xmlSearchNsByHref(cur->doc, cur, ns);
- if((nsPtr == NULL) || (xmlSearchNs(cur->doc, cur, nsPtr->prefix) != nsPtr)) {
- nsPtr = xmlNewNs(cur, ns, NULL);
- }
- xmlSetNs(cur, nsPtr);
+ nsPtr = xmlSearchNsByHref(cur->doc, cur, ns);
+ if((nsPtr == NULL) || (xmlSearchNs(cur->doc, cur, nsPtr->prefix) != nsPtr)) {
+ nsPtr = xmlNewNs(cur, ns, NULL);
+ }
+ xmlSetNs(cur, nsPtr);
}
-
+
/* TODO: add indents */
- text = xmlNewText(xmlSecStringCR);
- if(text == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewText",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ text = xmlNewText(xmlSecStringCR);
+ if(text == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewText",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
xmlAddChild(parent, text);
@@ -235,45 +235,45 @@ xmlSecAddChild(xmlNodePtr parent, const xmlChar *name, const xmlChar *ns) {
/**
* xmlSecAddChildNode:
- * @parent: the pointer to an XML node.
- * @child: the new node.
+ * @parent: the pointer to an XML node.
+ * @child: the new node.
*
* Adds @child node to the @parent node.
*
* Returns: pointer to the new node or NULL if an error occurs.
*/
-xmlNodePtr
+xmlNodePtr
xmlSecAddChildNode(xmlNodePtr parent, xmlNodePtr child) {
xmlNodePtr text;
xmlSecAssert2(parent != NULL, NULL);
- xmlSecAssert2(child != NULL, NULL);
+ xmlSecAssert2(child != NULL, NULL);
if(parent->children == NULL) {
/* TODO: add indents */
- text = xmlNewText(xmlSecStringCR);
- if(text == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewText",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
- xmlAddChild(parent, text);
+ text = xmlNewText(xmlSecStringCR);
+ if(text == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewText",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ xmlAddChild(parent, text);
}
xmlAddChild(parent, child);
/* TODO: add indents */
- text = xmlNewText(xmlSecStringCR);
- if(text == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewText",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ text = xmlNewText(xmlSecStringCR);
+ if(text == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewText",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
xmlAddChild(parent, text);
@@ -282,9 +282,9 @@ xmlSecAddChildNode(xmlNodePtr parent, xmlNodePtr child) {
/**
* xmlSecAddNextSibling
- * @node: the pointer to an XML node.
- * @name: the new node name.
- * @ns: the new node namespace.
+ * @node: the pointer to an XML node.
+ * @name: the new node name.
+ * @ns: the new node namespace.
*
* Adds next sibling to the node @node with given @name and namespace @ns.
*
@@ -296,51 +296,51 @@ xmlSecAddNextSibling(xmlNodePtr node, const xmlChar *name, const xmlChar *ns) {
xmlNodePtr text;
xmlSecAssert2(node != NULL, NULL);
- xmlSecAssert2(name != NULL, NULL);
+ xmlSecAssert2(name != NULL, NULL);
cur = xmlNewNode(NULL, name);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewNode",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewNode",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
xmlAddNextSibling(node, cur);
/* namespaces support */
if(ns != NULL) {
- xmlNsPtr nsPtr;
-
+ xmlNsPtr nsPtr;
+
/* find namespace by href and check that its prefix is not overwritten */
- nsPtr = xmlSearchNsByHref(cur->doc, cur, ns);
- if((nsPtr == NULL) || (xmlSearchNs(cur->doc, cur, nsPtr->prefix) != nsPtr)) {
- nsPtr = xmlNewNs(cur, ns, NULL);
- }
- xmlSetNs(cur, nsPtr);
+ nsPtr = xmlSearchNsByHref(cur->doc, cur, ns);
+ if((nsPtr == NULL) || (xmlSearchNs(cur->doc, cur, nsPtr->prefix) != nsPtr)) {
+ nsPtr = xmlNewNs(cur, ns, NULL);
+ }
+ xmlSetNs(cur, nsPtr);
}
/* TODO: add indents */
text = xmlNewText(xmlSecStringCR);
- if(text == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewText",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ if(text == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewText",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
xmlAddNextSibling(node, text);
-
+
return(cur);
}
/**
* xmlSecAddPrevSibling
- * @node: the pointer to an XML node.
- * @name: the new node name.
- * @ns: the new node namespace.
+ * @node: the pointer to an XML node.
+ * @name: the new node name.
+ * @ns: the new node namespace.
*
* Adds prev sibling to the node @node with given @name and namespace @ns.
*
@@ -352,40 +352,40 @@ xmlSecAddPrevSibling(xmlNodePtr node, const xmlChar *name, const xmlChar *ns) {
xmlNodePtr text;
xmlSecAssert2(node != NULL, NULL);
- xmlSecAssert2(name != NULL, NULL);
+ xmlSecAssert2(name != NULL, NULL);
cur = xmlNewNode(NULL, name);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewNode",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewNode",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
xmlAddPrevSibling(node, cur);
/* namespaces support */
if(ns != NULL) {
- xmlNsPtr nsPtr;
-
+ xmlNsPtr nsPtr;
+
/* find namespace by href and check that its prefix is not overwritten */
- nsPtr = xmlSearchNsByHref(cur->doc, cur, ns);
- if((nsPtr == NULL) || (xmlSearchNs(cur->doc, cur, nsPtr->prefix) != nsPtr)) {
- nsPtr = xmlNewNs(cur, ns, NULL);
- }
- xmlSetNs(cur, nsPtr);
+ nsPtr = xmlSearchNsByHref(cur->doc, cur, ns);
+ if((nsPtr == NULL) || (xmlSearchNs(cur->doc, cur, nsPtr->prefix) != nsPtr)) {
+ nsPtr = xmlNewNs(cur, ns, NULL);
+ }
+ xmlSetNs(cur, nsPtr);
}
/* TODO: add indents */
text = xmlNewText(xmlSecStringCR);
- if(text == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewText",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ if(text == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewText",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
xmlAddPrevSibling(node, text);
@@ -394,7 +394,7 @@ xmlSecAddPrevSibling(xmlNodePtr node, const xmlChar *name, const xmlChar *ns) {
/**
* xmlSecGetNextElementNode:
- * @cur: the pointer to an XML node.
+ * @cur: the pointer to an XML node.
*
* Seraches for the next element node.
*
@@ -402,18 +402,18 @@ xmlSecAddPrevSibling(xmlNodePtr node, const xmlChar *name, const xmlChar *ns) {
*/
xmlNodePtr
xmlSecGetNextElementNode(xmlNodePtr cur) {
-
+
while((cur != NULL) && (cur->type != XML_ELEMENT_NODE)) {
- cur = cur->next;
+ cur = cur->next;
}
return(cur);
}
/**
* xmlSecReplaceNode:
- * @node: the current node.
- * @newNode: the new node.
- *
+ * @node: the current node.
+ * @newNode: the new node.
+ *
* Swaps the @node and @newNode in the XML tree.
*
* Returns: 0 on success or a negative value if an error occurs.
@@ -423,12 +423,12 @@ xmlSecReplaceNode(xmlNodePtr node, xmlNodePtr newNode) {
return xmlSecReplaceNodeAndReturn(node, newNode, NULL);
}
-/**
+/**
* xmlSecReplaceNodeAndReturn:
- * @node: the current node.
- * @newNode: the new node.
- * @replaced: the replaced node, or release it if NULL is given
- *
+ * @node: the current node.
+ * @newNode: the new node.
+ * @replaced: the replaced node, or release it if NULL is given
+ *
* Swaps the @node and @newNode in the XML tree.
*
* Returns: 0 on success or a negative value if an error occurs.
@@ -437,48 +437,48 @@ int
xmlSecReplaceNodeAndReturn(xmlNodePtr node, xmlNodePtr newNode, xmlNodePtr* replaced) {
xmlNodePtr oldNode;
int restoreRoot = 0;
-
+
xmlSecAssert2(node != NULL, -1);
- xmlSecAssert2(newNode != NULL, -1);
+ xmlSecAssert2(newNode != NULL, -1);
/* fix documents children if necessary first */
if((node->doc != NULL) && (node->doc->children == node)) {
- node->doc->children = node->next;
- restoreRoot = 1;
+ node->doc->children = node->next;
+ restoreRoot = 1;
}
if((newNode->doc != NULL) && (newNode->doc->children == newNode)) {
- newNode->doc->children = newNode->next;
+ newNode->doc->children = newNode->next;
}
oldNode = xmlReplaceNode(node, newNode);
if(oldNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
"xmlReplaceNode",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
if(restoreRoot != 0) {
- xmlDocSetRootElement(oldNode->doc, newNode);
+ xmlDocSetRootElement(oldNode->doc, newNode);
}
/* return the old node if requested */
if(replaced != NULL) {
- (*replaced) = oldNode;
+ (*replaced) = oldNode;
} else {
- xmlFreeNode(oldNode);
+ xmlFreeNode(oldNode);
}
-
+
return(0);
}
/**
* xmlSecReplaceContent
- * @node: the current node.
- * @newNode: the new node.
- *
+ * @node: the current node.
+ * @newNode: the new node.
+ *
* Swaps the content of @node and @newNode.
*
* Returns: 0 on success or a negative value if an error occurs.
@@ -490,10 +490,10 @@ xmlSecReplaceContent(xmlNodePtr node, xmlNodePtr newNode) {
/**
* xmlSecReplaceContentAndReturn
- * @node: the current node.
- * @newNode: the new node.
- * @replaced: the replaced nodes, or release them if NULL is given
- *
+ * @node: the current node.
+ * @newNode: the new node.
+ * @replaced: the replaced nodes, or release them if NULL is given
+ *
* Swaps the content of @node and @newNode.
*
* Returns: 0 on success or a negative value if an error occurs.
@@ -501,7 +501,7 @@ xmlSecReplaceContent(xmlNodePtr node, xmlNodePtr newNode) {
int
xmlSecReplaceContentAndReturn(xmlNodePtr node, xmlNodePtr newNode, xmlNodePtr *replaced) {
xmlSecAssert2(node != NULL, -1);
- xmlSecAssert2(newNode != NULL, -1);
+ xmlSecAssert2(newNode != NULL, -1);
xmlUnlinkNode(newNode);
xmlSetTreeDoc(newNode, node->doc);
@@ -514,17 +514,17 @@ xmlSecReplaceContentAndReturn(xmlNodePtr node, xmlNodePtr newNode, xmlNodePtr *r
for(cur = node->children; (cur != NULL); cur = next) {
next = cur->next;
if((*replaced) != NULL) {
- /* n is unlinked in this function */
- xmlAddNextSibling(tail, cur);
- tail = cur;
+ /* n is unlinked in this function */
+ xmlAddNextSibling(tail, cur);
+ tail = cur;
} else {
- /* this is the first node, (*replaced) is the head */
+ /* this is the first node, (*replaced) is the head */
xmlUnlinkNode(cur);
- (*replaced) = tail = cur;
+ (*replaced) = tail = cur;
}
}
} else {
- /* just delete the content */
+ /* just delete the content */
xmlNodeSetContent(node, NULL);
}
@@ -536,10 +536,10 @@ xmlSecReplaceContentAndReturn(xmlNodePtr node, xmlNodePtr newNode, xmlNodePtr *r
/**
* xmlSecReplaceNodeBuffer:
- * @node: the current node.
- * @buffer: the XML data.
- * @size: the XML data size.
- *
+ * @node: the current node.
+ * @buffer: the XML data.
+ * @size: the XML data size.
+ *
* Swaps the @node and the parsed XML data from the @buffer in the XML tree.
*
* Returns: 0 on success or a negative value if an error occurs.
@@ -551,11 +551,11 @@ xmlSecReplaceNodeBuffer(xmlNodePtr node, const xmlSecByte *buffer, xmlSecSize si
/**
* xmlSecReplaceNodeBufferAndReturn:
- * @node: the current node.
- * @buffer: the XML data.
- * @size: the XML data size.
- * @replaced: the replaced nodes, or release them if NULL is given
- *
+ * @node: the current node.
+ * @buffer: the XML data.
+ * @size: the XML data size.
+ * @replaced: the replaced nodes, or release them if NULL is given
+ *
* Swaps the @node and the parsed XML data from the @buffer in the XML tree.
*
* Returns: 0 on success or a negative value if an error occurs.
@@ -575,7 +575,7 @@ xmlSecReplaceNodeBufferAndReturn(xmlNodePtr node, const xmlSecByte *buffer, xmlS
"xmlParseInNodeContext",
XMLSEC_ERRORS_R_XML_FAILED,
"Failed to parse content");
- return(-1);
+ return(-1);
}
/* add new nodes */
@@ -590,9 +590,9 @@ xmlSecReplaceNodeBufferAndReturn(xmlNodePtr node, const xmlSecByte *buffer, xmlS
/* return the old node if requested */
if(replaced != NULL) {
- (*replaced) = node;
+ (*replaced) = node;
} else {
- xmlFreeNode(node);
+ xmlFreeNode(node);
}
return(0);
@@ -600,8 +600,8 @@ xmlSecReplaceNodeBufferAndReturn(xmlNodePtr node, const xmlSecByte *buffer, xmlS
/**
* xmlSecNodeEncodeAndSetContent:
- * @node: the pointer to an XML node.
- * @buffer: the pointer to the node content.
+ * @node: the pointer to an XML node.
+ * @buffer: the pointer to the node content.
*
* Encodes "special" characters in the @buffer and sets the result
* as the node content.
@@ -612,18 +612,18 @@ int
xmlSecNodeEncodeAndSetContent(xmlNodePtr node, const xmlChar * buffer) {
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(node->doc != NULL, -1);
-
+
if(buffer != NULL) {
- xmlChar * tmp;
+ xmlChar * tmp;
- tmp = xmlEncodeSpecialChars(node->doc, buffer);
+ tmp = xmlEncodeSpecialChars(node->doc, buffer);
if (tmp == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlEncodeSpecialChars",
XMLSEC_ERRORS_R_XML_FAILED,
"Failed to encode special characters");
- return(-1);
+ return(-1);
}
xmlNodeSetContent(node, tmp);
@@ -637,109 +637,109 @@ xmlSecNodeEncodeAndSetContent(xmlNodePtr node, const xmlChar * buffer) {
/**
* xmlSecAddIDs:
- * @doc: the pointer to an XML document.
- * @cur: the pointer to an XML node.
- * @ids: the pointer to a NULL terminated list of ID attributes.
+ * @doc: the pointer to an XML document.
+ * @cur: the pointer to an XML node.
+ * @ids: the pointer to a NULL terminated list of ID attributes.
*
- * Walks thru all children of the @cur node and adds all attributes
+ * Walks thru all children of the @cur node and adds all attributes
* from the @ids list to the @doc document IDs attributes hash.
*/
-void
+void
xmlSecAddIDs(xmlDocPtr doc, xmlNodePtr cur, const xmlChar** ids) {
xmlNodePtr children = NULL;
xmlSecAssert(doc != NULL);
- xmlSecAssert(ids != NULL);
-
+ xmlSecAssert(ids != NULL);
+
if((cur != NULL) && (cur->type == XML_ELEMENT_NODE)) {
- xmlAttrPtr attr;
- xmlAttrPtr tmp;
- int i;
- xmlChar* name;
-
- for(attr = cur->properties; attr != NULL; attr = attr->next) {
- for(i = 0; ids[i] != NULL; ++i) {
- if(xmlStrEqual(attr->name, ids[i])) {
- name = xmlNodeListGetString(doc, attr->children, 1);
- if(name != NULL) {
- tmp = xmlGetID(doc, name);
- if(tmp == NULL) {
- xmlAddID(NULL, doc, name, attr);
- } else if(tmp != attr) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "id=%s already defined",
- xmlSecErrorsSafeString(name));
- }
- xmlFree(name);
- }
- }
- }
- }
-
- children = cur->children;
+ xmlAttrPtr attr;
+ xmlAttrPtr tmp;
+ int i;
+ xmlChar* name;
+
+ for(attr = cur->properties; attr != NULL; attr = attr->next) {
+ for(i = 0; ids[i] != NULL; ++i) {
+ if(xmlStrEqual(attr->name, ids[i])) {
+ name = xmlNodeListGetString(doc, attr->children, 1);
+ if(name != NULL) {
+ tmp = xmlGetID(doc, name);
+ if(tmp == NULL) {
+ xmlAddID(NULL, doc, name, attr);
+ } else if(tmp != attr) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "id=%s already defined",
+ xmlSecErrorsSafeString(name));
+ }
+ xmlFree(name);
+ }
+ }
+ }
+ }
+
+ children = cur->children;
} else if(cur == NULL) {
- children = doc->children;
+ children = doc->children;
}
-
+
while(children != NULL) {
- if(children->type == XML_ELEMENT_NODE) {
- xmlSecAddIDs(doc, children, ids);
- }
- children = children->next;
+ if(children->type == XML_ELEMENT_NODE) {
+ xmlSecAddIDs(doc, children, ids);
+ }
+ children = children->next;
}
}
/**
* xmlSecGenerateAndAddID:
- * @node: the node to ID attr to.
- * @attrName: the ID attr name.
- * @prefix: the prefix to add to the generated ID (can be NULL).
- * @len: the length of ID.
+ * @node: the node to ID attr to.
+ * @attrName: the ID attr name.
+ * @prefix: the prefix to add to the generated ID (can be NULL).
+ * @len: the length of ID.
*
* Generates a unique ID in the format <@prefix>base64-encoded(@len random bytes)
* and puts it in the attribute @attrName.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecGenerateAndAddID(xmlNodePtr node, const xmlChar* attrName, const xmlChar* prefix, xmlSecSize len) {
xmlChar* id;
int count;
-
- xmlSecAssert2(node != NULL, -1);
- xmlSecAssert2(attrName != NULL, -1);
+
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(attrName != NULL, -1);
/* we will try 5 times before giving up */
for(count = 0; count < 5; count++) {
- id = xmlSecGenerateID(prefix, len);
- if(id == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGenerateID",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- if((node->doc == NULL) || (xmlGetID(node->doc, id) == NULL)) {
- /* this is a unique ID in the document and we can use it */
- if(xmlSetProp(node, attrName, id) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSetProp",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(id);
- return(-1);
- }
-
- xmlFree(id);
- return(0);
- }
- xmlFree(id);
+ id = xmlSecGenerateID(prefix, len);
+ if(id == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGenerateID",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((node->doc == NULL) || (xmlGetID(node->doc, id) == NULL)) {
+ /* this is a unique ID in the document and we can use it */
+ if(xmlSetProp(node, attrName, id) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(id);
+ return(-1);
+ }
+
+ xmlFree(id);
+ return(0);
+ }
+ xmlFree(id);
}
return(-1);
@@ -747,8 +747,8 @@ xmlSecGenerateAndAddID(xmlNodePtr node, const xmlChar* attrName, const xmlChar*
/**
* xmlSecGenerateID:
- * @prefix: the prefix to add to the generated ID (can be NULL).
- * @len: the length of ID.
+ * @prefix: the prefix to add to the generated ID (can be NULL).
+ * @len: the length of ID.
*
* Generates a unique ID in the format <@prefix>base64-encoded(@len random bytes).
* The caller is responsible for freeing returned string using @xmlFree function.
@@ -757,155 +757,155 @@ xmlSecGenerateAndAddID(xmlNodePtr node, const xmlChar* attrName, const xmlChar*
*/
xmlChar*
xmlSecGenerateID(const xmlChar* prefix, xmlSecSize len) {
- xmlSecBuffer buffer;
+ xmlSecBuffer buffer;
xmlSecSize i, binLen;
xmlChar* res;
xmlChar* p;
int ret;
- xmlSecAssert2(len > 0, NULL);
-
+ xmlSecAssert2(len > 0, NULL);
+
/* we will do base64 decoding later */
binLen = (3 * len + 1) / 4;
-
+
ret = xmlSecBufferInitialize(&buffer, binLen + 1);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
xmlSecAssert2(xmlSecBufferGetData(&buffer) != NULL, NULL);
xmlSecAssert2(xmlSecBufferGetMaxSize(&buffer) >= binLen, NULL);
-
+
ret = xmlSecBufferSetSize(&buffer, binLen);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBufferFinalize(&buffer);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
}
xmlSecAssert2(xmlSecBufferGetSize(&buffer) == binLen, NULL);
-
+
/* create random bytes */
for(i = 0; i < binLen; i++) {
- (xmlSecBufferGetData(&buffer)) [i] = (xmlSecByte) (256.0 * rand() / (RAND_MAX + 1.0));
+ (xmlSecBufferGetData(&buffer)) [i] = (xmlSecByte) (256.0 * rand() / (RAND_MAX + 1.0));
}
-
+
/* base64 encode random bytes */
res = xmlSecBase64Encode(xmlSecBufferGetData(&buffer), xmlSecBufferGetSize(&buffer), 0);
if((res == NULL) || (xmlStrlen(res) == 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecBufferFinalize(&buffer);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
}
xmlSecBufferFinalize(&buffer);
/* truncate the generated id attribute if needed */
if(xmlStrlen(res) > (int)len) {
- res[len] = '\0';
+ res[len] = '\0';
}
- /* we need to cleanup base64 encoded id because ID attr can't have '+' or '/' characters */
+ /* we need to cleanup base64 encoded id because ID attr can't have '+' or '/' characters */
for(p = res; (*p) != '\0'; p++) {
- if(((*p) == '+') || ((*p) == '/')) {
- (*p) = '_';
- }
+ if(((*p) == '+') || ((*p) == '/')) {
+ (*p) = '_';
+ }
}
-
+
/* add prefix if exist */
if(prefix) {
- xmlChar* tmp;
- xmlSecSize tmpLen;
-
- tmpLen = xmlStrlen(prefix) + xmlStrlen(res) + 1;
- tmp = xmlMalloc(tmpLen + 1);
- if(tmp == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlMalloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(res);
- return(NULL);
- }
-
- xmlSecStrPrintf(tmp, tmpLen, BAD_CAST "%s%s", prefix, res);
- xmlFree(res);
- res = tmp;
+ xmlChar* tmp;
+ xmlSecSize tmpLen;
+
+ tmpLen = xmlStrlen(prefix) + xmlStrlen(res) + 1;
+ tmp = xmlMalloc(tmpLen + 1);
+ if(tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(res);
+ return(NULL);
+ }
+
+ xmlSecStrPrintf(tmp, tmpLen, BAD_CAST "%s%s", prefix, res);
+ xmlFree(res);
+ res = tmp;
} else {
- /* no prefix: check that ID attribute starts from a letter */
- if(!(((res[0] >= 'A') && (res[0] <= 'Z')) ||
- ((res[0] >= 'a') && (res[0] <= 'z')))) {
- res[0] = 'A';
- }
+ /* no prefix: check that ID attribute starts from a letter */
+ if(!(((res[0] >= 'A') && (res[0] <= 'Z')) ||
+ ((res[0] >= 'a') && (res[0] <= 'z')))) {
+ res[0] = 'A';
+ }
}
-
+
return(res);
}
/**
* xmlSecCreateTree:
- * @rootNodeName: the root node name.
- * @rootNodeNs: the root node namespace (otpional).
+ * @rootNodeName: the root node name.
+ * @rootNodeNs: the root node namespace (otpional).
*
* Creates a new XML tree with one root node @rootNodeName.
*
* Returns: pointer to the newly created tree or NULL if an error occurs.
*/
-xmlDocPtr
+xmlDocPtr
xmlSecCreateTree(const xmlChar* rootNodeName, const xmlChar* rootNodeNs) {
xmlDocPtr doc;
xmlNodePtr root;
xmlNsPtr ns;
-
+
xmlSecAssert2(rootNodeName != NULL, NULL);
/* create doc */
doc = xmlNewDoc(BAD_CAST "1.0");
if(doc == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewDoc",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewDoc",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
/* create root node */
- root = xmlNewDocNode(doc, NULL, rootNodeName, NULL);
+ root = xmlNewDocNode(doc, NULL, rootNodeName, NULL);
if(root == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewDocNode",
- XMLSEC_ERRORS_R_XML_FAILED,
- "node=Keys");
- xmlFreeDoc(doc);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewDocNode",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=Keys");
+ xmlFreeDoc(doc);
+ return(NULL);
}
xmlDocSetRootElement(doc, root);
/* and set root node namespace */
ns = xmlNewNs(root, rootNodeNs, NULL);
if(ns == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNewNs",
- XMLSEC_ERRORS_R_XML_FAILED,
- "ns=%s",
- xmlSecErrorsSafeString(rootNodeNs));
- xmlFreeDoc(doc);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "ns=%s",
+ xmlSecErrorsSafeString(rootNodeNs));
+ xmlFreeDoc(doc);
+ return(NULL);
}
xmlSetNs(root, ns);
@@ -914,28 +914,28 @@ xmlSecCreateTree(const xmlChar* rootNodeName, const xmlChar* rootNodeNs) {
/**
* xmlSecIsEmptyNode:
- * @node: the node to check
+ * @node: the node to check
*
* Checks whethere the @node is empty (i.e. has only whitespaces children).
*
* Returns: 1 if @node is empty, 0 otherwise or a negative value if an error occurs.
*/
-int
+int
xmlSecIsEmptyNode(xmlNodePtr node) {
xmlChar* content;
int res;
-
+
xmlSecAssert2(node != NULL, -1);
if(xmlSecGetNextElementNode(node->children) != NULL) {
- return(0);
+ return(0);
}
-
+
content = xmlNodeGetContent(node);
if(content == NULL) {
- return(1);
+ return(1);
}
-
+
res = xmlSecIsEmptyString(content);
xmlFree(content);
return(res);
@@ -943,26 +943,26 @@ xmlSecIsEmptyNode(xmlNodePtr node) {
/**
* xmlSecIsEmptyString:
- * @str: the string to check
+ * @str: the string to check
*
* Checks whethere the @str is empty (i.e. has only whitespaces children).
*
* Returns: 1 if @str is empty, 0 otherwise or a negative value if an error occurs.
*/
-int
+int
xmlSecIsEmptyString(const xmlChar* str) {
xmlSecAssert2(str != NULL, -1);
-
+
for( ;*str != '\0'; ++str) {
- if(!isspace((int)(*str))) {
- return(0);
- }
+ if(!isspace((int)(*str))) {
+ return(0);
+ }
}
return(1);
}
/**
- * xmlSecPrintXmlString:
+ * xmlSecPrintXmlString:
* @fd: the file descriptor to write the XML string to
* @str: the string
*
@@ -970,54 +970,54 @@ xmlSecIsEmptyString(const xmlChar* str) {
*
* Returns: he number of bytes transmitted or a negative value if an error occurs.
*/
-int
+int
xmlSecPrintXmlString(FILE * fd, const xmlChar * str) {
int res;
-
- if(str != NULL) {
+
+ if(str != NULL) {
xmlChar * encoded_str = NULL;
encoded_str = xmlEncodeSpecialChars(NULL, str);
if(encoded_str == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlEncodeSpecialChars",
- XMLSEC_ERRORS_R_XML_FAILED,
- "string=%s",
- xmlSecErrorsSafeString(str));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlEncodeSpecialChars",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "string=%s",
+ xmlSecErrorsSafeString(str));
+ return(-1);
}
-
+
res = fprintf(fd, "%s", (const char*)encoded_str);
- xmlFree(encoded_str);
+ xmlFree(encoded_str);
} else {
res = fprintf(fd, "NULL");
}
-
+
if(res < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "fprintf",
- XMLSEC_ERRORS_R_IO_FAILED,
- "res=%d,errno=%d",
- res, errno);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "fprintf",
+ XMLSEC_ERRORS_R_IO_FAILED,
+ "res=%d,errno=%d",
+ res, errno);
+ return(-1);
}
return(res);
}
-/**
+/**
* xmlSecGetQName:
- * @node: the context node.
- * @href: the QName href (can be NULL).
- * @local: the QName local part.
+ * @node: the context node.
+ * @href: the QName href (can be NULL).
+ * @local: the QName local part.
*
* Creates QName (prefix:local) from @href and @local in the context of the @node.
* Caller is responsible for freeing returned string with xmlFree.
*
* Returns: qname or NULL if an error occurs.
*/
-xmlChar*
+xmlChar*
xmlSecGetQName(xmlNodePtr node, const xmlChar* href, const xmlChar* local) {
xmlChar* qname;
xmlNsPtr ns;
@@ -1030,39 +1030,39 @@ xmlSecGetQName(xmlNodePtr node, const xmlChar* href, const xmlChar* local) {
ns = xmlSearchNsByHref(node->doc, node, href);
if((ns == NULL) && (href != NULL)) {
xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSearchNsByHref",
- XMLSEC_ERRORS_R_XML_FAILED,
- "node=%s,href=%s",
- xmlSecErrorsSafeString(node->name),
- xmlSecErrorsSafeString(href));
+ NULL,
+ "xmlSearchNsByHref",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s,href=%s",
+ xmlSecErrorsSafeString(node->name),
+ xmlSecErrorsSafeString(href));
return(NULL);
}
-
+
if((ns != NULL) && (ns->prefix != NULL)) {
- xmlSecSize len;
-
+ xmlSecSize len;
+
len = xmlStrlen(local) + xmlStrlen(ns->prefix) + 4;
qname = xmlMalloc(len);
if(qname == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlMalloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(node->name));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(node->name));
return(NULL);
}
xmlSecStrPrintf(qname, len, BAD_CAST "%s:%s", ns->prefix, local);
} else {
qname = xmlStrdup(local);
if(qname == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrdup",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(node->name));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(node->name));
return(NULL);
}
}
@@ -1077,17 +1077,17 @@ xmlSecGetQName(xmlNodePtr node, const xmlChar* href, const xmlChar* local) {
* QName <-> Integer mapping
*
************************************************************************/
-/**
+/**
* xmlSecQName2IntegerGetInfo:
* @info: the qname<->integer mapping information.
* @intValue: the integer value.
*
* Maps integer @intValue to a QName prefix.
- *
+ *
* Returns: the QName info that is mapped to @intValue or NULL if such value
* is not found.
*/
-xmlSecQName2IntegerInfoConstPtr
+xmlSecQName2IntegerInfoConstPtr
xmlSecQName2IntegerGetInfo(xmlSecQName2IntegerInfoConstPtr info, int intValue) {
unsigned int ii;
@@ -1102,20 +1102,20 @@ xmlSecQName2IntegerGetInfo(xmlSecQName2IntegerInfoConstPtr info, int intValue) {
return(NULL);
}
-/**
+/**
* xmlSecQName2IntegerGetInteger:
* @info: the qname<->integer mapping information.
* @qnameHref: the qname href value.
* @qnameLocalPart: the qname local part value.
* @intValue: the pointer to result integer value.
- *
+ *
* Maps qname qname to an integer and returns it in @intValue.
- *
+ *
* Returns: 0 on success or a negative value if an error occurs,
*/
-int
-xmlSecQName2IntegerGetInteger(xmlSecQName2IntegerInfoConstPtr info,
- const xmlChar* qnameHref, const xmlChar* qnameLocalPart,
+int
+xmlSecQName2IntegerGetInteger(xmlSecQName2IntegerInfoConstPtr info,
+ const xmlChar* qnameHref, const xmlChar* qnameLocalPart,
int* intValue) {
unsigned int ii;
@@ -1124,7 +1124,7 @@ xmlSecQName2IntegerGetInteger(xmlSecQName2IntegerInfoConstPtr info,
xmlSecAssert2(intValue != NULL, -1);
for(ii = 0; info[ii].qnameLocalPart != NULL; ii++) {
- if(xmlStrEqual(info[ii].qnameLocalPart, qnameLocalPart) &&
+ if(xmlStrEqual(info[ii].qnameLocalPart, qnameLocalPart) &&
xmlStrEqual(info[ii].qnameHref, qnameHref)) {
(*intValue) = info[ii].intValue;
return(0);
@@ -1134,83 +1134,83 @@ xmlSecQName2IntegerGetInteger(xmlSecQName2IntegerInfoConstPtr info,
return(-1);
}
-/**
+/**
* xmlSecQName2IntegerGetIntegerFromString:
* @info: the qname<->integer mapping information.
* @node: the pointer to node.
* @qname: the qname string.
* @intValue: the pointer to result integer value.
- *
+ *
* Converts @qname into integer in context of @node.
- *
+ *
* Returns: 0 on success or a negative value if an error occurs,
*/
-int
+int
xmlSecQName2IntegerGetIntegerFromString(xmlSecQName2IntegerInfoConstPtr info,
- xmlNodePtr node, const xmlChar* qname,
+ xmlNodePtr node, const xmlChar* qname,
int* intValue) {
const xmlChar* qnameLocalPart = NULL;
xmlChar* qnamePrefix = NULL;
const xmlChar* qnameHref;
xmlNsPtr ns;
int ret;
-
+
xmlSecAssert2(info != NULL, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(qname != NULL, -1);
xmlSecAssert2(intValue != NULL, -1);
-
+
qnameLocalPart = xmlStrchr(qname, ':');
if(qnameLocalPart != NULL) {
qnamePrefix = xmlStrndup(qname, qnameLocalPart - qname);
if(qnamePrefix == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrndup",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "node=%s,value=%s",
- xmlSecErrorsSafeString(node->name),
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrndup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "node=%s,value=%s",
+ xmlSecErrorsSafeString(node->name),
xmlSecErrorsSafeString(qname));
- return(-1);
+ return(-1);
}
qnameLocalPart++;
} else {
qnamePrefix = NULL;
qnameLocalPart = qname;
}
-
+
/* search namespace href */
ns = xmlSearchNs(node->doc, node, qnamePrefix);
if((ns == NULL) && (qnamePrefix != NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSearchNs",
- XMLSEC_ERRORS_R_XML_FAILED,
- "node=%s,qnamePrefix=%s",
- xmlSecErrorsSafeString(node->name),
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSearchNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s,qnamePrefix=%s",
+ xmlSecErrorsSafeString(node->name),
xmlSecErrorsSafeString(qnamePrefix));
if(qnamePrefix != NULL) {
xmlFree(qnamePrefix);
}
- return(-1);
+ return(-1);
}
qnameHref = (ns != NULL) ? ns->href : BAD_CAST NULL;
/* and finally search for integer */
ret = xmlSecQName2IntegerGetInteger(info, qnameHref, qnameLocalPart, intValue);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecQName2IntegerGetInteger",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s,qnameLocalPart=%s,qnameHref=%s",
- xmlSecErrorsSafeString(node->name),
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerGetInteger",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s,qnameLocalPart=%s,qnameHref=%s",
+ xmlSecErrorsSafeString(node->name),
xmlSecErrorsSafeString(qnameLocalPart),
xmlSecErrorsSafeString(qnameHref));
if(qnamePrefix != NULL) {
xmlFree(qnamePrefix);
}
- return(-1);
+ return(-1);
}
if(qnamePrefix != NULL) {
@@ -1220,20 +1220,20 @@ xmlSecQName2IntegerGetIntegerFromString(xmlSecQName2IntegerInfoConstPtr info,
}
-/**
+/**
* xmlSecQName2IntegerGetStringFromInteger:
* @info: the qname<->integer mapping information.
* @node: the pointer to node.
* @intValue: the integer value.
- *
+ *
* Creates qname string for @intValue in context of given @node. Caller
* is responsible for freeing returned string with @xmlFree.
- *
+ *
* Returns: pointer to newly allocated string on success or NULL if an error occurs,
*/
-xmlChar*
+xmlChar*
xmlSecQName2IntegerGetStringFromInteger(xmlSecQName2IntegerInfoConstPtr info,
- xmlNodePtr node, int intValue) {
+ xmlNodePtr node, int intValue) {
xmlSecQName2IntegerInfoConstPtr qnameInfo;
xmlSecAssert2(info != NULL, NULL);
@@ -1241,31 +1241,31 @@ xmlSecQName2IntegerGetStringFromInteger(xmlSecQName2IntegerInfoConstPtr info,
qnameInfo = xmlSecQName2IntegerGetInfo(info, intValue);
if(qnameInfo == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecQName2IntegerGetInfo",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s,intValue=%d",
- xmlSecErrorsSafeString(node->name),
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerGetInfo",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s,intValue=%d",
+ xmlSecErrorsSafeString(node->name),
intValue);
return(NULL);
}
-
+
return (xmlSecGetQName(node, qnameInfo->qnameHref, qnameInfo->qnameLocalPart));
}
-/**
+/**
* xmlSecQName2IntegerNodeRead:
* @info: the qname<->integer mapping information.
* @node: the pointer to node.
* @intValue: the pointer to result integer value.
- *
- * Reads the content of @node and converts it to an integer using mapping
+ *
+ * Reads the content of @node and converts it to an integer using mapping
* from @info.
- *
+ *
* Returns: 0 on success or a negative value if an error occurs,
*/
-int
+int
xmlSecQName2IntegerNodeRead(xmlSecQName2IntegerInfoConstPtr info, xmlNodePtr node, int* intValue) {
xmlChar* content = NULL;
int ret;
@@ -1276,48 +1276,48 @@ xmlSecQName2IntegerNodeRead(xmlSecQName2IntegerInfoConstPtr info, xmlNodePtr nod
content = xmlNodeGetContent(node);
if(content == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNodeGetContent",
- XMLSEC_ERRORS_R_XML_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(node->name));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNodeGetContent",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(node->name));
+ return(-1);
}
/* todo: trim content? */
ret = xmlSecQName2IntegerGetIntegerFromString(info, node, content, intValue);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecQName2IntegerGetIntegerFromString",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s,value=%s",
- xmlSecErrorsSafeString(node->name),
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerGetIntegerFromString",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s,value=%s",
+ xmlSecErrorsSafeString(node->name),
xmlSecErrorsSafeString(content));
xmlFree(content);
- return(-1);
+ return(-1);
}
xmlFree(content);
return(0);
}
-/**
+/**
* xmlSecQName2IntegerNodeWrite:
* @info: the qname<->integer mapping information.
* @node: the parent node.
* @nodeName: the child node name.
* @nodeNs: the child node namespace.
* @intValue: the integer value.
- *
+ *
* Creates new child node in @node and sets its value to @intValue.
- *
+ *
* Returns: 0 on success or a negative value if an error occurs,
*/
-int
+int
xmlSecQName2IntegerNodeWrite(xmlSecQName2IntegerInfoConstPtr info, xmlNodePtr node,
- const xmlChar* nodeName, const xmlChar* nodeNs, int intValue) {
+ const xmlChar* nodeName, const xmlChar* nodeNs, int intValue) {
xmlNodePtr cur;
xmlChar* qname = NULL;
@@ -1328,24 +1328,24 @@ xmlSecQName2IntegerNodeWrite(xmlSecQName2IntegerInfoConstPtr info, xmlNodePtr no
/* find and build qname */
qname = xmlSecQName2IntegerGetStringFromInteger(info, node, intValue);
if(qname == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecQName2IntegerGetStringFromInteger",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s,intValue=%d",
- xmlSecErrorsSafeString(node->name),
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerGetStringFromInteger",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s,intValue=%d",
+ xmlSecErrorsSafeString(node->name),
intValue);
return(-1);
}
-
+
cur = xmlSecAddChild(node, nodeName, nodeNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s,intValue=%d",
- xmlSecErrorsSafeString(nodeName),
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s,intValue=%d",
+ xmlSecErrorsSafeString(nodeName),
intValue);
xmlFree(qname);
return(-1);
@@ -1356,21 +1356,21 @@ xmlSecQName2IntegerNodeWrite(xmlSecQName2IntegerInfoConstPtr info, xmlNodePtr no
return(0);
}
-/**
+/**
* xmlSecQName2IntegerAttributeRead:
* @info: the qname<->integer mapping information.
- * @node: the element node.
+ * @node: the element node.
* @attrName: the attribute name.
* @intValue: the pointer to result integer value.
- *
+ *
* Gets the value of @attrName atrtibute from @node and converts it to integer
* according to @info.
- *
+ *
* Returns: 0 on success or a negative value if an error occurs,
*/
-int
+int
xmlSecQName2IntegerAttributeRead(xmlSecQName2IntegerInfoConstPtr info, xmlNodePtr node,
- const xmlChar* attrName, int* intValue) {
+ const xmlChar* attrName, int* intValue) {
xmlChar* attrValue;
int ret;
@@ -1381,45 +1381,45 @@ xmlSecQName2IntegerAttributeRead(xmlSecQName2IntegerInfoConstPtr info, xmlNodePt
attrValue = xmlGetProp(node, attrName);
if(attrValue == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlGetProp",
- XMLSEC_ERRORS_R_XML_FAILED,
- "node=%s,attrValue=%s",
- xmlSecErrorsSafeString(node->name),
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlGetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s,attrValue=%s",
+ xmlSecErrorsSafeString(node->name),
xmlSecErrorsSafeString(attrName));
- return(-1);
+ return(-1);
}
/* todo: trim value? */
ret = xmlSecQName2IntegerGetIntegerFromString(info, node, attrValue, intValue);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecQName2IntegerGetIntegerFromString",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s,attrName=%s,attrValue=%s",
- xmlSecErrorsSafeString(node->name),
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerGetIntegerFromString",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s,attrName=%s,attrValue=%s",
+ xmlSecErrorsSafeString(node->name),
xmlSecErrorsSafeString(attrName),
xmlSecErrorsSafeString(attrValue));
xmlFree(attrValue);
- return(-1);
+ return(-1);
}
xmlFree(attrValue);
return(0);
}
-/**
+/**
* xmlSecQName2IntegerAttributeWrite:
* @info: the qname<->integer mapping information.
* @node: the parent node.
* @attrName: the name of attribute.
* @intValue: the integer value.
- *
- * Converts @intValue to a qname and sets it to the value of
+ *
+ * Converts @intValue to a qname and sets it to the value of
* attribute @attrName in @node.
- *
+ *
* Returns: 0 on success or a negative value if an error occurs,
*/
int
@@ -1435,26 +1435,26 @@ xmlSecQName2IntegerAttributeWrite(xmlSecQName2IntegerInfoConstPtr info, xmlNodeP
/* find and build qname */
qname = xmlSecQName2IntegerGetStringFromInteger(info, node, intValue);
if(qname == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecQName2IntegerGetStringFromInteger",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s,attrName=%s,intValue=%d",
- xmlSecErrorsSafeString(node->name),
- xmlSecErrorsSafeString(attrName),
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerGetStringFromInteger",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s,attrName=%s,intValue=%d",
+ xmlSecErrorsSafeString(node->name),
+ xmlSecErrorsSafeString(attrName),
intValue);
return(-1);
}
attr = xmlSetProp(node, attrName, qname);
if(attr == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChildNode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s,attrName=%s,intValue=%d",
- xmlSecErrorsSafeString(node->name),
- xmlSecErrorsSafeString(attrName),
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChildNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s,attrName=%s,intValue=%d",
+ xmlSecErrorsSafeString(node->name),
+ xmlSecErrorsSafeString(attrName),
intValue);
xmlFree(qname);
return(-1);
@@ -1464,16 +1464,16 @@ xmlSecQName2IntegerAttributeWrite(xmlSecQName2IntegerInfoConstPtr info, xmlNodeP
return(0);
}
-/**
+/**
* xmlSecQName2IntegerDebugDump:
* @info: the qname<->integer mapping information.
* @intValue: the integer value.
- * @name: the value name to print.
+ * @name: the value name to print.
* @output: the pointer to output FILE.
- *
+ *
* Prints @intValue into @output.
*/
-void
+void
xmlSecQName2IntegerDebugDump(xmlSecQName2IntegerInfoConstPtr info, int intValue,
const xmlChar* name, FILE* output) {
xmlSecQName2IntegerInfoConstPtr qnameInfo;
@@ -1484,24 +1484,24 @@ xmlSecQName2IntegerDebugDump(xmlSecQName2IntegerInfoConstPtr info, int intValue,
qnameInfo = xmlSecQName2IntegerGetInfo(info, intValue);
if(qnameInfo != NULL) {
- fprintf(output, "== %s: %d (name=\"%s\", href=\"%s\")\n", name, intValue,
+ fprintf(output, "== %s: %d (name=\"%s\", href=\"%s\")\n", name, intValue,
(qnameInfo->qnameLocalPart) ? qnameInfo->qnameLocalPart : BAD_CAST NULL,
(qnameInfo->qnameHref) ? qnameInfo->qnameHref : BAD_CAST NULL);
- }
+ }
}
-/**
+/**
* xmlSecQName2IntegerDebugXmlDump:
* @info: the qname<->integer mapping information.
* @intValue: the integer value.
- * @name: the value name to print.
+ * @name: the value name to print.
* @output: the pointer to output FILE.
- *
- * Prints @intValue into @output in XML format.
+ *
+ * Prints @intValue into @output in XML format.
*/
-void
+void
xmlSecQName2IntegerDebugXmlDump(xmlSecQName2IntegerInfoConstPtr info, int intValue,
- const xmlChar* name, FILE* output) {
+ const xmlChar* name, FILE* output) {
xmlSecQName2IntegerInfoConstPtr qnameInfo;
xmlSecAssert(info != NULL);
@@ -1510,24 +1510,24 @@ xmlSecQName2IntegerDebugXmlDump(xmlSecQName2IntegerInfoConstPtr info, int intVal
qnameInfo = xmlSecQName2IntegerGetInfo(info, intValue);
if(qnameInfo != NULL) {
- fprintf(output, "<%s value=\"%d\" href=\"%s\">%s<%s>\n", name, intValue,
+ fprintf(output, "<%s value=\"%d\" href=\"%s\">%s<%s>\n", name, intValue,
(qnameInfo->qnameHref) ? qnameInfo->qnameHref : BAD_CAST NULL,
(qnameInfo->qnameLocalPart) ? qnameInfo->qnameLocalPart : BAD_CAST NULL,
name);
- }
+ }
}
-
+
/*************************************************************************
*
* QName <-> Bits mask mapping
*
************************************************************************/
-/**
+/**
* xmlSecQName2BitMaskGetInfo:
* @info: the qname<->bit mask mapping information.
* @mask: the bit mask.
- *
+ *
* Converts @mask to qname.
*
* Returns: pointer to the qname info for @mask or NULL if mask is unknown.
@@ -1548,21 +1548,21 @@ xmlSecQName2BitMaskGetInfo(xmlSecQName2BitMaskInfoConstPtr info, xmlSecBitMask m
return(NULL);
}
-/**
+/**
* xmlSecQName2BitMaskGetBitMask:
* @info: the qname<->bit mask mapping information.
* @qnameHref: the qname Href value.
* @qnameLocalPart: the qname LocalPart value.
* @mask: the pointer to result mask.
- *
+ *
* Converts @qnameLocalPart to @mask.
- *
+ *
* Returns: 0 on success or a negative value if an error occurs,
*/
-int
-xmlSecQName2BitMaskGetBitMask(xmlSecQName2BitMaskInfoConstPtr info,
+int
+xmlSecQName2BitMaskGetBitMask(xmlSecQName2BitMaskInfoConstPtr info,
const xmlChar* qnameHref, const xmlChar* qnameLocalPart,
- xmlSecBitMask* mask) {
+ xmlSecBitMask* mask) {
unsigned int ii;
xmlSecAssert2(info != NULL, -1);
@@ -1571,7 +1571,7 @@ xmlSecQName2BitMaskGetBitMask(xmlSecQName2BitMaskInfoConstPtr info,
for(ii = 0; info[ii].qnameLocalPart != NULL; ii++) {
xmlSecAssert2(info[ii].mask != 0, -1);
- if(xmlStrEqual(info[ii].qnameLocalPart, qnameLocalPart) &&
+ if(xmlStrEqual(info[ii].qnameLocalPart, qnameLocalPart) &&
xmlStrEqual(info[ii].qnameHref, qnameHref)) {
(*mask) = info[ii].mask;
@@ -1582,27 +1582,27 @@ xmlSecQName2BitMaskGetBitMask(xmlSecQName2BitMaskInfoConstPtr info,
return(-1);
}
-/**
+/**
* xmlSecQName2BitMaskGetBitMaskFromString:
* @info: the qname<->integer mapping information.
* @node: the pointer to node.
* @qname: the qname string.
* @mask: the pointer to result msk value.
- *
+ *
* Converts @qname into integer in context of @node.
- *
+ *
* Returns: 0 on success or a negative value if an error occurs,
*/
-int
+int
xmlSecQName2BitMaskGetBitMaskFromString(xmlSecQName2BitMaskInfoConstPtr info,
- xmlNodePtr node, const xmlChar* qname,
+ xmlNodePtr node, const xmlChar* qname,
xmlSecBitMask* mask) {
const xmlChar* qnameLocalPart = NULL;
xmlChar* qnamePrefix = NULL;
const xmlChar* qnameHref;
xmlNsPtr ns;
int ret;
-
+
xmlSecAssert2(info != NULL, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(qname != NULL, -1);
@@ -1612,53 +1612,53 @@ xmlSecQName2BitMaskGetBitMaskFromString(xmlSecQName2BitMaskInfoConstPtr info,
if(qnameLocalPart != NULL) {
qnamePrefix = xmlStrndup(qname, qnameLocalPart - qname);
if(qnamePrefix == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrndup",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "node=%s,value=%s",
- xmlSecErrorsSafeString(node->name),
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrndup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "node=%s,value=%s",
+ xmlSecErrorsSafeString(node->name),
xmlSecErrorsSafeString(qname));
- return(-1);
+ return(-1);
}
qnameLocalPart++;
} else {
qnamePrefix = NULL;
qnameLocalPart = qname;
}
-
+
/* search namespace href */
ns = xmlSearchNs(node->doc, node, qnamePrefix);
if((ns == NULL) && (qnamePrefix != NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSearchNs",
- XMLSEC_ERRORS_R_XML_FAILED,
- "node=%s,qnamePrefix=%s",
- xmlSecErrorsSafeString(node->name),
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSearchNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s,qnamePrefix=%s",
+ xmlSecErrorsSafeString(node->name),
xmlSecErrorsSafeString(qnamePrefix));
if(qnamePrefix != NULL) {
xmlFree(qnamePrefix);
}
- return(-1);
+ return(-1);
}
qnameHref = (ns != NULL) ? ns->href : BAD_CAST NULL;
/* and finally search for integer */
ret = xmlSecQName2BitMaskGetBitMask(info, qnameHref, qnameLocalPart, mask);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecQName2BitMaskGetBitMask",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s,qnameLocalPart=%s,qnameHref=%s",
- xmlSecErrorsSafeString(node->name),
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2BitMaskGetBitMask",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s,qnameLocalPart=%s,qnameHref=%s",
+ xmlSecErrorsSafeString(node->name),
xmlSecErrorsSafeString(qnameLocalPart),
xmlSecErrorsSafeString(qnameHref));
if(qnamePrefix != NULL) {
xmlFree(qnamePrefix);
}
- return(-1);
+ return(-1);
}
if(qnamePrefix != NULL) {
@@ -1668,20 +1668,20 @@ xmlSecQName2BitMaskGetBitMaskFromString(xmlSecQName2BitMaskInfoConstPtr info,
}
-/**
+/**
* xmlSecQName2BitMaskGetStringFromBitMask:
* @info: the qname<->integer mapping information.
* @node: the pointer to node.
* @mask: the mask.
- *
+ *
* Creates qname string for @mask in context of given @node. Caller
* is responsible for freeing returned string with @xmlFree.
- *
+ *
* Returns: pointer to newly allocated string on success or NULL if an error occurs,
*/
-xmlChar*
+xmlChar*
xmlSecQName2BitMaskGetStringFromBitMask(xmlSecQName2BitMaskInfoConstPtr info,
- xmlNodePtr node, xmlSecBitMask mask) {
+ xmlNodePtr node, xmlSecBitMask mask) {
xmlSecQName2BitMaskInfoConstPtr qnameInfo;
xmlSecAssert2(info != NULL, NULL);
@@ -1689,38 +1689,38 @@ xmlSecQName2BitMaskGetStringFromBitMask(xmlSecQName2BitMaskInfoConstPtr info,
qnameInfo = xmlSecQName2BitMaskGetInfo(info, mask);
if(qnameInfo == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecQName2BitMaskGetInfo",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s,mask=%d",
- xmlSecErrorsSafeString(node->name),
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2BitMaskGetInfo",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s,mask=%d",
+ xmlSecErrorsSafeString(node->name),
mask);
return(NULL);
}
-
+
return(xmlSecGetQName(node, qnameInfo->qnameHref, qnameInfo->qnameLocalPart));
}
-/**
+/**
* xmlSecQName2BitMaskNodesRead:
* @info: the qname<->bit mask mapping information.
* @node: the start.
* @nodeName: the mask nodes name.
* @nodeNs: the mask nodes namespace.
- * @stopOnUnknown: if this flag is set then function exits if unknown
- * value was found.
+ * @stopOnUnknown: if this flag is set then function exits if unknown
+ * value was found.
* @mask: the pointer to result mask.
- *
+ *
* Reads <@nodeNs:@nodeName> elements and puts the result bit mask
* into @mask. When function exits, @node points to the first element node
* after all the <@nodeNs:@nodeName> elements.
- *
+ *
* Returns: 0 on success or a negative value if an error occurs,
*/
-int
+int
xmlSecQName2BitMaskNodesRead(xmlSecQName2BitMaskInfoConstPtr info, xmlNodePtr* node,
- const xmlChar* nodeName, const xmlChar* nodeNs,
+ const xmlChar* nodeName, const xmlChar* nodeNs,
int stopOnUnknown, xmlSecBitMask* mask) {
xmlNodePtr cur;
xmlChar* content;
@@ -1736,62 +1736,62 @@ xmlSecQName2BitMaskNodesRead(xmlSecQName2BitMaskInfoConstPtr info, xmlNodePtr* n
while((cur != NULL) && (xmlSecCheckNodeName(cur, nodeName, nodeNs))) {
content = xmlNodeGetContent(cur);
if(content == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlNodeGetContent",
- XMLSEC_ERRORS_R_XML_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(cur->name));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNodeGetContent",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(cur->name));
+ return(-1);
}
-
+
ret = xmlSecQName2BitMaskGetBitMaskFromString(info, cur, content, &tmp);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecQName2BitMaskGetBitMaskFromString",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "value=%s",
- xmlSecErrorsSafeString(content));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2BitMaskGetBitMaskFromString",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "value=%s",
+ xmlSecErrorsSafeString(content));
xmlFree(content);
- return(-1);
+ return(-1);
}
xmlFree(content);
- if((stopOnUnknown != 0) && (tmp == 0)) {
- /* todo: better error */
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecQName2BitMaskGetBitMaskFromString",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "value=%s",
- xmlSecErrorsSafeString(content));
- return(-1);
- }
-
+ if((stopOnUnknown != 0) && (tmp == 0)) {
+ /* todo: better error */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2BitMaskGetBitMaskFromString",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "value=%s",
+ xmlSecErrorsSafeString(content));
+ return(-1);
+ }
+
(*mask) |= tmp;
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
}
- (*node) = cur;
- return(0);
+ (*node) = cur;
+ return(0);
}
-/**
+/**
* xmlSecQName2BitMaskNodesWrite:
* @info: the qname<->bit mask mapping information.
* @node: the parent element for mask nodes.
* @nodeName: the mask nodes name.
* @nodeNs: the mask nodes namespace.
* @mask: the bit mask.
- *
+ *
* Writes <@nodeNs:@nodeName> elemnts with values from @mask to @node.
- *
+ *
* Returns: 0 on success or a negative value if an error occurs,
*/
-int
+int
xmlSecQName2BitMaskNodesWrite(xmlSecQName2BitMaskInfoConstPtr info, xmlNodePtr node,
- const xmlChar* nodeName, const xmlChar* nodeNs,
+ const xmlChar* nodeName, const xmlChar* nodeNs,
xmlSecBitMask mask) {
unsigned int ii;
@@ -1805,30 +1805,30 @@ xmlSecQName2BitMaskNodesWrite(xmlSecQName2BitMaskInfoConstPtr info, xmlNodePtr n
if((mask & info[ii].mask) != 0) {
xmlNodePtr cur;
xmlChar* qname;
-
- qname = xmlSecGetQName(node, info[ii].qnameHref, info[ii].qnameLocalPart);
+
+ qname = xmlSecGetQName(node, info[ii].qnameHref, info[ii].qnameLocalPart);
if(qname == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGetQName",
- XMLSEC_ERRORS_R_XML_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(nodeName));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGetQName",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(nodeName));
+ return(-1);
}
-
+
cur = xmlSecAddChild(node, nodeName, nodeNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XML_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(nodeName));
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(nodeName));
xmlFree(qname);
- return(-1);
+ return(-1);
}
-
+
xmlNodeSetContent(cur, qname);
xmlFree(qname);
}
@@ -1836,18 +1836,18 @@ xmlSecQName2BitMaskNodesWrite(xmlSecQName2BitMaskInfoConstPtr info, xmlNodePtr n
return(0);
}
-/**
+/**
* xmlSecQName2BitMaskDebugDump:
* @info: the qname<->bit mask mapping information.
* @mask: the bit mask.
- * @name: the value name to print.
+ * @name: the value name to print.
* @output: the pointer to output FILE.
- *
+ *
* Prints debug information about @mask to @output.
*/
-void
+void
xmlSecQName2BitMaskDebugDump(xmlSecQName2BitMaskInfoConstPtr info, xmlSecBitMask mask,
- const xmlChar* name, FILE* output) {
+ const xmlChar* name, FILE* output) {
unsigned int ii;
xmlSecAssert(info != NULL);
@@ -1869,18 +1869,18 @@ xmlSecQName2BitMaskDebugDump(xmlSecQName2BitMaskInfoConstPtr info, xmlSecBitMask
fprintf(output, "\n");
}
-/**
+/**
* xmlSecQName2BitMaskDebugXmlDump:
* @info: the qname<->bit mask mapping information.
* @mask: the bit mask.
- * @name: the value name to print.
+ * @name: the value name to print.
* @output: the pointer to output FILE.
- *
+ *
* Prints debug information about @mask to @output in XML format.
*/
-void
+void
xmlSecQName2BitMaskDebugXmlDump(xmlSecQName2BitMaskInfoConstPtr info, xmlSecBitMask mask,
- const xmlChar* name, FILE* output) {
+ const xmlChar* name, FILE* output) {
unsigned int ii;
xmlSecAssert(info != NULL);
@@ -1896,13 +1896,13 @@ xmlSecQName2BitMaskDebugXmlDump(xmlSecQName2BitMaskInfoConstPtr info, xmlSecBitM
xmlSecAssert(info[ii].mask != 0);
if((mask & info[ii].mask) != 0) {
- fprintf(output, "<%s href=\"%s\">%s</%s>\n", name,
+ fprintf(output, "<%s href=\"%s\">%s</%s>\n", name,
info[ii].qnameHref, info[ii].qnameLocalPart, name);
}
}
fprintf(output, "</%sList>\n", name);
}
-
+
diff --git a/src/xpath.c b/src/xpath.c
index 8b0b4f8e..e67631e7 100644
--- a/src/xpath.c
+++ b/src/xpath.c
@@ -1,11 +1,11 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* XPath transform
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -29,20 +29,20 @@
/**************************************************************************
*
* xmlSecXPathHereFunction:
- * @ctxt: the ponter to XPath context.
- * @nargs: the arguments nubmer.
+ * @ctxt: the ponter to XPath context.
+ * @nargs: the arguments nubmer.
*
* The implementation of XPath "here()" function.
- * See xmlXPtrHereFunction() in xpointer.c. the only change is that
+ * See xmlXPtrHereFunction() in xpointer.c. the only change is that
* we return NodeSet instead of NodeInterval.
*
*****************************************************************************/
-static void
+static void
xmlSecXPathHereFunction(xmlXPathParserContextPtr ctxt, int nargs) {
CHECK_ARITY(0);
if((ctxt == NULL) || (ctxt->context == NULL) || (ctxt->context->here == NULL)) {
- XP_ERROR(XPTR_SYNTAX_ERROR);
+ XP_ERROR(XPTR_SYNTAX_ERROR);
}
valuePush(ctxt, xmlXPathNewNodeSet(ctxt->context->here));
}
@@ -52,8 +52,8 @@ xmlSecXPathHereFunction(xmlXPathParserContextPtr ctxt, int nargs) {
* XPath/XPointer data
*
*****************************************************************************/
-typedef struct _xmlSecXPathData xmlSecXPathData,
- *xmlSecXPathDataPtr;
+typedef struct _xmlSecXPathData xmlSecXPathData,
+ *xmlSecXPathDataPtr;
typedef enum {
xmlSecXPathDataTypeXPath,
xmlSecXPathDataTypeXPath2,
@@ -61,182 +61,182 @@ typedef enum {
} xmlSecXPathDataType;
struct _xmlSecXPathData {
- xmlSecXPathDataType type;
- xmlXPathContextPtr ctx;
- xmlChar* expr;
- xmlSecNodeSetOp nodeSetOp;
- xmlSecNodeSetType nodeSetType;
+ xmlSecXPathDataType type;
+ xmlXPathContextPtr ctx;
+ xmlChar* expr;
+ xmlSecNodeSetOp nodeSetOp;
+ xmlSecNodeSetType nodeSetType;
};
-static xmlSecXPathDataPtr xmlSecXPathDataCreate (xmlSecXPathDataType type);
-static void xmlSecXPathDataDestroy (xmlSecXPathDataPtr data);
-static int xmlSecXPathDataSetExpr (xmlSecXPathDataPtr data,
- const xmlChar* expr);
-static int xmlSecXPathDataRegisterNamespaces(xmlSecXPathDataPtr data,
- xmlNodePtr node);
-static int xmlSecXPathDataNodeRead (xmlSecXPathDataPtr data,
- xmlNodePtr node);
-static xmlSecNodeSetPtr xmlSecXPathDataExecute (xmlSecXPathDataPtr data,
- xmlDocPtr doc,
- xmlNodePtr hereNode);
-
-static xmlSecXPathDataPtr
+static xmlSecXPathDataPtr xmlSecXPathDataCreate (xmlSecXPathDataType type);
+static void xmlSecXPathDataDestroy (xmlSecXPathDataPtr data);
+static int xmlSecXPathDataSetExpr (xmlSecXPathDataPtr data,
+ const xmlChar* expr);
+static int xmlSecXPathDataRegisterNamespaces(xmlSecXPathDataPtr data,
+ xmlNodePtr node);
+static int xmlSecXPathDataNodeRead (xmlSecXPathDataPtr data,
+ xmlNodePtr node);
+static xmlSecNodeSetPtr xmlSecXPathDataExecute (xmlSecXPathDataPtr data,
+ xmlDocPtr doc,
+ xmlNodePtr hereNode);
+
+static xmlSecXPathDataPtr
xmlSecXPathDataCreate(xmlSecXPathDataType type) {
xmlSecXPathDataPtr data;
data = (xmlSecXPathDataPtr) xmlMalloc(sizeof(xmlSecXPathData));
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "sizeof(xmlSecXPathData)=%d",
- sizeof(xmlSecXPathData));
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecXPathData)=%d",
+ sizeof(xmlSecXPathData));
+ return(NULL);
}
- memset(data, 0, sizeof(xmlSecXPathData));
+ memset(data, 0, sizeof(xmlSecXPathData));
data->type = type;
data->nodeSetType = xmlSecNodeSetTree;
/* create xpath or xpointer context */
switch(data->type) {
- case xmlSecXPathDataTypeXPath:
- case xmlSecXPathDataTypeXPath2:
- data->ctx = xmlXPathNewContext(NULL); /* we'll set doc in the context later */
- if(data->ctx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlXPathNewContext",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXPathDataDestroy(data);
- return(NULL);
- }
- break;
- case xmlSecXPathDataTypeXPointer:
- data->ctx = xmlXPtrNewContext(NULL, NULL, NULL); /* we'll set doc in the context later */
- if(data->ctx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlXPtrNewContext",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXPathDataDestroy(data);
- return(NULL);
- }
- break;
+ case xmlSecXPathDataTypeXPath:
+ case xmlSecXPathDataTypeXPath2:
+ data->ctx = xmlXPathNewContext(NULL); /* we'll set doc in the context later */
+ if(data->ctx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlXPathNewContext",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(NULL);
+ }
+ break;
+ case xmlSecXPathDataTypeXPointer:
+ data->ctx = xmlXPtrNewContext(NULL, NULL, NULL); /* we'll set doc in the context later */
+ if(data->ctx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlXPtrNewContext",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(NULL);
+ }
+ break;
}
return(data);
}
-static void
+static void
xmlSecXPathDataDestroy(xmlSecXPathDataPtr data) {
- xmlSecAssert(data != NULL);
+ xmlSecAssert(data != NULL);
if(data->expr != NULL) {
- xmlFree(data->expr);
+ xmlFree(data->expr);
}
if(data->ctx != NULL) {
- xmlXPathFreeContext(data->ctx);
+ xmlXPathFreeContext(data->ctx);
}
- memset(data, 0, sizeof(xmlSecXPathData));
+ memset(data, 0, sizeof(xmlSecXPathData));
xmlFree(data);
}
-static int
+static int
xmlSecXPathDataSetExpr(xmlSecXPathDataPtr data, const xmlChar* expr) {
- xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(data->expr == NULL, -1);
xmlSecAssert2(data->ctx != NULL, -1);
- xmlSecAssert2(expr != NULL, -1);
-
+ xmlSecAssert2(expr != NULL, -1);
+
data->expr = xmlStrdup(expr);
if(data->expr == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_STRDUP_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_STRDUP_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
-static int
+static int
xmlSecXPathDataRegisterNamespaces(xmlSecXPathDataPtr data, xmlNodePtr node) {
xmlNodePtr cur;
xmlNsPtr ns;
int ret;
-
- xmlSecAssert2(data != NULL, -1);
+
+ xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(data->ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
/* register namespaces */
for(cur = node; cur != NULL; cur = cur->parent) {
- for(ns = cur->nsDef; ns != NULL; ns = ns->next) {
- /* check that we have no other namespace with same prefix already */
- if((ns->prefix != NULL) && (xmlXPathNsLookup(data->ctx, ns->prefix) == NULL)){
- ret = xmlXPathRegisterNs(data->ctx, ns->prefix, ns->href);
- if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlXPathRegisterNs",
- XMLSEC_ERRORS_R_XML_FAILED,
- "href=%s;prefix=%s",
- xmlSecErrorsSafeString(ns->href),
- xmlSecErrorsSafeString(ns->prefix));
- return(-1);
- }
- }
- }
+ for(ns = cur->nsDef; ns != NULL; ns = ns->next) {
+ /* check that we have no other namespace with same prefix already */
+ if((ns->prefix != NULL) && (xmlXPathNsLookup(data->ctx, ns->prefix) == NULL)){
+ ret = xmlXPathRegisterNs(data->ctx, ns->prefix, ns->href);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlXPathRegisterNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "href=%s;prefix=%s",
+ xmlSecErrorsSafeString(ns->href),
+ xmlSecErrorsSafeString(ns->prefix));
+ return(-1);
+ }
+ }
+ }
}
-
+
return(0);
}
-static int
+static int
xmlSecXPathDataNodeRead(xmlSecXPathDataPtr data, xmlNodePtr node) {
int ret;
-
- xmlSecAssert2(data != NULL, -1);
+
+ xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(data->expr == NULL, -1);
xmlSecAssert2(data->ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
ret = xmlSecXPathDataRegisterNamespaces (data, node);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXPathDataRegisterNamespaces",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXPathDataRegisterNamespaces",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
+
/* read node content and set expr */
data->expr = xmlNodeGetContent(node);
if(data->expr == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
-
+
return(0);
}
static xmlSecNodeSetPtr
xmlSecXPathDataExecute(xmlSecXPathDataPtr data, xmlDocPtr doc, xmlNodePtr hereNode) {
- xmlXPathObjectPtr xpathObj = NULL;
+ xmlXPathObjectPtr xpathObj = NULL;
xmlSecNodeSetPtr nodes;
- xmlSecAssert2(data != NULL, NULL);
+ xmlSecAssert2(data != NULL, NULL);
xmlSecAssert2(data->expr != NULL, NULL);
xmlSecAssert2(data->ctx != NULL, NULL);
xmlSecAssert2(doc != NULL, NULL);
@@ -244,56 +244,73 @@ xmlSecXPathDataExecute(xmlSecXPathDataPtr data, xmlDocPtr doc, xmlNodePtr hereNo
/* do not forget to set the doc */
data->ctx->doc = doc;
-
+
/* here function works only on the same document */
if(hereNode->doc == doc) {
- xmlXPathRegisterFunc(data->ctx, (xmlChar *)"here", xmlSecXPathHereFunction);
- data->ctx->here = hereNode;
- data->ctx->xptr = 1;
+ xmlXPathRegisterFunc(data->ctx, (xmlChar *)"here", xmlSecXPathHereFunction);
+ data->ctx->here = hereNode;
+ data->ctx->xptr = 1;
}
/* execute xpath or xpointer expression */
switch(data->type) {
- case xmlSecXPathDataTypeXPath:
- case xmlSecXPathDataTypeXPath2:
- xpathObj = xmlXPathEvalExpression(data->expr, data->ctx);
- if(xpathObj == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlXPathEvalExpression",
- XMLSEC_ERRORS_R_XML_FAILED,
- "expr=%s",
- xmlSecErrorsSafeString(data->expr));
- return(NULL);
- }
- break;
- case xmlSecXPathDataTypeXPointer:
- xpathObj = xmlXPtrEval(data->expr, data->ctx);
- if(xpathObj == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
+ case xmlSecXPathDataTypeXPath:
+ case xmlSecXPathDataTypeXPath2:
+ xpathObj = xmlXPathEvalExpression(data->expr, data->ctx);
+ if(xpathObj == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlXPathEvalExpression",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "expr=%s",
+ xmlSecErrorsSafeString(data->expr));
+ return(NULL);
+ }
+ break;
+ case xmlSecXPathDataTypeXPointer:
+ xpathObj = xmlXPtrEval(data->expr, data->ctx);
+ if(xpathObj == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlXPtrEval",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "expr=%s",
+ xmlSecErrorsSafeString(data->expr));
+ return(NULL);
+ }
+ break;
+ }
+
+ /* sometime LibXML2 returns an empty nodeset or just NULL, we want
+ to reserve NULL for our own purposes so we simply create an empty
+ node set here */
+ if(xpathObj->nodesetval == NULL) {
+ xpathObj->nodesetval = xmlXPathNodeSetCreate(NULL);
+ if(xpathObj->nodesetval == NULL) {
+ xmlXPathFreeObject(xpathObj);
+ xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
- "xmlXPtrEval",
- XMLSEC_ERRORS_R_XML_FAILED,
- "expr=%s",
- xmlSecErrorsSafeString(data->expr));
- return(NULL);
+ "xmlXPathNodeSetCreate",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "expr=%s",
+ xmlSecErrorsSafeString(data->expr));
+ return(NULL);
}
- break;
}
-
+
nodes = xmlSecNodeSetCreate(doc, xpathObj->nodesetval, data->nodeSetType);
if(nodes == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNodeSetCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "type=%d", data->nodeSetType);
- xmlXPathFreeObject(xpathObj);
- return(NULL);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNodeSetCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "type=%d", data->nodeSetType);
+ xmlXPathFreeObject(xpathObj);
+ return(NULL);
}
xpathObj->nodesetval = NULL;
- xmlXPathFreeObject(xpathObj);
-
+ xmlXPathFreeObject(xpathObj);
+
return(nodes);
}
@@ -303,34 +320,34 @@ xmlSecXPathDataExecute(xmlSecXPathDataPtr data, xmlDocPtr doc, xmlNodePtr hereNo
* XPath data list
*
*****************************************************************************/
-#define xmlSecXPathDataListId \
- xmlSecXPathDataListGetKlass()
-static xmlSecPtrListId xmlSecXPathDataListGetKlass (void);
-static xmlSecNodeSetPtr xmlSecXPathDataListExecute (xmlSecPtrListPtr dataList,
- xmlDocPtr doc,
- xmlNodePtr hereNode,
- xmlSecNodeSetPtr nodes);
+#define xmlSecXPathDataListId \
+ xmlSecXPathDataListGetKlass()
+static xmlSecPtrListId xmlSecXPathDataListGetKlass (void);
+static xmlSecNodeSetPtr xmlSecXPathDataListExecute (xmlSecPtrListPtr dataList,
+ xmlDocPtr doc,
+ xmlNodePtr hereNode,
+ xmlSecNodeSetPtr nodes);
static xmlSecPtrListKlass xmlSecXPathDataListKlass = {
BAD_CAST "xpath-data-list",
- NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
- (xmlSecPtrDestroyItemMethod)xmlSecXPathDataDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
- NULL, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
- NULL, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+ NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ (xmlSecPtrDestroyItemMethod)xmlSecXPathDataDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
};
-static xmlSecPtrListId
+static xmlSecPtrListId
xmlSecXPathDataListGetKlass(void) {
return(&xmlSecXPathDataListKlass);
}
-static xmlSecNodeSetPtr
-xmlSecXPathDataListExecute(xmlSecPtrListPtr dataList, xmlDocPtr doc,
- xmlNodePtr hereNode, xmlSecNodeSetPtr nodes) {
+static xmlSecNodeSetPtr
+xmlSecXPathDataListExecute(xmlSecPtrListPtr dataList, xmlDocPtr doc,
+ xmlNodePtr hereNode, xmlSecNodeSetPtr nodes) {
xmlSecXPathDataPtr data;
xmlSecNodeSetPtr res, tmp, tmp2;
xmlSecSize pos;
-
+
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), NULL);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) > 0, NULL);
xmlSecAssert2(doc != NULL, NULL);
@@ -339,45 +356,45 @@ xmlSecXPathDataListExecute(xmlSecPtrListPtr dataList, xmlDocPtr doc,
res = nodes;
for(pos = 0; pos < xmlSecPtrListGetSize(dataList); ++pos) {
data = (xmlSecXPathDataPtr)xmlSecPtrListGetItem(dataList, pos);
- if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListGetItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- if((res != NULL) && (res != nodes)) {
- xmlSecNodeSetDestroy(res);
- }
- return(NULL);
- }
-
- tmp = xmlSecXPathDataExecute(data, doc, hereNode);
- if(tmp == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecXPathDataExecute",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- if((res != NULL) && (res != nodes)) {
- xmlSecNodeSetDestroy(res);
- }
- return(NULL);
- }
-
- tmp2 = xmlSecNodeSetAdd(res, tmp, data->nodeSetOp);
- if(tmp2 == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNodeSetAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecNodeSetIntersection");
- if((res != NULL) && (res != nodes)) {
- xmlSecNodeSetDestroy(res);
- }
- xmlSecNodeSetDestroy(tmp);
- return(NULL);
- }
- res = tmp2;
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListGetItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ if((res != NULL) && (res != nodes)) {
+ xmlSecNodeSetDestroy(res);
+ }
+ return(NULL);
+ }
+
+ tmp = xmlSecXPathDataExecute(data, doc, hereNode);
+ if(tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXPathDataExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ if((res != NULL) && (res != nodes)) {
+ xmlSecNodeSetDestroy(res);
+ }
+ return(NULL);
+ }
+
+ tmp2 = xmlSecNodeSetAdd(res, tmp, data->nodeSetOp);
+ if(tmp2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNodeSetAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecNodeSetIntersection");
+ if((res != NULL) && (res != nodes)) {
+ xmlSecNodeSetDestroy(res);
+ }
+ xmlSecNodeSetDestroy(tmp);
+ return(NULL);
+ }
+ res = tmp2;
}
return(res);
@@ -388,43 +405,43 @@ xmlSecXPathDataListExecute(xmlSecPtrListPtr dataList, xmlDocPtr doc,
* XPath/XPointer transforms
*
* xmlSecXPathDataList is located after xmlSecTransform structure
- *
+ *
*****************************************************************************/
-#define xmlSecXPathTransformSize \
+#define xmlSecXPathTransformSize \
(sizeof(xmlSecTransform) + sizeof(xmlSecPtrList))
#define xmlSecXPathTransformGetDataList(transform) \
((xmlSecTransformCheckSize((transform), xmlSecXPathTransformSize)) ? \
- (xmlSecPtrListPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)) : \
- (xmlSecPtrListPtr)NULL)
+ (xmlSecPtrListPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)) : \
+ (xmlSecPtrListPtr)NULL)
#define xmlSecTransformXPathCheckId(transform) \
(xmlSecTransformCheckId((transform), xmlSecTransformXPathId) || \
xmlSecTransformCheckId((transform), xmlSecTransformXPath2Id) || \
xmlSecTransformCheckId((transform), xmlSecTransformXPointerId))
-static int xmlSecTransformXPathInitialize (xmlSecTransformPtr transform);
-static void xmlSecTransformXPathFinalize (xmlSecTransformPtr transform);
-static int xmlSecTransformXPathExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
+static int xmlSecTransformXPathInitialize (xmlSecTransformPtr transform);
+static void xmlSecTransformXPathFinalize (xmlSecTransformPtr transform);
+static int xmlSecTransformXPathExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
static int
-xmlSecTransformXPathInitialize(xmlSecTransformPtr transform) {
+xmlSecTransformXPathInitialize(xmlSecTransformPtr transform) {
xmlSecPtrListPtr dataList;
int ret;
-
+
xmlSecAssert2(xmlSecTransformXPathCheckId(transform), -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(dataList != NULL, -1);
-
+
ret = xmlSecPtrListInitialize(dataList, xmlSecXPathDataListId);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecPtrListInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
@@ -437,16 +454,16 @@ xmlSecTransformXPathFinalize(xmlSecTransformPtr transform) {
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId));
-
+
xmlSecPtrListFinalize(dataList);
}
static int
xmlSecTransformXPathExecute(xmlSecTransformPtr transform, int last,
- xmlSecTransformCtxPtr transformCtx) {
+ xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlDocPtr doc;
-
+
xmlSecAssert2(xmlSecTransformXPathCheckId(transform), -1);
xmlSecAssert2(transform->hereNode != NULL, -1);
xmlSecAssert2(transform->outNodes == NULL, -1);
@@ -460,71 +477,71 @@ xmlSecTransformXPathExecute(xmlSecTransformPtr transform, int last,
doc = (transform->inNodes != NULL) ? transform->inNodes->doc : transform->hereNode->doc;
xmlSecAssert2(doc != NULL, -1);
- transform->outNodes = xmlSecXPathDataListExecute(dataList, doc,
- transform->hereNode, transform->inNodes);
+ transform->outNodes = xmlSecXPathDataListExecute(dataList, doc,
+ transform->hereNode, transform->inNodes);
if(transform->outNodes == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecXPathDataExecute",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXPathDataExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
return(0);
}
/******************************************************************************
*
* XPath transform
- *
+ *
*****************************************************************************/
-static int xmlSecTransformXPathNodeRead (xmlSecTransformPtr transform,
- xmlNodePtr node,
- xmlSecTransformCtxPtr transformCtx);
+static int xmlSecTransformXPathNodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
static xmlSecTransformKlass xmlSecTransformXPathKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecXPathTransformSize, /* xmlSecSize objSize */
-
- xmlSecNameXPath, /* const xmlChar* name; */
- xmlSecXPathNs, /* const xmlChar* href; */
- xmlSecTransformUsageDSigTransform, /* xmlSecTransformUsage usage; */
-
- xmlSecTransformXPathInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecTransformXPathFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecTransformXPathNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- NULL, /* xmlSecTransformPushBinMethod pushBin; */
- NULL, /* xmlSecTransformPopBinMethod popBin; */
- xmlSecTransformDefaultPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
- xmlSecTransformDefaultPopXml, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecTransformXPathExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecXPathTransformSize, /* xmlSecSize objSize */
+
+ xmlSecNameXPath, /* const xmlChar* name; */
+ xmlSecXPathNs, /* const xmlChar* href; */
+ xmlSecTransformUsageDSigTransform, /* xmlSecTransformUsage usage; */
+
+ xmlSecTransformXPathInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformXPathFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecTransformXPathNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ NULL, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformDefaultPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ xmlSecTransformDefaultPopXml, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecTransformXPathExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecTransformXPathGetKlass:
*
- * The XPath transform evaluates given XPath expression and
- * intersects the result with the previous nodes set. See
+ * The XPath transform evaluates given XPath expression and
+ * intersects the result with the previous nodes set. See
* http://www.w3.org/TR/xmldsig-core/#sec-XPath for more details.
*
* Returns: XPath transform id.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformXPathGetKlass(void) {
return(&xmlSecTransformXPathKlass);
}
static const char xpathPattern[] = "(//. | //@* | //namespace::*)[boolean(%s)]";
-static int
+static int
xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
@@ -541,81 +558,81 @@ xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlS
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
/* there is only one required node */
- cur = xmlSecGetNextElementNode(node->children);
+ cur = xmlSecGetNextElementNode(node->children);
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPath, xmlSecDSigNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "expected=%s",
- xmlSecErrorsSafeString(xmlSecNodeXPath));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected=%s",
+ xmlSecErrorsSafeString(xmlSecNodeXPath));
+ return(-1);
}
-
+
/* read information from the node */
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecXPathDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXPathDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
ret = xmlSecXPathDataNodeRead(data, cur);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecXPathDataNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXPathDataDestroy(data);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXPathDataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(-1);
}
-
+
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXPathDataDestroy(data);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(-1);
}
-
+
/* create full XPath expression */
xmlSecAssert2(data->expr != NULL, -1);
- tmp = (xmlChar*) xmlMalloc(sizeof(xmlChar) * (xmlStrlen(data->expr) +
- strlen(xpathPattern) + 1));
+ tmp = (xmlChar*) xmlMalloc(sizeof(xmlChar) * (xmlStrlen(data->expr) +
+ strlen(xpathPattern) + 1));
if(tmp == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d",
- xmlStrlen(data->expr) + strlen(xpathPattern) + 1);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d",
+ xmlStrlen(data->expr) + strlen(xpathPattern) + 1);
+ return(-1);
}
- sprintf((char*)tmp, xpathPattern, (char*)data->expr);
+ sprintf((char*)tmp, xpathPattern, (char*)data->expr);
xmlFree(data->expr);
data->expr = tmp;
/* set correct node set type and operation */
- data->nodeSetOp = xmlSecNodeSetIntersection;
- data->nodeSetType = xmlSecNodeSetNormal;
-
+ data->nodeSetOp = xmlSecNodeSetIntersection;
+ data->nodeSetType = xmlSecNodeSetNormal;
+
/* check that we have nothing else */
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
@@ -623,51 +640,51 @@ xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlS
/******************************************************************************
*
* XPath2 transform
- *
+ *
*****************************************************************************/
-static int xmlSecTransformXPath2NodeRead (xmlSecTransformPtr transform,
- xmlNodePtr node,
- xmlSecTransformCtxPtr transformCtx);
+static int xmlSecTransformXPath2NodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
static xmlSecTransformKlass xmlSecTransformXPath2Klass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecXPathTransformSize, /* xmlSecSize objSize */
-
- xmlSecNameXPath2, /* const xmlChar* name; */
- xmlSecXPath2Ns, /* const xmlChar* href; */
- xmlSecTransformUsageDSigTransform, /* xmlSecTransformUsage usage; */
-
- xmlSecTransformXPathInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecTransformXPathFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecTransformXPath2NodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- NULL, /* xmlSecTransformPushBinMethod pushBin; */
- NULL, /* xmlSecTransformPopBinMethod popBin; */
- xmlSecTransformDefaultPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
- xmlSecTransformDefaultPopXml, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecTransformXPathExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecXPathTransformSize, /* xmlSecSize objSize */
+
+ xmlSecNameXPath2, /* const xmlChar* name; */
+ xmlSecXPath2Ns, /* const xmlChar* href; */
+ xmlSecTransformUsageDSigTransform, /* xmlSecTransformUsage usage; */
+
+ xmlSecTransformXPathInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformXPathFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecTransformXPath2NodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ NULL, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformDefaultPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ xmlSecTransformDefaultPopXml, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecTransformXPathExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecTransformXPath2GetKlass:
- *
+ *
* The XPath2 transform (http://www.w3.org/TR/xmldsig-filter2/).
*
* Returns: XPath2 transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformXPath2GetKlass(void) {
return(&xmlSecTransformXPath2Klass);
}
-static int
+static int
xmlSecTransformXPath2NodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
@@ -682,85 +699,85 @@ xmlSecTransformXPath2NodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xml
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
-
+
/* There are only xpath nodes */
- cur = xmlSecGetNextElementNode(node->children);
+ cur = xmlSecGetNextElementNode(node->children);
while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeXPath2, xmlSecXPath2Ns)) {
/* read information from the node */
- data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath2);
- if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecXPathDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath2);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXPathDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
ret = xmlSecXPathDataNodeRead(data, cur);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecXPathDataNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXPathDataDestroy(data);
- return(-1);
- }
-
- /* append it to the list */
- ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXPathDataDestroy(data);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXPathDataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(-1);
+ }
- /* set correct node set type and operation */
- data->nodeSetType = xmlSecNodeSetTree;
- op = xmlGetProp(cur, xmlSecAttrFilter);
- if(op == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecAttrFilter),
- XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
+ /* append it to the list */
+ ret = xmlSecPtrListAdd(dataList, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(-1);
+ }
+
+ /* set correct node set type and operation */
+ data->nodeSetType = xmlSecNodeSetTree;
+ op = xmlGetProp(cur, xmlSecAttrFilter);
+ if(op == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecAttrFilter),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
if(xmlStrEqual(op, xmlSecXPath2FilterIntersect)) {
- data->nodeSetOp = xmlSecNodeSetIntersection;
- } else if(xmlStrEqual(op, xmlSecXPath2FilterSubtract)) {
- data->nodeSetOp = xmlSecNodeSetSubtraction;
- } else if(xmlStrEqual(op, xmlSecXPath2FilterUnion)) {
- data->nodeSetOp = xmlSecNodeSetUnion;
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecAttrFilter),
- XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
- "filter=%s",
- xmlSecErrorsSafeString(op));
- xmlFree(op);
- return(-1);
- }
- xmlFree(op);
-
- cur = xmlSecGetNextElementNode(cur->next);
+ data->nodeSetOp = xmlSecNodeSetIntersection;
+ } else if(xmlStrEqual(op, xmlSecXPath2FilterSubtract)) {
+ data->nodeSetOp = xmlSecNodeSetSubtraction;
+ } else if(xmlStrEqual(op, xmlSecXPath2FilterUnion)) {
+ data->nodeSetOp = xmlSecNodeSetUnion;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecAttrFilter),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "filter=%s",
+ xmlSecErrorsSafeString(op));
+ xmlFree(op);
+ return(-1);
+ }
+ xmlFree(op);
+
+ cur = xmlSecGetNextElementNode(cur->next);
}
/* check that we have nothing else */
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
@@ -768,65 +785,65 @@ xmlSecTransformXPath2NodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xml
/******************************************************************************
*
* XPointer transform
- *
+ *
*****************************************************************************/
-static int xmlSecTransformXPointerNodeRead (xmlSecTransformPtr transform,
- xmlNodePtr node,
- xmlSecTransformCtxPtr transformCtx);
+static int xmlSecTransformXPointerNodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
static xmlSecTransformKlass xmlSecTransformXPointerKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecXPathTransformSize, /* xmlSecSize objSize */
-
- xmlSecNameXPointer, /* const xmlChar* name; */
- xmlSecXPointerNs, /* const xmlChar* href; */
- xmlSecTransformUsageDSigTransform, /* xmlSecTransformUsage usage; */
-
- xmlSecTransformXPathInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecTransformXPathFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecTransformXPointerNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- NULL, /* xmlSecTransformPushBinMethod pushBin; */
- NULL, /* xmlSecTransformPopBinMethod popBin; */
- xmlSecTransformDefaultPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
- xmlSecTransformDefaultPopXml, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecTransformXPathExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecXPathTransformSize, /* xmlSecSize objSize */
+
+ xmlSecNameXPointer, /* const xmlChar* name; */
+ xmlSecXPointerNs, /* const xmlChar* href; */
+ xmlSecTransformUsageDSigTransform, /* xmlSecTransformUsage usage; */
+
+ xmlSecTransformXPathInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformXPathFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecTransformXPointerNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ NULL, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformDefaultPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ xmlSecTransformDefaultPopXml, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecTransformXPathExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecTransformXPointerGetKlass:
- *
- * The XPointer transform klass
+ *
+ * The XPointer transform klass
* (http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt).
*
* Returns: XPointer transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformXPointerGetKlass(void) {
return(&xmlSecTransformXPointerKlass);
}
/**
- * xmlSecTransformXPointerSetExpr:
- * @transform: the pointer to XPointer transform.
- * @expr: the XPointer expression.
- * @nodeSetType: the type of evaluated XPointer expression.
- * @hereNode: the pointer to "here" node.
+ * xmlSecTransformXPointerSetExpr:
+ * @transform: the pointer to XPointer transform.
+ * @expr: the XPointer expression.
+ * @nodeSetType: the type of evaluated XPointer expression.
+ * @hereNode: the pointer to "here" node.
*
* Sets the XPointer expression for an XPointer @transform.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
-xmlSecTransformXPointerSetExpr(xmlSecTransformPtr transform, const xmlChar* expr,
- xmlSecNodeSetType nodeSetType, xmlNodePtr hereNode) {
+int
+xmlSecTransformXPointerSetExpr(xmlSecTransformPtr transform, const xmlChar* expr,
+ xmlSecNodeSetType nodeSetType, xmlNodePtr hereNode) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
int ret;
@@ -834,66 +851,66 @@ xmlSecTransformXPointerSetExpr(xmlSecTransformPtr transform, const xmlChar* expr
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1);
xmlSecAssert2(transform->hereNode == NULL, -1);
xmlSecAssert2(expr != NULL, -1);
- xmlSecAssert2(hereNode != NULL, -1);
+ xmlSecAssert2(hereNode != NULL, -1);
transform->hereNode = hereNode;
-
+
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecXPathDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXPathDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ret = xmlSecXPathDataRegisterNamespaces(data, hereNode);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecXPathDataRegisterNamespaces",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXPathDataDestroy(data);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXPathDataRegisterNamespaces",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(-1);
+ }
ret = xmlSecXPathDataSetExpr(data, expr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecXPathDataSetExpr",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXPathDataDestroy(data);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXPathDataSetExpr",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(-1);
}
-
+
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXPathDataDestroy(data);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(-1);
}
/* set correct node set type and operation */
- data->nodeSetOp = xmlSecNodeSetIntersection;
- data->nodeSetType = nodeSetType;
-
+ data->nodeSetOp = xmlSecNodeSetIntersection;
+ data->nodeSetType = nodeSetType;
+
return(0);
}
-static int
+static int
xmlSecTransformXPointerNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
@@ -909,64 +926,64 @@ xmlSecTransformXPointerNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, x
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
/* there is only one required node */
- cur = xmlSecGetNextElementNode(node->children);
+ cur = xmlSecGetNextElementNode(node->children);
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPointer, xmlSecXPointerNs))) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "expected=%s",
- xmlSecErrorsSafeString(xmlSecNodeXPath));
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected=%s",
+ xmlSecErrorsSafeString(xmlSecNodeXPath));
+ return(-1);
}
-
+
/* read information from the node */
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecXPathDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXPathDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
ret = xmlSecXPathDataNodeRead(data, cur);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecXPathDataNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXPathDataDestroy(data);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXPathDataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(-1);
}
-
+
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecXPathDataDestroy(data);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(-1);
}
/* set correct node set type and operation */
- data->nodeSetOp = xmlSecNodeSetIntersection;
- data->nodeSetType = xmlSecNodeSetTree;
-
+ data->nodeSetOp = xmlSecNodeSetIntersection;
+ data->nodeSetType = xmlSecNodeSetTree;
+
/* check that we have nothing else */
- cur = xmlSecGetNextElementNode(cur->next);
+ cur = xmlSecGetNextElementNode(cur->next);
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
@@ -975,78 +992,78 @@ xmlSecTransformXPointerNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, x
/******************************************************************************
*
* Visa3DHack transform
- *
+ *
*****************************************************************************/
-#define xmlSecVisa3DHackTransformSize \
+#define xmlSecVisa3DHackTransformSize \
(sizeof(xmlSecTransform) + sizeof(xmlChar*))
#define xmlSecVisa3DHackTransformGetIDPtr(transform) \
((xmlSecTransformCheckSize((transform), xmlSecVisa3DHackTransformSize)) ? \
- (xmlChar**)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)) : \
- (xmlChar**)NULL)
+ (xmlChar**)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)) : \
+ (xmlChar**)NULL)
#define xmlSecTransformVisa3DHackCheckId(transform) \
(xmlSecTransformCheckId((transform), xmlSecTransformVisa3DHackId))
-static int xmlSecTransformVisa3DHackInitialize (xmlSecTransformPtr transform);
-static void xmlSecTransformVisa3DHackFinalize (xmlSecTransformPtr transform);
-static int xmlSecTransformVisa3DHackExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
+static int xmlSecTransformVisa3DHackInitialize (xmlSecTransformPtr transform);
+static void xmlSecTransformVisa3DHackFinalize (xmlSecTransformPtr transform);
+static int xmlSecTransformVisa3DHackExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
static xmlSecTransformKlass xmlSecTransformVisa3DHackKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecVisa3DHackTransformSize, /* xmlSecSize objSize */
-
- BAD_CAST "Visa3DHackTransform", /* const xmlChar* name; */
- NULL, /* const xmlChar* href; */
- xmlSecTransformUsageDSigTransform, /* xmlSecTransformUsage usage; */
-
- xmlSecTransformVisa3DHackInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecTransformVisa3DHackFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- NULL, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- NULL, /* xmlSecTransformPushBinMethod pushBin; */
- NULL, /* xmlSecTransformPopBinMethod popBin; */
- xmlSecTransformDefaultPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
- xmlSecTransformDefaultPopXml, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecTransformVisa3DHackExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecVisa3DHackTransformSize, /* xmlSecSize objSize */
+
+ BAD_CAST "Visa3DHackTransform", /* const xmlChar* name; */
+ NULL, /* const xmlChar* href; */
+ xmlSecTransformUsageDSigTransform, /* xmlSecTransformUsage usage; */
+
+ xmlSecTransformVisa3DHackInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformVisa3DHackFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ NULL, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformDefaultPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ xmlSecTransformDefaultPopXml, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecTransformVisa3DHackExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
/**
* xmlSecTransformVisa3DHackGetKlass:
- *
- * The Visa3DHack transform klass. The only reason why we need this
- * is Visa3D protocol. It doesn't follow XML/XPointer/XMLDSig specs and allows
- * invalid XPointer expressions in the URI attribute. Since we couldn't evaluate
- * such expressions thru XPath/XPointer engine, we need to have this hack here.
+ *
+ * The Visa3DHack transform klass. The only reason why we need this
+ * is Visa3D protocol. It doesn't follow XML/XPointer/XMLDSig specs and allows
+ * invalid XPointer expressions in the URI attribute. Since we couldn't evaluate
+ * such expressions thru XPath/XPointer engine, we need to have this hack here.
*
* Returns: Visa3DHack transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformVisa3DHackGetKlass(void) {
return(&xmlSecTransformVisa3DHackKlass);
}
/**
* xmlSecTransformVisa3DHackSetID:
- * @transform: the pointer to Visa3DHack transform.
- * @id: the ID value.
+ * @transform: the pointer to Visa3DHack transform.
+ * @id: the ID value.
*
* Sets the ID value for an Visa3DHack @transform.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
-int
+int
xmlSecTransformVisa3DHackSetID(xmlSecTransformPtr transform, const xmlChar* id) {
xmlChar** idPtr;
-
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformVisa3DHackId), -1);
xmlSecAssert2(id != NULL, -1);
@@ -1056,19 +1073,19 @@ xmlSecTransformVisa3DHackSetID(xmlSecTransformPtr transform, const xmlChar* id)
(*idPtr) = xmlStrdup(id);
if((*idPtr) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlStrdup",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
return(0);
}
static int
-xmlSecTransformVisa3DHackInitialize(xmlSecTransformPtr transform) {
+xmlSecTransformVisa3DHackInitialize(xmlSecTransformPtr transform) {
xmlSecAssert2(xmlSecTransformVisa3DHackCheckId(transform), -1);
return(0);
@@ -1082,21 +1099,21 @@ xmlSecTransformVisa3DHackFinalize(xmlSecTransformPtr transform) {
idPtr = xmlSecVisa3DHackTransformGetIDPtr(transform);
xmlSecAssert(idPtr != NULL);
-
+
if((*idPtr) != NULL) {
- xmlFree((*idPtr));
+ xmlFree((*idPtr));
}
(*idPtr) = NULL;
}
static int
xmlSecTransformVisa3DHackExecute(xmlSecTransformPtr transform, int last,
- xmlSecTransformCtxPtr transformCtx) {
+ xmlSecTransformCtxPtr transformCtx) {
xmlChar** idPtr;
xmlDocPtr doc;
xmlAttrPtr attr;
xmlNodeSetPtr nodeSet;
-
+
xmlSecAssert2(xmlSecTransformVisa3DHackCheckId(transform), -1);
xmlSecAssert2(transform->outNodes == NULL, -1);
xmlSecAssert2(last != 0, -1);
@@ -1111,36 +1128,36 @@ xmlSecTransformVisa3DHackExecute(xmlSecTransformPtr transform, int last,
attr = xmlGetID(doc, (*idPtr));
if((attr == NULL) || (attr->parent == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlGetID",
- XMLSEC_ERRORS_R_XML_FAILED,
- "id=\"%s\"",
- xmlSecErrorsSafeString((*idPtr)));
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlGetID",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "id=\"%s\"",
+ xmlSecErrorsSafeString((*idPtr)));
+ return(-1);
+ }
nodeSet = xmlXPathNodeSetCreate(attr->parent);
if(nodeSet == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlXPathNodeSetCreate",
- XMLSEC_ERRORS_R_XML_FAILED,
- "id=\"%s\"",
- xmlSecErrorsSafeString((*idPtr)));
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlXPathNodeSetCreate",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "id=\"%s\"",
+ xmlSecErrorsSafeString((*idPtr)));
+ return(-1);
+ }
transform->outNodes = xmlSecNodeSetCreate(doc, nodeSet, xmlSecNodeSetTreeWithoutComments);
if(transform->outNodes == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecNodeSetCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlXPathFreeNodeSet(nodeSet);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNodeSetCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlXPathFreeNodeSet(nodeSet);
+ return(-1);
+ }
return(0);
}
diff --git a/src/xslt.c b/src/xslt.c
index e5e52685..0353a251 100644
--- a/src/xslt.c
+++ b/src/xslt.c
@@ -1,11 +1,11 @@
-/**
+/**
* XML Security Library (http://www.aleksey.com/xmlsec).
*
* XSLT Transform (http://www.w3.org/TR/xmldsig-core/#sec-XSLT)
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -14,7 +14,7 @@
#include <stdlib.h>
#include <string.h>
-
+
#include <libxml/tree.h>
#include <libxslt/xslt.h>
#include <libxslt/xsltInternals.h>
@@ -28,122 +28,173 @@
#include <xmlsec/keys.h>
#include <xmlsec/parser.h>
#include <xmlsec/errors.h>
+#include <xmlsec/private/xslt.h>
/**************************************************************************
*
* Internal xslt ctx
*
*****************************************************************************/
-typedef struct _xmlSecXsltCtx xmlSecXsltCtx, *xmlSecXsltCtxPtr;
+typedef struct _xmlSecXsltCtx xmlSecXsltCtx, *xmlSecXsltCtxPtr;
struct _xmlSecXsltCtx {
- xsltStylesheetPtr xslt;
- xmlParserCtxtPtr parserCtx;
-};
+ xsltStylesheetPtr xslt;
+ xmlParserCtxtPtr parserCtx;
+};
/****************************************************************************
*
* XSLT transform
*
* xmlSecXsltCtx is located after xmlSecTransform
- *
+ *
***************************************************************************/
-#define xmlSecXsltSize \
- (sizeof(xmlSecTransform) + sizeof(xmlSecXsltCtx))
+#define xmlSecXsltSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecXsltCtx))
#define xmlSecXsltGetCtx(transform) \
((xmlSecXsltCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-static int xmlSecXsltInitialize (xmlSecTransformPtr transform);
-static void xmlSecXsltFinalize (xmlSecTransformPtr transform);
-static int xmlSecXsltReadNode (xmlSecTransformPtr transform,
- xmlNodePtr node,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecXsltPushBin (xmlSecTransformPtr transform,
- const xmlSecByte* data,
- xmlSecSize dataSize,
- int final,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecXsltExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecXslProcess (xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- xsltStylesheetPtr stylesheet);
+static int xmlSecXsltInitialize (xmlSecTransformPtr transform);
+static void xmlSecXsltFinalize (xmlSecTransformPtr transform);
+static int xmlSecXsltReadNode (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecXsltPushBin (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ int final,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecXsltExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecXslProcess (xmlSecXsltCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out);
+static xmlDocPtr xmlSecXsApplyStylesheet (xmlSecXsltCtxPtr ctx,
+ xmlDocPtr doc);
+
static xmlSecTransformKlass xmlSecXsltKlass = {
/* klass/object sizes */
- sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
- xmlSecXsltSize, /* xmlSecSize objSize */
-
- xmlSecNameXslt, /* const xmlChar* name; */
- xmlSecHrefXslt, /* const xmlChar* href; */
- xmlSecTransformUsageDSigTransform, /* xmlSecAlgorithmUsage usage; */
-
- xmlSecXsltInitialize, /* xmlSecTransformInitializeMethod initialize; */
- xmlSecXsltFinalize, /* xmlSecTransformFinalizeMethod finalize; */
- xmlSecXsltReadNode, /* xmlSecTransformNodeReadMethod readNode; */
- NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
- NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
- NULL, /* xmlSecTransformSetKeyMethod setKey; */
- NULL, /* xmlSecTransformValidateMethod validate; */
- xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
- xmlSecXsltPushBin, /* xmlSecTransformPushBinMethod pushBin; */
- xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
- NULL, /* xmlSecTransformPushXmlMethod pushXml; */
- NULL, /* xmlSecTransformPopXmlMethod popXml; */
- xmlSecXsltExecute, /* xmlSecTransformExecuteMethod execute; */
-
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecXsltSize, /* xmlSecSize objSize */
+
+ xmlSecNameXslt, /* const xmlChar* name; */
+ xmlSecHrefXslt, /* const xmlChar* href; */
+ xmlSecTransformUsageDSigTransform, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecXsltInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecXsltFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecXsltReadNode, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecXsltPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecXsltExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
};
+
+#define XMLSEC_XSLT_COPY_SEC_PREF(src, dst, pref) \
+ xsltSetSecurityPrefs((dst), (pref), xsltGetSecurityPrefs((src), (pref)))
+
+static xsltSecurityPrefsPtr g_xslt_default_security_prefs = NULL;
+
+void xmlSecTransformXsltInitialize(void) {
+ xmlSecAssert(g_xslt_default_security_prefs == NULL);
+
+ g_xslt_default_security_prefs = xsltNewSecurityPrefs();
+ xmlSecAssert(g_xslt_default_security_prefs != NULL);
+ xsltSetSecurityPrefs(g_xslt_default_security_prefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(g_xslt_default_security_prefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(g_xslt_default_security_prefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(g_xslt_default_security_prefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(g_xslt_default_security_prefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+}
+
+void xmlSecTransformXsltShutdown(void) {
+ if(g_xslt_default_security_prefs != NULL) {
+ xsltFreeSecurityPrefs(g_xslt_default_security_prefs);
+ g_xslt_default_security_prefs = NULL;
+ }
+}
+
+/**
+ * xmlSecTransformXsltSetDefaultSecurityPrefs:
+ * @sec: the new security preferences
+ *
+ * Sets the new default security preferences. The xmlsec default security policy is
+ * to disable everything.
+ */
+XMLSEC_EXPORT void
+xmlSecTransformXsltSetDefaultSecurityPrefs(xsltSecurityPrefsPtr sec) {
+ xmlSecAssert(sec != NULL);
+ xmlSecAssert(g_xslt_default_security_prefs != NULL);
+
+ /* copy prefs */
+ XMLSEC_XSLT_COPY_SEC_PREF(sec, g_xslt_default_security_prefs, XSLT_SECPREF_READ_FILE);
+ XMLSEC_XSLT_COPY_SEC_PREF(sec, g_xslt_default_security_prefs, XSLT_SECPREF_WRITE_FILE);
+ XMLSEC_XSLT_COPY_SEC_PREF(sec, g_xslt_default_security_prefs, XSLT_SECPREF_CREATE_DIRECTORY);
+ XMLSEC_XSLT_COPY_SEC_PREF(sec, g_xslt_default_security_prefs, XSLT_SECPREF_READ_NETWORK);
+ XMLSEC_XSLT_COPY_SEC_PREF(sec, g_xslt_default_security_prefs, XSLT_SECPREF_WRITE_NETWORK);
+}
+
/**
* xmlSecTransformXsltGetKlass:
*
* XSLT transform klass (http://www.w3.org/TR/xmldsig-core/#sec-XSLT):
*
- * The normative specification for XSL Transformations is [XSLT].
- * Specification of a namespace-qualified stylesheet element, which MUST be
- * the sole child of the Transform element, indicates that the specified style
- * sheet should be used. Whether this instantiates in-line processing of local
- * XSLT declarations within the resource is determined by the XSLT processing
- * model; the ordered application of multiple stylesheet may require multiple
- * Transforms. No special provision is made for the identification of a remote
- * stylesheet at a given URI because it can be communicated via an xsl:include
+ * The normative specification for XSL Transformations is [XSLT].
+ * Specification of a namespace-qualified stylesheet element, which MUST be
+ * the sole child of the Transform element, indicates that the specified style
+ * sheet should be used. Whether this instantiates in-line processing of local
+ * XSLT declarations within the resource is determined by the XSLT processing
+ * model; the ordered application of multiple stylesheet may require multiple
+ * Transforms. No special provision is made for the identification of a remote
+ * stylesheet at a given URI because it can be communicated via an xsl:include
* or xsl:import within the stylesheet child of the Transform.
*
- * This transform requires an octet stream as input. If the actual input is an
- * XPath node-set, then the signature application should attempt to convert it
- * to octets (apply Canonical XML]) as described in the Reference Processing
+ * This transform requires an octet stream as input. If the actual input is an
+ * XPath node-set, then the signature application should attempt to convert it
+ * to octets (apply Canonical XML]) as described in the Reference Processing
* Model (section 4.3.3.2).]
*
- * The output of this transform is an octet stream. The processing rules for
+ * The output of this transform is an octet stream. The processing rules for
* the XSL style sheet or transform element are stated in the XSLT specification
- * [XSLT]. We RECOMMEND that XSLT transform authors use an output method of xml
- * for XML and HTML. As XSLT implementations do not produce consistent
- * serializations of their output, we further RECOMMEND inserting a transform
- * after the XSLT transform to canonicalize the output. These steps will help
- * to ensure interoperability of the resulting signatures among applications
- * that support the XSLT transform. Note that if the output is actually HTML,
+ * [XSLT]. We RECOMMEND that XSLT transform authors use an output method of xml
+ * for XML and HTML. As XSLT implementations do not produce consistent
+ * serializations of their output, we further RECOMMEND inserting a transform
+ * after the XSLT transform to canonicalize the output. These steps will help
+ * to ensure interoperability of the resulting signatures among applications
+ * that support the XSLT transform. Note that if the output is actually HTML,
* then the result of these steps is logically equivalent [XHTML].
*
* Returns: pointer to XSLT transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecTransformXsltGetKlass(void) {
return(&xmlSecXsltKlass);
}
-
-static int
-xmlSecXsltInitialize(xmlSecTransformPtr transform) {
+
+static int
+xmlSecXsltInitialize(xmlSecTransformPtr transform) {
xmlSecXsltCtxPtr ctx;
-
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXsltId), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecXsltSize), -1);
ctx = xmlSecXsltGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
-
+
/* initialize context */
memset(ctx, 0, sizeof(xmlSecXsltCtx));
+
+ /* done */
return(0);
}
@@ -156,12 +207,12 @@ xmlSecXsltFinalize(xmlSecTransformPtr transform) {
ctx = xmlSecXsltGetCtx(transform);
xmlSecAssert(ctx != NULL);
-
+
if(ctx->xslt != NULL) {
- xsltFreeStylesheet(ctx->xslt);
+ xsltFreeStylesheet(ctx->xslt);
}
if(ctx->parserCtx != NULL) {
- xmlFreeParserCtxt(ctx->parserCtx);
+ xmlFreeParserCtxt(ctx->parserCtx);
}
memset(ctx, 0, sizeof(xmlSecXsltCtx));
}
@@ -172,70 +223,70 @@ xmlSecXsltReadNode(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransfor
xmlBufferPtr buffer;
xmlDocPtr doc;
xmlNodePtr cur;
-
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXsltId), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecXsltSize), -1);
- xmlSecAssert2(node != NULL, -1);
- xmlSecAssert2(transformCtx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecXsltGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->xslt == NULL, -1);
- /* read content in the buffer */
+ /* read content in the buffer */
buffer = xmlBufferCreate();
if(buffer == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlBufferCreate",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlBufferCreate",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
cur = node->children;
while(cur != NULL) {
- xmlNodeDump(buffer, cur->doc, cur, 0, 0);
- cur = cur->next;
+ xmlNodeDump(buffer, cur->doc, cur, 0, 0);
+ cur = cur->next;
}
-
+
/* parse the buffer */
- doc = xmlSecParseMemory(xmlBufferContent(buffer),
- xmlBufferLength(buffer), 1);
+ doc = xmlSecParseMemory(xmlBufferContent(buffer),
+ xmlBufferLength(buffer), 1);
if(doc == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecParseMemory",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlBufferFree(buffer);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecParseMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlBufferFree(buffer);
+ return(-1);
}
- /* pre-process stylesheet */
+ /* pre-process stylesheet */
ctx->xslt = xsltParseStylesheetDoc(doc);
if(ctx->xslt == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xsltParseStylesheetDoc",
- XMLSEC_ERRORS_R_XSLT_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- /* after parsing stylesheet doc is assigned
- * to it and will be freed by xsltFreeStylesheet() */
- xmlFreeDoc(doc);
- xmlBufferFree(buffer);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xsltParseStylesheetDoc",
+ XMLSEC_ERRORS_R_XSLT_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ /* after parsing stylesheet doc is assigned
+ * to it and will be freed by xsltFreeStylesheet() */
+ xmlFreeDoc(doc);
+ xmlBufferFree(buffer);
+ return(-1);
}
-
+
xmlBufferFree(buffer);
return(0);
}
-static int
+static int
xmlSecXsltPushBin(xmlSecTransformPtr transform, const xmlSecByte* data,
- xmlSecSize dataSize, int final, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize dataSize, int final, xmlSecTransformCtxPtr transformCtx) {
xmlSecXsltCtxPtr ctx;
int ret;
-
+
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXsltId), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecXsltSize), -1);
xmlSecAssert2(transformCtx != NULL, -1);
@@ -246,136 +297,136 @@ xmlSecXsltPushBin(xmlSecTransformPtr transform, const xmlSecByte* data,
/* check/update current transform status */
if(transform->status == xmlSecTransformStatusNone) {
- xmlSecAssert2(ctx->parserCtx == NULL, -1);
-
- ctx->parserCtx = xmlCreatePushParserCtxt(NULL, NULL, NULL, 0, NULL);
- if(ctx->parserCtx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlCreatePushParserCtxt",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ xmlSecAssert2(ctx->parserCtx == NULL, -1);
+
+ ctx->parserCtx = xmlCreatePushParserCtxt(NULL, NULL, NULL, 0, NULL);
+ if(ctx->parserCtx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlCreatePushParserCtxt",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
/* required for c14n! */
- ctx->parserCtx->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
- ctx->parserCtx->replaceEntities = 1;
+ ctx->parserCtx->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ ctx->parserCtx->replaceEntities = 1;
- transform->status = xmlSecTransformStatusWorking;
+ transform->status = xmlSecTransformStatusWorking;
} else if(transform->status == xmlSecTransformStatusFinished) {
- return(0);
+ return(0);
} else if(transform->status != xmlSecTransformStatusWorking) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
xmlSecAssert2(transform->status == xmlSecTransformStatusWorking, -1);
xmlSecAssert2(ctx->parserCtx != NULL, -1);
-
+
/* push data to the input buffer */
if((data != NULL) && (dataSize > 0)) {
- ret = xmlParseChunk(ctx->parserCtx, (const char*)data, dataSize, 0);
- if(ret != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlParseChunk",
- XMLSEC_ERRORS_R_XML_FAILED,
- "size=%d", dataSize);
- return(-1);
- }
- }
-
+ ret = xmlParseChunk(ctx->parserCtx, (const char*)data, dataSize, 0);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlParseChunk",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "size=%d", dataSize);
+ return(-1);
+ }
+ }
+
/* finish parsing, apply xslt transforms and push to next in the chain */
if(final != 0) {
xmlDocPtr docIn;
xmlDocPtr docOut;
xmlOutputBufferPtr output;
- /* finalize */
- ret = xmlParseChunk(ctx->parserCtx, NULL, 0, 1);
- if((ret != 0) || (ctx->parserCtx->myDoc == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlParseChunk",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* todo: check that document is well formed? */
- docIn = ctx->parserCtx->myDoc;
- ctx->parserCtx->myDoc = NULL;
-
- docOut = xsltApplyStylesheet(ctx->xslt, docIn, NULL);
- if(docOut == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xsltApplyStylesheet",
- XMLSEC_ERRORS_R_XSLT_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFreeDoc(docIn);
- return(-1);
- }
- xmlFreeDoc(docIn);
-
- if(transform->next != NULL) {
- output = xmlSecTransformCreateOutputBuffer(transform->next, transformCtx);
- if(output == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecTransformCreateOutputBuffer",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFreeDoc(docOut);
- return(-1);
- }
- } else {
- output = xmlSecBufferCreateOutputBuffer(&(transform->outBuf));
- if(output == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferCreateOutputBuffer",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFreeDoc(docOut);
- return(-1);
- }
- }
-
- ret = xsltSaveResultTo(output, docOut, ctx->xslt);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xsltSaveResultTo",
- XMLSEC_ERRORS_R_XSLT_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlOutputBufferClose(output);
- xmlFreeDoc(docOut);
- return(-1);
- }
- ret = xmlOutputBufferClose(output);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlOutputBufferClose",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFreeDoc(docOut);
- return(-1);
- }
- xmlFreeDoc(docOut);
-
- transform->status = xmlSecTransformStatusFinished;
+ /* finalize */
+ ret = xmlParseChunk(ctx->parserCtx, NULL, 0, 1);
+ if((ret != 0) || (ctx->parserCtx->myDoc == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlParseChunk",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* todo: check that document is well formed? */
+ docIn = ctx->parserCtx->myDoc;
+ ctx->parserCtx->myDoc = NULL;
+
+ docOut = xmlSecXsApplyStylesheet(ctx, docIn);
+ if(docOut == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXsApplyStylesheet",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(docIn);
+ return(-1);
+ }
+ xmlFreeDoc(docIn);
+
+ if(transform->next != NULL) {
+ output = xmlSecTransformCreateOutputBuffer(transform->next, transformCtx);
+ if(output == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformCreateOutputBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(docOut);
+ return(-1);
+ }
+ } else {
+ output = xmlSecBufferCreateOutputBuffer(&(transform->outBuf));
+ if(output == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferCreateOutputBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(docOut);
+ return(-1);
+ }
+ }
+
+ ret = xsltSaveResultTo(output, docOut, ctx->xslt);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xsltSaveResultTo",
+ XMLSEC_ERRORS_R_XSLT_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlOutputBufferClose(output);
+ xmlFreeDoc(docOut);
+ return(-1);
+ }
+ ret = xmlOutputBufferClose(output);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlOutputBufferClose",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(docOut);
+ return(-1);
+ }
+ xmlFreeDoc(docOut);
+
+ transform->status = xmlSecTransformStatusFinished;
}
return(0);
}
-static int
+static int
xmlSecXsltExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecXsltCtxPtr ctx;
xmlSecBufferPtr in, out;
@@ -393,57 +444,57 @@ xmlSecXsltExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr
in = &(transform->inBuf);
out = &(transform->outBuf);
inSize = xmlSecBufferGetSize(in);
- outSize = xmlSecBufferGetSize(out);
-
+ outSize = xmlSecBufferGetSize(out);
+
if(transform->status == xmlSecTransformStatusNone) {
- transform->status = xmlSecTransformStatusWorking;
- }
-
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
- /* just do nothing */
- xmlSecAssert2(outSize == 0, -1);
+ /* just do nothing */
+ xmlSecAssert2(outSize == 0, -1);
} else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
- xmlSecAssert2(outSize == 0, -1);
-
- ret = xmlSecXslProcess(in, out, ctx->xslt);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecXslProcess",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
-
- transform->status = xmlSecTransformStatusFinished;
+ xmlSecAssert2(outSize == 0, -1);
+
+ ret = xmlSecXslProcess(ctx, in, out);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXslProcess",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
} else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(inSize == 0, -1);
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(inSize == 0, -1);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "status=%d", transform->status);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
}
return(0);
}
/* TODO: create PopBin method instead */
-static int
-xmlSecXslProcess(xmlSecBufferPtr in, xmlSecBufferPtr out, xsltStylesheetPtr stylesheet) {
+static int
+xmlSecXslProcess(xmlSecXsltCtxPtr ctx, xmlSecBufferPtr in, xmlSecBufferPtr out) {
xmlDocPtr docIn = NULL;
xmlDocPtr docOut = NULL;
xmlOutputBufferPtr output = NULL;
@@ -452,67 +503,115 @@ xmlSecXslProcess(xmlSecBufferPtr in, xmlSecBufferPtr out, xsltStylesheetPtr sty
xmlSecAssert2(in != NULL, -1);
xmlSecAssert2(out != NULL, -1);
- xmlSecAssert2(stylesheet != NULL, -1);
+ xmlSecAssert2(ctx != NULL, -1);
docIn = xmlSecParseMemory(xmlSecBufferGetData(in), xmlSecBufferGetSize(in), 1);
if(docIn == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecParseMemory",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecParseMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
- docOut = xsltApplyStylesheet(stylesheet, docIn, NULL);
+ docOut = xmlSecXsApplyStylesheet(ctx, docIn);
if(docOut == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xsltApplyStylesheet",
- XMLSEC_ERRORS_R_XSLT_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXsApplyStylesheet",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
output = xmlSecBufferCreateOutputBuffer(out);
if(output == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferCreateOutputBuffer",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferCreateOutputBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
- ret = xsltSaveResultTo(output, docOut, stylesheet);
+ ret = xsltSaveResultTo(output, docOut, ctx->xslt);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xsltSaveResultTo",
- XMLSEC_ERRORS_R_XSLT_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xsltSaveResultTo",
+ XMLSEC_ERRORS_R_XSLT_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
}
ret = xmlOutputBufferClose(output);
output = NULL;
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlOutputBufferClose",
- XMLSEC_ERRORS_R_XML_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlOutputBufferClose",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
res = 0;
-done:
+done:
if(output != NULL) xmlOutputBufferClose(output);
if(docIn != NULL) xmlFreeDoc(docIn);
if(docOut != NULL) xmlFreeDoc(docOut);
- return(res);
+ return(res);
+}
+
+
+static xmlDocPtr
+xmlSecXsApplyStylesheet(xmlSecXsltCtxPtr ctx, xmlDocPtr doc) {
+ xsltTransformContextPtr xsltCtx = NULL;
+ xmlDocPtr res = NULL;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, NULL);
+ xmlSecAssert2(ctx->xslt != NULL, NULL);
+ xmlSecAssert2(doc != NULL, NULL);
+
+ xsltCtx = xsltNewTransformContext(ctx->xslt, doc);
+ if(xsltCtx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xsltNewTransformContext",
+ XMLSEC_ERRORS_R_XSLT_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* set security prefs */
+ ret = xsltSetCtxtSecurityPrefs(g_xslt_default_security_prefs, xsltCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xsltSetCtxtSecurityPrefs",
+ XMLSEC_ERRORS_R_XSLT_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ res = xsltApplyStylesheetUser(ctx->xslt, doc, NULL, NULL, NULL, xsltCtx);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xsltApplyStylesheetUser",
+ XMLSEC_ERRORS_R_XSLT_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+done:
+ if(xsltCtx != NULL) xsltFreeTransformContext(xsltCtx);
+ return res;
}
+
#endif /* XMLSEC_NO_XSLT */
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-28 05:04:08 +0000