Google Git
Sign in
apache / openoffice / bab44dcac0296df22024f3f10e7997de78ed4094 / . / AOO410 / main / libxmlsec / xmlsec1-nssmangleciphers.patch
blob: 96f5049f68ae68b7a768638c1bee3eeb86e88eb5 [file] [log] [blame]
--- misc/xmlsec1-1.2.14/src/nss/ciphers.c 2009-09-10 05:16:27.000000000 -0400
+++ misc/build/xmlsec1-1.2.14/src/nss/ciphers.c 2009-09-10 06:59:39.000000000 -0400
@@ -11,180 +11,421 @@
#include <string.h>
-#include <nspr.h>
#include <nss.h>
-#include <secoid.h>
#include <pk11func.h>
#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/base64.h>
#include <xmlsec/keys.h>
#include <xmlsec/transforms.h>
#include <xmlsec/errors.h>
#include <xmlsec/nss/crypto.h>
-
-#define XMLSEC_NSS_MAX_KEY_SIZE 32
-#define XMLSEC_NSS_MAX_IV_SIZE 32
-#define XMLSEC_NSS_MAX_BLOCK_SIZE 32
+#include <xmlsec/nss/ciphers.h>
/**************************************************************************
*
- * Internal Nss Block cipher CTX
+ * Internal Nss Block Cipher Context
+ * This context is designed for repositing a block cipher for transform
*
*****************************************************************************/
-typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx,
- *xmlSecNssBlockCipherCtxPtr;
+typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx ;
+typedef struct _xmlSecNssBlockCipherCtx* xmlSecNssBlockCipherCtxPtr ;
+
struct _xmlSecNssBlockCipherCtx {
CK_MECHANISM_TYPE cipher;
+ PK11SymKey* symkey ;
PK11Context* cipherCtx;
xmlSecKeyDataId keyId;
- int keyInitialized;
- int ctxInitialized;
- xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE];
- xmlSecSize keySize;
- xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE];
- xmlSecSize ivSize;
};
-static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx,
- xmlSecBufferPtr in,
- xmlSecBufferPtr out,
- int encrypt,
- const xmlChar* cipherName,
- xmlSecTransformCtxPtr transformCtx);
+
+#define xmlSecNssBlockCipherSize \
+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssBlockCipherCtx ) )
+
+#define xmlSecNssBlockCipherGetCtx( transform ) \
+ ( ( xmlSecNssBlockCipherCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
+
+static int
+xmlSecNssBlockCipherCheckId(
+ xmlSecTransformPtr transform
+) {
+ #ifndef XMLSEC_NO_DES
+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformDes3CbcId ) ) {
+ return 1 ;
+ }
+ #endif /* XMLSEC_NO_DES */
+
+ #ifndef XMLSEC_NO_AES
+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformAes128CbcId ) ||
+ xmlSecTransformCheckId( transform, xmlSecNssTransformAes192CbcId ) ||
+ xmlSecTransformCheckId( transform, xmlSecNssTransformAes256CbcId ) ) {
+
+ return 1 ;
+ }
+ #endif /* XMLSEC_NO_AES */
+
+ return 0 ;
+}
+
+static int
+xmlSecNssBlockCipherFetchCtx(
+ xmlSecNssBlockCipherCtxPtr context ,
+ xmlSecTransformId id
+) {
+ xmlSecAssert2( context != NULL, -1 ) ;
+
+ #ifndef XMLSEC_NO_DES
+ if( id == xmlSecNssTransformDes3CbcId ) {
+ context->cipher = CKM_DES3_CBC ;
+ context->keyId = xmlSecNssKeyDataDesId ;
+ } else
+ #endif /* XMLSEC_NO_DES */
+
+ #ifndef XMLSEC_NO_AES
+ if( id == xmlSecNssTransformAes128CbcId ) {
+ context->cipher = CKM_AES_CBC ;
+ context->keyId = xmlSecNssKeyDataAesId ;
+ } else
+ if( id == xmlSecNssTransformAes192CbcId ) {
+ context->cipher = CKM_AES_CBC ;
+ context->keyId = xmlSecNssKeyDataAesId ;
+ } else
+ if( id == xmlSecNssTransformAes256CbcId ) {
+ context->cipher = CKM_AES_CBC ;
+ context->keyId = xmlSecNssKeyDataAesId ;
+ } else
+ #endif /* XMLSEC_NO_AES */
+
+ if( 1 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return -1 ;
+ }
+
+ return 0 ;
+}
+
+/**
+ * xmlSecTransformInitializeMethod:
+ * @transform: the pointer to transform object.
+ *
+ * The transform specific initialization method.
+ *
+ * Returns 0 on success or a negative value otherwise.
+ */
+static int
+xmlSecNssBlockCipherInitialize(
+ xmlSecTransformPtr transform
+) {
+ xmlSecNssBlockCipherCtxPtr context = NULL ;
+
+ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
+
+ context = xmlSecNssBlockCipherGetCtx( transform ) ;
+ if( context == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssBlockCipherGetCtx" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return -1 ;
+ }
+
+ if( xmlSecNssBlockCipherFetchCtx( context , transform->id ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssBlockCipherFetchCtx" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return -1 ;
+ }
+
+ context->symkey = NULL ;
+ context->cipherCtx = NULL ;
+
+ return 0 ;
+}
+
+/**
+ * xmlSecTransformFinalizeMethod:
+ * @transform: the pointer to transform object.
+ *
+ * The transform specific destroy method.
+ */
+static void
+xmlSecNssBlockCipherFinalize(
+ xmlSecTransformPtr transform
+) {
+ xmlSecNssBlockCipherCtxPtr context = NULL ;
+
+ xmlSecAssert( xmlSecNssBlockCipherCheckId( transform ) ) ;
+ xmlSecAssert( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ) ) ;
+
+ context = xmlSecNssBlockCipherGetCtx( transform ) ;
+ if( context == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssBlockCipherGetCtx" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return ;
+ }
+
+ if( context->cipherCtx != NULL ) {
+ PK11_DestroyContext( context->cipherCtx, PR_TRUE ) ;
+ context->cipherCtx = NULL ;
+ }
+
+ if( context->symkey != NULL ) {
+ PK11_FreeSymKey( context->symkey ) ;
+ context->symkey = NULL ;
+ }
+
+ context->cipher = CKM_INVALID_MECHANISM ;
+ context->keyId = NULL ;
+}
+
+/**
+ * xmlSecTransformSetKeyRequirementsMethod:
+ * @transform: the pointer to transform object.
+ * @keyReq: the pointer to key requirements structure.
+ *
+ * Transform specific method to set transform's key requirements.
+ *
+ * Returns 0 on success or a negative value otherwise.
+ */
+static int
+xmlSecNssBlockCipherSetKeyReq(
+ xmlSecTransformPtr transform ,
+ xmlSecKeyReqPtr keyReq
+) {
+ xmlSecNssBlockCipherCtxPtr context = NULL ;
+ xmlSecSize cipherSize = 0 ;
+
+ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
+ xmlSecAssert2( keyReq != NULL , -1 ) ;
+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
+
+ context = xmlSecNssBlockCipherGetCtx( transform ) ;
+ if( context == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssBlockCipherGetCtx" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return -1 ;
+ }
+
+ keyReq->keyId = context->keyId ;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric ;
+
+ if( transform->operation == xmlSecTransformOperationEncrypt ) {
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt ;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt ;
+ }
+
+ /*
+ if( context->symkey != NULL )
+ cipherSize = PK11_GetKeyLength( context->symkey ) ;
+
+ keyReq->keyBitsSize = cipherSize * 8 ;
+ */
+
+ return 0 ;
+}
+
+/**
+ * xmlSecTransformSetKeyMethod:
+ * @transform: the pointer to transform object.
+ * @key: the pointer to key.
+ *
+ * The transform specific method to set the key for use.
+ *
+ * Returns 0 on success or a negative value otherwise.
+ */
+static int
+xmlSecNssBlockCipherSetKey(
+ xmlSecTransformPtr transform ,
+ xmlSecKeyPtr key
+) {
+ xmlSecNssBlockCipherCtxPtr context = NULL ;
+ xmlSecKeyDataPtr keyData = NULL ;
+ PK11SymKey* symkey = NULL ;
+ CK_ATTRIBUTE_TYPE operation ;
+ int ivLen ;
+
+ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ;
+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ;
+ xmlSecAssert2( key != NULL , -1 ) ;
+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
+
+ context = xmlSecNssBlockCipherGetCtx( transform ) ;
+ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssBlockCipherGetCtx" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return -1 ;
+ }
+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
+
+ keyData = xmlSecKeyGetValue( key ) ;
+ if( keyData == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
+ "xmlSecKeyGetValue" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return -1 ;
+ }
+
+ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
+ "xmlSecNssSymKeyDataGetKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return -1 ;
+ }
+
+ context->symkey = symkey ;
+
+ return 0 ;
+}
+
static int
xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx,
xmlSecBufferPtr in, xmlSecBufferPtr out,
int encrypt,
const xmlChar* cipherName,
xmlSecTransformCtxPtr transformCtx) {
- SECItem keyItem;
SECItem ivItem;
- PK11SlotInfo* slot;
- PK11SymKey* symKey;
+ SECItem* secParam = NULL ;
+ xmlSecBufferPtr ivBuf = NULL ;
int ivLen;
- SECStatus rv;
- int ret;
xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
xmlSecAssert2(ctx->cipherCtx == NULL, -1);
- xmlSecAssert2(ctx->keyInitialized != 0, -1);
- xmlSecAssert2(ctx->ctxInitialized == 0, -1);
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
xmlSecAssert2(in != NULL, -1);
xmlSecAssert2(out != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ivLen = PK11_GetIVLength(ctx->cipher);
- xmlSecAssert2(ivLen > 0, -1);
- xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1);
+ if( ivLen < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_GetIVLength" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return -1 ;
+ }
+
+ if( ( ivBuf = xmlSecBufferCreate( ivLen ) ) == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferCreate" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return -1 ;
+ }
if(encrypt) {
- /* generate random iv */
- rv = PK11_GenerateRandom(ctx->iv, ivLen);
- if(rv != SECSuccess) {
+ if( PK11_GenerateRandom( ivBuf->data , ivLen ) != SECSuccess ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(cipherName),
"PK11_GenerateRandom",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "size=%d", ivLen);
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferDestroy( ivBuf ) ;
return(-1);
}
+ if( xmlSecBufferSetSize( ivBuf , ivLen ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferSetSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecBufferDestroy( ivBuf ) ;
+ return -1 ;
+ }
- /* write iv to the output */
- ret = xmlSecBufferAppend(out, ctx->iv, ivLen);
- if(ret < 0) {
+ if( xmlSecBufferAppend( out , ivBuf->data , ivLen ) < 0 ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(cipherName),
"xmlSecBufferAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", ivLen);
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferDestroy( ivBuf ) ;
return(-1);
}
} else {
- /* if we don't have enough data, exit and hope that
- * we'll have iv next time */
- if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) {
- return(0);
- }
-
- /* copy iv to our buffer*/
- xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
- memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen);
-
- /* and remove from input */
- ret = xmlSecBufferRemoveHead(in, ivLen);
- if(ret < 0) {
+ if( xmlSecBufferSetData( ivBuf , in->data , ivLen ) < 0 ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", ivLen);
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferDestroy( ivBuf ) ;
return(-1);
}
}
- memset(&keyItem, 0, sizeof(keyItem));
- keyItem.data = ctx->key;
- keyItem.len = ctx->keySize;
- memset(&ivItem, 0, sizeof(ivItem));
- ivItem.data = ctx->iv;
- ivItem.len = ctx->ivSize;
-
- slot = PK11_GetBestSlot(ctx->cipher, NULL);
- if(slot == NULL) {
+ if( xmlSecBufferRemoveHead( in , ivLen ) < 0 ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(cipherName),
- "PK11_GetBestSlot",
+ "xmlSecBufferRemoveHead",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferDestroy( ivBuf ) ;
return(-1);
}
- symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive,
- CKA_SIGN, &keyItem, NULL);
- if(symKey == NULL) {
+ ivItem.data = xmlSecBufferGetData( ivBuf ) ;
+ ivItem.len = xmlSecBufferGetSize( ivBuf ) ;
+ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(cipherName),
- "PK11_ImportSymKey",
+ "PK11_ParamFromIV",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
- PK11_FreeSlot(slot);
+ xmlSecBufferDestroy( ivBuf ) ;
return(-1);
}
ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher,
(encrypt) ? CKA_ENCRYPT : CKA_DECRYPT,
- symKey, &ivItem);
+ ctx->symkey, secParam);
if(ctx->cipherCtx == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(cipherName),
- "PK11_CreateContextBySymKey",
+ "xmlSecBufferRemoveHead",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
- PK11_FreeSymKey(symKey);
- PK11_FreeSlot(slot);
+ SECITEM_FreeItem( secParam , PR_TRUE ) ;
+ xmlSecBufferDestroy( ivBuf ) ;
return(-1);
}
- ctx->ctxInitialized = 1;
- PK11_FreeSymKey(symKey);
- PK11_FreeSlot(slot);
+ SECITEM_FreeItem( secParam , PR_TRUE ) ;
+ xmlSecBufferDestroy( ivBuf ) ;
return(0);
}
+/**
+ * Block cipher transform update
+ */
static int
xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx,
xmlSecBufferPtr in, xmlSecBufferPtr out,
@@ -192,54 +433,49 @@
const xmlChar* cipherName,
xmlSecTransformCtxPtr transformCtx) {
xmlSecSize inSize, inBlocks, outSize;
- int blockLen;
+ int blockSize;
int outLen = 0;
xmlSecByte* outBuf;
- SECStatus rv;
- int ret;
xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
xmlSecAssert2(ctx->cipherCtx != NULL, -1);
- xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
xmlSecAssert2(in != NULL, -1);
xmlSecAssert2(out != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
- blockLen = PK11_GetBlockSize(ctx->cipher, NULL);
- xmlSecAssert2(blockLen > 0, -1);
+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( cipherName ) ,
+ "PK11_GetBlockSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return -1 ;
+ }
inSize = xmlSecBufferGetSize(in);
outSize = xmlSecBufferGetSize(out);
-
- if(inSize < (xmlSecSize)blockLen) {
- return(0);
+
+ inBlocks = ( encrypt != 0 ? inSize : ( inSize - 1 ) ) / blockSize ;
+ inSize = inBlocks * blockSize ;
+
+ if( inSize < blockSize ) {
+ return 0 ;
}
- if(encrypt) {
- inBlocks = inSize / ((xmlSecSize)blockLen);
- } else {
- /* we want to have the last block in the input buffer
- * for padding check */
- inBlocks = (inSize - 1) / ((xmlSecSize)blockLen);
- }
- inSize = inBlocks * ((xmlSecSize)blockLen);
-
- /* we write out the input size plus may be one block */
- ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
- if(ret < 0) {
+ if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(cipherName),
"xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + inSize + blockLen);
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
outBuf = xmlSecBufferGetData(out) + outSize;
- rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen,
- xmlSecBufferGetData(in), inSize);
- if(rv != SECSuccess) {
+ if(PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(cipherName),
"PK11_CipherOp",
@@ -247,27 +483,22 @@
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
- xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
- /* set correct output buffer size */
- ret = xmlSecBufferSetSize(out, outSize + outLen);
- if(ret < 0) {
+ if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(cipherName),
"xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + outLen);
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
- /* remove the processed block from input */
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
+ if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(cipherName),
"xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
@@ -281,81 +512,82 @@
const xmlChar* cipherName,
xmlSecTransformCtxPtr transformCtx) {
xmlSecSize inSize, outSize;
- int blockLen, outLen = 0;
+ int blockSize, outLen = 0;
xmlSecByte* inBuf;
xmlSecByte* outBuf;
- SECStatus rv;
- int ret;
xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
xmlSecAssert2(ctx->cipherCtx != NULL, -1);
- xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
xmlSecAssert2(in != NULL, -1);
xmlSecAssert2(out != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
- blockLen = PK11_GetBlockSize(ctx->cipher, NULL);
- xmlSecAssert2(blockLen > 0, -1);
+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( cipherName ) ,
+ "PK11_GetBlockSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return -1 ;
+ }
inSize = xmlSecBufferGetSize(in);
outSize = xmlSecBufferGetSize(out);
+ /******************************************************************/
if(encrypt != 0) {
- xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1);
+ xmlSecAssert2( inSize < blockSize, -1 ) ;
/* create padding */
- ret = xmlSecBufferSetMaxSize(in, blockLen);
- if(ret < 0) {
+ if( xmlSecBufferSetMaxSize( in , blockSize ) < 0 ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(cipherName),
"xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", blockLen);
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
inBuf = xmlSecBufferGetData(in);
- /* generate random padding */
- if((xmlSecSize)blockLen > (inSize + 1)) {
- rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1);
- if(rv != SECSuccess) {
+ /* generate random */
+ if( blockSize > ( inSize + 1 ) ) {
+ if( PK11_GenerateRandom( inBuf + inSize, blockSize - inSize - 1 ) != SECSuccess ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(cipherName),
"PK11_GenerateRandom",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "size=%d", blockLen - inSize - 1);
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
}
- inBuf[blockLen - 1] = blockLen - inSize;
- inSize = blockLen;
+ inBuf[blockSize-1] = blockSize - inSize ;
+ inSize = blockSize ;
} else {
- if(inSize != (xmlSecSize)blockLen) {
+ if( inSize != blockSize ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(cipherName),
NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "data=%d;block=%d", inSize, blockLen);
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
}
- /* process last block */
- ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
- if(ret < 0) {
+ /* process the last block */
+ if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(cipherName),
"xmlSecBufferSetMaxSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + 2 * blockLen);
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
outBuf = xmlSecBufferGetData(out) + outSize;
- rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen,
- xmlSecBufferGetData(in), inSize);
- if(rv != SECSuccess) {
+ if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(cipherName),
"PK11_CipherOp",
@@ -363,300 +595,169 @@
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
- xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
if(encrypt == 0) {
/* check padding */
- if(outLen < outBuf[blockLen - 1]) {
+ if( outLen < outBuf[blockSize-1] ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(cipherName),
NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
- "padding=%d;buffer=%d",
- outBuf[blockLen - 1], outLen);
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
- outLen -= outBuf[blockLen - 1];
+ outLen -= outBuf[blockSize-1] ;
}
- /* set correct output buffer size */
- ret = xmlSecBufferSetSize(out, outSize + outLen);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", outSize + outLen);
- return(-1);
- }
+ /******************************************************************/
- /* remove the processed block from input */
- ret = xmlSecBufferRemoveHead(in, inSize);
- if(ret < 0) {
+ /******************************************************************
+ if( xmlSecBufferSetMaxSize( out , outSize + blockSize ) < 0 ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(cipherName),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
- return(-1);
- }
-
- return(0);
-}
-
-
-/******************************************************************************
- *
- * EVP Block Cipher transforms
- *
- * xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure
- *
- *****************************************************************************/
-#define xmlSecNssBlockCipherSize \
- (sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx))
-#define xmlSecNssBlockCipherGetCtx(transform) \
- ((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
-
-static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform);
-static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform);
-static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyReqPtr keyReq);
-static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform,
- xmlSecKeyPtr key);
-static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform,
- int last,
- xmlSecTransformCtxPtr transformCtx);
-static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform);
-
-
-
-static int
-xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) {
-#ifndef XMLSEC_NO_DES
- if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) {
- return(1);
- }
-#endif /* XMLSEC_NO_DES */
-
-#ifndef XMLSEC_NO_AES
- if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) ||
- xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) ||
- xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) {
-
- return(1);
- }
-#endif /* XMLSEC_NO_AES */
-
- return(0);
-}
-
-static int
-xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) {
- xmlSecNssBlockCipherCtxPtr ctx;
-
- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
-
- ctx = xmlSecNssBlockCipherGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
-
- memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
-
-#ifndef XMLSEC_NO_DES
- if(transform->id == xmlSecNssTransformDes3CbcId) {
- ctx->cipher = CKM_DES3_CBC;
- ctx->keyId = xmlSecNssKeyDataDesId;
- ctx->keySize = 24;
- } else
-#endif /* XMLSEC_NO_DES */
-
-#ifndef XMLSEC_NO_AES
- if(transform->id == xmlSecNssTransformAes128CbcId) {
- ctx->cipher = CKM_AES_CBC;
- ctx->keyId = xmlSecNssKeyDataAesId;
- ctx->keySize = 16;
- } else if(transform->id == xmlSecNssTransformAes192CbcId) {
- ctx->cipher = CKM_AES_CBC;
- ctx->keyId = xmlSecNssKeyDataAesId;
- ctx->keySize = 24;
- } else if(transform->id == xmlSecNssTransformAes256CbcId) {
- ctx->cipher = CKM_AES_CBC;
- ctx->keyId = xmlSecNssKeyDataAesId;
- ctx->keySize = 32;
- } else
-#endif /* XMLSEC_NO_AES */
-
- if(1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
- }
-
- return(0);
-}
-
-static void
-xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) {
- xmlSecNssBlockCipherCtxPtr ctx;
-
- xmlSecAssert(xmlSecNssBlockCipherCheckId(transform));
- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize));
-
- ctx = xmlSecNssBlockCipherGetCtx(transform);
- xmlSecAssert(ctx != NULL);
-
- if(ctx->cipherCtx != NULL) {
- PK11_DestroyContext(ctx->cipherCtx, PR_TRUE);
}
-
- memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
-}
-static int
-xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
- xmlSecNssBlockCipherCtxPtr ctx;
-
- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
- xmlSecAssert2(keyReq != NULL, -1);
-
- ctx = xmlSecNssBlockCipherGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->keyId != NULL, -1);
+ outBuf = xmlSecBufferGetData( out ) + outSize ;
+ if( PK11_DigestFinal( ctx->cipherCtx , outBuf , &outLen , blockSize ) != SECSuccess ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( cipherName ) ,
+ "PK11_DigestFinal" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return -1 ;
+ }
+ ******************************************************************/
+
+ if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( cipherName ) ,
+ "xmlSecBufferSetSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return -1 ;
+ }
+
+ if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( cipherName ) ,
+ "xmlSecBufferRemoveHead" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return -1 ;
+ }
+
+/* PK11_Finalize( ctx->cipherCtx ) ;*/
+ PK11_DestroyContext(ctx->cipherCtx, PR_TRUE);
+ ctx->cipherCtx = NULL ;
- keyReq->keyId = ctx->keyId;
- keyReq->keyType = xmlSecKeyDataTypeSymmetric;
- if(transform->operation == xmlSecTransformOperationEncrypt) {
- keyReq->keyUsage = xmlSecKeyUsageEncrypt;
- } else {
- keyReq->keyUsage = xmlSecKeyUsageDecrypt;
- }
- keyReq->keyBitsSize = 8 * ctx->keySize;
return(0);
}
-static int
-xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
- xmlSecNssBlockCipherCtxPtr ctx;
- xmlSecBufferPtr buffer;
+/**
+ * xmlSecTransformExecuteMethod:
+ * @transform: the pointer to transform object.
+ * @last: the flag: if set to 1 then it's the last data chunk.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * Transform specific method to process a chunk of data.
+ *
+ * Returns 0 on success or a negative value otherwise.
+ */
+xmlSecNssBlockCipherExecute(
+ xmlSecTransformPtr transform ,
+ int last ,
+ xmlSecTransformCtxPtr transformCtx
+) {
+ xmlSecNssBlockCipherCtxPtr context = NULL ;
+ xmlSecBufferPtr inBuf = NULL ;
+ xmlSecBufferPtr outBuf = NULL ;
+ const xmlChar* cipherName ;
+ int operation ;
+ int rtv ;
xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
- xmlSecAssert2(key != NULL, -1);
-
- ctx = xmlSecNssBlockCipherGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
- xmlSecAssert2(ctx->cipher != 0, -1);
- xmlSecAssert2(ctx->keyInitialized == 0, -1);
- xmlSecAssert2(ctx->keyId != NULL, -1);
- xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
-
- xmlSecAssert2(ctx->keySize > 0, -1);
- xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1);
- buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
- xmlSecAssert2(buffer != NULL, -1);
+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
- if(xmlSecBufferGetSize(buffer) < ctx->keySize) {
+ context = xmlSecNssBlockCipherGetCtx( transform ) ;
+ if( context == NULL ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
- "keySize=%d;expected=%d",
- xmlSecBufferGetSize(buffer), ctx->keySize);
- return(-1);
+ "xmlSecNssBlockCipherGetCtx" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
}
-
- xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
- memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize);
-
- ctx->keyInitialized = 1;
- return(0);
-}
-
-static int
-xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
- xmlSecNssBlockCipherCtxPtr ctx;
- xmlSecBufferPtr in, out;
- int ret;
-
- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
- xmlSecAssert2(transformCtx != NULL, -1);
- in = &(transform->inBuf);
- out = &(transform->outBuf);
-
- ctx = xmlSecNssBlockCipherGetCtx(transform);
- xmlSecAssert2(ctx != NULL, -1);
+ inBuf = &( transform->inBuf ) ;
+ outBuf = &( transform->outBuf ) ;
if(transform->status == xmlSecTransformStatusNone) {
transform->status = xmlSecTransformStatusWorking;
}
+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
+ cipherName = xmlSecTransformGetName( transform ) ;
+
if(transform->status == xmlSecTransformStatusWorking) {
- if(ctx->ctxInitialized == 0) {
- ret = xmlSecNssBlockCipherCtxInit(ctx, in, out,
- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
- xmlSecTransformGetName(transform), transformCtx);
- if(ret < 0) {
+ if( context->cipherCtx == NULL ) {
+ rtv = xmlSecNssBlockCipherCtxInit( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
+ if( rtv < 0 ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecNssBlockCipherCtxInit",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
}
- if((ctx->ctxInitialized == 0) && (last != 0)) {
+ if( context->cipherCtx == NULL && last != 0 ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
- XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
"not enough data to initialize transform");
return(-1);
}
- if(ctx->ctxInitialized != 0) {
- ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out,
- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
- xmlSecTransformGetName(transform), transformCtx);
- if(ret < 0) {
+ if( context->cipherCtx != NULL ) {
+ rtv = xmlSecNssBlockCipherCtxUpdate( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
+ if( rtv < 0 ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecNssBlockCipherCtxUpdate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
}
if(last) {
- ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out,
- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
- xmlSecTransformGetName(transform), transformCtx);
- if(ret < 0) {
+ rtv = xmlSecNssBlockCipherCtxFinal( context, inBuf , outBuf , operation , cipherName , transformCtx ) ;
+ if( rtv < 0 ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecNssBlockCipherCtxFinal",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
transform->status = xmlSecTransformStatusFinished;
}
} else if(transform->status == xmlSecTransformStatusFinished) {
- /* the only way we can get here is if there is no input */
- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
- } else if(transform->status == xmlSecTransformStatusNone) {
- /* the only way we can get here is if there is no enough data in the input */
- xmlSecAssert2(last == 0, -1);
+ if( xmlSecBufferGetSize( inBuf ) != 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ NULL ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ "status=%d", transform->status ) ;
+ return -1 ;
+ }
} else {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),