1--- misc/xmlsec1-1.2.14/src/nss/ciphers.c 2009-09-10 05:16:27.000000000 -0400 2+++ misc/build/xmlsec1-1.2.14/src/nss/ciphers.c 2009-09-10 06:59:39.000000000 -0400 3@@ -11,180 +11,421 @@ 4 5 #include <string.h> 6 7-#include <nspr.h> 8 #include <nss.h> 9-#include <secoid.h> 10 #include <pk11func.h> 11 12 #include <xmlsec/xmlsec.h> 13+#include <xmlsec/xmltree.h> 14+#include <xmlsec/base64.h> 15 #include <xmlsec/keys.h> 16 #include <xmlsec/transforms.h> 17 #include <xmlsec/errors.h> 18 19 #include <xmlsec/nss/crypto.h> 20- 21-#define XMLSEC_NSS_MAX_KEY_SIZE 32 22-#define XMLSEC_NSS_MAX_IV_SIZE 32 23-#define XMLSEC_NSS_MAX_BLOCK_SIZE 32 24+#include <xmlsec/nss/ciphers.h> 25 26 /************************************************************************** 27 * 28- * Internal Nss Block cipher CTX 29+ * Internal Nss Block Cipher Context 30+ * This context is designed for repositing a block cipher for transform 31 * 32 *****************************************************************************/ 33-typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx, 34- *xmlSecNssBlockCipherCtxPtr; 35+typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx ; 36+typedef struct _xmlSecNssBlockCipherCtx* xmlSecNssBlockCipherCtxPtr ; 37+ 38 struct _xmlSecNssBlockCipherCtx { 39 CK_MECHANISM_TYPE cipher; 40+ PK11SymKey* symkey ; 41 PK11Context* cipherCtx; 42 xmlSecKeyDataId keyId; 43- int keyInitialized; 44- int ctxInitialized; 45- xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE]; 46- xmlSecSize keySize; 47- xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE]; 48- xmlSecSize ivSize; 49 }; 50-static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx, 51- xmlSecBufferPtr in, 52- xmlSecBufferPtr out, 53- int encrypt, 54- const xmlChar* cipherName, 55- xmlSecTransformCtxPtr transformCtx); 56-static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx, 57- xmlSecBufferPtr in, 58- xmlSecBufferPtr out, 59- int encrypt, 60- const xmlChar* cipherName, 61- xmlSecTransformCtxPtr transformCtx); 62-static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx, 63- xmlSecBufferPtr in, 64- xmlSecBufferPtr out, 65- int encrypt, 66- const xmlChar* cipherName, 67- xmlSecTransformCtxPtr transformCtx); 68+ 69+#define xmlSecNssBlockCipherSize \ 70+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssBlockCipherCtx ) ) 71+ 72+#define xmlSecNssBlockCipherGetCtx( transform ) \ 73+ ( ( xmlSecNssBlockCipherCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) 74+ 75+static int 76+xmlSecNssBlockCipherCheckId( 77+ xmlSecTransformPtr transform 78+) { 79+ #ifndef XMLSEC_NO_DES 80+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformDes3CbcId ) ) { 81+ return 1 ; 82+ } 83+ #endif /* XMLSEC_NO_DES */ 84+ 85+ #ifndef XMLSEC_NO_AES 86+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformAes128CbcId ) || 87+ xmlSecTransformCheckId( transform, xmlSecNssTransformAes192CbcId ) || 88+ xmlSecTransformCheckId( transform, xmlSecNssTransformAes256CbcId ) ) { 89+ 90+ return 1 ; 91+ } 92+ #endif /* XMLSEC_NO_AES */ 93+ 94+ return 0 ; 95+} 96+ 97+static int 98+xmlSecNssBlockCipherFetchCtx( 99+ xmlSecNssBlockCipherCtxPtr context , 100+ xmlSecTransformId id 101+) { 102+ xmlSecAssert2( context != NULL, -1 ) ; 103+ 104+ #ifndef XMLSEC_NO_DES 105+ if( id == xmlSecNssTransformDes3CbcId ) { 106+ context->cipher = CKM_DES3_CBC ; 107+ context->keyId = xmlSecNssKeyDataDesId ; 108+ } else 109+ #endif /* XMLSEC_NO_DES */ 110+ 111+ #ifndef XMLSEC_NO_AES 112+ if( id == xmlSecNssTransformAes128CbcId ) { 113+ context->cipher = CKM_AES_CBC ; 114+ context->keyId = xmlSecNssKeyDataAesId ; 115+ } else 116+ if( id == xmlSecNssTransformAes192CbcId ) { 117+ context->cipher = CKM_AES_CBC ; 118+ context->keyId = xmlSecNssKeyDataAesId ; 119+ } else 120+ if( id == xmlSecNssTransformAes256CbcId ) { 121+ context->cipher = CKM_AES_CBC ; 122+ context->keyId = xmlSecNssKeyDataAesId ; 123+ } else 124+ #endif /* XMLSEC_NO_AES */ 125+ 126+ if( 1 ) { 127+ xmlSecError( XMLSEC_ERRORS_HERE , 128+ NULL , 129+ NULL , 130+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 131+ XMLSEC_ERRORS_NO_MESSAGE ) ; 132+ return -1 ; 133+ } 134+ 135+ return 0 ; 136+} 137+ 138+/** 139+ * xmlSecTransformInitializeMethod: 140+ * @transform: the pointer to transform object. 141+ * 142+ * The transform specific initialization method. 143+ * 144+ * Returns 0 on success or a negative value otherwise. 145+ */ 146+static int 147+xmlSecNssBlockCipherInitialize( 148+ xmlSecTransformPtr transform 149+) { 150+ xmlSecNssBlockCipherCtxPtr context = NULL ; 151+ 152+ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; 153+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; 154+ 155+ context = xmlSecNssBlockCipherGetCtx( transform ) ; 156+ if( context == NULL ) { 157+ xmlSecError( XMLSEC_ERRORS_HERE , 158+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 159+ "xmlSecNssBlockCipherGetCtx" , 160+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 161+ XMLSEC_ERRORS_NO_MESSAGE ) ; 162+ return -1 ; 163+ } 164+ 165+ if( xmlSecNssBlockCipherFetchCtx( context , transform->id ) < 0 ) { 166+ xmlSecError( XMLSEC_ERRORS_HERE , 167+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 168+ "xmlSecNssBlockCipherFetchCtx" , 169+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 170+ XMLSEC_ERRORS_NO_MESSAGE ) ; 171+ return -1 ; 172+ } 173+ 174+ context->symkey = NULL ; 175+ context->cipherCtx = NULL ; 176+ 177+ return 0 ; 178+} 179+ 180+/** 181+ * xmlSecTransformFinalizeMethod: 182+ * @transform: the pointer to transform object. 183+ * 184+ * The transform specific destroy method. 185+ */ 186+static void 187+xmlSecNssBlockCipherFinalize( 188+ xmlSecTransformPtr transform 189+) { 190+ xmlSecNssBlockCipherCtxPtr context = NULL ; 191+ 192+ xmlSecAssert( xmlSecNssBlockCipherCheckId( transform ) ) ; 193+ xmlSecAssert( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ) ) ; 194+ 195+ context = xmlSecNssBlockCipherGetCtx( transform ) ; 196+ if( context == NULL ) { 197+ xmlSecError( XMLSEC_ERRORS_HERE , 198+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 199+ "xmlSecNssBlockCipherGetCtx" , 200+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 201+ XMLSEC_ERRORS_NO_MESSAGE ) ; 202+ return ; 203+ } 204+ 205+ if( context->cipherCtx != NULL ) { 206+ PK11_DestroyContext( context->cipherCtx, PR_TRUE ) ; 207+ context->cipherCtx = NULL ; 208+ } 209+ 210+ if( context->symkey != NULL ) { 211+ PK11_FreeSymKey( context->symkey ) ; 212+ context->symkey = NULL ; 213+ } 214+ 215+ context->cipher = CKM_INVALID_MECHANISM ; 216+ context->keyId = NULL ; 217+} 218+ 219+/** 220+ * xmlSecTransformSetKeyRequirementsMethod: 221+ * @transform: the pointer to transform object. 222+ * @keyReq: the pointer to key requirements structure. 223+ * 224+ * Transform specific method to set transform's key requirements. 225+ * 226+ * Returns 0 on success or a negative value otherwise. 227+ */ 228+static int 229+xmlSecNssBlockCipherSetKeyReq( 230+ xmlSecTransformPtr transform , 231+ xmlSecKeyReqPtr keyReq 232+) { 233+ xmlSecNssBlockCipherCtxPtr context = NULL ; 234+ xmlSecSize cipherSize = 0 ; 235+ 236+ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; 237+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; 238+ xmlSecAssert2( keyReq != NULL , -1 ) ; 239+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; 240+ 241+ context = xmlSecNssBlockCipherGetCtx( transform ) ; 242+ if( context == NULL ) { 243+ xmlSecError( XMLSEC_ERRORS_HERE , 244+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 245+ "xmlSecNssBlockCipherGetCtx" , 246+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 247+ XMLSEC_ERRORS_NO_MESSAGE ) ; 248+ return -1 ; 249+ } 250+ 251+ keyReq->keyId = context->keyId ; 252+ keyReq->keyType = xmlSecKeyDataTypeSymmetric ; 253+ 254+ if( transform->operation == xmlSecTransformOperationEncrypt ) { 255+ keyReq->keyUsage = xmlSecKeyUsageEncrypt ; 256+ } else { 257+ keyReq->keyUsage = xmlSecKeyUsageDecrypt ; 258+ } 259+ 260+ /* 261+ if( context->symkey != NULL ) 262+ cipherSize = PK11_GetKeyLength( context->symkey ) ; 263+ 264+ keyReq->keyBitsSize = cipherSize * 8 ; 265+ */ 266+ 267+ return 0 ; 268+} 269+ 270+/** 271+ * xmlSecTransformSetKeyMethod: 272+ * @transform: the pointer to transform object. 273+ * @key: the pointer to key. 274+ * 275+ * The transform specific method to set the key for use. 276+ * 277+ * Returns 0 on success or a negative value otherwise. 278+ */ 279+static int 280+xmlSecNssBlockCipherSetKey( 281+ xmlSecTransformPtr transform , 282+ xmlSecKeyPtr key 283+) { 284+ xmlSecNssBlockCipherCtxPtr context = NULL ; 285+ xmlSecKeyDataPtr keyData = NULL ; 286+ PK11SymKey* symkey = NULL ; 287+ CK_ATTRIBUTE_TYPE operation ; 288+ int ivLen ; 289+ 290+ xmlSecAssert2( xmlSecNssBlockCipherCheckId( transform ), -1 ) ; 291+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssBlockCipherSize ), -1 ) ; 292+ xmlSecAssert2( key != NULL , -1 ) ; 293+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; 294+ 295+ context = xmlSecNssBlockCipherGetCtx( transform ) ; 296+ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { 297+ xmlSecError( XMLSEC_ERRORS_HERE , 298+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 299+ "xmlSecNssBlockCipherGetCtx" , 300+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 301+ XMLSEC_ERRORS_NO_MESSAGE ) ; 302+ return -1 ; 303+ } 304+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; 305+ 306+ keyData = xmlSecKeyGetValue( key ) ; 307+ if( keyData == NULL ) { 308+ xmlSecError( XMLSEC_ERRORS_HERE , 309+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , 310+ "xmlSecKeyGetValue" , 311+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 312+ XMLSEC_ERRORS_NO_MESSAGE ) ; 313+ return -1 ; 314+ } 315+ 316+ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { 317+ xmlSecError( XMLSEC_ERRORS_HERE , 318+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , 319+ "xmlSecNssSymKeyDataGetKey" , 320+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 321+ XMLSEC_ERRORS_NO_MESSAGE ) ; 322+ return -1 ; 323+ } 324+ 325+ context->symkey = symkey ; 326+ 327+ return 0 ; 328+} 329+ 330 static int 331 xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx, 332 xmlSecBufferPtr in, xmlSecBufferPtr out, 333 int encrypt, 334 const xmlChar* cipherName, 335 xmlSecTransformCtxPtr transformCtx) { 336- SECItem keyItem; 337 SECItem ivItem; 338- PK11SlotInfo* slot; 339- PK11SymKey* symKey; 340+ SECItem* secParam = NULL ; 341+ xmlSecBufferPtr ivBuf = NULL ; 342 int ivLen; 343- SECStatus rv; 344- int ret; 345 346 xmlSecAssert2(ctx != NULL, -1); 347- xmlSecAssert2(ctx->cipher != 0, -1); 348+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; 349+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; 350 xmlSecAssert2(ctx->cipherCtx == NULL, -1); 351- xmlSecAssert2(ctx->keyInitialized != 0, -1); 352- xmlSecAssert2(ctx->ctxInitialized == 0, -1); 353+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; 354 xmlSecAssert2(in != NULL, -1); 355 xmlSecAssert2(out != NULL, -1); 356 xmlSecAssert2(transformCtx != NULL, -1); 357 358 ivLen = PK11_GetIVLength(ctx->cipher); 359- xmlSecAssert2(ivLen > 0, -1); 360- xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1); 361+ if( ivLen < 0 ) { 362+ xmlSecError( XMLSEC_ERRORS_HERE , 363+ NULL , 364+ "PK11_GetIVLength" , 365+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 366+ XMLSEC_ERRORS_NO_MESSAGE ) ; 367+ return -1 ; 368+ } 369+ 370+ if( ( ivBuf = xmlSecBufferCreate( ivLen ) ) == NULL ) { 371+ xmlSecError( XMLSEC_ERRORS_HERE , 372+ NULL , 373+ "xmlSecBufferCreate" , 374+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 375+ XMLSEC_ERRORS_NO_MESSAGE ) ; 376+ return -1 ; 377+ } 378 379 if(encrypt) { 380- /* generate random iv */ 381- rv = PK11_GenerateRandom(ctx->iv, ivLen); 382- if(rv != SECSuccess) { 383+ if( PK11_GenerateRandom( ivBuf->data , ivLen ) != SECSuccess ) { 384 xmlSecError(XMLSEC_ERRORS_HERE, 385 xmlSecErrorsSafeString(cipherName), 386 "PK11_GenerateRandom", 387 XMLSEC_ERRORS_R_CRYPTO_FAILED, 388- "size=%d", ivLen); 389+ XMLSEC_ERRORS_NO_MESSAGE); 390+ xmlSecBufferDestroy( ivBuf ) ; 391 return(-1); 392 } 393+ if( xmlSecBufferSetSize( ivBuf , ivLen ) < 0 ) { 394+ xmlSecError( XMLSEC_ERRORS_HERE , 395+ NULL , 396+ "xmlSecBufferSetSize" , 397+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 398+ XMLSEC_ERRORS_NO_MESSAGE ) ; 399+ xmlSecBufferDestroy( ivBuf ) ; 400+ return -1 ; 401+ } 402 403- /* write iv to the output */ 404- ret = xmlSecBufferAppend(out, ctx->iv, ivLen); 405- if(ret < 0) { 406+ if( xmlSecBufferAppend( out , ivBuf->data , ivLen ) < 0 ) { 407 xmlSecError(XMLSEC_ERRORS_HERE, 408 xmlSecErrorsSafeString(cipherName), 409 "xmlSecBufferAppend", 410- XMLSEC_ERRORS_R_XMLSEC_FAILED, 411- "size=%d", ivLen); 412+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 413+ XMLSEC_ERRORS_NO_MESSAGE); 414+ xmlSecBufferDestroy( ivBuf ) ; 415 return(-1); 416 } 417 418 } else { 419- /* if we don't have enough data, exit and hope that 420- * we'll have iv next time */ 421- if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) { 422- return(0); 423- } 424- 425- /* copy iv to our buffer*/ 426- xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1); 427- memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen); 428- 429- /* and remove from input */ 430- ret = xmlSecBufferRemoveHead(in, ivLen); 431- if(ret < 0) { 432+ if( xmlSecBufferSetData( ivBuf , in->data , ivLen ) < 0 ) { 433 xmlSecError(XMLSEC_ERRORS_HERE, 434 xmlSecErrorsSafeString(cipherName), 435- "xmlSecBufferRemoveHead", 436- XMLSEC_ERRORS_R_XMLSEC_FAILED, 437- "size=%d", ivLen); 438+ "xmlSecBufferSetData", 439+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 440+ XMLSEC_ERRORS_NO_MESSAGE); 441+ xmlSecBufferDestroy( ivBuf ) ; 442 return(-1); 443 } 444 } 445 446- memset(&keyItem, 0, sizeof(keyItem)); 447- keyItem.data = ctx->key; 448- keyItem.len = ctx->keySize; 449- memset(&ivItem, 0, sizeof(ivItem)); 450- ivItem.data = ctx->iv; 451- ivItem.len = ctx->ivSize; 452- 453- slot = PK11_GetBestSlot(ctx->cipher, NULL); 454- if(slot == NULL) { 455+ if( xmlSecBufferRemoveHead( in , ivLen ) < 0 ) { 456 xmlSecError(XMLSEC_ERRORS_HERE, 457 xmlSecErrorsSafeString(cipherName), 458- "PK11_GetBestSlot", 459+ "xmlSecBufferRemoveHead", 460 XMLSEC_ERRORS_R_CRYPTO_FAILED, 461 XMLSEC_ERRORS_NO_MESSAGE); 462+ xmlSecBufferDestroy( ivBuf ) ; 463 return(-1); 464 } 465 466- symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive, 467- CKA_SIGN, &keyItem, NULL); 468- if(symKey == NULL) { 469+ ivItem.data = xmlSecBufferGetData( ivBuf ) ; 470+ ivItem.len = xmlSecBufferGetSize( ivBuf ) ; 471+ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { 472 xmlSecError(XMLSEC_ERRORS_HERE, 473 xmlSecErrorsSafeString(cipherName), 474- "PK11_ImportSymKey", 475+ "PK11_ParamFromIV", 476 XMLSEC_ERRORS_R_CRYPTO_FAILED, 477 XMLSEC_ERRORS_NO_MESSAGE); 478- PK11_FreeSlot(slot); 479+ xmlSecBufferDestroy( ivBuf ) ; 480 return(-1); 481 } 482 483 ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher, 484 (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT, 485- symKey, &ivItem); 486+ ctx->symkey, secParam); 487 if(ctx->cipherCtx == NULL) { 488 xmlSecError(XMLSEC_ERRORS_HERE, 489 xmlSecErrorsSafeString(cipherName), 490- "PK11_CreateContextBySymKey", 491+ "xmlSecBufferRemoveHead", 492 XMLSEC_ERRORS_R_CRYPTO_FAILED, 493 XMLSEC_ERRORS_NO_MESSAGE); 494- PK11_FreeSymKey(symKey); 495- PK11_FreeSlot(slot); 496+ SECITEM_FreeItem( secParam , PR_TRUE ) ; 497+ xmlSecBufferDestroy( ivBuf ) ; 498 return(-1); 499 } 500 501- ctx->ctxInitialized = 1; 502- PK11_FreeSymKey(symKey); 503- PK11_FreeSlot(slot); 504+ SECITEM_FreeItem( secParam , PR_TRUE ) ; 505+ xmlSecBufferDestroy( ivBuf ) ; 506 return(0); 507 } 508 509+/** 510+ * Block cipher transform update 511+ */ 512 static int 513 xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx, 514 xmlSecBufferPtr in, xmlSecBufferPtr out, 515@@ -192,54 +433,49 @@ 516 const xmlChar* cipherName, 517 xmlSecTransformCtxPtr transformCtx) { 518 xmlSecSize inSize, inBlocks, outSize; 519- int blockLen; 520+ int blockSize; 521 int outLen = 0; 522 xmlSecByte* outBuf; 523- SECStatus rv; 524- int ret; 525 526 xmlSecAssert2(ctx != NULL, -1); 527- xmlSecAssert2(ctx->cipher != 0, -1); 528+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; 529+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; 530 xmlSecAssert2(ctx->cipherCtx != NULL, -1); 531- xmlSecAssert2(ctx->ctxInitialized != 0, -1); 532+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; 533 xmlSecAssert2(in != NULL, -1); 534 xmlSecAssert2(out != NULL, -1); 535 xmlSecAssert2(transformCtx != NULL, -1); 536 537- blockLen = PK11_GetBlockSize(ctx->cipher, NULL); 538- xmlSecAssert2(blockLen > 0, -1); 539+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { 540+ xmlSecError( XMLSEC_ERRORS_HERE , 541+ xmlSecErrorsSafeString( cipherName ) , 542+ "PK11_GetBlockSize" , 543+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 544+ XMLSEC_ERRORS_NO_MESSAGE ) ; 545+ return -1 ; 546+ } 547 548 inSize = xmlSecBufferGetSize(in); 549 outSize = xmlSecBufferGetSize(out); 550- 551- if(inSize < (xmlSecSize)blockLen) { 552- return(0); 553+ 554+ inBlocks = ( encrypt != 0 ? inSize : ( inSize - 1 ) ) / blockSize ; 555+ inSize = inBlocks * blockSize ; 556+ 557+ if( inSize < blockSize ) { 558+ return 0 ; 559 } 560 561- if(encrypt) { 562- inBlocks = inSize / ((xmlSecSize)blockLen); 563- } else { 564- /* we want to have the last block in the input buffer 565- * for padding check */ 566- inBlocks = (inSize - 1) / ((xmlSecSize)blockLen); 567- } 568- inSize = inBlocks * ((xmlSecSize)blockLen); 569- 570- /* we write out the input size plus may be one block */ 571- ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen); 572- if(ret < 0) { 573+ if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { 574 xmlSecError(XMLSEC_ERRORS_HERE, 575 xmlSecErrorsSafeString(cipherName), 576 "xmlSecBufferSetMaxSize", 577- XMLSEC_ERRORS_R_XMLSEC_FAILED, 578- "size=%d", outSize + inSize + blockLen); 579+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 580+ XMLSEC_ERRORS_NO_MESSAGE); 581 return(-1); 582 } 583 outBuf = xmlSecBufferGetData(out) + outSize; 584 585- rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen, 586- xmlSecBufferGetData(in), inSize); 587- if(rv != SECSuccess) { 588+ if(PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { 589 xmlSecError(XMLSEC_ERRORS_HERE, 590 xmlSecErrorsSafeString(cipherName), 591 "PK11_CipherOp", 592@@ -247,27 +483,22 @@ 593 XMLSEC_ERRORS_NO_MESSAGE); 594 return(-1); 595 } 596- xmlSecAssert2((xmlSecSize)outLen == inSize, -1); 597 598- /* set correct output buffer size */ 599- ret = xmlSecBufferSetSize(out, outSize + outLen); 600- if(ret < 0) { 601+ if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { 602 xmlSecError(XMLSEC_ERRORS_HERE, 603 xmlSecErrorsSafeString(cipherName), 604 "xmlSecBufferSetSize", 605- XMLSEC_ERRORS_R_XMLSEC_FAILED, 606- "size=%d", outSize + outLen); 607+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 608+ XMLSEC_ERRORS_NO_MESSAGE); 609 return(-1); 610 } 611 612- /* remove the processed block from input */ 613- ret = xmlSecBufferRemoveHead(in, inSize); 614- if(ret < 0) { 615+ if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { 616 xmlSecError(XMLSEC_ERRORS_HERE, 617 xmlSecErrorsSafeString(cipherName), 618 "xmlSecBufferRemoveHead", 619- XMLSEC_ERRORS_R_XMLSEC_FAILED, 620- "size=%d", inSize); 621+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 622+ XMLSEC_ERRORS_NO_MESSAGE); 623 return(-1); 624 } 625 return(0); 626@@ -281,81 +512,82 @@ 627 const xmlChar* cipherName, 628 xmlSecTransformCtxPtr transformCtx) { 629 xmlSecSize inSize, outSize; 630- int blockLen, outLen = 0; 631+ int blockSize, outLen = 0; 632 xmlSecByte* inBuf; 633 xmlSecByte* outBuf; 634- SECStatus rv; 635- int ret; 636 637 xmlSecAssert2(ctx != NULL, -1); 638- xmlSecAssert2(ctx->cipher != 0, -1); 639+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; 640+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; 641 xmlSecAssert2(ctx->cipherCtx != NULL, -1); 642- xmlSecAssert2(ctx->ctxInitialized != 0, -1); 643+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; 644 xmlSecAssert2(in != NULL, -1); 645 xmlSecAssert2(out != NULL, -1); 646 xmlSecAssert2(transformCtx != NULL, -1); 647 648- blockLen = PK11_GetBlockSize(ctx->cipher, NULL); 649- xmlSecAssert2(blockLen > 0, -1); 650+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { 651+ xmlSecError( XMLSEC_ERRORS_HERE , 652+ xmlSecErrorsSafeString( cipherName ) , 653+ "PK11_GetBlockSize" , 654+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 655+ XMLSEC_ERRORS_NO_MESSAGE ) ; 656+ return -1 ; 657+ } 658 659 inSize = xmlSecBufferGetSize(in); 660 outSize = xmlSecBufferGetSize(out); 661 662+ /******************************************************************/ 663 if(encrypt != 0) { 664- xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1); 665+ xmlSecAssert2( inSize < blockSize, -1 ) ; 666 667 /* create padding */ 668- ret = xmlSecBufferSetMaxSize(in, blockLen); 669- if(ret < 0) { 670+ if( xmlSecBufferSetMaxSize( in , blockSize ) < 0 ) { 671 xmlSecError(XMLSEC_ERRORS_HERE, 672 xmlSecErrorsSafeString(cipherName), 673 "xmlSecBufferSetMaxSize", 674- XMLSEC_ERRORS_R_XMLSEC_FAILED, 675- "size=%d", blockLen); 676+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 677+ XMLSEC_ERRORS_NO_MESSAGE); 678 return(-1); 679 } 680 inBuf = xmlSecBufferGetData(in); 681 682- /* generate random padding */ 683- if((xmlSecSize)blockLen > (inSize + 1)) { 684- rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1); 685- if(rv != SECSuccess) { 686+ /* generate random */ 687+ if( blockSize > ( inSize + 1 ) ) { 688+ if( PK11_GenerateRandom( inBuf + inSize, blockSize - inSize - 1 ) != SECSuccess ) { 689 xmlSecError(XMLSEC_ERRORS_HERE, 690 xmlSecErrorsSafeString(cipherName), 691 "PK11_GenerateRandom", 692 XMLSEC_ERRORS_R_CRYPTO_FAILED, 693- "size=%d", blockLen - inSize - 1); 694+ XMLSEC_ERRORS_NO_MESSAGE); 695 return(-1); 696 } 697 } 698- inBuf[blockLen - 1] = blockLen - inSize; 699- inSize = blockLen; 700+ inBuf[blockSize-1] = blockSize - inSize ; 701+ inSize = blockSize ; 702 } else { 703- if(inSize != (xmlSecSize)blockLen) { 704+ if( inSize != blockSize ) { 705 xmlSecError(XMLSEC_ERRORS_HERE, 706 xmlSecErrorsSafeString(cipherName), 707 NULL, 708- XMLSEC_ERRORS_R_INVALID_DATA, 709- "data=%d;block=%d", inSize, blockLen); 710+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 711+ XMLSEC_ERRORS_NO_MESSAGE); 712 return(-1); 713 } 714 } 715 716- /* process last block */ 717- ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen); 718- if(ret < 0) { 719+ /* process the last block */ 720+ if( xmlSecBufferSetMaxSize( out , outSize + inSize + blockSize ) < 0 ) { 721 xmlSecError(XMLSEC_ERRORS_HERE, 722 xmlSecErrorsSafeString(cipherName), 723 "xmlSecBufferSetMaxSize", 724- XMLSEC_ERRORS_R_XMLSEC_FAILED, 725- "size=%d", outSize + 2 * blockLen); 726+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 727+ XMLSEC_ERRORS_NO_MESSAGE); 728 return(-1); 729 } 730 outBuf = xmlSecBufferGetData(out) + outSize; 731 732- rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen, 733- xmlSecBufferGetData(in), inSize); 734- if(rv != SECSuccess) { 735+ if( PK11_CipherOp( ctx->cipherCtx , outBuf , &outLen , inSize + blockSize , xmlSecBufferGetData( in ) , inSize ) != SECSuccess ) { 736 xmlSecError(XMLSEC_ERRORS_HERE, 737 xmlSecErrorsSafeString(cipherName), 738 "PK11_CipherOp", 739@@ -363,300 +595,169 @@ 740 XMLSEC_ERRORS_NO_MESSAGE); 741 return(-1); 742 } 743- xmlSecAssert2((xmlSecSize)outLen == inSize, -1); 744 745 if(encrypt == 0) { 746 /* check padding */ 747- if(outLen < outBuf[blockLen - 1]) { 748+ if( outLen < outBuf[blockSize-1] ) { 749 xmlSecError(XMLSEC_ERRORS_HERE, 750 xmlSecErrorsSafeString(cipherName), 751 NULL, 752- XMLSEC_ERRORS_R_INVALID_DATA, 753- "padding=%d;buffer=%d", 754- outBuf[blockLen - 1], outLen); 755+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 756+ XMLSEC_ERRORS_NO_MESSAGE); 757 return(-1); 758 } 759- outLen -= outBuf[blockLen - 1]; 760+ outLen -= outBuf[blockSize-1] ; 761 } 762 763- /* set correct output buffer size */ 764- ret = xmlSecBufferSetSize(out, outSize + outLen); 765- if(ret < 0) { 766- xmlSecError(XMLSEC_ERRORS_HERE, 767- xmlSecErrorsSafeString(cipherName), 768- "xmlSecBufferSetSize", 769- XMLSEC_ERRORS_R_XMLSEC_FAILED, 770- "size=%d", outSize + outLen); 771- return(-1); 772- } 773+ /******************************************************************/ 774 775- /* remove the processed block from input */ 776- ret = xmlSecBufferRemoveHead(in, inSize); 777- if(ret < 0) { 778+ /****************************************************************** 779+ if( xmlSecBufferSetMaxSize( out , outSize + blockSize ) < 0 ) { 780 xmlSecError(XMLSEC_ERRORS_HERE, 781 xmlSecErrorsSafeString(cipherName), 782- "xmlSecBufferRemoveHead", 783- XMLSEC_ERRORS_R_XMLSEC_FAILED, 784- "size=%d", inSize); 785- return(-1); 786- } 787- 788- return(0); 789-} 790- 791- 792-/****************************************************************************** 793- * 794- * EVP Block Cipher transforms 795- * 796- * xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure 797- * 798- *****************************************************************************/ 799-#define xmlSecNssBlockCipherSize \ 800- (sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx)) 801-#define xmlSecNssBlockCipherGetCtx(transform) \ 802- ((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) 803- 804-static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform); 805-static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform); 806-static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform, 807- xmlSecKeyReqPtr keyReq); 808-static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform, 809- xmlSecKeyPtr key); 810-static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform, 811- int last, 812- xmlSecTransformCtxPtr transformCtx); 813-static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform); 814- 815- 816- 817-static int 818-xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) { 819-#ifndef XMLSEC_NO_DES 820- if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) { 821- return(1); 822- } 823-#endif /* XMLSEC_NO_DES */ 824- 825-#ifndef XMLSEC_NO_AES 826- if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) || 827- xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) || 828- xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) { 829- 830- return(1); 831- } 832-#endif /* XMLSEC_NO_AES */ 833- 834- return(0); 835-} 836- 837-static int 838-xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) { 839- xmlSecNssBlockCipherCtxPtr ctx; 840- 841- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); 842- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); 843- 844- ctx = xmlSecNssBlockCipherGetCtx(transform); 845- xmlSecAssert2(ctx != NULL, -1); 846- 847- memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); 848- 849-#ifndef XMLSEC_NO_DES 850- if(transform->id == xmlSecNssTransformDes3CbcId) { 851- ctx->cipher = CKM_DES3_CBC; 852- ctx->keyId = xmlSecNssKeyDataDesId; 853- ctx->keySize = 24; 854- } else 855-#endif /* XMLSEC_NO_DES */ 856- 857-#ifndef XMLSEC_NO_AES 858- if(transform->id == xmlSecNssTransformAes128CbcId) { 859- ctx->cipher = CKM_AES_CBC; 860- ctx->keyId = xmlSecNssKeyDataAesId; 861- ctx->keySize = 16; 862- } else if(transform->id == xmlSecNssTransformAes192CbcId) { 863- ctx->cipher = CKM_AES_CBC; 864- ctx->keyId = xmlSecNssKeyDataAesId; 865- ctx->keySize = 24; 866- } else if(transform->id == xmlSecNssTransformAes256CbcId) { 867- ctx->cipher = CKM_AES_CBC; 868- ctx->keyId = xmlSecNssKeyDataAesId; 869- ctx->keySize = 32; 870- } else 871-#endif /* XMLSEC_NO_AES */ 872- 873- if(1) { 874- xmlSecError(XMLSEC_ERRORS_HERE, 875- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), 876- NULL, 877- XMLSEC_ERRORS_R_INVALID_TRANSFORM, 878+ "xmlSecBufferSetMaxSize", 879+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 880 XMLSEC_ERRORS_NO_MESSAGE); 881 return(-1); 882- } 883- 884- return(0); 885-} 886- 887-static void 888-xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) { 889- xmlSecNssBlockCipherCtxPtr ctx; 890- 891- xmlSecAssert(xmlSecNssBlockCipherCheckId(transform)); 892- xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize)); 893- 894- ctx = xmlSecNssBlockCipherGetCtx(transform); 895- xmlSecAssert(ctx != NULL); 896- 897- if(ctx->cipherCtx != NULL) { 898- PK11_DestroyContext(ctx->cipherCtx, PR_TRUE); 899 } 900- 901- memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx)); 902-} 903 904-static int 905-xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { 906- xmlSecNssBlockCipherCtxPtr ctx; 907- 908- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); 909- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); 910- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); 911- xmlSecAssert2(keyReq != NULL, -1); 912- 913- ctx = xmlSecNssBlockCipherGetCtx(transform); 914- xmlSecAssert2(ctx != NULL, -1); 915- xmlSecAssert2(ctx->keyId != NULL, -1); 916+ outBuf = xmlSecBufferGetData( out ) + outSize ; 917+ if( PK11_DigestFinal( ctx->cipherCtx , outBuf , &outLen , blockSize ) != SECSuccess ) { 918+ xmlSecError( XMLSEC_ERRORS_HERE , 919+ xmlSecErrorsSafeString( cipherName ) , 920+ "PK11_DigestFinal" , 921+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 922+ XMLSEC_ERRORS_NO_MESSAGE ) ; 923+ return -1 ; 924+ } 925+ ******************************************************************/ 926+ 927+ if( xmlSecBufferSetSize( out , outSize + outLen ) < 0 ) { 928+ xmlSecError( XMLSEC_ERRORS_HERE , 929+ xmlSecErrorsSafeString( cipherName ) , 930+ "xmlSecBufferSetSize" , 931+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 932+ XMLSEC_ERRORS_NO_MESSAGE ) ; 933+ return -1 ; 934+ } 935+ 936+ if( xmlSecBufferRemoveHead( in , inSize ) < 0 ) { 937+ xmlSecError( XMLSEC_ERRORS_HERE , 938+ xmlSecErrorsSafeString( cipherName ) , 939+ "xmlSecBufferRemoveHead" , 940+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 941+ XMLSEC_ERRORS_NO_MESSAGE ) ; 942+ return -1 ; 943+ } 944+ 945+/* PK11_Finalize( ctx->cipherCtx ) ;*/ 946+ PK11_DestroyContext(ctx->cipherCtx, PR_TRUE); 947+ ctx->cipherCtx = NULL ; 948 949- keyReq->keyId = ctx->keyId; 950- keyReq->keyType = xmlSecKeyDataTypeSymmetric; 951- if(transform->operation == xmlSecTransformOperationEncrypt) { 952- keyReq->keyUsage = xmlSecKeyUsageEncrypt; 953- } else { 954- keyReq->keyUsage = xmlSecKeyUsageDecrypt; 955- } 956- keyReq->keyBitsSize = 8 * ctx->keySize; 957 return(0); 958 } 959 960-static int 961-xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { 962- xmlSecNssBlockCipherCtxPtr ctx; 963- xmlSecBufferPtr buffer; 964+/** 965+ * xmlSecTransformExecuteMethod: 966+ * @transform: the pointer to transform object. 967+ * @last: the flag: if set to 1 then it's the last data chunk. 968+ * @transformCtx: the pointer to transform context object. 969+ * 970+ * Transform specific method to process a chunk of data. 971+ * 972+ * Returns 0 on success or a negative value otherwise. 973+ */ 974+xmlSecNssBlockCipherExecute( 975+ xmlSecTransformPtr transform , 976+ int last , 977+ xmlSecTransformCtxPtr transformCtx 978+) { 979+ xmlSecNssBlockCipherCtxPtr context = NULL ; 980+ xmlSecBufferPtr inBuf = NULL ; 981+ xmlSecBufferPtr outBuf = NULL ; 982+ const xmlChar* cipherName ; 983+ int operation ; 984+ int rtv ; 985 986 xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); 987- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); 988 xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); 989- xmlSecAssert2(key != NULL, -1); 990- 991- ctx = xmlSecNssBlockCipherGetCtx(transform); 992- xmlSecAssert2(ctx != NULL, -1); 993- xmlSecAssert2(ctx->cipher != 0, -1); 994- xmlSecAssert2(ctx->keyInitialized == 0, -1); 995- xmlSecAssert2(ctx->keyId != NULL, -1); 996- xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1); 997- 998- xmlSecAssert2(ctx->keySize > 0, -1); 999- xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1); 1000 1001- buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key)); 1002- xmlSecAssert2(buffer != NULL, -1); 1003+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; 1004+ xmlSecAssert2( transformCtx != NULL , -1 ) ; 1005 1006- if(xmlSecBufferGetSize(buffer) < ctx->keySize) { 1007+ context = xmlSecNssBlockCipherGetCtx( transform ) ; 1008+ if( context == NULL ) { 1009 xmlSecError(XMLSEC_ERRORS_HERE, 1010 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), 1011- NULL, 1012- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, 1013- "keySize=%d;expected=%d", 1014- xmlSecBufferGetSize(buffer), ctx->keySize); 1015- return(-1); 1016+ "xmlSecNssBlockCipherGetCtx" , 1017+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 1018+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1019 } 1020- 1021- xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1); 1022- memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize); 1023- 1024- ctx->keyInitialized = 1; 1025- return(0); 1026-} 1027- 1028-static int 1029-xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { 1030- xmlSecNssBlockCipherCtxPtr ctx; 1031- xmlSecBufferPtr in, out; 1032- int ret; 1033- 1034- xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1); 1035- xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); 1036- xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1); 1037- xmlSecAssert2(transformCtx != NULL, -1); 1038 1039- in = &(transform->inBuf); 1040- out = &(transform->outBuf); 1041- 1042- ctx = xmlSecNssBlockCipherGetCtx(transform); 1043- xmlSecAssert2(ctx != NULL, -1); 1044+ inBuf = &( transform->inBuf ) ; 1045+ outBuf = &( transform->outBuf ) ; 1046 1047 if(transform->status == xmlSecTransformStatusNone) { 1048 transform->status = xmlSecTransformStatusWorking; 1049 } 1050 1051+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; 1052+ cipherName = xmlSecTransformGetName( transform ) ; 1053+ 1054 if(transform->status == xmlSecTransformStatusWorking) { 1055- if(ctx->ctxInitialized == 0) { 1056- ret = xmlSecNssBlockCipherCtxInit(ctx, in, out, 1057- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, 1058- xmlSecTransformGetName(transform), transformCtx); 1059- if(ret < 0) { 1060+ if( context->cipherCtx == NULL ) { 1061+ rtv = xmlSecNssBlockCipherCtxInit( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; 1062+ if( rtv < 0 ) { 1063 xmlSecError(XMLSEC_ERRORS_HERE, 1064 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), 1065 "xmlSecNssBlockCipherCtxInit", 1066- XMLSEC_ERRORS_R_XMLSEC_FAILED, 1067+ XMLSEC_ERRORS_R_INVALID_STATUS, 1068 XMLSEC_ERRORS_NO_MESSAGE); 1069 return(-1); 1070 } 1071 } 1072- if((ctx->ctxInitialized == 0) && (last != 0)) { 1073+ if( context->cipherCtx == NULL && last != 0 ) { 1074 xmlSecError(XMLSEC_ERRORS_HERE, 1075 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), 1076 NULL, 1077- XMLSEC_ERRORS_R_INVALID_DATA, 1078+ XMLSEC_ERRORS_R_INVALID_STATUS, 1079 "not enough data to initialize transform"); 1080 return(-1); 1081 } 1082 1083- if(ctx->ctxInitialized != 0) { 1084- ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out, 1085- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, 1086- xmlSecTransformGetName(transform), transformCtx); 1087- if(ret < 0) { 1088+ if( context->cipherCtx != NULL ) { 1089+ rtv = xmlSecNssBlockCipherCtxUpdate( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; 1090+ if( rtv < 0 ) { 1091 xmlSecError(XMLSEC_ERRORS_HERE, 1092 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), 1093 "xmlSecNssBlockCipherCtxUpdate", 1094- XMLSEC_ERRORS_R_XMLSEC_FAILED, 1095+ XMLSEC_ERRORS_R_INVALID_STATUS, 1096 XMLSEC_ERRORS_NO_MESSAGE); 1097 return(-1); 1098 } 1099 } 1100 1101 if(last) { 1102- ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out, 1103- (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, 1104- xmlSecTransformGetName(transform), transformCtx); 1105- if(ret < 0) { 1106+ rtv = xmlSecNssBlockCipherCtxFinal( context, inBuf , outBuf , operation , cipherName , transformCtx ) ; 1107+ if( rtv < 0 ) { 1108 xmlSecError(XMLSEC_ERRORS_HERE, 1109 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), 1110 "xmlSecNssBlockCipherCtxFinal", 1111- XMLSEC_ERRORS_R_XMLSEC_FAILED, 1112+ XMLSEC_ERRORS_R_INVALID_STATUS, 1113 XMLSEC_ERRORS_NO_MESSAGE); 1114 return(-1); 1115 } 1116 transform->status = xmlSecTransformStatusFinished; 1117 } 1118 } else if(transform->status == xmlSecTransformStatusFinished) { 1119- /* the only way we can get here is if there is no input */ 1120- xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); 1121- } else if(transform->status == xmlSecTransformStatusNone) { 1122- /* the only way we can get here is if there is no enough data in the input */ 1123- xmlSecAssert2(last == 0, -1); 1124+ if( xmlSecBufferGetSize( inBuf ) != 0 ) { 1125+ xmlSecError( XMLSEC_ERRORS_HERE , 1126+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 1127+ NULL , 1128+ XMLSEC_ERRORS_R_INVALID_STATUS , 1129+ "status=%d", transform->status ) ; 1130+ return -1 ; 1131+ } 1132 } else { 1133 xmlSecError(XMLSEC_ERRORS_HERE, 1134 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), 1135