[xmlsec] xmlsec-mscrypto code review (patch #2)

Aleksey Sanin aleksey at aleksey.com
Sun Sep 21 00:35:51 PDT 2003


I am continuing my journey in MS Crypto land and I have the second
patch ready. Together with the first one it covers all the files
in xmlsec-mscrypto but the two X509 cert related files:
    src/mscrypto/msx509.c
    src/mscrypto/x509vfy.c
I guess I would have a lot of fun with these files :)

The patch is checked in the mscrypto branch but as usual I am attaching
it to this message.

Aleksey


Comments:
-----------------------------------------------------------------------
0) I found a strange xmlSecMSError() function in one of the reviewed
files that did not use the xmlsec errors functions and printed out
the error message to stderr instead. I have removed it and instead
created an xmlsec-mscrypto specific errors callback
    xmlSecMSCryptoErrorsDefaultCallback ()
that always adds GetLastError() error code and a system error message
to the printed out message. After that I just removed all other
GetLastError() calls used for errors reporting only.

1) xmlSecMSCryptoCreatePrivateExponentOneKey
This function was copied by Wouter from one MS Knowledge Base article.
Well, I don't know who wrote that article but I hope I would never
use any program this guy have ever touched. If you are interested,
feel free to look at the patch but one of my favorite pieces is this:
   /* get a blob with structures from the system */
   ...

   /* Get the bit length of the key */
   memcpy(&dwBitLen, &keyblob[12], 4);     

No checks for returned blob size (do we have 16 bytes to do memcpy?), no
checks for structures versions (how this code would work tomorrow when
new security patch would change one of the structures?), hard coded "12"
(again, tomorrow something might be different)...

2) Removed mscrypto/hmac.c. There is no HMAC support in MSCrypto so why
we need this file anyway?

3) xmlSecMSCryptoKeysStoreFindKey
I found two copies of the same code one after another:

   pDupCert = CertDuplicateCertificateContext(pCertContext);
   if (pDupCert == NULL) {
       xmlSecError(XMLSEC_ERRORS_HERE,
           NULL,
           "CertDuplicateCertificateContext",
           XMLSEC_ERRORS_R_CRYPTO_FAILED,
           "data=%s",
           xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
       goto done;
   }
   ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, pDupCert);
   if (ret < 0) {
       xmlSecError(XMLSEC_ERRORS_HERE,
           NULL,
           "xmlSecMSCryptoKeyDataX509AdoptKeyCert",
           XMLSEC_ERRORS_R_XMLSEC_FAILED,
           "data=%s",
           xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
       goto done;
   }
   pDupCert = CertDuplicateCertificateContext(pCertContext);
   if (pDupCert == NULL) {
       xmlSecError(XMLSEC_ERRORS_HERE,
           NULL,
           "CertDuplicateCertificateContext",
           XMLSEC_ERRORS_R_CRYPTO_FAILED,
           "data=%s",
           xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
       goto done;
   }
   ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, pDupCert);
   if (ret < 0) {
       xmlSecError(XMLSEC_ERRORS_HERE,
           NULL,
           "xmlSecMSCryptoKeyDataX509AdoptKeyCert",
           XMLSEC_ERRORS_R_XMLSEC_FAILED,
           "data=%s",
           xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
       goto done;
   }

May be I am missing something but I don't understand why this is needed. 
Thus I have
removed one copy.

4) xmlSecMSCryptoKeysStoreFindKey
Do we want to put key in simple keys store if we found it in the 
MSCrypto store?
It does not like ok to me because a server app might run for a long 
time. If some
key was compromised and revoked from MSCrypto store then the cached copy 
in simple
keys store would still be alive.

5) Fixed tmp folder issue reported before when "/tmp" had different meaning
depending on where are you: in Cygwin shell script or in the Windows 
program.

-------------- next part --------------
? win32/tmp
Index: include/xmlsec/mscrypto/certkeys.h
===================================================================
RCS file: /cvs/gnome/xmlsec/include/xmlsec/mscrypto/Attic/certkeys.h,v
retrieving revision 1.1.2.2
diff -u -r1.1.2.2 certkeys.h
--- include/xmlsec/mscrypto/certkeys.h	11 Sep 2003 22:13:08 -0000	1.1.2.2
+++ include/xmlsec/mscrypto/certkeys.h	21 Sep 2003 07:06:16 -0000
@@ -20,25 +20,12 @@
 #include <xmlsec/keys.h>
 #include <xmlsec/transforms.h>
 
-/*XMLSEC_CRYPTO_EXPORT int 		xmlMSCryptoKeyDataAdoptCert	(xmlSecKeyDataPtr data, 
-									 PCCERT_CONTEXT pCert);*/
-/*XMLSEC_CRYPTO_EXPORT PCCERT_CONTEXT 	xmlSecMSCryptoKeyDataGetCert	(xmlSecKeyDataPtr data);*/
 HCRYPTKEY xmlSecMSCryptoKeyDataGetKey					(xmlSecKeyDataPtr data, 
 									 xmlSecKeyDataType type);
 XMLSEC_CRYPTO_EXPORT int 		xmlSecMSCryptoKeyDataDuplicate	(xmlSecKeyDataPtr dst, 
 									 xmlSecKeyDataPtr src);
 XMLSEC_CRYPTO_EXPORT PCCERT_CONTEXT 	xmlSecMSCryptoCertDup		(PCCERT_CONTEXT pCert);
 XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr 	xmlSecMSCryptoCertAdopt		(PCCERT_CONTEXT pCert, xmlSecKeyDataType type);
-
-/* RSA HELPER STUFF */
-//#ifndef XMLSEC_NO_RSA
-//XMLSEC_CRYPTO_EXPORT int 		xmlSecMSCryptoKeyDataRsaAdoptRsa(xmlSecKeyDataPtr data, 
-//									 BLOB keyBlob);
-//XMLSEC_CRYPTO_EXPORT int 		xmlSecMSCryptoKeyDataRsaAdoptCert(xmlSecKeyDataPtr data, 
-//									 PCCERT_CONTEXT pCert);
-//XMLSEC_CRYPTO_EXPORT PCCERT_CONTEXT 	xmlSecMSCryptoKeyDataRsaGetCert	(xmlSecKeyDataPtr data);
-//
-//#endif /* XMLSEC_NO_RSA */
 
 #ifdef __cplusplus
 }
Index: include/xmlsec/mscrypto/crypto.h
===================================================================
RCS file: /cvs/gnome/xmlsec/include/xmlsec/mscrypto/Attic/crypto.h,v
retrieving revision 1.1.2.3
diff -u -r1.1.2.3 crypto.h
--- include/xmlsec/mscrypto/crypto.h	11 Sep 2003 22:13:08 -0000	1.1.2.3
+++ include/xmlsec/mscrypto/crypto.h	21 Sep 2003 07:06:16 -0000
@@ -32,6 +32,15 @@
 XMLSEC_CRYPTO_EXPORT int		xmlSecMSCryptoKeysMngrInit	(xmlSecKeysMngrPtr mngr);
 XMLSEC_CRYPTO_EXPORT int		xmlSecMSCryptoGenerateRandom	(xmlSecBufferPtr buffer,
 									 size_t size);
+
+XMLSEC_CRYPTO_EXPORT void		xmlSecMSCryptoErrorsDefaultCallback(const char* file, 
+									int line, 
+									const char* func,
+									const char* errorObject, 
+									const char* errorSubject,
+									int reason, 
+									const char* msg);
+
 /********************************************************************
  *
  * HMAC transforms
Index: src/mscrypto/app.c
===================================================================
RCS file: /cvs/gnome/xmlsec/src/mscrypto/Attic/app.c,v
retrieving revision 1.1.2.5
diff -u -r1.1.2.5 app.c
--- src/mscrypto/app.c	20 Sep 2003 07:57:20 -0000	1.1.2.5
+++ src/mscrypto/app.c	21 Sep 2003 07:06:17 -0000
@@ -241,7 +241,7 @@
 		    NULL,
 		    "MultiByteToWideChar",
 		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-		    "GetLastError=%d", GetLastError());
+		    XMLSEC_ERRORS_NO_MESSAGE);
 	goto done;
     }
 
@@ -261,7 +261,7 @@
 		    NULL,
 		    "MultiByteToWideChar",
 		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-		    "GetLastError=%d", GetLastError());
+		    XMLSEC_ERRORS_NO_MESSAGE);
 	goto done;
     }
 
@@ -280,7 +280,7 @@
 		    NULL,
 		    "PFXImportCertStore",
 		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-		    "GetLastError=%d", GetLastError());
+		    XMLSEC_ERRORS_NO_MESSAGE);
 	goto done;
     }
     
@@ -317,9 +317,8 @@
 			    NULL,
 			    "CertDuplicateCertificateContext",
 			    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			    "data=%s;GetLastError=%d",
-			    xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)), 
-			    GetLastError());
+			    "data=%s",
+			    xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
 		goto done;
 	    }
 
@@ -342,9 +341,8 @@
 			NULL,
 			"CertDuplicateCertificateContext",
 			XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			"data=%s;GetLastError=%d",
-			xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)), 
-			GetLastError());
+			"data=%s",
+			xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
 	    goto done;	
 	}
 
@@ -527,7 +525,7 @@
 			    NULL,
 			    "CertCreateCertificateContext",
 			    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-	    		    "error code=%d", GetLastError());
+	    		    XMLSEC_ERRORS_NO_MESSAGE);
 		xmlSecBufferFinalize(&buffer);
 		return (NULL);
 	    }
Index: src/mscrypto/certkeys.c
===================================================================
RCS file: /cvs/gnome/xmlsec/src/mscrypto/Attic/certkeys.c,v
retrieving revision 1.1.2.5
diff -u -r1.1.2.5 certkeys.c
--- src/mscrypto/certkeys.c	20 Sep 2003 07:57:21 -0000	1.1.2.5
+++ src/mscrypto/certkeys.c	21 Sep 2003 07:06:18 -0000
@@ -123,7 +123,7 @@
 			NULL,
 			"CryptAcquireCertificatePrivateKey",
 			XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			"GetLastError=%d", GetLastError());
+			XMLSEC_ERRORS_NO_MESSAGE);
 	    return(-1);
 	}
     } else if((type & xmlSecKeyDataTypePublic) != 0){
@@ -136,7 +136,7 @@
 			NULL,
 			"CryptAcquireContext",
 			XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			"GetLastError=%d", GetLastError());
+			XMLSEC_ERRORS_NO_MESSAGE);
 	    return(-1);
 	}
 	ctx->dwKeySpec = 0;
@@ -165,7 +165,7 @@
 			NULL,
 			"CryptImportPublicKeyInfo",
 			XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			"GetLastError=%d", GetLastError());
+			XMLSEC_ERRORS_NO_MESSAGE);
 	    return(-1);
     }
     ctx->pCert = pCert;
@@ -362,7 +362,7 @@
 			NULL,
 			"CertDuplicateCertificateContext",
 			XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			"GetLastError=%d", GetLastError());
+			XMLSEC_ERRORS_NO_MESSAGE);
 	    return(0);
 	}
 	return(length);
@@ -453,7 +453,7 @@
 		return(NULL);	    
 	}
     }
-#endif *//* XMLSEC_NO_DSA */	
+#endif /* XMLSEC_NO_DSA */	
 
     if (NULL == data) {
     	xmlSecError(XMLSEC_ERRORS_HERE,
@@ -632,8 +632,8 @@
     				xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {				    
     xmlSecBuffer modulus, exponent, blob;
     unsigned int blobBufferLen;
-    BLOBHEADER* header = NULL;
-    RSAPUBKEY* pubkey = NULL;
+    PUBLICKEYSTRUC* pubKeyStruc = NULL;
+    RSAPUBKEY* pubKey = NULL;
     xmlSecByte* modulusBlob = NULL;
     xmlSecKeyDataPtr data = NULL;
     HCRYPTPROV hProv = 0;
@@ -754,7 +754,7 @@
     }
 
     /* Now try to create the key */
-    blobBufferLen = sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) + xmlSecBufferGetSize(&modulus);
+    blobBufferLen = sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY) + xmlSecBufferGetSize(&modulus);
     ret = xmlSecBufferSetSize(&blob, blobBufferLen);
     if(ret < 0) {
 	xmlSecError(XMLSEC_ERRORS_HERE,
@@ -765,19 +765,19 @@
 	goto done;
     }
 
-    /* Set the blob header */
-    header = (BLOBHEADER *)xmlSecBufferGetData(&blob);
-    header->bType	= PUBLICKEYBLOB;
-    header->bVersion	= 0x02;
-    header->reserved	= 0;
-    header->aiKeyAlg	= CALG_RSA_KEYX | CALG_RSA_SIGN;
+    /* Set the PUBLICKEYSTRUC */
+    pubKeyStruc = (PUBLICKEYSTRUC *)xmlSecBufferGetData(&blob);
+    pubKeyStruc->bType	    = PUBLICKEYBLOB;
+    pubKeyStruc->bVersion   = 0x02;
+    pubKeyStruc->reserved   = 0;
+    pubKeyStruc->aiKeyAlg   = CALG_RSA_KEYX | CALG_RSA_SIGN;
 
     /* Set the public key header */
-    pubkey = (RSAPUBKEY*) (xmlSecBufferGetData(&blob) + sizeof(BLOBHEADER));
-    pubkey->magic	= 0x31415352;	/* == RSA1 public */
-    pubkey->bitlen	= xmlSecBufferGetSize(&modulus) * 8;	/* Number of bits in prime modulus */
-    pubkey->pubexp	= 0;
-    if(sizeof(pubkey->pubexp) < xmlSecBufferGetSize(&exponent)) {
+    pubKey = (RSAPUBKEY*) (xmlSecBufferGetData(&blob) + sizeof(PUBLICKEYSTRUC));
+    pubKey->magic	    = 0x31415352;	/* == RSA1 public */
+    pubKey->bitlen	    = xmlSecBufferGetSize(&modulus) * 8;	/* Number of bits in prime modulus */
+    pubKey->pubexp	    = 0;
+    if(sizeof(pubKey->pubexp) < xmlSecBufferGetSize(&exponent)) {
 	xmlSecError(XMLSEC_ERRORS_HERE,
 		    NULL,
 		    NULL,
@@ -786,9 +786,9 @@
 		    xmlSecBufferGetSize(&exponent));
 	goto done;
     }
-    memcpy(&(pubkey->pubexp), xmlSecBufferGetData(&exponent), xmlSecBufferGetSize(&exponent));
+    memcpy(&(pubKey->pubexp), xmlSecBufferGetData(&exponent), xmlSecBufferGetSize(&exponent));
 
-    modulusBlob = (xmlSecByte*) (xmlSecBufferGetData(&blob) + sizeof(BLOBHEADER) + sizeof(RSAPUBKEY));
+    modulusBlob = (xmlSecByte*) (xmlSecBufferGetData(&blob) + sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY));
     memcpy(modulusBlob, xmlSecBufferGetData(&modulus), xmlSecBufferGetSize(&modulus));
 
     /* Now that we have the blob, import */
@@ -799,7 +799,7 @@
 			    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
 			    "CryptAcquireContext",
 			    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			    "GetLastError=%d", GetLastError());
+			    XMLSEC_ERRORS_NO_MESSAGE);
 		goto done;
 	    }
 	} else {
@@ -882,7 +882,8 @@
     xmlSecBuffer buf;
     DWORD dwBlobLen;
     xmlSecByte* blob;
-    RSAPUBKEY *pubkey;
+    PUBLICKEYSTRUC* pubKeyStruc;
+    RSAPUBKEY *pubKey;
     xmlSecSize modulusLen, exponentLen;
     xmlNodePtr cur;
     int ret;
@@ -926,7 +927,7 @@
 	xmlSecBufferFinalize(&buf);
 	return(-1);
     }
-    if (dwBlobLen < sizeof(BLOBHEADER)) {
+    if (dwBlobLen < sizeof(PUBLICKEYSTRUC)) {
 	xmlSecError(XMLSEC_ERRORS_HERE,
 		    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
 		    NULL,
@@ -935,13 +936,42 @@
 	xmlSecBufferFinalize(&buf);
 	return(-1);
     }
-    /* todo: check BLOBHEADER */
 
-    pubkey	    = (RSAPUBKEY *)(blob + sizeof(BLOBHEADER));
-    /* todo: check RSAPUBKEY */
-    modulusLen	    = pubkey->bitlen / 8;
+    /* check PUBLICKEYSTRUC */
+    pubKeyStruc = (PUBLICKEYSTRUC*)blob;
+    if(pubKeyStruc->bVersion != 0x02) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptExportKey",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    "pubKeyStruc->bVersion=%d", pubKeyStruc->bVersion);
+	xmlSecBufferFinalize(&buf);
+	return(-1);
+    }
+    if(pubKeyStruc->bType != PUBLICKEYBLOB) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptExportKey",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    "pubKeyStruc->bType=%d", (int)pubKeyStruc->bType);
+	xmlSecBufferFinalize(&buf);
+	return(-1);
+    }
+
+    /* check RSAPUBKEY */
+    pubKey	    = (RSAPUBKEY *)(blob + sizeof(PUBLICKEYSTRUC));
+    if(pubKey->magic != 0x31415352) { /* RSA public key magic */
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptExportKey",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    "pubKey->magic=0x%08x", pubKey->magic);
+	xmlSecBufferFinalize(&buf);
+	return(-1);
+    }
+    modulusLen	    = pubKey->bitlen / 8;
 
-    if (dwBlobLen < sizeof(BLOBHEADER) + sizeof(RSAPUBKEY) + modulusLen) {
+    if (dwBlobLen < sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY) + modulusLen) {
 	xmlSecError(XMLSEC_ERRORS_HERE,
 		    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
 		    NULL,
@@ -950,7 +980,7 @@
 	xmlSecBufferFinalize(&buf);
 	return(-1);
     }
-    blob	    += sizeof(BLOBHEADER) + sizeof(RSAPUBKEY);
+    blob	    += sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY);
 
     /* first is Modulus node */
     cur = xmlSecAddChild(node, xmlSecNodeRSAModulus, xmlSecDSigNs);
@@ -991,8 +1021,8 @@
     }
 
     /* Remove leading zero's (from least significant end) */
-    blob	= (xmlSecByte*)(&(pubkey->pubexp));
-    exponentLen = sizeof(pubkey->pubexp);
+    blob	= (xmlSecByte*)(&(pubKey->pubexp));
+    exponentLen = sizeof(pubKey->pubexp);
     while (exponentLen > 0 && blob[exponentLen - 1] == 0) {
 	exponentLen--;
     }
@@ -1041,7 +1071,7 @@
 			    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
 			    "CryptAcquireContext",
 			    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			    "GetLastError=%d", GetLastError());
+			    XMLSEC_ERRORS_NO_MESSAGE);
         
 	    	return(-1);
 	    }
@@ -1050,7 +1080,7 @@
 			    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
 			    "CryptAcquireContext",
 			    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			    "GetLastError=%d", GetLastError());
+			    XMLSEC_ERRORS_NO_MESSAGE);
                 
 	    return(-1);
 	}
@@ -1063,7 +1093,7 @@
 		    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
 		    "CryptGenKey",
 		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-		    "GetLastError=%d", GetLastError());
+		    XMLSEC_ERRORS_NO_MESSAGE);
 	goto done;
     }
 
@@ -1316,8 +1346,8 @@
     xmlNodePtr cur;
     xmlSecBuffer p, q, g, y, blob;
     unsigned int blobBufferLen;
-    BLOBHEADER *header = NULL;
-    DSSPUBKEY *pubkey = NULL;
+    PUBLICKEYSTRUC *pubKeyStruc = NULL;
+    DSSPUBKEY *pubKey = NULL;
     DSSSEED* seed = NULL;
     BYTE *buf = NULL;
     HCRYPTPROV hProv = 0;
@@ -1514,7 +1544,7 @@
     }
 
     /* we assume that sizeof(q) < 0x14, sizeof(g) <= sizeof(p) and sizeof(y) <= sizeof(p) */
-    blobBufferLen = sizeof(BLOBHEADER) + sizeof(DSSPUBKEY) + 3 * xmlSecBufferGetSize(&p) + 0x14 + sizeof(DSSSEED);
+    blobBufferLen = sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY) + 3 * xmlSecBufferGetSize(&p) + 0x14 + sizeof(DSSSEED);
     ret = xmlSecBufferSetSize(&blob, blobBufferLen);
     if(ret < 0) {
 	xmlSecError(XMLSEC_ERRORS_HERE,
@@ -1525,20 +1555,20 @@
 	goto done;
     }
 
-    /* Set blob header */
-    header		= (BLOBHEADER *)xmlSecBufferGetData(&blob);
-    header->bType	= PUBLICKEYBLOB;
-    header->bVersion	= 0x02;
-    header->reserved	= 0;
-    header->aiKeyAlg	= CALG_DSS_SIGN;
+    /* Set PUBLICKEYSTRUC  */
+    pubKeyStruc		    = (PUBLICKEYSTRUC *)xmlSecBufferGetData(&blob);
+    pubKeyStruc->bType	    = PUBLICKEYBLOB;
+    pubKeyStruc->bVersion   = 0x02;
+    pubKeyStruc->reserved   = 0;
+    pubKeyStruc->aiKeyAlg   = CALG_DSS_SIGN;
 
     /* Set the public key header */
-    pubkey		= (DSSPUBKEY *) (xmlSecBufferGetData(&blob) + sizeof(BLOBHEADER));
-    pubkey->magic	= 0x31535344;	/* == DSS1 pub key */
-    pubkey->bitlen	= xmlSecBufferGetSize(&p) * 8; /* Number of bits in prime modulus */
+    pubKey		    = (DSSPUBKEY *) (xmlSecBufferGetData(&blob) + sizeof(PUBLICKEYSTRUC));
+    pubKey->magic	    = 0x31535344;	/* == DSS1 pub key */
+    pubKey->bitlen	    = xmlSecBufferGetSize(&p) * 8; /* Number of bits in prime modulus */
 
     /* copy the key data */
-    buf			= (BYTE*) (xmlSecBufferGetData(&blob) + sizeof(BLOBHEADER) + sizeof(DSSPUBKEY));
+    buf			    = (BYTE*) (xmlSecBufferGetData(&blob) + sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY));
     
     /* set p */
     memcpy(buf, xmlSecBufferGetData(&p), xmlSecBufferGetSize(&p));
@@ -1609,7 +1639,7 @@
 			    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
 			    "CryptAcquireContext",
 			    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			    "GetLastError=%d", GetLastError());
+			    XMLSEC_ERRORS_NO_MESSAGE);
 		goto done;
 	    }
 	} else {
@@ -1617,7 +1647,7 @@
 			xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
 			"CryptAcquireContext",
 			XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			"GetLastError=%d", GetLastError());
+			XMLSEC_ERRORS_NO_MESSAGE);
 	    goto done;
 	}
     }
@@ -1695,7 +1725,8 @@
     xmlSecBuffer buf;
     DWORD dwBlobLen;
     xmlSecByte* blob;
-    DSSPUBKEY *pubkey;
+    PUBLICKEYSTRUC* pubKeyStruc;
+    DSSPUBKEY *pubKey;
     xmlSecSize keyLen, len;
     xmlNodePtr cur;
     int ret;
@@ -1740,7 +1771,7 @@
 	xmlSecBufferFinalize(&buf);
 	return(-1);
     }
-    if (dwBlobLen < sizeof(BLOBHEADER)) {
+    if (dwBlobLen < sizeof(PUBLICKEYSTRUC)) {
 	xmlSecError(XMLSEC_ERRORS_HERE,
 		    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
 		    NULL,
@@ -1749,13 +1780,43 @@
 	xmlSecBufferFinalize(&buf);
 	return(-1);
     }
-    /* todo: check BLOBHEADER */
 
-    pubkey	    = (DSSPUBKEY*)(blob + sizeof(BLOBHEADER));
-    keyLen	    = pubkey->bitlen / 8;
+    /* check PUBLICKEYSTRUC */
+    pubKeyStruc	    = (PUBLICKEYSTRUC*)blob;
+    if(pubKeyStruc->bVersion != 0x02) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptExportKey",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    "pubKeyStruc->bVersion=%d", pubKeyStruc->bVersion);
+	xmlSecBufferFinalize(&buf);
+	return(-1);
+    }
+    if(pubKeyStruc->bType != PUBLICKEYBLOB) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptExportKey",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    "pubKeyStruc->bType=%d", (int)pubKeyStruc->bType);
+	xmlSecBufferFinalize(&buf);
+	return(-1);
+    }
+
+    /* check DSSPUBKEY */
+    pubKey	    = (DSSPUBKEY*)(blob + sizeof(PUBLICKEYSTRUC));
+    if(pubKey->magic != 0x31535344) { /* DSS key magic */
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptExportKey",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    "pubKey->magic=0x%08x", pubKey->magic);
+	xmlSecBufferFinalize(&buf);
+	return(-1);
+    }
+    keyLen	    = pubKey->bitlen / 8;
 
     /* we assume that sizeof(q) < 0x14, sizeof(g) <= sizeof(p) and sizeof(y) <= sizeof(p) */
-    if (dwBlobLen < sizeof(BLOBHEADER) + sizeof(DSSPUBKEY) + 3 * keyLen + 0x14 + sizeof(DSSSEED)) {
+    if (dwBlobLen < sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY) + 3 * keyLen + 0x14 + sizeof(DSSSEED)) {
 	xmlSecError(XMLSEC_ERRORS_HERE,
 		    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
 		    NULL,
@@ -1764,7 +1825,7 @@
 	xmlSecBufferFinalize(&buf);
 	return(-1);
     }
-    blob	    += sizeof(BLOBHEADER) + sizeof(DSSPUBKEY);
+    blob	    += sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY);
 
     /* first is P node */
     cur = xmlSecAddChild(node, xmlSecNodeDSAP, xmlSecDSigNs);
@@ -1909,7 +1970,7 @@
 			    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
 			    "CryptAcquireContext",
 			    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			    "GetLastError=%d", GetLastError());
+			    XMLSEC_ERRORS_NO_MESSAGE);
 		return(-1);
 	    }
 	} else {
@@ -1917,7 +1978,7 @@
 			xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
 			"CryptAcquireContext",
 			XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			"GetLastError=%d", GetLastError());
+			XMLSEC_ERRORS_NO_MESSAGE);
 	    return(-1);
 	}
     }
@@ -1929,7 +1990,7 @@
 		    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
 		    "CryptGenKey",
 		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-		    "GetLastError=%d", GetLastError());
+		    XMLSEC_ERRORS_NO_MESSAGE);
 	goto done;
     }
 
Index: src/mscrypto/ciphers.c
===================================================================
RCS file: /cvs/gnome/xmlsec/src/mscrypto/Attic/ciphers.c,v
retrieving revision 1.1.2.4
diff -u -r1.1.2.4 ciphers.c
--- src/mscrypto/ciphers.c	14 Sep 2003 21:36:39 -0000	1.1.2.4
+++ src/mscrypto/ciphers.c	21 Sep 2003 07:06:18 -0000
@@ -20,10 +20,18 @@
 
 #include <xmlsec/mscrypto/crypto.h>
 
-static BOOL xmlSecMSCryptoCreatePrivateExponentOneKey(HCRYPTPROV hProv, HCRYPTKEY *hPrivateKey);
-static BOOL xmlSecMSCryptoImportPlainSessionBlob(HCRYPTPROV hProv, HCRYPTKEY hPrivateKey,
-						 ALG_ID dwAlgId, LPBYTE pbKeyMaterial,
-						 DWORD dwKeyMaterial, HCRYPTKEY *hSessionKey);
+#ifndef MS_ENH_RSA_AES_PROV_PROTO
+#define MS_ENH_RSA_AES_PROV_PROTO "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)"
+#endif /* MS_ENH_RSA_AES_PROV_PROTO */
+
+static BOOL xmlSecMSCryptoCreatePrivateExponentOneKey	(HCRYPTPROV hProv, 
+							 HCRYPTKEY *hPrivateKey);
+static BOOL xmlSecMSCryptoImportPlainSessionBlob	(HCRYPTPROV hProv, 
+							 HCRYPTKEY hPrivateKey,
+							 ALG_ID dwAlgId, 
+							 LPBYTE pbKeyMaterial,
+							 DWORD dwKeyMaterial, 
+							 HCRYPTKEY *hSessionKey);
 
 /**************************************************************************
  *
@@ -53,27 +61,6 @@
 							 const xmlChar* cipherName,
 							 xmlSecTransformCtxPtr transformCtx);
 
-/* function implementations */
-static int 
-xmlSecMSError(DWORD errorCode) {
-	CHAR szBuf[500]; 
-	LPVOID lpMsgBuf;
-	FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | 
-		      FORMAT_MESSAGE_FROM_SYSTEM | 
-		      FORMAT_MESSAGE_IGNORE_INSERTS,
-		      NULL,
-		      errorCode,
-		      MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
-		      (LPTSTR) &lpMsgBuf,
-		      0,
-		      NULL);
-			
-	sprintf(szBuf, "CryptEncrypt failed: GetLastError returned: %s\n", lpMsgBuf);
-	printf("crypto error: %s\n", szBuf);
-	
-	LocalFree(lpMsgBuf);
-	return(-1);	
-}
 
 static int 
 xmlSecMSCryptoBlockCipherCtxInit(xmlSecMSCryptoBlockCipherCtxPtr ctx,
@@ -95,12 +82,17 @@
 
     /* iv len == block len */
     dwBlockLenLen = sizeof(DWORD);
-    if (!CryptGetKeyParam(ctx->cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0))
-	return xmlSecMSError(GetLastError());
-	
+    if (!CryptGetKeyParam(ctx->cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    xmlSecErrorsSafeString(cipherName),
+		    "CryptGetKeyParam",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	return(-1);
+    }
+    
     blockLen = dwBlockLen / 8;
     xmlSecAssert2(blockLen > 0, -1);
-    
     if(encrypt) {
 	unsigned char* iv;
 	size_t outSize;
@@ -119,9 +111,23 @@
 	iv = xmlSecBufferGetData(out) + outSize;
 
 	/* generate and use random iv */
-	if (!CryptGenRandom(ctx->cryptProvider, blockLen, iv) ||
-	    !CryptSetKeyParam(ctx->cryptKey, KP_IV, iv, 0))
-	    return xmlSecMSError(GetLastError());
+	if(!CryptGenRandom(ctx->cryptProvider, blockLen, iv)) {
+	    xmlSecError(XMLSEC_ERRORS_HERE, 
+			xmlSecErrorsSafeString(cipherName),
+		        "CryptGenRandom",
+			XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		        "len=%d", blockLen);
+	    return(-1);
+	}
+	    
+	if(!CryptSetKeyParam(ctx->cryptKey, KP_IV, iv, 0)) {
+	    xmlSecError(XMLSEC_ERRORS_HERE, 
+			xmlSecErrorsSafeString(cipherName),
+			"CryptSetKeyParam",
+			XMLSEC_ERRORS_R_CRYPTO_FAILED,
+			XMLSEC_ERRORS_NO_MESSAGE);
+	    return(-1);
+	}
     } else {
 	/* if we don't have enough data, exit and hope that 
 	* we'll have iv next time */
@@ -131,8 +137,14 @@
 	xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
 
 	/* set iv */
-	if (!CryptSetKeyParam(ctx->cryptKey, KP_IV, xmlSecBufferGetData(in), 0))
-	    return xmlSecMSError(GetLastError());
+	if (!CryptSetKeyParam(ctx->cryptKey, KP_IV, xmlSecBufferGetData(in), 0)) {
+	    xmlSecError(XMLSEC_ERRORS_HERE, 
+			xmlSecErrorsSafeString(cipherName),
+			"CryptSetKeyParam",
+			XMLSEC_ERRORS_R_CRYPTO_FAILED,
+			XMLSEC_ERRORS_NO_MESSAGE);
+	    return(-1);
+	}
 
 	/* and remove from input */
 	ret = xmlSecBufferRemoveHead(in, blockLen);
@@ -171,8 +183,14 @@
     xmlSecAssert2(transformCtx != NULL, -1);
 	
     dwBlockLenLen = sizeof(DWORD);
-    if (!CryptGetKeyParam(ctx->cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0))
-	return xmlSecMSError(GetLastError());
+    if (!CryptGetKeyParam(ctx->cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    xmlSecErrorsSafeString(cipherName),
+		    "CryptSetKeyParam",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	return(-1);
+    }
     blockLen = dwBlockLen / 8;
     xmlSecAssert2(blockLen > 0, -1);
 
@@ -204,16 +222,28 @@
     }
     outBuf = xmlSecBufferGetData(out) + outSize;
     inBuf = xmlSecBufferGetData(in);
+    xmlSecAssert2(inBuf != NULL, -1);
 
     memcpy(outBuf, inBuf, inSize);
-
     dwCLen = inSize;
     if(encrypt) {
-	if(!CryptEncrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen, inSize + blockLen))
-	    return xmlSecMSError(GetLastError());
+	if(!CryptEncrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen, inSize + blockLen)) {
+	    xmlSecError(XMLSEC_ERRORS_HERE, 
+			xmlSecErrorsSafeString(cipherName),
+			"CryptEncrypt",
+			XMLSEC_ERRORS_R_CRYPTO_FAILED,
+			XMLSEC_ERRORS_NO_MESSAGE);
+	    return(-1);
+	}
     } else {
-	if (!CryptDecrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen))
-	    return xmlSecMSError(GetLastError());
+	if (!CryptDecrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen)) {
+	    xmlSecError(XMLSEC_ERRORS_HERE, 
+			xmlSecErrorsSafeString(cipherName),
+			"CryptSetKeyDecrypt",
+			XMLSEC_ERRORS_R_CRYPTO_FAILED,
+			XMLSEC_ERRORS_NO_MESSAGE);
+	    return(-1);
+	}
     }
     /* Check if we really have de/encrypted the numbers of bytes that we requested */
     if (dwCLen != inSize) {
@@ -264,16 +294,20 @@
     DWORD dwBlockLen, dwBlockLenLen, dwCLen;
     
     xmlSecAssert2(ctx != NULL, -1);
-    //xmlSecAssert2(ctx->cipher != 0, -1);
-    //xmlSecAssert2(ctx->cipherCtx != NULL, -1);
     xmlSecAssert2(ctx->ctxInitialized != 0, -1);
     xmlSecAssert2(in != NULL, -1);
     xmlSecAssert2(out != NULL, -1);
     xmlSecAssert2(transformCtx != NULL, -1);
 
     dwBlockLenLen = sizeof(DWORD);
-    if (!CryptGetKeyParam(ctx->cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0))
-	return xmlSecMSError(GetLastError());
+    if (!CryptGetKeyParam(ctx->cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    xmlSecErrorsSafeString(cipherName),
+		    "CryptGetKeyParam",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	return(-1);
+    }
     blockLen = dwBlockLen / 8;
     xmlSecAssert2(blockLen > 0, -1);
 
@@ -297,8 +331,14 @@
 
 	/* create random padding */
 	if((size_t)blockLen > (inSize + 1)) {
-	    if (!CryptGenRandom(ctx->cryptProvider, blockLen - inSize - 1, inBuf + inSize))
-		return xmlSecMSError(GetLastError());
+	    if (!CryptGenRandom(ctx->cryptProvider, blockLen - inSize - 1, inBuf + inSize)) {
+		xmlSecError(XMLSEC_ERRORS_HERE, 
+			    xmlSecErrorsSafeString(cipherName),
+			    "CryptGenRandom",
+			    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+			    XMLSEC_ERRORS_NO_MESSAGE);
+		return(-1);
+	    }
 	}
 	inBuf[blockLen - 1] = blockLen - inSize;
 	inSize = blockLen;
@@ -331,11 +371,23 @@
     if(encrypt) {
 	/* Set process last block to false, since we handle padding ourselves, and MSCrypto padding 
 	 * can be skipped. I hope this will work .... */
-	if(!CryptEncrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen, inSize + blockLen))
-	    return xmlSecMSError(GetLastError());
+	if(!CryptEncrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen, inSize + blockLen)) {
+	    xmlSecError(XMLSEC_ERRORS_HERE, 
+			xmlSecErrorsSafeString(cipherName),
+			"CryptEncrypt",
+			XMLSEC_ERRORS_R_CRYPTO_FAILED,
+			XMLSEC_ERRORS_NO_MESSAGE);
+	    return(-1);
+	}
     } else {
-	if (!CryptDecrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen))
-	    return xmlSecMSError(GetLastError());
+	if (!CryptDecrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen)) {
+	    xmlSecError(XMLSEC_ERRORS_HERE, 
+			xmlSecErrorsSafeString(cipherName),
+			"CryptDecrypt",
+			XMLSEC_ERRORS_R_CRYPTO_FAILED,
+			XMLSEC_ERRORS_NO_MESSAGE);
+	    return(-1);
+	}
     }
 
     /* Check if we really have de/encrypted the numbers of bytes that we requested */
@@ -446,59 +498,56 @@
 
 #ifndef XMLSEC_NO_DES
     if(transform->id == xmlSecMSCryptoTransformDes3CbcId) {
-	ctx->algorithmIdentifier = CALG_3DES;
-	ctx->keyId 	= xmlSecMSCryptoKeyDataDesId;
-	ctx->providerName = MS_ENHANCED_PROV;
-	ctx->providerType = PROV_RSA_FULL;
-	ctx->keySize = 24;
+	ctx->algorithmIdentifier    = CALG_3DES;
+	ctx->keyId 		    = xmlSecMSCryptoKeyDataDesId;
+	ctx->providerName	    = MS_ENHANCED_PROV;
+	ctx->providerType	    = PROV_RSA_FULL;
+	ctx->keySize		    = 24;
     } else 
 #endif /* XMLSEC_NO_DES */
+
 #ifndef XMLSEC_NO_AES
-	if(transform->id == xmlSecMSCryptoTransformAes128CbcId) {
-	    ctx->algorithmIdentifier = CALG_AES_128;
-	    ctx->keyId 	= xmlSecMSCryptoKeyDataAesId;
-	    /*ctx->providerName = MS_ENH_RSA_AES_PROV;*/
-	    ctx->providerName = "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)";
-	    ctx->providerType = PROV_RSA_AES;
-	    ctx->keySize = 16;
-	} else if(transform->id == xmlSecMSCryptoTransformAes192CbcId) {
-	    ctx->algorithmIdentifier = CALG_AES_192;
-	    ctx->keyId 	= xmlSecMSCryptoKeyDataAesId;
-	    /*ctx->providerName = MS_ENH_RSA_AES_PROV;*/
-	    ctx->providerName = "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)";
-	    ctx->providerType = PROV_RSA_AES;
-	    ctx->keySize = 24;
-	} else if(transform->id == xmlSecMSCryptoTransformAes256CbcId) {
-	    ctx->algorithmIdentifier = CALG_AES_256;
-	    ctx->keyId 	= xmlSecMSCryptoKeyDataAesId;
-	    /*ctx->providerName = MS_ENH_RSA_AES_PROV;*/
-	    ctx->providerName = "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)";
-	    ctx->providerType = PROV_RSA_AES;
-	    ctx->keySize = 32;
-	} else 
+    if(transform->id == xmlSecMSCryptoTransformAes128CbcId) {
+	ctx->algorithmIdentifier    = CALG_AES_128;
+	ctx->keyId 		    = xmlSecMSCryptoKeyDataAesId;
+	ctx->providerName	    = MS_ENH_RSA_AES_PROV_PROTO;
+	ctx->providerType	    = PROV_RSA_AES;
+	ctx->keySize		    = 16;
+    } else if(transform->id == xmlSecMSCryptoTransformAes192CbcId) {
+	ctx->algorithmIdentifier    = CALG_AES_192;
+	ctx->keyId 		    = xmlSecMSCryptoKeyDataAesId;
+	ctx->providerName	    = MS_ENH_RSA_AES_PROV_PROTO;
+	ctx->providerType	    = PROV_RSA_AES;
+	ctx->keySize		    = 24;
+    } else if(transform->id == xmlSecMSCryptoTransformAes256CbcId) {
+	ctx->algorithmIdentifier    = CALG_AES_256;
+	ctx->keyId 		    = xmlSecMSCryptoKeyDataAesId;
+	ctx->providerName	    = MS_ENH_RSA_AES_PROV_PROTO;
+	ctx->providerType	    = PROV_RSA_AES;
+	ctx->keySize		    = 32;
+    } else 
 #endif /* XMLSEC_NO_AES */
-	    if(1) {
-		xmlSecError(XMLSEC_ERRORS_HERE, 
-		    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-		    NULL,
-		    XMLSEC_ERRORS_R_INVALID_TRANSFORM,
-		    XMLSEC_ERRORS_NO_MESSAGE);
-		return(-1);
-	    }        
-	
 
-    if (!CryptAcquireContext(&ctx->cryptProvider, NULL /*"xmlSecMSCryptoTempContainer"*/, 
+    if(1) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+	    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+	    NULL,
+	    XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+	    XMLSEC_ERRORS_NO_MESSAGE);
+	return(-1);
+    }        
+	
+    if(!CryptAcquireContext(&ctx->cryptProvider, NULL /*"xmlSecMSCryptoTempContainer"*/, 
 			     ctx->providerName, ctx->providerType, 0)) {
-        DWORD dwError;
-	dwError = GetLastError();
+        DWORD dwError = GetLastError();
 	if (dwError == NTE_EXISTS) {
-    if (!CryptAcquireContext(&ctx->cryptProvider, "xmlSecMSCryptoTempContainer", 
+	    if (!CryptAcquireContext(&ctx->cryptProvider, "xmlSecMSCryptoTempContainer", 
 				     ctx->providerName, ctx->providerType, 0)) {
 		xmlSecError(XMLSEC_ERRORS_HERE, 
 			    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
 			    "CryptAcquireContext",
 			    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			    "Error code: %d", GetLastError());
+			    XMLSEC_ERRORS_NO_MESSAGE);
 
 		return(-1);
 	    }
@@ -507,8 +556,7 @@
 			xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
 			"CryptAcquireContext",
 			XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			"Error code: %d", dwError);
-
+			XMLSEC_ERRORS_NO_MESSAGE);
 	    return(-1);
 	}
     }
@@ -599,7 +647,6 @@
     xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
 
     xmlSecAssert2(ctx->keySize > 0, -1);
-    //xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1);
 
     buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
     xmlSecAssert2(buffer != NULL, -1);
@@ -617,19 +664,23 @@
     bufData = xmlSecBufferGetData(buffer);
     xmlSecAssert2(bufData != NULL, -1);
 
-
-    // Import this key and get an HCRYPTKEY handle
+    /* Import this key and get an HCRYPTKEY handle */
     if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->cryptProvider,
 	ctx->pubPrivKey,
 	ctx->algorithmIdentifier, 
 	bufData, 
-	/*xmlSecBufferGetSize(buffer)*/ ctx->keySize, 
+	ctx->keySize, 
 	&(ctx->cryptKey)))  {
-	return xmlSecMSError(GetLastError());
+
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+    		    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+		    "xmlSecMSCryptoImportPlainSessionBlob",
+		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	return(-1);
     }
 
     ctx->keyInitialized = 1;
-
     return(0);
 }
 
@@ -894,219 +945,389 @@
 }
 #endif /* XMLSEC_NO_DES */
 
-/**
+/*
  * Low level helper routines for importing plain text keys in MS HKEY handle, 
  * since MSCrypto API does not support import of plain text (session) keys
  * just like that.
  * These functions are based upon MS kb article: 228786
- *
+ * 
+ * aleksey: also check "Base Provider Key BLOBs" article for priv key blob format
  **/
-
-
 static BOOL 
 xmlSecMSCryptoCreatePrivateExponentOneKey(HCRYPTPROV hProv, HCRYPTKEY *hPrivateKey)
 {
-    BOOL fReturn = FALSE;
-    BOOL fResult;
-    int n;
-    LPBYTE keyblob = NULL;
-    DWORD dwkeyblob;
-    DWORD dwBitLen;
+    HCRYPTKEY hKey = 0;
+    LPBYTE keyBlob = NULL;
+    DWORD keyBlobLen;
+    PUBLICKEYSTRUC* pubKeyStruc;
+    RSAPUBKEY* rsaPubKey;
+    DWORD bitLen;
     BYTE *ptr;
+    int n;
+    BOOL res = FALSE;
 
+    xmlSecAssert2(hProv != 0, FALSE);
+    xmlSecAssert2(hPrivateKey != NULL, FALSE);
+
+    /* just in case */
     *hPrivateKey = 0;
 
-    // Generate the private key
-    fResult = CryptGenKey(hProv, AT_KEYEXCHANGE, CRYPT_EXPORTABLE, hPrivateKey);
-    if (!fResult) goto done;
-
-    // Export the private key, we'll convert it to a private
-    // exponent of one key
-    fResult = CryptExportKey(*hPrivateKey, 0, PRIVATEKEYBLOB, 0, NULL, &dwkeyblob);
-    if (!fResult) goto done;
+    /* Generate the private key */
+    if(!CryptGenKey(hProv, AT_KEYEXCHANGE, CRYPT_EXPORTABLE, &hKey)) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptGenKey",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	goto done;
+    }
 
-    keyblob = (LPBYTE)LocalAlloc(LPTR, dwkeyblob);
-    if (!keyblob) goto done;
+    /* Export the private key, we'll convert it to a private exponent of one key */
+    if(!CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, NULL, &keyBlobLen)) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptExportKey",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	goto done;
+    }
+
+    keyBlob = (LPBYTE)LocalAlloc(LPTR, keyBlobLen);
+    if(keyBlob == NULL) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "LocalAlloc",
+		    XMLSEC_ERRORS_R_MALLOC_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	goto done;
+    }
+ 
+    if(!CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, keyBlob, &keyBlobLen)) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptExportKey",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	goto done;
+    }
+    CryptDestroyKey(hKey);
+    hKey = 0;
 
-    fResult = CryptExportKey(*hPrivateKey, 0, PRIVATEKEYBLOB, 0, keyblob, &dwkeyblob);
-    if (!fResult) goto done;
+    /* Get the bit length of the key */
+    if(keyBlobLen < sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY)) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptExportKey",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    "len=%d", keyBlobLen);
+	goto done;
+    }
+    pubKeyStruc = (PUBLICKEYSTRUC*)keyBlob;
+    if(pubKeyStruc->bVersion != 0x02) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptExportKey",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    "pubKeyStruc->bVersion=%d", pubKeyStruc->bVersion);
+	goto done;
+    }
+    if(pubKeyStruc->bType != PRIVATEKEYBLOB) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptExportKey",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    "pubKeyStruc->bType=%d", (int)pubKeyStruc->bType);
+	goto done;
+    }
 
-    CryptDestroyKey(*hPrivateKey);
-    *hPrivateKey = 0;
+    /* aleksey: don't ask me why it is RSAPUBKEY, just don't ask */
+    rsaPubKey = (RSAPUBKEY*)(keyBlob + sizeof(PUBLICKEYSTRUC)); 
 
-    // Get the bit length of the key
-    memcpy(&dwBitLen, &keyblob[12], 4);      
+    /* check that we have RSA private key */
+    if(rsaPubKey->magic != 0x32415352) { 
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptExportKey",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    "rsaPubKey->magic=0x%08x", rsaPubKey->magic);
+	goto done;
+    }
+    bitLen = rsaPubKey->bitlen;
 
-    // Modify the Exponent in Key BLOB format
-    // Key BLOB format is documented in SDK
+    /*  Modify the Exponent in Key BLOB format Key BLOB format is documented in SDK */
+    rsaPubKey->pubexp = 1;
 
-    // Convert pubexp in rsapubkey to 1
-    ptr = &keyblob[16];
-    for (n = 0; n < 4; n++) {
-	if (n == 0) ptr[n] = 1;
-	else ptr[n] = 0;
+    /* Private-key BLOBs, type PRIVATEKEYBLOB, are used to store private keys outside a CSP. 
+     * Base provider private-key BLOBs have the following format:
+     * 
+     * PUBLICKEYSTRUC  publickeystruc ;
+     * RSAPUBKEY rsapubkey;
+     * BYTE modulus[rsapubkey.bitlen/8];		1/8
+     * BYTE prime1[rsapubkey.bitlen/16];		1/16 
+     * BYTE prime2[rsapubkey.bitlen/16];		1/16 
+     * BYTE exponent1[rsapubkey.bitlen/16];		1/16 
+     * BYTE exponent2[rsapubkey.bitlen/16];		1/16 
+     * BYTE coefficient[rsapubkey.bitlen/16];		1/16
+     * BYTE privateExponent[rsapubkey.bitlen/8];	1/8
+     */
+    if(keyBlobLen < sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY) + bitLen / 2 + bitLen / 16) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptExportKey",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    "len=%d", keyBlobLen);
+	goto done;
     }
+    ptr = (BYTE*)(keyBlob + sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY)); 
 
-    // Skip pubexp
-    ptr += 4;
-    // Skip modulus, prime1, prime2
-    ptr += (dwBitLen/8);
-    ptr += (dwBitLen/16);
-    ptr += (dwBitLen/16);
+    /* Skip modulus, prime1, prime2 */
+    ptr += bitLen / 8;
+    ptr += bitLen / 16;
+    ptr += bitLen / 16;
 
-    // Convert exponent1 to 1
-    for (n = 0; n < (dwBitLen/16); n++) {
+    /* Convert exponent1 to 1 */
+    for (n = 0; n < (bitLen / 16); n++) {
 	if (n == 0) ptr[n] = 1;
 	else ptr[n] = 0;
     }
+    ptr += bitLen / 16;
 
-    // Skip exponent1
-    ptr += (dwBitLen/16);
-
-    // Convert exponent2 to 1
-    for (n = 0; n < (dwBitLen/16); n++) {
+    /* Convert exponent2 to 1 */
+    for (n = 0; n < (bitLen / 16); n++) {
 	if (n == 0) ptr[n] = 1;
 	else ptr[n] = 0;
     }
+    ptr += bitLen / 16;
 
-    // Skip exponent2, coefficient
-    ptr += (dwBitLen/16);
-    ptr += (dwBitLen/16);
+    /* Skip coefficient */
+    ptr += bitLen / 16;
 
-    // Convert privateExponent to 1
-    for (n = 0; n < (dwBitLen/8); n++) {
+    /* Convert privateExponent to 1 */
+    for (n = 0; n < (bitLen / 16); n++) {
 	if (n == 0) ptr[n] = 1;
 	else ptr[n] = 0;
     }
 
-    // Import the exponent-of-one private key.      
-    if (!CryptImportKey(hProv, keyblob, dwkeyblob, 0, 0, hPrivateKey)) {                 
+    /* Import the exponent-of-one private key. */
+    if (!CryptImportKey(hProv, keyBlob, keyBlobLen, 0, 0, &hKey)) {                 
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptImportKey",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
 	goto done;
     }
-
-    fReturn = TRUE;
+    (*hPrivateKey) = hKey;
+    hKey = 0;
+    res = TRUE;
    
 done:
-    if (keyblob) LocalFree(keyblob);
-
-    if (!fReturn) {
-	if (*hPrivateKey) CryptDestroyKey(*hPrivateKey);
+    if(keyBlob != NULL) { 
+	LocalFree(keyBlob);
+    }
+    if (hKey != 0) {
+	CryptDestroyKey(hKey);
     }
 
-    return fReturn;
+    return res;
 }
 
-
 static BOOL 
 xmlSecMSCryptoImportPlainSessionBlob(HCRYPTPROV hProv, HCRYPTKEY hPrivateKey,
 				     ALG_ID dwAlgId, LPBYTE pbKeyMaterial,
 				     DWORD dwKeyMaterial, HCRYPTKEY *hSessionKey) {
-    BOOL fResult;   
-    BOOL fReturn = FALSE;
-    BOOL fFound = FALSE;
-    LPBYTE pbSessionBlob = NULL;
-    DWORD dwSessionBlob, dwSize, n;
+    ALG_ID dwPrivKeyAlg;
+    LPBYTE keyBlob = NULL;
+    DWORD keyBlobLen, rndBlobSize, dwSize, n;
+    PUBLICKEYSTRUC* pubKeyStruc;
+    ALG_ID* algId;
     DWORD dwPublicKeySize;
     DWORD dwProvSessionKeySize;
-    ALG_ID dwPrivKeyAlg;
     LPBYTE pbPtr; 
-    DWORD dwFlags = CRYPT_FIRST;
+    DWORD dwFlags;
     PROV_ENUMALGS_EX ProvEnum;
     HCRYPTKEY hTempKey = 0;
-
-    // Double check to see if this provider supports this algorithm
-    // and key size
-    do {        
-	dwSize = sizeof(ProvEnum);
-	fResult = CryptGetProvParam(hProv, PP_ENUMALGS_EX, (LPBYTE)&ProvEnum,
-	    &dwSize, dwFlags);
-	if (!fResult) break;
-
+    BOOL fFound;
+    BOOL res = FALSE;
+    
+    xmlSecAssert2(hProv != 0, FALSE);
+    xmlSecAssert2(hPrivateKey != 0, FALSE);
+    xmlSecAssert2(pbKeyMaterial != NULL, FALSE);
+    xmlSecAssert2(dwKeyMaterial > 0, FALSE);
+    xmlSecAssert2(hSessionKey != NULL, FALSE);
+
+    /*  Double check to see if this provider supports this algorithm and key size */
+    fFound = FALSE;
+    dwFlags = CRYPT_FIRST;
+    dwSize = sizeof(ProvEnum);
+    while(CryptGetProvParam(hProv, PP_ENUMALGS_EX, (LPBYTE)&ProvEnum, &dwSize, dwFlags)) {
+	if (ProvEnum.aiAlgid == dwAlgId) {
+	    fFound = TRUE;
+	    break;
+	}
+        dwSize = sizeof(ProvEnum);
 	dwFlags = 0;
+    }
+    if(!fFound) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptGetProvParam",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    "algId=%d is not supported", dwAlgId);
+	goto done;
+    }
 
-	if (ProvEnum.aiAlgid == dwAlgId) fFound = TRUE;
-
-    } while (!fFound);
-
-    if (!fFound) goto done;
-
-    // We have to get the key size(including padding)
-    // from an HCRYPTKEY handle.  PP_ENUMALGS_EX contains
-    // the key size without the padding so we can't use it.
-    fResult = CryptGenKey(hProv, dwAlgId, 0, &hTempKey);
-    if (!fResult) goto done;
+    /* We have to get the key size(including padding) from an HCRYPTKEY handle.  
+     * PP_ENUMALGS_EX contains the key size without the padding so we can't use it.
+     */
+    if(!CryptGenKey(hProv, dwAlgId, 0, &hTempKey)) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptGenKey",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    "algId=%d", dwAlgId);
+	goto done;
+    }
 
     dwSize = sizeof(DWORD);
-    fResult = CryptGetKeyParam(hTempKey, KP_KEYLEN, (LPBYTE)&dwProvSessionKeySize,
-	&dwSize, 0);
-    if (!fResult) goto done;
+    if(!CryptGetKeyParam(hTempKey, KP_KEYLEN, (LPBYTE)&dwProvSessionKeySize, &dwSize, 0)) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptGetKeyParam(KP_KEYLEN)",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    "algId=%d", dwAlgId);
+	goto done;
+    }
     CryptDestroyKey(hTempKey);
     hTempKey = 0;
 
-    // Our key is too big, leave
-    if ((dwKeyMaterial * 8) > dwProvSessionKeySize) goto done;
+    /* Our key is too big, leave */
+    if ((dwKeyMaterial * 8) > dwProvSessionKeySize) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    NULL,
+		    XMLSEC_ERRORS_R_INVALID_SIZE,
+		    "dwKeyMaterial=%d;dwProvSessionKeySize=%d", 
+		    dwKeyMaterial, dwProvSessionKeySize);
+	goto done;
+    }
 
-    // Get private key's algorithm
+    /* Get private key's algorithm */
     dwSize = sizeof(ALG_ID);
-    fResult = CryptGetKeyParam(hPrivateKey, KP_ALGID, (LPBYTE)&dwPrivKeyAlg, &dwSize, 0);
-    if (!fResult) goto done;
+    if(!CryptGetKeyParam(hPrivateKey, KP_ALGID, (LPBYTE)&dwPrivKeyAlg, &dwSize, 0)) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptGetKeyParam(KP_ALGID)",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    "algId=%d", dwAlgId);
+	goto done;
+    }
 
-    // Get private key's length in bits
+    /* Get private key's length in bits */
     dwSize = sizeof(DWORD);
-    fResult = CryptGetKeyParam(hPrivateKey, KP_KEYLEN, (LPBYTE)&dwPublicKeySize, &dwSize, 0);
-    if (!fResult) goto done;
-
-    // calculate Simple blob's length
-    dwSessionBlob = (dwPublicKeySize/8) + sizeof(ALG_ID) + sizeof(BLOBHEADER);
+    if(!CryptGetKeyParam(hPrivateKey, KP_KEYLEN, (LPBYTE)&dwPublicKeySize, &dwSize, 0)) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptGetKeyParam(KP_KEYLEN)",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    "algId=%d", dwAlgId);
+	goto done;
+    }
+    
+    /* 3 is for the first reserved byte after the key material and the 2 reserved bytes at the end. */
+    if(dwPublicKeySize / 8 < dwKeyMaterial + 3) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    NULL,
+		    XMLSEC_ERRORS_R_INVALID_SIZE,
+		    "dwKeyMaterial=%d;dwPublicKeySize=%d", 
+		    dwKeyMaterial, dwPublicKeySize);
+	goto done;
+    }
+    rndBlobSize = dwPublicKeySize / 8 - (dwKeyMaterial + 3);
 
-    // allocate simple blob buffer
-    pbSessionBlob = (LPBYTE)LocalAlloc(LPTR, dwSessionBlob);
-    if (!pbSessionBlob) goto done;
-
-    pbPtr = pbSessionBlob;
-
-    // SIMPLEBLOB Format is documented in SDK
-    // Copy header to buffer
-    ((BLOBHEADER *)pbPtr)->bType = SIMPLEBLOB;
-    ((BLOBHEADER *)pbPtr)->bVersion = 2;
-    ((BLOBHEADER *)pbPtr)->reserved = 0;
-    ((BLOBHEADER *)pbPtr)->aiKeyAlg = dwAlgId;
-    pbPtr += sizeof(BLOBHEADER);
-
-    // Copy private key algorithm to buffer
-    *((DWORD *)pbPtr) = dwPrivKeyAlg;
-    pbPtr += sizeof(ALG_ID);
+    /** 
+     * Simple key BLOBs, type SIMPLEBLOB, are used to store and transport session keys outside a CSP. 
+     * Base provider simple-key BLOBs are always encrypted with a key exchange public key. The pbData 
+     * member of the SIMPLEBLOB is a sequence of bytes in the following format:
+     * 
+     * PUBLICKEYSTRUC  publickeystruc ;
+     * ALG_ID algid;
+     * BYTE encryptedkey[rsapubkey.bitlen/8];
+     */
+
+    /* calculate Simple blob's length */
+    keyBlobLen = sizeof(PUBLICKEYSTRUC) + sizeof(ALG_ID) + (dwPublicKeySize / 8);
+
+    /* allocate simple blob buffer */
+    keyBlob = (LPBYTE)LocalAlloc(LPTR, keyBlobLen);
+    if(keyBlob == NULL) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "LocalAlloc",
+		    XMLSEC_ERRORS_R_MALLOC_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	goto done;
+    }
+    memset(keyBlob, 0, keyBlobLen);
 
-    // Place the key material in reverse order
+    /* initialize PUBLICKEYSTRUC */
+    pubKeyStruc		    = (PUBLICKEYSTRUC*)(keyBlob);
+    pubKeyStruc->bType	    = SIMPLEBLOB;
+    pubKeyStruc->bVersion   = 0x02;
+    pubKeyStruc->reserved   = 0;
+    pubKeyStruc->aiKeyAlg   = dwAlgId;	
+
+    /* Copy private key algorithm to buffer */
+    algId		    = (ALG_ID*)(keyBlob + sizeof(PUBLICKEYSTRUC));
+    (*algId)		    = dwPrivKeyAlg;
+    
+    /* Place the key material in reverse order */
+    pbPtr		    = (BYTE*)(keyBlob + sizeof(PUBLICKEYSTRUC) + sizeof(ALG_ID));
     for (n = 0; n < dwKeyMaterial; n++) {
-	pbPtr[n] = pbKeyMaterial[dwKeyMaterial-n-1];
+	pbPtr[n] = pbKeyMaterial[dwKeyMaterial - n - 1];
     }
+    pbPtr += dwKeyMaterial;
 
-    // 3 is for the first reserved byte after the key material + the 2 reserved bytes at the end.
-    dwSize = dwSessionBlob - (sizeof(ALG_ID) + sizeof(BLOBHEADER) + dwKeyMaterial + 3);
-    pbPtr += (dwKeyMaterial+1);
-
-    // Generate random data for the rest of the buffer
-    // (except that last two bytes)
-    fResult = CryptGenRandom(hProv, dwSize, pbPtr);
-    if (!fResult) goto done;
+    /* skip reserved byte */
+    pbPtr += 1;
 
-    for (n = 0; n < dwSize; n++) {
+    /* Generate random data for the rest of the buffer */
+    if((rndBlobSize > 0) && !CryptGenRandom(hProv, rndBlobSize, pbPtr)) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptGenRandom",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    "rndBlobSize=%d", rndBlobSize);
+	goto done;
+    }
+    /* aleksey: why are we doing this? */
+    for (n = 0; n < rndBlobSize; n++) {
 	if (pbPtr[n] == 0) pbPtr[n] = 1;
     }
 
-    pbSessionBlob[dwSessionBlob - 2] = 2;
+    /* set magic number at the end */
+    keyBlob[keyBlobLen - 2] = 2;
 
-    fResult = CryptImportKey(hProv, pbSessionBlob , dwSessionBlob, 
-	hPrivateKey, CRYPT_EXPORTABLE, hSessionKey);
-    if (!fResult) goto done;
+    if(!CryptImportKey(hProv, keyBlob , keyBlobLen, hPrivateKey, CRYPT_EXPORTABLE, hSessionKey)) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    NULL,
+		    "CryptImportKey",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    "algId=%d", dwAlgId);
+	goto done;
+    }
 
-    fReturn = TRUE;           
+    /* success */
+    res = TRUE;           
 
 done:
-    if (hTempKey) CryptDestroyKey(hTempKey);
-    if (pbSessionBlob) LocalFree(pbSessionBlob);
-
-    return fReturn;
+    if(hTempKey != 0) {
+	CryptDestroyKey(hTempKey);
+    }
+    if(keyBlob != NULL) {
+	LocalFree(keyBlob);
+    }
+    return(res);
 }
 
Index: src/mscrypto/crypto.c
===================================================================
RCS file: /cvs/gnome/xmlsec/src/mscrypto/Attic/crypto.c,v
retrieving revision 1.1.2.5
diff -u -r1.1.2.5 crypto.c
--- src/mscrypto/crypto.c	11 Sep 2003 22:13:10 -0000	1.1.2.5
+++ src/mscrypto/crypto.c	21 Sep 2003 07:06:21 -0000
@@ -21,8 +21,19 @@
 #include <xmlsec/mscrypto/crypto.h>
 #include <xmlsec/mscrypto/x509.h>
 
+#if defined(_MSC_VER)
+#define snprintf _snprintf
+#endif
+
 static xmlSecCryptoDLFunctionsPtr gXmlSecMSCryptoFunctions = NULL;
 
+/**
+ * xmlSecCryptoGetFunctions_mscrypto:
+ *
+ * Gets MSCrypto specific functions table.
+ *
+ * Returns xmlsec-mscrypto functions table.
+ */
 xmlSecCryptoDLFunctionsPtr
 xmlSecCryptoGetFunctions_mscrypto(void) {
     static xmlSecCryptoDLFunctions functions;
@@ -85,10 +96,6 @@
     gXmlSecMSCryptoFunctions->transformDes3CbcGetKlass 		= xmlSecMSCryptoTransformDes3CbcGetKlass;
 #endif /* XMLSEC_NO_DES */
 
-#ifndef XMLSEC_NO_HMAC
-    gXmlSecMSCryptoFunctions->transformHmacSha1GetKlass 	= xmlSecMSCryptoTransformHmacSha1GetKlass;
-#endif /* XMLSEC_NO_HMAC */
-
 #ifndef XMLSEC_NO_RSA
     gXmlSecMSCryptoFunctions->transformRsaSha1GetKlass 		= xmlSecMSCryptoTransformRsaSha1GetKlass;
     gXmlSecMSCryptoFunctions->transformRsaPkcs1GetKlass 	= xmlSecMSCryptoTransformRsaPkcs1GetKlass;
@@ -141,6 +148,9 @@
 	return(-1);
     }
 
+    /* set default errors callback for xmlsec to us */
+    xmlSecErrorsSetCallback(xmlSecMSCryptoErrorsDefaultCallback);
+
     /* register our klasses */
     if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_mscrypto()) < 0) {
 	xmlSecError(XMLSEC_ERRORS_HERE,
@@ -182,7 +192,7 @@
 
 #ifndef XMLSEC_NO_X509
     /* create x509 store if needed */
-    if(xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId) == 0) {
+    if(xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId) == NULL) {
         xmlSecKeyDataStorePtr x509Store;
 
         x509Store = xmlSecKeyDataStoreCreate(xmlSecMSCryptoX509StoreId);
@@ -224,8 +234,8 @@
  */
 int
 xmlSecMSCryptoGenerateRandom(xmlSecBufferPtr buffer, size_t size) {	
+    HCRYPTPROV hProv = 0;
     int ret;
-    HCRYPTPROV hProv;
     
     xmlSecAssert2(buffer != NULL, -1);
     xmlSecAssert2(size > 0, -1);
@@ -244,24 +254,62 @@
 	xmlSecError(XMLSEC_ERRORS_HERE,
 		    NULL,
 		    "CryptAcquireContext",
-		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
-		    "Error number: %d", GetLastError());
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
 	return(-1);
     }
     if (FALSE == CryptGenRandom(hProv, (DWORD)size, xmlSecBufferGetData(buffer))) {
 	xmlSecError(XMLSEC_ERRORS_HERE,
 		    NULL,
 		    "CryptGenRandom",
-		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
-		    "Error number: %d", GetLastError());
-	return(-1);
-    }
-
-    if (0!= hProv) {
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
 	CryptReleaseContext(hProv,0);
+	return(-1);
     }
 
+    CryptReleaseContext(hProv, 0);
     return(0);
 }
 
+/**
+ * xmlSecMSCryptoErrorsDefaultCallback:
+ * @file:		the error location file name (__FILE__ macro).
+ * @line:		the error location line number (__LINE__ macro).
+ * @func:		the error location function name (__FUNCTION__ macro).
+ * @errorObject:	the error specific error object 
+ * @errorSubject:	the error specific error subject.
+ * @reason:		the error code.
+ * @msg:		the additional error message.
+ *
+ * The default errors reporting callback function.
+ */
+void 
+xmlSecMSCryptoErrorsDefaultCallback(const char* file, int line, const char* func,
+				const char* errorObject, const char* errorSubject,
+				int reason, const char* msg) {
+    DWORD dwError;
+    LPVOID lpMsgBuf;
+    char buf[500];
+
+    dwError = GetLastError();
+    FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | 
+		  FORMAT_MESSAGE_FROM_SYSTEM | 
+		  FORMAT_MESSAGE_IGNORE_INSERTS,
+		  NULL,
+		  dwError,
+		  MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), /* Default language */
+		  (LPTSTR) &lpMsgBuf,
+		  0,
+		  NULL);
+    if((msg != NULL) && ((*msg) != '\0')) {
+        snprintf(buf, sizeof(buf), "%s;last error=%d (0x%08x);last error msg=%s", msg, dwError, dwError, (LPTSTR)lpMsgBuf);
+    } else {
+        snprintf(buf, sizeof(buf), "last error=%d (0x%08x);last error msg=%s", dwError, dwError, (LPTSTR)lpMsgBuf);
+    }
+    xmlSecErrorsDefaultCallback(file, line, func, 
+		errorObject, errorSubject, 
+		reason, buf);
 
+    LocalFree(lpMsgBuf);
+}
Index: src/mscrypto/digests.c
===================================================================
RCS file: /cvs/gnome/xmlsec/src/mscrypto/Attic/digests.c,v
retrieving revision 1.1.2.2
diff -u -r1.1.2.2 digests.c
--- src/mscrypto/digests.c	3 Sep 2003 23:58:04 -0000	1.1.2.2
+++ src/mscrypto/digests.c	21 Sep 2003 07:06:22 -0000
@@ -9,8 +9,6 @@
 #include "globals.h"
 
 #include <string.h>
-
-// include ms cryptoapi includes
 #include <windows.h>
 #include <wincrypt.h>
 
@@ -25,11 +23,11 @@
 
 typedef struct _xmlSecMSCryptoDigestCtx	xmlSecMSCryptoDigestCtx, *xmlSecMSCryptoDigestCtxPtr;
 struct _xmlSecMSCryptoDigestCtx {
-    HCRYPTPROV provider;
-    ALG_ID alg_id;
-    HCRYPTHASH mscHash;
-    unsigned char dgst[MSCRYPTO_MAX_HASH_SIZE];
-    size_t dgstSize;	/* dgst size in bytes */
+    HCRYPTPROV	    provider;
+    ALG_ID	    alg_id;
+    HCRYPTHASH	    mscHash;
+    unsigned char   dgst[MSCRYPTO_MAX_HASH_SIZE];
+    size_t	    dgstSize;	/* dgst size in bytes */
 };	    
 
 /******************************************************************************
@@ -87,7 +85,6 @@
     } else 
 #endif /* XMLSEC_NO_SHA1 */    
 
-
     {
 	xmlSecError(XMLSEC_ERRORS_HERE, 
 		    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
@@ -97,30 +94,13 @@
 	return(-1);
     }
 
-    // TODO: Check what provider is best suited here....
+    /* TODO: Check what provider is best suited here.... */
     if (!CryptAcquireContext(&ctx->provider, NULL, MS_STRONG_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
-	CHAR szBuf[255]; 
-	LPVOID lpMsgBuf;
-	DWORD dwError = GetLastError();
-	FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER |
-		      FORMAT_MESSAGE_FROM_SYSTEM |
-		      FORMAT_MESSAGE_IGNORE_INSERTS,
-		      NULL,
-		      dwError,
-		      MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
-		      (LPTSTR) &lpMsgBuf,
-		      0,
-		      NULL);
-
-	sprintf(szBuf, "CryptAcquireContext failed: GetLastError returned: %s\n", (LPCSTR)lpMsgBuf); 
-
 	xmlSecError(XMLSEC_ERRORS_HERE, 
 		    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-		    lpMsgBuf,
+		    NULL,
 		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
 		    XMLSEC_ERRORS_NO_MESSAGE);
-	LocalFree( lpMsgBuf );
-
 	return(-1);
     }
 
@@ -213,10 +193,10 @@
 	    0,
 	    &(ctx->mscHash));
 
-	if (ret == 0 || ctx->mscHash == 0) {
+	if((ret == 0) || (ctx->mscHash == 0)) {
 	    xmlSecError(XMLSEC_ERRORS_HERE, 
 			xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-			"WinCAPI:Hash - Error creating hash object",
+			"CryptHashData",
 			XMLSEC_ERRORS_R_CRYPTO_FAILED,
 			XMLSEC_ERRORS_NO_MESSAGE);
 	    return(-1);			
@@ -256,8 +236,7 @@
 	}
 	if(last) {
 	    /* TODO: make a MSCrypto compatible assert here */
-	    //xmlSecAssert2((xmlSecSize)EVP_MD_size(ctx->digest) <= sizeof(ctx->dgst), -1);
-
+	    /* xmlSecAssert2((xmlSecSize)EVP_MD_size(ctx->digest) <= sizeof(ctx->dgst), -1); */
 	    DWORD retLen;
 	    retLen = MSCRYPTO_MAX_HASH_SIZE;
 
@@ -270,7 +249,7 @@
 	    if (ret == 0) {
 		xmlSecError(XMLSEC_ERRORS_HERE, 
 			    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-			    "WinCAPI:Hash - Error getting hash value",
+			    "CryptGetHashParam",
 			    XMLSEC_ERRORS_R_XMLSEC_FAILED,
 			    "size=%d", inSize);
 		return(-1);
Index: src/mscrypto/keysstore.c
===================================================================
RCS file: /cvs/gnome/xmlsec/src/mscrypto/Attic/keysstore.c,v
retrieving revision 1.1.2.4
diff -u -r1.1.2.4 keysstore.c
--- src/mscrypto/keysstore.c	14 Sep 2003 21:36:39 -0000	1.1.2.4
+++ src/mscrypto/keysstore.c	21 Sep 2003 07:06:22 -0000
@@ -317,19 +317,29 @@
     ss = xmlSecMSCryptoKeysStoreGetSS(store);
     xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
 
+    /* first try to find key in the simple keys store */
     key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
     if (key != NULL) {
 	return (key);
     }
 
-    /* Try to find the key in the MS Certificate store, and construct an xmlSecKey.
-    * we must have a name to lookup keys in the certificate store.
+    /* Next try to find the key in the MS Certificate store, and construct an xmlSecKey.
+    *  we must have a name to lookup keys in the certificate store.
     */
     if (name == NULL) {
 	goto done;
     }
 
-    lpCertID = (wchar_t *)malloc((sizeof(wchar_t)) * (strlen(name) + 1));
+    /* aleksey todo: shouldn't we call MultiByteToWideChar first to get the buffer size? */
+    lpCertID = (wchar_t *)xmlMalloc((sizeof(wchar_t)) * (strlen(name) + 1));
+    if(lpCertID == NULL) {
+	xmlSecError(XMLSEC_ERRORS_HERE,
+		    xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+		    NULL,
+		    XMLSEC_ERRORS_R_MALLOC_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	goto done;
+    }
     MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, name, -1, lpCertID, strlen(name) + 1);
 
     /* what type of key are we looking for? 
@@ -340,13 +350,12 @@
     */
     keyReq = &(keyInfoCtx->keyReq);
     if (keyReq->keyType & (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
-
 	if (NULL == (hStoreHandle = CertOpenSystemStore(0, "MY"))) {
 	    xmlSecError(XMLSEC_ERRORS_HERE,
 			NULL,
 			"CertOpenSystemStore",
 			XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			"error code=%d", GetLastError());
+			XMLSEC_ERRORS_NO_MESSAGE);
 	    goto done;
 	}
 	if(NULL == (pCertContext = CertFindCertificateInStore(
@@ -357,34 +366,10 @@
 	    lpCertID,
 	    NULL))) {
 
-	    /*xmlSecError(XMLSEC_ERRORS_HERE,
-			NULL,
-			"CertFindCertificateInStore",
-			XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			"error code=%d", GetLastError());*/
 	    goto done;
 	}
 
-	data = xmlSecMSCryptoCertAdopt(pCertContext, keyReq->keyType);
-	if(data == NULL) {
-	    xmlSecError(XMLSEC_ERRORS_HERE,
-			NULL,
-			"xmlSecMSCryptoCertAdopt",
-			XMLSEC_ERRORS_R_XMLSEC_FAILED,
-			XMLSEC_ERRORS_NO_MESSAGE);
-	    goto done;
-	}
-
-	key = xmlSecKeyCreate();
-	if (key == NULL) {
-	    xmlSecError(XMLSEC_ERRORS_HERE,
-			NULL,
-			"xmlSecKeyCreate",
-			XMLSEC_ERRORS_R_XMLSEC_FAILED,
-			XMLSEC_ERRORS_NO_MESSAGE);
-	    return (NULL);
-	}
-
+	/* set cert in x509 data */
 	x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id);
 	if(x509Data == NULL) {
 	    xmlSecError(XMLSEC_ERRORS_HERE,
@@ -402,39 +387,41 @@
 			NULL,
 			"CertDuplicateCertificateContext",
 			XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			"data=%s, error code=%d",
-			xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)), GetLastError());
+			"data=%s",
+			xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
 	    goto done;
 	}
-	ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, pDupCert);
+
+	ret = xmlSecMSCryptoKeyDataX509AdoptCert(x509Data, pDupCert);
 	if (ret < 0) {
 	    xmlSecError(XMLSEC_ERRORS_HERE,
 			NULL,
-			"xmlSecMSCryptoKeyDataX509AdoptKeyCert",
+			"xmlSecMSCryptoKeyDataX509AdoptCert",
 			XMLSEC_ERRORS_R_XMLSEC_FAILED,
 			"data=%s",
 			xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
 	    goto done;
 	}
-	pDupCert = CertDuplicateCertificateContext(pCertContext);
-	if (pDupCert == NULL) {
+	pDupCert = NULL;
+
+	data = xmlSecMSCryptoCertAdopt(pCertContext, keyReq->keyType);
+	if(data == NULL) {
 	    xmlSecError(XMLSEC_ERRORS_HERE,
 			NULL,
-			"CertDuplicateCertificateContext",
-			XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			"data=%s, error code=%d",
-			xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)), GetLastError());
+			"xmlSecMSCryptoCertAdopt",
+			XMLSEC_ERRORS_R_XMLSEC_FAILED,
+			XMLSEC_ERRORS_NO_MESSAGE);
 	    goto done;
 	}
+	pCertContext = NULL;
 
-	ret = xmlSecMSCryptoKeyDataX509AdoptCert(x509Data, pDupCert);
-	if (ret < 0) {
+	key = xmlSecKeyCreate();
+	if (key == NULL) {
 	    xmlSecError(XMLSEC_ERRORS_HERE,
 			NULL,
-			"xmlSecMSCryptoKeyDataX509AdoptCert",
+			"xmlSecKeyCreate",
 			XMLSEC_ERRORS_R_XMLSEC_FAILED,
-			"data=%s",
-			xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+			XMLSEC_ERRORS_NO_MESSAGE);
 	    goto done;
 	}
 
@@ -462,8 +449,47 @@
 	}
 	x509Data = NULL;
 
-	retval = key;
-	key = NULL;
+        /* now that we have a key, make sure it is valid and let the simple
+	* store adopt it */
+    	if (xmlSecKeyIsValid(key)) {
+    	    /* Set the name of the key to the given name */
+	    ret = xmlSecKeySetName(key, name);
+	    if (ret < 0) {
+		xmlSecError(XMLSEC_ERRORS_HERE,
+			    xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+			    "xmlSecKeySetName",
+			    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+			    XMLSEC_ERRORS_NO_MESSAGE);
+		goto done;
+	    }
+
+	    retval = xmlSecKeyDuplicate(key);
+	    if (retval == NULL) {
+		xmlSecError(XMLSEC_ERRORS_HERE,
+			    xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+			    "xmlSecKeyDuplicate",
+			    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+			    XMLSEC_ERRORS_NO_MESSAGE);
+		goto done;
+	    }
+
+	    /* aleksey todo: do we need to adopt this key ???
+	     * if this would be removed then instead of duplicating 
+	     * key few lines above just do 
+	     *	retval = key;
+	     *  key = NULL;
+	     */
+	    ret = xmlSecSimpleKeysStoreAdoptKey(*ss, key);
+	    if (ret < 0) {
+		xmlSecError(XMLSEC_ERRORS_HERE,
+			    xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+			    "xmlSecSimpleKeysStoreAdoptKey",
+			    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+			    XMLSEC_ERRORS_NO_MESSAGE);
+		goto done;
+	    }
+	    key = NULL;
+	}
     }
 
 done:
@@ -471,7 +497,7 @@
 	CertCloseStore(hStoreHandle, 0);
     }
     if (NULL != lpCertID) {
-	free(lpCertID);
+	xmlFree(lpCertID);
     }
     if (NULL != pCertContext) {
 	CertFreeCertificateContext(pCertContext);
@@ -484,39 +510,6 @@
     }
     if (key != NULL) {
 	xmlSecKeyDestroy(key);
-    }
-
-    /* now that we have a key, make sure it is valid and let the simple
-    * store adopt it */
-    if (retval) {
-	if (xmlSecKeyIsValid(retval)) {
-    	    /* Set the name of the key to the given name */
-	    ret = xmlSecKeySetName(retval, name);
-	    if (ret < 0) {
-		xmlSecError(XMLSEC_ERRORS_HERE,
-			    xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
-			    "xmlSecKeySetName",
-			    XMLSEC_ERRORS_R_XMLSEC_FAILED,
-			    XMLSEC_ERRORS_NO_MESSAGE);
-		xmlSecKeyDestroy(retval);
-		retval = NULL;
-	    }
-
-	    ret = xmlSecSimpleKeysStoreAdoptKey(*ss, retval);
-	    if (ret < 0) {
-		xmlSecError(XMLSEC_ERRORS_HERE,
-			    xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
-			    "xmlSecSimpleKeysStoreAdoptKey",
-			    XMLSEC_ERRORS_R_XMLSEC_FAILED,
-			    XMLSEC_ERRORS_NO_MESSAGE);
-		xmlSecKeyDestroy(retval);
-		retval = NULL;
-	    }
-	    retval = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
-	} else {
-	    xmlSecKeyDestroy(retval);
-	    retval = NULL;
-	}
     }
 
     return (retval);
Index: src/mscrypto/kt_rsa.c
===================================================================
RCS file: /cvs/gnome/xmlsec/src/mscrypto/Attic/kt_rsa.c,v
retrieving revision 1.1.2.3
diff -u -r1.1.2.3 kt_rsa.c
--- src/mscrypto/kt_rsa.c	11 Sep 2003 22:13:10 -0000	1.1.2.3
+++ src/mscrypto/kt_rsa.c	21 Sep 2003 07:06:22 -0000
@@ -243,7 +243,7 @@
 static int  
 xmlSecMSCryptoRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPtr transformCtx) {
     xmlSecMSCryptoRsaPkcs1CtxPtr ctx;
-    xmlSecBufferPtr in, out, tmp;
+    xmlSecBufferPtr in, out;
     xmlSecSize inSize, outSize;
     xmlSecSize keySize;
     int ret;
@@ -254,7 +254,6 @@
     DWORD dwOutLen;
     BYTE * outBuf;
     BYTE * inBuf;
-    BYTE * tmpBuf;
     int i;
 
     xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id), -1);
@@ -306,9 +305,19 @@
     }
 
     if(transform->operation == xmlSecTransformOperationEncrypt) {
+	BYTE ch;
 
-        tmp = xmlSecBufferCreate(outSize);
-	ret = xmlSecBufferSetData(tmp, xmlSecBufferGetData(in), inSize);
+	if(inSize > outSize) {
+	    xmlSecError(XMLSEC_ERRORS_HERE, 
+			xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+			NULL,
+			XMLSEC_ERRORS_R_INVALID_SIZE,
+			"inSize=%d;outSize=%d", 
+			inSize, outSize);
+	    return(-1);
+	}
+
+	ret = xmlSecBufferSetData(out, xmlSecBufferGetData(in), inSize);
 	if(ret < 0) {
 	    xmlSecError(XMLSEC_ERRORS_HERE, 
 			xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
@@ -320,7 +329,6 @@
 
         dwInLen = inSize;
         dwBufLen = outSize;
-
 	if (0 == (hKey = xmlSecMSCryptoKeyDataGetKey(ctx->data, xmlSecKeyDataTypePublic))) {
 	    xmlSecError(XMLSEC_ERRORS_HERE,
                         NULL,
@@ -329,35 +337,39 @@
                         XMLSEC_ERRORS_NO_MESSAGE);
             return (-1);
 	}
-        if (!CryptEncrypt(hKey, 0, TRUE, 0, xmlSecBufferGetData(tmp), &dwInLen, dwBufLen)) {
+        
+	outBuf = xmlSecBufferGetData(out);
+	xmlSecAssert2(outBuf != NULL, -1);
+	if (!CryptEncrypt(hKey, 0, TRUE, 0, outBuf, &dwInLen, dwBufLen)) {
             xmlSecError(XMLSEC_ERRORS_HERE,
                         NULL,
                         "CryptEncrypt",
                         XMLSEC_ERRORS_R_CRYPTO_FAILED,
-                        "error code=%d", GetLastError());
+                        XMLSEC_ERRORS_NO_MESSAGE);
             return (-1);
         }
 
 	/* The output of CryptEncrypt is in little-endian format, so we have to convert to
 	 * big-endian first.
 	 */
-	tmpBuf = xmlSecBufferGetData(tmp);
-	outBuf = xmlSecBufferGetData(out);
-	for (i=0; i<outSize; i++) {
-	    outBuf[i] = tmpBuf[outSize-(i+1)];
+	for(i = 0; i < outSize / 2; i++) {
+	    ch = outBuf[i];
+	    outBuf[i] = outBuf[outSize - (i + 1)];
+	    outBuf[outSize - (i + 1)] = ch;
 	}
-	xmlSecBufferDestroy(tmp);
     } else {
-
 	dwOutLen = inSize;
 
 	/* The input of CryptDecrypt is expected to be little-endian, 
 	 * so we have to convert from big-endian to little endian.
 	 */
-	outBuf = xmlSecBufferGetData(out);
-	inBuf = xmlSecBufferGetData(in);
-	for (i=0; i<inSize; i++) {
-	    outBuf[i] = inBuf[inSize-(i+1)];
+	inBuf	= xmlSecBufferGetData(in);
+	outBuf	= xmlSecBufferGetData(out);
+
+	xmlSecAssert2(inBuf != 0, -1);
+	xmlSecAssert2(outBuf != 0, -1);
+	for (i = 0; i < inSize; i++) {
+	    outBuf[i] = inBuf[inSize - (i + 1)];
 	}
 
 	if (0 == (hKey = xmlSecMSCryptoKeyDataGetKey(ctx->data, xmlSecKeyDataTypePrivate))) {
@@ -373,7 +385,7 @@
                         xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
                         "CryptDecrypt",
                         XMLSEC_ERRORS_R_CRYPTO_FAILED,
-                        "error code=%d", GetLastError());
+                        XMLSEC_ERRORS_NO_MESSAGE);
             return(-1);
         }
 
Index: src/mscrypto/msx509.c
===================================================================
RCS file: /cvs/gnome/xmlsec/src/mscrypto/Attic/msx509.c,v
retrieving revision 1.1.2.4
diff -u -r1.1.2.4 msx509.c
--- src/mscrypto/msx509.c	14 Sep 2003 21:46:30 -0000	1.1.2.4
+++ src/mscrypto/msx509.c	21 Sep 2003 07:06:23 -0000
@@ -362,7 +362,7 @@
 		    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
 		    "CertDuplicateCertificateContext",
 		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-		    "error code=%d", GetLastError());
+		    XMLSEC_ERRORS_NO_MESSAGE);
 	return(-1);
     }
 
@@ -377,7 +377,7 @@
 			xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
 			"CertOpenStore",
 			XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			"error code=%d", GetLastError());
+			XMLSEC_ERRORS_NO_MESSAGE);
 	    return(-1);
 	}
     }
@@ -387,7 +387,7 @@
 		    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
 		    "CertAddCertificateContextToStore",
 		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-		    "error code=%d", GetLastError());
+		    XMLSEC_ERRORS_NO_MESSAGE);
 	return(-1);	
     }
     ctx->numCerts++;
@@ -472,7 +472,7 @@
 			xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
 			"CertOpenStore",
 			XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			"error code=%d", GetLastError());
+			XMLSEC_ERRORS_NO_MESSAGE);
 	    return(-1);
 	}
     }
@@ -482,7 +482,7 @@
 		    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
 		    "CertAddCRLContextToStore",
 		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-		    "error code=%d", GetLastError());
+		    XMLSEC_ERRORS_NO_MESSAGE);
 	return(-1);	
     }
     ctx->numCrls++;
@@ -1775,7 +1775,7 @@
 		    NULL,
 		    "CertCreateCertificateContext",
 		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-		    "error code=%d", GetLastError());
+		    XMLSEC_ERRORS_NO_MESSAGE);
 	return(NULL);
     }
 
@@ -1852,7 +1852,7 @@
 		    NULL,
 		    "CertCreateCRLContext",
 		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-		    "error code=%d", GetLastError());
+		    XMLSEC_ERRORS_NO_MESSAGE);
 	return(NULL);
     }
 
@@ -2015,7 +2015,7 @@
 			    NULL,
 		    "CertGetCertificateContextProperty",
 			    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-		    "Error Code=%d", GetLastError());
+		    XMLSEC_ERRORS_NO_MESSAGE);
 		return (NULL);
 	    }
     bSKI = malloc(dwSize);
@@ -2024,7 +2024,7 @@
 			    NULL,
 			    "CertGetCertificateContextProperty",
 			    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			    "Error Code=%d", GetLastError());
+			    XMLSEC_ERRORS_NO_MESSAGE);
 		free(bSKI);
 		return (NULL);
 	    }
Index: src/mscrypto/signatures.c
===================================================================
RCS file: /cvs/gnome/xmlsec/src/mscrypto/Attic/signatures.c,v
retrieving revision 1.1.2.3
diff -u -r1.1.2.3 signatures.c
--- src/mscrypto/signatures.c	11 Sep 2003 22:13:10 -0000	1.1.2.3
+++ src/mscrypto/signatures.c	21 Sep 2003 07:06:23 -0000
@@ -30,11 +30,11 @@
 typedef struct _xmlSecMSCryptoSignatureCtx	xmlSecMSCryptoSignatureCtx, 
 						*xmlSecMSCryptoSignatureCtxPtr;
 struct _xmlSecMSCryptoSignatureCtx {
-    xmlSecKeyDataPtr data;
-    ALG_ID alg_id;
-    HCRYPTHASH mscHash;
-    ALG_ID digestAlgId;
-    xmlSecKeyDataId keyId;
+    xmlSecKeyDataPtr	data;
+    ALG_ID		alg_id;
+    HCRYPTHASH		mscHash;
+    ALG_ID		digestAlgId;
+    xmlSecKeyDataId	keyId;
 };	    
 
 /******************************************************************************
@@ -95,26 +95,26 @@
 
 #ifndef XMLSEC_NO_RSA
     if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha1Id)) {
-	ctx->digestAlgId = CALG_SHA1;
-	ctx->keyId	= xmlSecMSCryptoKeyDataRsaId;
+	ctx->digestAlgId    = CALG_SHA1;
+	ctx->keyId	    = xmlSecMSCryptoKeyDataRsaId;
     } else 
 #endif /* XMLSEC_NO_RSA */
 
 #ifndef XMLSEC_NO_DSA
     if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformDsaSha1Id)) {
-	ctx->digestAlgId = CALG_SHA1;
-	ctx->keyId	= xmlSecMSCryptoKeyDataDsaId;
+	ctx->digestAlgId    = CALG_SHA1;
+	ctx->keyId	    = xmlSecMSCryptoKeyDataDsaId;
     } else 
 #endif /* XMLSEC_NO_DSA */
 
-	if(1) {
-	    xmlSecError(XMLSEC_ERRORS_HERE, 
-			xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-			NULL,
-			XMLSEC_ERRORS_R_INVALID_TRANSFORM,
-			XMLSEC_ERRORS_NO_MESSAGE);
-	    return(-1);
-	}
+    if(1) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+		    NULL,
+		    XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	return(-1);
+    }
 
     return(0);
 }
@@ -169,12 +169,12 @@
 	return (-1);
     }
     if (xmlSecMSCryptoKeyDataDuplicate(ctx->data, value) == -1) {
-		xmlSecError(XMLSEC_ERRORS_HERE,
-			    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
-			    "xmlSecMSCryptoKeyDataDuplicate",
-			    XMLSEC_ERRORS_R_XMLSEC_FAILED,
-			    XMLSEC_ERRORS_NO_MESSAGE);
-		return(-1);
+	xmlSecError(XMLSEC_ERRORS_HERE,
+		    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+		    "xmlSecMSCryptoKeyDataDuplicate",
+		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	return(-1);
     }
 
     return(0);
@@ -209,23 +209,36 @@
 					 xmlSecSize dataSize,
 					 xmlSecTransformCtxPtr transformCtx) {
     xmlSecMSCryptoSignatureCtxPtr ctx;
-    xmlSecBufferPtr tmp;
+    xmlSecBuffer tmp;
     HCRYPTKEY hKey;
     DWORD dwError;
     BYTE *tmpBuf, *j, *k, *l, *m;
+    int ret;
     
     xmlSecAssert2(xmlSecMSCryptoSignatureCheckId(transform), -1);
     xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
     xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoSignatureSize), -1);
     xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
     xmlSecAssert2(data != NULL, -1);
+    xmlSecAssert2(dataSize > 0, -1);
     xmlSecAssert2(transformCtx != NULL, -1);
 
     ctx = xmlSecMSCryptoSignatureGetCtx(transform);
     xmlSecAssert2(ctx != NULL, -1);
 
-    tmp = xmlSecBufferCreate(dataSize);
-    tmpBuf = xmlSecBufferGetData(tmp);
+    ret = xmlSecBufferInitialize(&tmp, dataSize);
+    if(ret < 0) {
+	xmlSecError(XMLSEC_ERRORS_HERE,
+		    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+		    "xmlSecBufferInitialize",
+		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+		    "dataSize=%d", dataSize);
+	return(-1);
+    }
+    
+    tmpBuf = xmlSecBufferGetData(&tmp);
+    xmlSecAssert2(tmpBuf != NULL, -1);
+    
     /* Reverse the sig - Windows stores integers as octet streams in little endian
      * order.  The I2OSP algorithm used by XMLDSig to store integers is big endian */
     if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformDsaSha1Id)) {
@@ -241,7 +254,7 @@
 	j = (BYTE *)data;
 	l = tmpBuf + dataSize - 1;
 	while (l >= tmpBuf) {
-		*l-- = *j++;
+	    *l-- = *j++;
 	}
     } else {
 	xmlSecError(XMLSEC_ERRORS_HERE, 
@@ -249,7 +262,7 @@
 		    NULL,
 		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
 		    "Invalid algo");
-	xmlSecBufferDestroy(tmp);
+	xmlSecBufferFinalize(&tmp);
 	return(-1);
     }
 
@@ -260,7 +273,7 @@
 		    "xmlSecMSCryptoKeyDataGetKey",
 		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
 		    XMLSEC_ERRORS_NO_MESSAGE);
-	xmlSecBufferDestroy(tmp);
+	xmlSecBufferFinalize(&tmp);
 	return(-1);
     }
     if (!CryptVerifySignature(ctx->mscHash,
@@ -277,32 +290,30 @@
 			XMLSEC_ERRORS_R_DATA_NOT_MATCH,
 			"signature do not match");
 	    transform->status = xmlSecTransformStatusFail;
-	    xmlSecBufferDestroy(tmp);
+	    xmlSecBufferFinalize(&tmp);
 	    return(0);
 	} else {
 	    xmlSecError(XMLSEC_ERRORS_HERE,
 			xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
 			"CryptVerifySignature",
 			XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			"error code=%d", dwError);
-	    xmlSecBufferDestroy(tmp);
+			XMLSEC_ERRORS_NO_MESSAGE);
+	    xmlSecBufferFinalize(&tmp);
 	    return (-1);
 	}
     }
-    xmlSecBufferDestroy(tmp);
-
+    xmlSecBufferFinalize(&tmp);
     transform->status = xmlSecTransformStatusOk;
     return(0);
 }
 
-
 static int 
 xmlSecMSCryptoSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
     xmlSecMSCryptoSignatureCtxPtr ctx;
     HCRYPTPROV hProv;
     HCRYPTKEY hKey;
     DWORD dwKeySpec;
-    xmlSecBufferPtr in, out, tmp;
+    xmlSecBufferPtr in, out;
     xmlSecSize inSize, outSize;
     int ret;
     DWORD dwSigLen;
@@ -341,7 +352,7 @@
 			NULL,
 			"CryptCreateHash",
 			XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			"error code=%d", GetLastError());
+			XMLSEC_ERRORS_NO_MESSAGE);
 	    return(-1);
 	}
 
@@ -356,7 +367,7 @@
 			NULL,
 			"CryptHashData",
 			XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			"error code=%d", GetLastError());
+			XMLSEC_ERRORS_NO_MESSAGE);
 	    return(-1);
 	}
 
@@ -372,7 +383,10 @@
     }
 
     if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+	xmlSecBuffer tmp;
+
 	xmlSecAssert2(outSize == 0, -1);
+
 	if(transform->operation == xmlSecTransformOperationSign) {
 	    dwKeySpec = xmlSecMSCryptoKeyDataGetMSCryptoKeySpec(ctx->data);
 	    if (!CryptSignHash(ctx->mscHash, dwKeySpec, NULL, 0, NULL, &dwSigLen)) {
@@ -380,12 +394,12 @@
 			    NULL,
 			    "CryptSignHash",
 			    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			    "error code=%d", GetLastError());
+			    XMLSEC_ERRORS_NO_MESSAGE);
 		return(-1);
 	    }	
 	    outSize = (xmlSecSize)dwSigLen;
 
-	    ret = xmlSecBufferSetMaxSize(out, outSize);
+	    ret = xmlSecBufferInitialize(&tmp, outSize);
 	    if(ret < 0) {
 		xmlSecError(XMLSEC_ERRORS_HERE, 
 			    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
@@ -394,14 +408,16 @@
 			    "size=%d", outSize);
 		return(-1);
 	    }
+	    tmpBuf = xmlSecBufferGetData(&tmp);
+	    xmlSecAssert2(tmpBuf != NULL, -1);
 
-	    tmp = xmlSecBufferCreate(outSize);
-	    if (!CryptSignHash(ctx->mscHash, dwKeySpec, NULL, 0, xmlSecBufferGetData(tmp), &dwSigLen)) {
+	    if (!CryptSignHash(ctx->mscHash, dwKeySpec, NULL, 0, tmpBuf, &dwSigLen)) {
 		xmlSecError(XMLSEC_ERRORS_HERE,
 			    NULL,
 			    "CryptSignHash",
 			    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			    "error code=%d", GetLastError());
+			    XMLSEC_ERRORS_NO_MESSAGE);
+		xmlSecBufferFinalize(&tmp);
 		return(-1);
 	    }
 	    outSize = (xmlSecSize)dwSigLen;
@@ -413,14 +429,14 @@
 			    "xmlSecBufferSetSize",
 			    XMLSEC_ERRORS_R_XMLSEC_FAILED,
 			    "size=%d", outSize);
+		xmlSecBufferFinalize(&tmp);
 		return(-1);
 	    }
-
+	    outBuf = xmlSecBufferGetData(out);
+	    xmlSecAssert2(outBuf != NULL, -1);
 
 	    /* Now encode into a signature block,
-    	     * convert signature value to big endian */
-	    tmpBuf = xmlSecBufferGetData(tmp);
-	    outBuf = xmlSecBufferGetData(out);
+    	     * convert signature value to big endian */	    
 	    if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformDsaSha1Id)) {
 		i = tmpBuf;
 		j = tmpBuf + 20;
@@ -444,10 +460,10 @@
 			    NULL,
 			    XMLSEC_ERRORS_R_XMLSEC_FAILED,
 			    "Invalid algo");
-		xmlSecBufferDestroy(tmp);
+		xmlSecBufferFinalize(&tmp);
 		return(-1);
 	    }
-	    xmlSecBufferDestroy(tmp);
+	    xmlSecBufferFinalize(&tmp);
 	}
 	transform->status = xmlSecTransformStatusFinished;
     }
Index: src/mscrypto/x509vfy.c
===================================================================
RCS file: /cvs/gnome/xmlsec/src/mscrypto/Attic/x509vfy.c,v
retrieving revision 1.1.2.3
diff -u -r1.1.2.3 x509vfy.c
--- src/mscrypto/x509vfy.c	11 Sep 2003 22:13:10 -0000	1.1.2.3
+++ src/mscrypto/x509vfy.c	21 Sep 2003 07:06:23 -0000
@@ -253,7 +253,7 @@
 			xmlSecErrorsSafeString(xmlSecKeyDataGetName(store)),
 			"CertVerifySubjectCertificateContext",
 			XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			"error code=%d", GetLastError());
+			XMLSEC_ERRORS_NO_MESSAGE);
 	}
 	}
 
@@ -353,7 +353,7 @@
 			xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
 			"CertOpenStore",
 			XMLSEC_ERRORS_R_CRYPTO_FAILED,
-			"error code=%d", GetLastError());
+			XMLSEC_ERRORS_NO_MESSAGE);
 	    return(-1);
 	}
     }
@@ -367,7 +367,7 @@
 		    xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
 		    "CertAddCertificateContextToStore",
 		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
-		    "error code=%d", GetLastError());
+		    XMLSEC_ERRORS_NO_MESSAGE);
 	return(-1);
     }
 
Index: tests/testDSig.sh
===================================================================
RCS file: /cvs/gnome/xmlsec/tests/testDSig.sh,v
retrieving revision 1.29.2.3
diff -u -r1.29.2.3 testDSig.sh
--- tests/testDSig.sh	10 Sep 2003 07:32:09 -0000	1.29.2.3
+++ tests/testDSig.sh	21 Sep 2003 07:06:42 -0000
@@ -11,9 +11,13 @@
 priv_key_option="--pkcs12"
 priv_key_format="p12"
 
+if [ "z$TMPFOLDER" = "z" ] ; then
+    TMPFOLDER=/tmp
+fi
+
 timestamp=`date +%Y%m%d_%H%M%S` 
-tmpfile=/tmp/testDSig.$timestamp-$$.tmp
-logfile=/tmp/testDSig.$timestamp-$$.log
+tmpfile=$TMPFOLDER/testDSig.$timestamp-$$.tmp
+logfile=$TMPFOLDER/testDSig.$timestamp-$$.log
 script="$0"
 keysfile=$topfolder/keys.xml
 valgrind_suppression="--suppressions=$topfolder/openssl.supp --suppressions=$topfolder/nss.supp"
Index: tests/testEnc.sh
===================================================================
RCS file: /cvs/gnome/xmlsec/tests/testEnc.sh,v
retrieving revision 1.19.2.4
diff -u -r1.19.2.4 testEnc.sh
--- tests/testEnc.sh	14 Sep 2003 09:12:47 -0000	1.19.2.4
+++ tests/testEnc.sh	21 Sep 2003 07:06:42 -0000
@@ -11,9 +11,13 @@
 priv_key_option="--pkcs12"
 priv_key_format="p12"
 
+if [ "z$TMPFOLDER" = "z" ] ; then
+    TMPFOLDER=/tmp
+fi
+
 timestamp=`date +%Y%m%d_%H%M%S` 
-tmpfile=/tmp/testEnc.$timestamp-$$.tmp
-logfile=/tmp/testEnc.$timestamp-$$.log
+tmpfile=$TMPFOLDER/testEnc.$timestamp-$$.tmp
+logfile=$TMPFOLDER/testEnc.$timestamp-$$.log
 script="$0"
 keysfile=$topfolder/keys.xml
 valgrind_suppression="--suppressions=$topfolder/openssl.supp --suppressions=$topfolder/nss.supp"
Index: tests/testKeys.sh
===================================================================
RCS file: /cvs/gnome/xmlsec/tests/testKeys.sh,v
retrieving revision 1.9.2.4
diff -u -r1.9.2.4 testKeys.sh
--- tests/testKeys.sh	13 Sep 2003 05:26:52 -0000	1.9.2.4
+++ tests/testKeys.sh	21 Sep 2003 07:06:42 -0000
@@ -11,9 +11,13 @@
 priv_key_option="--pkcs12"
 priv_key_format="p12"
 
+if [ "z$TMPFOLDER" = "z" ] ; then
+    TMPFOLDER=/tmp
+fi
+
 timestamp=`date +%Y%m%d_%H%M%S` 
-tmpfile=/tmp/testKeys.$timestamp-$$.tmp
-logfile=/tmp/testKeys.$timestamp-$$.log
+tmpfile=$TMPFOLDER/testKeys.$timestamp-$$.tmp
+logfile=$TMPFOLDER/testKeys.$timestamp-$$.log
 script="$0"
 keysfile=$topfolder/keys.xml
 
Index: tests/testRes.sh
===================================================================
RCS file: /cvs/gnome/xmlsec/tests/testRes.sh,v
retrieving revision 1.2
diff -u -r1.2 testRes.sh
--- tests/testRes.sh	22 Nov 2002 05:31:22 -0000	1.2
+++ tests/testRes.sh	21 Sep 2003 07:06:42 -0000
@@ -1,6 +1,10 @@
 #!/bin/sh 
 
-logfiles='/tmp/test*.log'
+if [ "z$TMPFOLDER" = "z" ] ; then
+    TMPFOLDER=/tmp
+fi
+
+logfiles='$TMPFOLDER/test*.log'
 
 echo "-------------------- MEMORY USAGE --------------------"
 grep 'in use' $logfiles | \
Index: win32/Makefile.msvc
===================================================================
RCS file: /cvs/gnome/xmlsec/win32/Makefile.msvc,v
retrieving revision 1.19.2.11
diff -u -r1.19.2.11 Makefile.msvc
--- win32/Makefile.msvc	12 Sep 2003 00:25:07 -0000	1.19.2.11
+++ win32/Makefile.msvc	21 Sep 2003 07:06:42 -0000
@@ -261,7 +261,6 @@
 	$(XMLSEC_MSCRYPTO_INTDIR)\digests.obj \
 	$(XMLSEC_MSCRYPTO_INTDIR)\symkeys.obj \
 	$(XMLSEC_MSCRYPTO_INTDIR)\kt_rsa.obj \
-	$(XMLSEC_MSCRYPTO_INTDIR)\hmac.obj \
 	$(XMLSEC_MSCRYPTO_INTDIR)\strings.obj \
 	$(XMLSEC_MSCRYPTO_INTDIR)\signatures.obj \
 	$(XMLSEC_MSCRYPTO_INTDIR)\certkeys.obj \
@@ -275,7 +274,6 @@
 	$(XMLSEC_MSCRYPTO_INTDIR_A)\ciphers.obj \
 	$(XMLSEC_MSCRYPTO_INTDIR_A)\digests.obj \
 	$(XMLSEC_MSCRYPTO_INTDIR_A)\symkeys.obj \
-	$(XMLSEC_MSCRYPTO_INTDIR_A)\hmac.obj \
 	$(XMLSEC_MSCRYPTO_INTDIR_A)\kt_rsa.obj \
 	$(XMLSEC_MSCRYPTO_INTDIR_A)\strings.obj \
 	$(XMLSEC_MSCRYPTO_INTDIR_A)\signatures.obj \
@@ -326,6 +324,8 @@
 !else
 CFLAGS 			= $(CFLAGS) /D "XMLSEC_NO_CRYPTO_DYNAMIC_LOADING"
 APP_CFLAGS		= $(APP_CFLAGS) $(XMLSEC_CRYPTO_CFLAGS) 
+# this disables TEMPLATE tests and helps with missing algorithms (hmac) in mscrypto
+APP_CFLAGS		= $(APP_CFLAGS) /D "XMLSEC_NO_TMPL_TEST"
 !endif
 
 !if "$(WITH_OPENSSL_096)" == "1"
@@ -454,15 +454,19 @@
 
 check : check-keys check-dsig check-enc
 
-check-keys : $(BINDIR)\$(APP_NAME)
+check-keys : check-tmp $(BINDIR)\$(APP_NAME)
 	sh ../tests/testKeys.sh default ../tests $(BINDIR)/$(APP_NAME) der
 
-check-dsig : $(BINDIR)\$(APP_NAME)
+check-dsig : check-tmp $(BINDIR)\$(APP_NAME)
 	sh ../tests/testDSig.sh default ../tests $(BINDIR)/$(APP_NAME) der
 
-check-enc : $(BINDIR)\$(APP_NAME)
+check-enc : check-tmp $(BINDIR)\$(APP_NAME)
 	sh ../tests/testEnc.sh default ../tests $(BINDIR)/$(APP_NAME) der
 
+check-tmp :
+	if not exist tmp mkdir tmp
+	set TMPFOLDER=.\tmp
+		
 clean :
 	if exist $(XMLSEC_INTDIR) rmdir /S /Q $(XMLSEC_INTDIR)
 	if exist $(XMLSEC_INTDIR_A) rmdir /S /Q $(XMLSEC_INTDIR_A)


More information about the xmlsec mailing list