RubyGems - xmlsec-shim - Versions diffs - 1.2.18.1 - Mend

xmlsec-shim 1.2.18.1

Files changed (969) hide show

data/vendor/xmlsec1-1.2.18/src/gcrypt/crypto.c ADDED

@@ -0,0 +1,315 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+#include <string.h>
+#include <gcrypt.h>
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/dl.h>
+#include <xmlsec/private.h>
+#include <xmlsec/gcrypt/app.h>
+#include <xmlsec/gcrypt/crypto.h>
+static xmlSecCryptoDLFunctionsPtr gXmlSecGCryptFunctions = NULL;
+/**
+ * xmlSecCryptoGetFunctions_gcrypt:
+ *
+ * Gets the pointer to xmlsec-gcrypt functions table.
+ *
+ * Returns: the xmlsec-gcrypt functions table or NULL if an error occurs.
+ */
+xmlSecCryptoDLFunctionsPtr
+xmlSecCryptoGetFunctions_gcrypt(void) {
+    static xmlSecCryptoDLFunctions functions;
+    if(gXmlSecGCryptFunctions != NULL) {
+        return(gXmlSecGCryptFunctions);
+    }
+    memset(&functions, 0, sizeof(functions));
+    gXmlSecGCryptFunctions = &functions;
+    /********************************************************************
+     *
+     * Crypto Init/shutdown
+     *
+     ********************************************************************/
+    gXmlSecGCryptFunctions->cryptoInit                  = xmlSecGCryptInit;
+    gXmlSecGCryptFunctions->cryptoShutdown              = xmlSecGCryptShutdown;
+    gXmlSecGCryptFunctions->cryptoKeysMngrInit          = xmlSecGCryptKeysMngrInit;
+    /********************************************************************
+     *
+     * Key data ids
+     *
+     ********************************************************************/
+#ifndef XMLSEC_NO_AES
+    gXmlSecGCryptFunctions->keyDataAesGetKlass          = xmlSecGCryptKeyDataAesGetKlass;
+#endif /* XMLSEC_NO_AES */
+#ifndef XMLSEC_NO_DES
+    gXmlSecGCryptFunctions->keyDataDesGetKlass          = xmlSecGCryptKeyDataDesGetKlass;
+#endif /* XMLSEC_NO_DES */
+#ifndef XMLSEC_NO_DSA
+    gXmlSecGCryptFunctions->keyDataDsaGetKlass          = xmlSecGCryptKeyDataDsaGetKlass;
+#endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_HMAC
+    gXmlSecGCryptFunctions->keyDataHmacGetKlass         = xmlSecGCryptKeyDataHmacGetKlass;
+#endif /* XMLSEC_NO_HMAC */
+#ifndef XMLSEC_NO_RSA
+    gXmlSecGCryptFunctions->keyDataRsaGetKlass          = xmlSecGCryptKeyDataRsaGetKlass;
+#endif /* XMLSEC_NO_RSA */
+    /********************************************************************
+     *
+     * Key data store ids
+     *
+     ********************************************************************/
+    /********************************************************************
+     *
+     * Crypto transforms ids
+     *
+     ********************************************************************/
+    /******************************* AES ********************************/
+#ifndef XMLSEC_NO_AES
+    gXmlSecGCryptFunctions->transformAes128CbcGetKlass          = xmlSecGCryptTransformAes128CbcGetKlass;
+    gXmlSecGCryptFunctions->transformAes192CbcGetKlass          = xmlSecGCryptTransformAes192CbcGetKlass;
+    gXmlSecGCryptFunctions->transformAes256CbcGetKlass          = xmlSecGCryptTransformAes256CbcGetKlass;
+    gXmlSecGCryptFunctions->transformKWAes128GetKlass           = xmlSecGCryptTransformKWAes128GetKlass;
+    gXmlSecGCryptFunctions->transformKWAes192GetKlass           = xmlSecGCryptTransformKWAes192GetKlass;
+    gXmlSecGCryptFunctions->transformKWAes256GetKlass           = xmlSecGCryptTransformKWAes256GetKlass;
+#endif /* XMLSEC_NO_AES */
+    /******************************* DES ********************************/
+#ifndef XMLSEC_NO_DES
+    gXmlSecGCryptFunctions->transformDes3CbcGetKlass            = xmlSecGCryptTransformDes3CbcGetKlass;
+    gXmlSecGCryptFunctions->transformKWDes3GetKlass             = xmlSecGCryptTransformKWDes3GetKlass;
+#endif /* XMLSEC_NO_DES */
+    /******************************* DSA ********************************/
+#ifndef XMLSEC_NO_DSA
+#ifndef XMLSEC_NO_SHA1
+    gXmlSecGCryptFunctions->transformDsaSha1GetKlass            = xmlSecGCryptTransformDsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+#endif /* XMLSEC_NO_DSA */
+    /******************************* HMAC ********************************/
+#ifndef XMLSEC_NO_HMAC
+#ifndef XMLSEC_NO_MD5
+    gXmlSecGCryptFunctions->transformHmacMd5GetKlass            = xmlSecGCryptTransformHmacMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+#ifndef XMLSEC_NO_RIPEMD160
+    gXmlSecGCryptFunctions->transformHmacRipemd160GetKlass      = xmlSecGCryptTransformHmacRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+#ifndef XMLSEC_NO_SHA1
+    gXmlSecGCryptFunctions->transformHmacSha1GetKlass           = xmlSecGCryptTransformHmacSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+    gXmlSecGCryptFunctions->transformHmacSha256GetKlass         = xmlSecGCryptTransformHmacSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+#ifndef XMLSEC_NO_SHA384
+    gXmlSecGCryptFunctions->transformHmacSha384GetKlass         = xmlSecGCryptTransformHmacSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+#ifndef XMLSEC_NO_SHA512
+    gXmlSecGCryptFunctions->transformHmacSha512GetKlass         = xmlSecGCryptTransformHmacSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+#endif /* XMLSEC_NO_HMAC */
+    /******************************* MD5 ********************************/
+#ifndef XMLSEC_NO_MD5
+    gXmlSecGCryptFunctions->transformMd5GetKlass                = xmlSecGCryptTransformMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+    /******************************* RIPEMD160 ********************************/
+#ifndef XMLSEC_NO_RIPEMD160
+    gXmlSecGCryptFunctions->transformRipemd160GetKlass          = xmlSecGCryptTransformRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+    /******************************* RSA ********************************/
+#ifndef XMLSEC_NO_RSA
+#ifndef XMLSEC_NO_MD5
+    gXmlSecGCryptFunctions->transformRsaMd5GetKlass            = xmlSecGCryptTransformRsaMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+#ifndef XMLSEC_NO_RIPEMD160
+    gXmlSecGCryptFunctions->transformRsaRipemd160GetKlass      = xmlSecGCryptTransformRsaRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+#ifndef XMLSEC_NO_SHA1
+    gXmlSecGCryptFunctions->transformRsaSha1GetKlass           = xmlSecGCryptTransformRsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+    gXmlSecGCryptFunctions->transformRsaSha256GetKlass         = xmlSecGCryptTransformRsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+#ifndef XMLSEC_NO_SHA384
+    gXmlSecGCryptFunctions->transformRsaSha384GetKlass         = xmlSecGCryptTransformRsaSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+#ifndef XMLSEC_NO_SHA512
+    gXmlSecGCryptFunctions->transformRsaSha512GetKlass         = xmlSecGCryptTransformRsaSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+#endif /* XMLSEC_NO_RSA */
+    /******************************* SHA ********************************/
+#ifndef XMLSEC_NO_SHA1
+    gXmlSecGCryptFunctions->transformSha1GetKlass               = xmlSecGCryptTransformSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+    gXmlSecGCryptFunctions->transformSha256GetKlass             = xmlSecGCryptTransformSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+#ifndef XMLSEC_NO_SHA384
+    gXmlSecGCryptFunctions->transformSha384GetKlass             = xmlSecGCryptTransformSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+#ifndef XMLSEC_NO_SHA512
+    gXmlSecGCryptFunctions->transformSha512GetKlass             = xmlSecGCryptTransformSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+    /********************************************************************
+     *
+     * High level routines form xmlsec command line utility
+     *
+     ********************************************************************/
+    gXmlSecGCryptFunctions->cryptoAppInit                       = xmlSecGCryptAppInit;
+    gXmlSecGCryptFunctions->cryptoAppShutdown                   = xmlSecGCryptAppShutdown;
+    gXmlSecGCryptFunctions->cryptoAppDefaultKeysMngrInit        = xmlSecGCryptAppDefaultKeysMngrInit;
+    gXmlSecGCryptFunctions->cryptoAppDefaultKeysMngrAdoptKey    = xmlSecGCryptAppDefaultKeysMngrAdoptKey;
+    gXmlSecGCryptFunctions->cryptoAppDefaultKeysMngrLoad        = xmlSecGCryptAppDefaultKeysMngrLoad;
+    gXmlSecGCryptFunctions->cryptoAppDefaultKeysMngrSave        = xmlSecGCryptAppDefaultKeysMngrSave;
+#ifndef XMLSEC_NO_X509
+    gXmlSecGCryptFunctions->cryptoAppKeysMngrCertLoad           = xmlSecGCryptAppKeysMngrCertLoad;
+    gXmlSecGCryptFunctions->cryptoAppPkcs12Load                 = xmlSecGCryptAppPkcs12Load;
+    gXmlSecGCryptFunctions->cryptoAppKeyCertLoad                = xmlSecGCryptAppKeyCertLoad;
+#endif /* XMLSEC_NO_X509 */
+    gXmlSecGCryptFunctions->cryptoAppKeyLoad                    = xmlSecGCryptAppKeyLoad;
+    gXmlSecGCryptFunctions->cryptoAppDefaultPwdCallback         = (void*)xmlSecGCryptAppGetDefaultPwdCallback();
+    return(gXmlSecGCryptFunctions);
+}
+/**
+ * xmlSecGCryptInit:
+ *
+ * XMLSec library specific crypto engine initialization.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptInit (void)  {
+    /* Check loaded xmlsec library version */
+    if(xmlSecCheckVersionExact() != 1) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecCheckVersionExact",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+    /* register our klasses */
+    if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_gcrypt()) < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+    return(0);
+}
+/**
+ * xmlSecGCryptShutdown:
+ *
+ * XMLSec library specific crypto engine shutdown.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptShutdown(void) {
+    return(0);
+}
+/**
+ * xmlSecGCryptKeysMngrInit:
+ * @mngr:               the pointer to keys manager.
+ *
+ * Adds GCrypt specific key data stores in keys manager.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+    xmlSecAssert2(mngr != NULL, -1);
+    /* TODO: add key data stores */
+    return(0);
+}
+/**
+ * xmlSecGCryptGenerateRandom:
+ * @buffer:             the destination buffer.
+ * @size:               the numer of bytes to generate.
+ *
+ * Generates @size random bytes and puts result in @buffer.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) {
+    int ret;
+    xmlSecAssert2(buffer != NULL, -1);
+    xmlSecAssert2(size > 0, -1);
+    ret = xmlSecBufferSetSize(buffer, size);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecBufferSetSize",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "size=%d", size);
+        return(-1);
+    }
+    /* get random data */
+    gcry_randomize(xmlSecBufferGetData(buffer), size, GCRY_STRONG_RANDOM);
+    return(0);
+}

data/vendor/xmlsec1-1.2.18/src/gcrypt/digests.c ADDED

@@ -0,0 +1,614 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+#include <string.h>
+#include <gcrypt.h>
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/gcrypt/app.h>
+#include <xmlsec/gcrypt/crypto.h>
+/**************************************************************************
+ *
+ * Internal GCRYPT Digest CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecGCryptDigestCtx           xmlSecGCryptDigestCtx, *xmlSecGCryptDigestCtxPtr;
+struct _xmlSecGCryptDigestCtx {
+    int                 digest;
+    gcry_md_hd_t        digestCtx;
+    xmlSecByte          dgst[XMLSEC_GCRYPT_MAX_DIGEST_SIZE];
+    xmlSecSize          dgstSize;       /* dgst size in bytes */
+};
+/******************************************************************************
+ *
+ * Digest transforms
+ *
+ * xmlSecGCryptDigestCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecGCryptDigestSize  \
+    (sizeof(xmlSecTransform) + sizeof(xmlSecGCryptDigestCtx))
+#define xmlSecGCryptDigestGetCtx(transform) \
+    ((xmlSecGCryptDigestCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+static int      xmlSecGCryptDigestInitialize            (xmlSecTransformPtr transform);
+static void     xmlSecGCryptDigestFinalize              (xmlSecTransformPtr transform);
+static int      xmlSecGCryptDigestVerify                (xmlSecTransformPtr transform,
+                                                         const xmlSecByte* data,
+                                                         xmlSecSize dataSize,
+                                                         xmlSecTransformCtxPtr transformCtx);
+static int      xmlSecGCryptDigestExecute               (xmlSecTransformPtr transform,
+                                                         int last,
+                                                         xmlSecTransformCtxPtr transformCtx);
+static int      xmlSecGCryptDigestCheckId               (xmlSecTransformPtr transform);
+static int
+xmlSecGCryptDigestCheckId(xmlSecTransformPtr transform) {
+#ifndef XMLSEC_NO_SHA1
+    if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha1Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+    if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha256Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_SHA256 */
+#ifndef XMLSEC_NO_SHA384
+    if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha384Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_SHA384 */
+#ifndef XMLSEC_NO_SHA512
+    if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha512Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_SHA512 */
+#ifndef XMLSEC_NO_MD5
+    if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformMd5Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_MD5 */
+#ifndef XMLSEC_NO_RIPEMD160
+    if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRipemd160Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+    /* not found */
+    {
+        return(0);
+    }
+    /* just in case */
+    return(0);
+}
+static int
+xmlSecGCryptDigestInitialize(xmlSecTransformPtr transform) {
+    xmlSecGCryptDigestCtxPtr ctx;
+    gcry_error_t err;
+    xmlSecAssert2(xmlSecGCryptDigestCheckId(transform), -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptDigestSize), -1);
+    ctx = xmlSecGCryptDigestGetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+    /* initialize context */
+    memset(ctx, 0, sizeof(xmlSecGCryptDigestCtx));
+#ifndef XMLSEC_NO_SHA1
+    if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha1Id)) {
+        ctx->digest = GCRY_MD_SHA1;
+    } else
+#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+    if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha256Id)) {
+        ctx->digest = GCRY_MD_SHA256;
+    } else
+#endif /* XMLSEC_NO_SHA256 */
+#ifndef XMLSEC_NO_SHA384
+    if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha384Id)) {
+        ctx->digest = GCRY_MD_SHA384;
+    } else
+#endif /* XMLSEC_NO_SHA384 */
+#ifndef XMLSEC_NO_SHA512
+    if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha512Id)) {
+        ctx->digest = GCRY_MD_SHA512;
+    } else
+#endif /* XMLSEC_NO_SHA512 */
+#ifndef XMLSEC_NO_MD5
+    if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformMd5Id)) {
+        ctx->digest = GCRY_MD_MD5;
+    } else
+#endif /* XMLSEC_NO_MD5 */
+#ifndef XMLSEC_NO_RIPEMD160
+    if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRipemd160Id)) {
+        ctx->digest = GCRY_MD_RMD160;
+    } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+    if(1) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+    /* create digest ctx */
+    err = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_SECURE); /* we are paranoid */
+    if(err != GPG_ERR_NO_ERROR) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    "gcry_md_open",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_GCRYPT_REPORT_ERROR(err));
+        return(-1);
+    }
+    return(0);
+}
+static void
+xmlSecGCryptDigestFinalize(xmlSecTransformPtr transform) {
+    xmlSecGCryptDigestCtxPtr ctx;
+    xmlSecAssert(xmlSecGCryptDigestCheckId(transform));
+    xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGCryptDigestSize));
+    ctx = xmlSecGCryptDigestGetCtx(transform);
+    xmlSecAssert(ctx != NULL);
+    if(ctx->digestCtx != NULL) {
+        gcry_md_close(ctx->digestCtx);
+    }
+    memset(ctx, 0, sizeof(xmlSecGCryptDigestCtx));
+}
+static int
+xmlSecGCryptDigestVerify(xmlSecTransformPtr transform,
+                        const xmlSecByte* data, xmlSecSize dataSize,
+                        xmlSecTransformCtxPtr transformCtx) {
+    xmlSecGCryptDigestCtxPtr ctx;
+    xmlSecAssert2(xmlSecGCryptDigestCheckId(transform), -1);
+    xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptDigestSize), -1);
+    xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+    xmlSecAssert2(data != NULL, -1);
+    xmlSecAssert2(transformCtx != NULL, -1);
+    ctx = xmlSecGCryptDigestGetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(ctx->dgstSize > 0, -1);
+    if(dataSize != ctx->dgstSize) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_DATA,
+                    "data and digest sizes are different (data=%d, dgst=%d)",
+                    dataSize, ctx->dgstSize);
+        transform->status = xmlSecTransformStatusFail;
+        return(0);
+    }
+    if(memcmp(ctx->dgst, data, dataSize) != 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_DATA,
+                    "data and digest do not match");
+        transform->status = xmlSecTransformStatusFail;
+        return(0);
+    }
+    transform->status = xmlSecTransformStatusOk;
+    return(0);
+}
+static int
+xmlSecGCryptDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+    xmlSecGCryptDigestCtxPtr ctx;
+    xmlSecBufferPtr in, out;
+    int ret;
+    xmlSecAssert2(xmlSecGCryptDigestCheckId(transform), -1);
+    xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+    xmlSecAssert2(transformCtx != NULL, -1);
+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptDigestSize), -1);
+    ctx = xmlSecGCryptDigestGetCtx(transform);
+    xmlSecAssert2(ctx != NULL, -1);
+    xmlSecAssert2(ctx->digest != GCRY_MD_NONE, -1);
+    xmlSecAssert2(ctx->digestCtx != NULL, -1);
+    in = &(transform->inBuf);
+    out = &(transform->outBuf);
+    if(transform->status == xmlSecTransformStatusNone) {
+        transform->status = xmlSecTransformStatusWorking;
+    }
+    if(transform->status == xmlSecTransformStatusWorking) {
+        xmlSecSize inSize;
+        inSize = xmlSecBufferGetSize(in);
+        if(inSize > 0) {
+            gcry_md_write(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
+            ret = xmlSecBufferRemoveHead(in, inSize);
+            if(ret < 0) {
+                xmlSecError(XMLSEC_ERRORS_HERE,
+                            xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                            "xmlSecBufferRemoveHead",
+                            XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                            "size=%d", inSize);
+                return(-1);
+            }
+        }
+        if(last != 0) {
+            xmlSecByte* buf;
+            /* get the final digest */
+            gcry_md_final(ctx->digestCtx);
+            buf = gcry_md_read(ctx->digestCtx, ctx->digest);
+            if(buf == NULL) {
+                xmlSecError(XMLSEC_ERRORS_HERE,
+                            xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                            "gcry_md_read",
+                            XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                            XMLSEC_ERRORS_NO_MESSAGE);
+                return(-1);
+            }
+            /* copy it to our internal buffer */
+            ctx->dgstSize = gcry_md_get_algo_dlen(ctx->digest);
+            xmlSecAssert2(ctx->dgstSize > 0, -1);
+            xmlSecAssert2(ctx->dgstSize <= sizeof(ctx->dgst), -1);
+            memcpy(ctx->dgst, buf, ctx->dgstSize);
+            /* and to the output if needed */
+            if(transform->operation == xmlSecTransformOperationSign) {
+                ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize);
+                if(ret < 0) {
+                    xmlSecError(XMLSEC_ERRORS_HERE,
+                                xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                                "xmlSecBufferAppend",
+                                XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                                "size=%d", ctx->dgstSize);
+                    return(-1);
+                }
+            }
+            transform->status = xmlSecTransformStatusFinished;
+        }
+    } else if(transform->status == xmlSecTransformStatusFinished) {
+        /* the only way we can get here is if there is no input */
+        xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+    } else {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_STATUS,
+                    "status=%d", transform->status);
+        return(-1);
+    }
+    return(0);
+}
+#ifndef XMLSEC_NO_SHA1
+/******************************************************************************
+ *
+ * SHA1 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptSha1Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGCryptDigestSize,                     /* xmlSecSize objSize */
+    /* data */
+    xmlSecNameSha1,                             /* const xmlChar* name; */
+    xmlSecHrefSha1,                             /* const xmlChar* href; */
+    xmlSecTransformUsageDigestMethod,           /* xmlSecTransformUsage usage; */
+    /* methods */
+    xmlSecGCryptDigestInitialize,               /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGCryptDigestFinalize,                 /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    NULL,                                       /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    NULL,                                       /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecGCryptDigestVerify,                   /* xmlSecTransformVerifyMethod verify; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGCryptDigestExecute,                  /* xmlSecTransformExecuteMethod execute; */
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+/**
+ * xmlSecGCryptTransformSha1GetKlass:
+ *
+ * SHA-1 digest transform klass.
+ *
+ * Returns: pointer to SHA-1 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformSha1GetKlass(void) {
+    return(&xmlSecGCryptSha1Klass);
+}
+#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+/******************************************************************************
+ *
+ * SHA256 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptSha256Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGCryptDigestSize,                     /* xmlSecSize objSize */
+    /* data */
+    xmlSecNameSha256,                           /* const xmlChar* name; */
+    xmlSecHrefSha256,                           /* const xmlChar* href; */
+    xmlSecTransformUsageDigestMethod,           /* xmlSecTransformUsage usage; */
+    /* methods */
+    xmlSecGCryptDigestInitialize,               /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGCryptDigestFinalize,                 /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    NULL,                                       /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    NULL,                                       /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecGCryptDigestVerify,                   /* xmlSecTransformVerifyMethod verify; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGCryptDigestExecute,                  /* xmlSecTransformExecuteMethod execute; */
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+/**
+ * xmlSecGCryptTransformSha256GetKlass:
+ *
+ * SHA256 digest transform klass.
+ *
+ * Returns: pointer to SHA256 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformSha256GetKlass(void) {
+    return(&xmlSecGCryptSha256Klass);
+}
+#endif /* XMLSEC_NO_SHA256 */
+#ifndef XMLSEC_NO_SHA384
+/******************************************************************************
+ *
+ * SHA384 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptSha384Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGCryptDigestSize,                     /* xmlSecSize objSize */
+    /* data */
+    xmlSecNameSha384,                           /* const xmlChar* name; */
+    xmlSecHrefSha384,                           /* const xmlChar* href; */
+    xmlSecTransformUsageDigestMethod,           /* xmlSecTransformUsage usage; */
+    /* methods */
+    xmlSecGCryptDigestInitialize,               /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGCryptDigestFinalize,                 /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    NULL,                                       /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    NULL,                                       /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecGCryptDigestVerify,                   /* xmlSecTransformVerifyMethod verify; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGCryptDigestExecute,                  /* xmlSecTransformExecuteMethod execute; */
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+/**
+ * xmlSecGCryptTransformSha384GetKlass:
+ *
+ * SHA384 digest transform klass.
+ *
+ * Returns: pointer to SHA384 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformSha384GetKlass(void) {
+    return(&xmlSecGCryptSha384Klass);
+}
+#endif /* XMLSEC_NO_SHA384 */
+#ifndef XMLSEC_NO_SHA512
+/******************************************************************************
+ *
+ * SHA512 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptSha512Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGCryptDigestSize,                     /* xmlSecSize objSize */
+    /* data */
+    xmlSecNameSha512,                           /* const xmlChar* name; */
+    xmlSecHrefSha512,                           /* const xmlChar* href; */
+    xmlSecTransformUsageDigestMethod,           /* xmlSecTransformUsage usage; */
+    /* methods */
+    xmlSecGCryptDigestInitialize,               /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGCryptDigestFinalize,                 /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    NULL,                                       /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    NULL,                                       /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecGCryptDigestVerify,                   /* xmlSecTransformVerifyMethod verify; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGCryptDigestExecute,                  /* xmlSecTransformExecuteMethod execute; */
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+/**
+ * xmlSecGCryptTransformSha512GetKlass:
+ *
+ * SHA512 digest transform klass.
+ *
+ * Returns: pointer to SHA512 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformSha512GetKlass(void) {
+    return(&xmlSecGCryptSha512Klass);
+}
+#endif /* XMLSEC_NO_SHA512 */
+#ifndef XMLSEC_NO_MD5
+/******************************************************************************
+ *
+ * MD5 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptMd5Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGCryptDigestSize,                     /* xmlSecSize objSize */
+    /* data */
+    xmlSecNameMd5,                           /* const xmlChar* name; */
+    xmlSecHrefMd5,                           /* const xmlChar* href; */
+    xmlSecTransformUsageDigestMethod,           /* xmlSecTransformUsage usage; */
+    /* methods */
+    xmlSecGCryptDigestInitialize,               /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGCryptDigestFinalize,                 /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    NULL,                                       /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    NULL,                                       /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecGCryptDigestVerify,                   /* xmlSecTransformVerifyMethod verify; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGCryptDigestExecute,                  /* xmlSecTransformExecuteMethod execute; */
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+/**
+ * xmlSecGCryptTransformMd5GetKlass:
+ *
+ * MD5 digest transform klass.
+ *
+ * Returns: pointer to MD5 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformMd5GetKlass(void) {
+    return(&xmlSecGCryptMd5Klass);
+}
+#endif /* XMLSEC_NO_MD5 */
+#ifndef XMLSEC_NO_RIPEMD160
+/******************************************************************************
+ *
+ * RIPEMD160 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptRipemd160Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecGCryptDigestSize,                     /* xmlSecSize objSize */
+    /* data */
+    xmlSecNameRipemd160,                           /* const xmlChar* name; */
+    xmlSecHrefRipemd160,                           /* const xmlChar* href; */
+    xmlSecTransformUsageDigestMethod,           /* xmlSecTransformUsage usage; */
+    /* methods */
+    xmlSecGCryptDigestInitialize,               /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecGCryptDigestFinalize,                 /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    NULL,                                       /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    NULL,                                       /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecGCryptDigestVerify,                   /* xmlSecTransformVerifyMethod verify; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecGCryptDigestExecute,                  /* xmlSecTransformExecuteMethod execute; */
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+/**
+ * xmlSecGCryptTransformRipemd160GetKlass:
+ *
+ * RIPEMD160 digest transform klass.
+ *
+ * Returns: pointer to RIPEMD160 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformRipemd160GetKlass(void) {
+    return(&xmlSecGCryptRipemd160Klass);
+}
+#endif /* XMLSEC_NO_RIPEMD160 */