You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by ka...@apache.org on 2007/08/24 12:04:11 UTC
svn commit: r569324 - in /webservices/rampart/trunk/c:
include/oxs_encryption.h src/omxmlsec/encryption.c src/omxmlsec/key_mgr.c
src/omxmlsec/openssl/sign.c src/omxmlsec/x509_cert.c
Author: kaushalye
Date: Fri Aug 24 03:04:10 2007
New Revision: 569324
URL: http://svn.apache.org/viewvc?rev=569324&view=rev
Log:
memory leak fixes and code cleaning
Modified:
webservices/rampart/trunk/c/include/oxs_encryption.h
webservices/rampart/trunk/c/src/omxmlsec/encryption.c
webservices/rampart/trunk/c/src/omxmlsec/key_mgr.c
webservices/rampart/trunk/c/src/omxmlsec/openssl/sign.c
webservices/rampart/trunk/c/src/omxmlsec/x509_cert.c
Modified: webservices/rampart/trunk/c/include/oxs_encryption.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/oxs_encryption.h?rev=569324&r1=569323&r2=569324&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/oxs_encryption.h (original)
+++ webservices/rampart/trunk/c/include/oxs_encryption.h Fri Aug 24 03:04:10 2007
@@ -58,7 +58,7 @@
* asymmetric key, which can be a publik key extracted from a certificate or a private key.
* The resulted data will be placed on the result buffer.
* Data are not valid only if the method returns AXIS2_SUCCESS
- * @enc_ctx pointer to the OMXMLSec asymmetric encryption context struct
+ * @asym_ctx pointer to the OMXMLSec asymmetric encryption context struct
* @env pointer to environment struct
* @input the input buffer
* @result the ouput or the ressulted data buffer
@@ -66,7 +66,7 @@
*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_encryption_asymmetric_crypt(const axutil_env_t *env,
- oxs_asym_ctx_t * enc_ctx,
+ oxs_asym_ctx_t * asym_ctx,
oxs_buffer_t *input,
oxs_buffer_t *result);
Modified: webservices/rampart/trunk/c/src/omxmlsec/encryption.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/encryption.c?rev=569324&r1=569323&r2=569324&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/encryption.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/encryption.c Fri Aug 24 03:04:10 2007
@@ -183,7 +183,7 @@
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_encryption_asymmetric_crypt(const axutil_env_t *env,
- oxs_asym_ctx_t *ctx,
+ oxs_asym_ctx_t *asym_ctx,
oxs_buffer_t *input,
oxs_buffer_t *result)
{
@@ -194,10 +194,10 @@
axis2_char_t *algorithm = NULL;
axis2_char_t *padding = NULL;
- algorithm = oxs_asym_ctx_get_algorithm(ctx, env);
+ algorithm = oxs_asym_ctx_get_algorithm(asym_ctx, env);
/* We support RSA v1.5 encryption only. If any other algorithm is specified, replace it with the proper one
if(0 != (axutil_strcmp(OXS_HREF_RSA_PKCS1, algorithm ))) {
- oxs_asym_ctx_set_algorithm(ctx, env, OXS_HREF_RSA_PKCS1);
+ oxs_asym_ctx_set_algorithm(asym_ctx, env, OXS_HREF_RSA_PKCS1);
}*/
/*Set the proper padding for the algorithm*/
@@ -208,14 +208,14 @@
}
/*Load the key using key manager*/
- password = oxs_asym_ctx_get_password(ctx, env);
- status = oxs_key_mgr_load_key(env, ctx, password);
+ password = oxs_asym_ctx_get_password(asym_ctx, env);
+ status = oxs_key_mgr_load_key(env, asym_ctx, password);
if(AXIS2_FAILURE == status){
return AXIS2_FAILURE;
}
/*Check for the operation and call appropriate method*/
- operation = oxs_asym_ctx_get_operation(ctx, env);
+ operation = oxs_asym_ctx_get_operation(asym_ctx, env);
if( OXS_ASYM_CTX_OPERATION_PUB_ENCRYPT == operation ){
axis2_char_t *encoded_str = NULL;
oxs_x509_cert_t *x509_cert = NULL;
@@ -225,7 +225,7 @@
int ret = -1;
/*Operation is PUB ENCRYPT; Get the public key from the context*/
- x509_cert = oxs_asym_ctx_get_certificate(ctx, env);
+ x509_cert = oxs_asym_ctx_get_certificate(asym_ctx, env);
pkey = oxs_x509_cert_get_public_key(x509_cert, env);
/*Encrypt using the public key. Then base64 encode and populate the buffer */
@@ -249,7 +249,7 @@
int declen = -1;
/*Operation id PRV DECRYPT; Get the private key from the context*/
- pkey = oxs_asym_ctx_get_private_key(ctx, env);
+ pkey = oxs_asym_ctx_get_private_key(asym_ctx, env);
/*Base64 decode first. Then do the decryption and populate the buffer*/
decoded_encrypted_str = AXIS2_MALLOC(env->allocator, axutil_base64_decode_len((char*)oxs_buffer_get_data(input, env)));
ret = axutil_base64_decode((char*)decoded_encrypted_str, (char*)oxs_buffer_get_data(input, env));
Modified: webservices/rampart/trunk/c/src/omxmlsec/key_mgr.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/key_mgr.c?rev=569324&r1=569323&r2=569324&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/key_mgr.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/key_mgr.c Fri Aug 24 03:04:10 2007
@@ -46,15 +46,17 @@
EVP_PKEY *prvkey = NULL;
EVP_PKEY *pubkey = NULL;
- /*If user has specified the certificate/private key directly we will extract the information from it.
+ /* If user has specified the certificate/private key directly we will extract the information from it.
* Else we will look for a file name to load the certificate/private key*/
pem_buf = oxs_asym_ctx_get_pem_buf(ctx, env);
if(pem_buf){
if( OXS_ASYM_CTX_OPERATION_PUB_ENCRYPT == oxs_asym_ctx_get_operation(ctx, env) ||
OXS_ASYM_CTX_OPERATION_PUB_DECRYPT == oxs_asym_ctx_get_operation(ctx, env)){
+
/*load certificate from buf*/
status = openssl_x509_load_from_buffer(env, pem_buf, &cert);
}else{
+
/*load private key from buf*/
status = openssl_pem_buf_read_pkey(env, pem_buf, password, OPENSSL_PEM_PKEY_TYPE_PRIVATE_KEY, &prvkey);
if(status == AXIS2_FAILURE){
@@ -62,8 +64,9 @@
}
}
}else{
- /*pem_buf is NULL. So we have to fetch the key in a file*/
- /*Get file to be loaded. Can be either in PEM or PKCS12 format*/
+
+ /* pem_buf is NULL. So we have to fetch the key in a file*/
+ /* Get file to be loaded. Can be either in PEM or PKCS12 format*/
filename = oxs_asym_ctx_get_file_name(ctx, env);
if(!filename){
return AXIS2_FAILURE;
@@ -77,9 +80,10 @@
/*First let's check if this is a file containing a certificate*/
status = openssl_x509_load_from_pem(env, filename, &cert);
- if((status == AXIS2_FAILURE) || (!cert)){/*>>*/
- /*If we cannot get the certificate then the file might contain either a public key or a private key*/
- /*The type depends on the operation*/
+ if((status == AXIS2_FAILURE) || (!cert)){
+
+ /* If we cannot get the certificate then the file might contain either a public key or a private key*/
+ /* The type depends on the operation*/
operation = oxs_asym_ctx_get_operation(ctx, env);
if((operation == OXS_ASYM_CTX_OPERATION_PRV_DECRYPT) || (operation == OXS_ASYM_CTX_OPERATION_PRV_ENCRYPT)){
@@ -93,10 +97,11 @@
pubkey = NULL;
}
}
- }/*>>*/
+ }
}else if(OXS_ASYM_CTX_FORMAT_PKCS12 == oxs_asym_ctx_get_format(ctx, env)){
format = OPENSSL_X509_FORMAT_PKCS12;
- /*Here we load both key and the certificate*/
+
+ /* Here we load both key and the certificate*/
status = openssl_x509_load_from_pkcs12(env, filename, password, &cert, &prvkey, &ca);
if(AXIS2_FAILURE == status){
oxs_error(env, ERROR_LOCATION, OXS_ERROR_DEFAULT,
@@ -108,15 +113,16 @@
}/*end of pem_buf*/
/*Wht ever the way, right now we should have either the public key or the private key*/
-
/*If the prvkey is available, populate the openssl_pkey*/
if(prvkey){
open_prvkey = openssl_pkey_create(env);
openssl_pkey_populate(open_prvkey, env, prvkey, filename, OPENSSL_PKEY_TYPE_PRIVATE_KEY);
oxs_asym_ctx_set_private_key(ctx, env, open_prvkey);
}
+
/*If the public key is available populate*/
if(pubkey){
+
/*This scenario is not recommonded. This will be executed iff the file is a public key file in PEM format*/
open_pubkey = openssl_pkey_create(env);
openssl_pkey_populate(open_pubkey, env, pubkey, filename, OPENSSL_PKEY_TYPE_PUBLIC_KEY);
@@ -124,11 +130,13 @@
oxs_x509_cert_set_public_key(oxs_cert, env, open_pubkey);
oxs_asym_ctx_set_certificate(ctx, env, oxs_cert);
}
+
/*If the X509 certificate is available, populate oxs_x509_cert*/
if(cert){
/*Create certificate*/
oxs_cert = oxs_x509_cert_create(env);
+
/*And populate it*/
oxs_x509_cert_set_data(oxs_cert, env, openssl_x509_get_cert_data(env, cert));
oxs_x509_cert_set_date(oxs_cert, env, openssl_x509_get_info(env, OPENSSL_X509_INFO_VALID_TO ,cert));
@@ -144,6 +152,7 @@
openssl_pkey_populate(open_pubkey, env, pubkey, openssl_x509_get_info(env, OPENSSL_X509_INFO_FINGER,cert), OPENSSL_PKEY_TYPE_PUBLIC_KEY);
/*Set the public key to the x509 certificate*/
oxs_x509_cert_set_public_key(oxs_cert, env, open_pubkey);
+
/*Set the x509 certificate to the asym ctx*/
oxs_asym_ctx_set_certificate(ctx, env, oxs_cert);
@@ -151,6 +160,7 @@
cert = NULL;
}
+
/*If this fails to get anything return failure*/
if((!cert) && (!pubkey) && (!prvkey)){
oxs_error(env, ERROR_LOCATION, OXS_ERROR_DEFAULT,
@@ -174,6 +184,7 @@
/*load private key from buf*/
status = openssl_pem_buf_read_pkey(env, pem_string, password, OPENSSL_PEM_PKEY_TYPE_PRIVATE_KEY, &prvkey);
+
/*Populate*/
if(prvkey){
open_prvkey = openssl_pkey_create(env);
@@ -219,8 +230,8 @@
EVP_PKEY *pubkey = NULL;
openssl_pkey_t *open_pubkey = NULL;
+ /*Create X509 certificate*/
oxs_cert = oxs_x509_cert_create(env);
-
oxs_x509_cert_set_data(oxs_cert, env, openssl_x509_get_cert_data(env, cert));
oxs_x509_cert_set_date(oxs_cert, env, openssl_x509_get_info(env, OPENSSL_X509_INFO_VALID_TO ,cert));
oxs_x509_cert_set_issuer(oxs_cert, env, openssl_x509_get_info(env, OPENSSL_X509_INFO_ISSUER ,cert));
@@ -232,10 +243,14 @@
/*Additionally we need to set the public key*/
openssl_x509_get_pubkey(env, cert, &pubkey);
open_pubkey = openssl_pkey_create(env);
- openssl_pkey_populate(open_pubkey, env, pubkey, openssl_x509_get_info(env, OPENSSL_X509_INFO_FINGER,cert), OPENSSL_PKEY_TYPE_PUBLIC_KEY);
+ openssl_pkey_populate(open_pubkey, env, pubkey,
+ openssl_x509_get_info(env, OPENSSL_X509_INFO_FINGER,cert),
+ OPENSSL_PKEY_TYPE_PUBLIC_KEY);
+
/*Set the public key to the x509 certificate*/
oxs_x509_cert_set_public_key(oxs_cert, env, open_pubkey);
-
+
+ /*Free the certificate*/
X509_free(cert);
cert = NULL;
}
@@ -249,8 +264,8 @@
{
X509 *cert = NULL;
oxs_x509_cert_t *oxs_cert = NULL;
- openssl_x509_load_from_pem(env, filename, &cert);
+ openssl_x509_load_from_pem(env, filename, &cert);
oxs_cert = oxs_key_mgr_convert_to_x509(env, cert);
return oxs_cert;
@@ -262,8 +277,8 @@
{
X509 *cert = NULL;
oxs_x509_cert_t *oxs_cert = NULL;
+
openssl_x509_load_from_buffer(env, pem_string, &cert);
-
oxs_cert = oxs_key_mgr_convert_to_x509(env, cert);
return oxs_cert;
Modified: webservices/rampart/trunk/c/src/omxmlsec/openssl/sign.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/openssl/sign.c?rev=569324&r1=569323&r2=569324&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/openssl/sign.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/openssl/sign.c Fri Aug 24 03:04:10 2007
@@ -88,8 +88,6 @@
int ret;
/*Get the publickey*/
- /*cert = oxs_sign_ctx_get_certificate(sign_ctx, env);
- open_pubkey = oxs_x509_cert_get_public_key(cert, env);*/
pkey = openssl_pkey_get_key(pubkey, env);
if(!pkey){
oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIG_VERIFICATION_FAILED,"Cannot load the public key" );
Modified: webservices/rampart/trunk/c/src/omxmlsec/x509_cert.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/x509_cert.c?rev=569324&r1=569323&r2=569324&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/x509_cert.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/x509_cert.c Fri Aug 24 03:04:10 2007
@@ -98,6 +98,10 @@
x509_cert->data =NULL;
}
/*Free public key???*/
+ if(x509_cert->public_key){
+ openssl_pkey_free(x509_cert->public_key, env);
+ x509_cert->public_key = NULL;
+ }
return AXIS2_SUCCESS;
}