You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by bl...@apache.org on 2003/03/18 12:11:25 UTC

cvs commit: xml-security/c/src/enc/OpenSSL OpenSSLCryptoX509.cpp

blautenb    2003/03/18 03:11:25

  Modified:    c/src/enc/OpenSSL OpenSSLCryptoX509.cpp
  Log:
  Work around esoteric bug in OpenSSL base64 decoding
  
  Revision  Changes    Path
  1.4       +37 -12    xml-security/c/src/enc/OpenSSL/OpenSSLCryptoX509.cpp
  
  Index: OpenSSLCryptoX509.cpp
  ===================================================================
  RCS file: /home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoX509.cpp,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- OpenSSLCryptoX509.cpp	22 Feb 2003 08:47:24 -0000	1.3
  +++ OpenSSLCryptoX509.cpp	18 Mar 2003 11:11:25 -0000	1.4
  @@ -68,11 +68,17 @@
    *
    */
   
  +#include <xsec/framework/XSECDefs.hpp>
  +#include <xsec/framework/XSECError.hpp>
   #include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
   #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp>
   #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>
   #include <xsec/enc/XSECCryptoException.hpp>
   
  +#include <xercesc/util/Janitor.hpp>
  +
  +XSEC_USING_XERCES(ArrayJanitor);
  +
   #include <openssl/evp.h>
   
   OpenSSLCryptoX509::OpenSSLCryptoX509() :
  @@ -127,23 +133,42 @@
   
   void OpenSSLCryptoX509::loadX509Base64Bin(const char * buf, unsigned int len) {
   
  -	// Have a Base64 buffer with a binary (DER) encoded certificate
  +	// Free anything currently held.
  +	
  +	if (mp_X509 != NULL)
  +		X509_free(mp_X509);
  +	
  +	// Have to implement using EVP_Decode routines due to a bug in older
  +	// versions of OpenSSL BIO_f_base64
   
  -	BIO * b64 = BIO_new(BIO_f_base64());
  -	BIO * bmem = BIO_new(BIO_s_mem());
  +	int bufLen = len;
  +	unsigned char * outBuf;
  +	XSECnew(outBuf, unsigned char[len + 1]);
  +	ArrayJanitor<unsigned char> j_outBuf(outBuf);
  +
  +	EVP_ENCODE_CTX m_dctx;
  +	EVP_DecodeInit(&m_dctx);
  +
  +	int rc = EVP_DecodeUpdate(&m_dctx, 
  +						  outBuf, 
  +						  &bufLen, 
  +						  (unsigned char *) buf, 
  +						  len);
   
  -	// BIO_set_mem_eof_return(bmem, 1);
  -	b64 = BIO_push(b64, bmem);
  +	if (rc < 0) {
   
  -	// Now push the encoded X509
  +		throw XSECCryptoException(XSECCryptoException::Base64Error,
  +			"OpenSSL:Base64 - Error during Base64 Decode of X509 Certificate");
  +	}
   
  -	BIO_write(bmem, buf, len);
  +	int finalLen;
  +	EVP_DecodeFinal(&m_dctx, &outBuf[bufLen], &finalLen); 
   
  -	// Translate to a true X509
  -	mp_X509 = d2i_X509_bio(b64, NULL);
  +	bufLen += finalLen;
   
  -	// Free the IO structures
  -	BIO_free_all(b64);
  +	if (bufLen > 0) {
  +		mp_X509=  d2i_X509(NULL, &outBuf, bufLen);
  +	}
   
   	// Check to see if we have a certificate....
   	if (mp_X509 == NULL) {