You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by bl...@apache.org on 2003/03/18 12:11:25 UTC
cvs commit: xml-security/c/src/enc/OpenSSL OpenSSLCryptoX509.cpp
blautenb 2003/03/18 03:11:25
Modified: c/src/enc/OpenSSL OpenSSLCryptoX509.cpp
Log:
Work around esoteric bug in OpenSSL base64 decoding
Revision Changes Path
1.4 +37 -12 xml-security/c/src/enc/OpenSSL/OpenSSLCryptoX509.cpp
Index: OpenSSLCryptoX509.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoX509.cpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- OpenSSLCryptoX509.cpp 22 Feb 2003 08:47:24 -0000 1.3
+++ OpenSSLCryptoX509.cpp 18 Mar 2003 11:11:25 -0000 1.4
@@ -68,11 +68,17 @@
*
*/
+#include <xsec/framework/XSECDefs.hpp>
+#include <xsec/framework/XSECError.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>
#include <xsec/enc/XSECCryptoException.hpp>
+#include <xercesc/util/Janitor.hpp>
+
+XSEC_USING_XERCES(ArrayJanitor);
+
#include <openssl/evp.h>
OpenSSLCryptoX509::OpenSSLCryptoX509() :
@@ -127,23 +133,42 @@
void OpenSSLCryptoX509::loadX509Base64Bin(const char * buf, unsigned int len) {
- // Have a Base64 buffer with a binary (DER) encoded certificate
+ // Free anything currently held.
+
+ if (mp_X509 != NULL)
+ X509_free(mp_X509);
+
+ // Have to implement using EVP_Decode routines due to a bug in older
+ // versions of OpenSSL BIO_f_base64
- BIO * b64 = BIO_new(BIO_f_base64());
- BIO * bmem = BIO_new(BIO_s_mem());
+ int bufLen = len;
+ unsigned char * outBuf;
+ XSECnew(outBuf, unsigned char[len + 1]);
+ ArrayJanitor<unsigned char> j_outBuf(outBuf);
+
+ EVP_ENCODE_CTX m_dctx;
+ EVP_DecodeInit(&m_dctx);
+
+ int rc = EVP_DecodeUpdate(&m_dctx,
+ outBuf,
+ &bufLen,
+ (unsigned char *) buf,
+ len);
- // BIO_set_mem_eof_return(bmem, 1);
- b64 = BIO_push(b64, bmem);
+ if (rc < 0) {
- // Now push the encoded X509
+ throw XSECCryptoException(XSECCryptoException::Base64Error,
+ "OpenSSL:Base64 - Error during Base64 Decode of X509 Certificate");
+ }
- BIO_write(bmem, buf, len);
+ int finalLen;
+ EVP_DecodeFinal(&m_dctx, &outBuf[bufLen], &finalLen);
- // Translate to a true X509
- mp_X509 = d2i_X509_bio(b64, NULL);
+ bufLen += finalLen;
- // Free the IO structures
- BIO_free_all(b64);
+ if (bufLen > 0) {
+ mp_X509= d2i_X509(NULL, &outBuf, bufLen);
+ }
// Check to see if we have a certificate....
if (mp_X509 == NULL) {