You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by bl...@apache.org on 2004/12/04 03:07:19 UTC
cvs commit: xml-security/c/src/xenc/impl XENCCipherImpl.cpp XENCCipherImpl.hpp
blautenb 2004/12/03 18:07:19
Modified: c/src/tools/cipher cipher.cpp
c/src/xenc/impl XENCCipherImpl.cpp XENCCipherImpl.hpp
Log:
Stop re-use of derived key when decrypting multiple elements in a document
Revision Changes Path
1.20 +9 -3 xml-security/c/src/tools/cipher/cipher.cpp
Index: cipher.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/tools/cipher/cipher.cpp,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- cipher.cpp 10 Oct 2004 07:00:34 -0000 1.19
+++ cipher.cpp 4 Dec 2004 02:07:19 -0000 1.20
@@ -630,8 +630,14 @@
DOMNode * n = findXENCNode(doc, "EncryptedData");
if (doDecryptElement) {
- // Find the EncryptedData node
- cipher->decryptElement(static_cast<DOMElement *>(n));
+ while (n != NULL) {
+
+ // decrypt
+ cipher->decryptElement(static_cast<DOMElement *>(n));
+
+ // Find the next EncryptedData node
+ n = findXENCNode(doc, "EncryptedData");
+ }
}
else {
1.21 +28 -1 xml-security/c/src/xenc/impl/XENCCipherImpl.cpp
Index: XENCCipherImpl.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/xenc/impl/XENCCipherImpl.cpp,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- XENCCipherImpl.cpp 4 Aug 2004 11:15:18 -0000 1.20
+++ XENCCipherImpl.cpp 4 Dec 2004 02:07:19 -0000 1.21
@@ -111,6 +111,8 @@
XSECnew(mp_env, XSECEnv(doc));
mp_env->setDSIGNSPrefix(s_ds);
+ m_keyDerived = false;
+ m_kekDerived = false;
}
@@ -203,6 +205,7 @@
delete mp_key;
mp_key = key;
+ m_keyDerived = false;
}
@@ -212,6 +215,7 @@
delete mp_kek;
mp_kek = key;
+ m_kekDerived = false;
}
@@ -429,6 +433,11 @@
}
+ if (m_keyDerived && mp_key) {
+ delete mp_key;
+ mp_key = NULL;
+ }
+
// Make sure we have a key before we do anything else too drastic
if (mp_key == NULL) {
@@ -446,6 +455,8 @@
throw XSECException(XSECException::CipherError,
"XENCCipherImpl::decryptElement - No key set and cannot resolve");
}
+
+ m_keyDerived = true;
}
// Get the raw encrypted data
@@ -533,6 +544,12 @@
// Load
mp_encryptedData->load();
+ // Check key is valid
+ if (m_keyDerived && mp_key) {
+ delete mp_key;
+ mp_key = NULL;
+ }
+
// Make sure we have a key before we do anything else too drastic
if (mp_key == NULL) {
@@ -550,6 +567,8 @@
throw XSECException(XSECException::CipherError,
"XENCCipherImpl::decryptToBinInputStream - No key set and cannot resolve");
}
+
+ m_keyDerived = true;
}
// Get the raw encrypted data
@@ -613,6 +632,13 @@
int XENCCipherImpl::decryptKey(XENCEncryptedKey * encryptedKey, XMLByte * rawKey, int maxKeySize) {
+
+ // Check KEK is valid
+ if (m_kekDerived && mp_kek) {
+ delete mp_kek;
+ mp_kek = NULL;
+ }
+
// Make sure we have a key before we do anything else too drastic
if (mp_kek == NULL) {
@@ -624,6 +650,7 @@
throw XSECException(XSECException::CipherError,
"XENCCipherImpl::decryptKey - No KEK set and cannot resolve");
}
+ m_kekDerived = true;
}
// Get the raw encrypted data
1.15 +3 -1 xml-security/c/src/xenc/impl/XENCCipherImpl.hpp
Index: XENCCipherImpl.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/xenc/impl/XENCCipherImpl.hpp,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- XENCCipherImpl.hpp 8 Feb 2004 10:26:01 -0000 1.14
+++ XENCCipherImpl.hpp 4 Dec 2004 02:07:19 -0000 1.15
@@ -152,9 +152,11 @@
// Key
XSECCryptoKey * mp_key;
+ bool m_keyDerived; // Was this derived or loaded?
// KEK
XSECCryptoKey * mp_kek;
+ bool m_kekDerived; // Was this derived or loaded?
// Environment
XSECEnv * mp_env;