You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by Milan Tomic <mi...@setcce.org> on 2004/06/04 11:08:27 UTC

DSIGSignature::sign()

	I've found this line in sign() function:

hashLen = calculateSignedInfoHash(hash, 4096);

	The size 4096 is size of buffer for SignedInfo node (after
canonicalization), but what will happen if someone have, for example, 20
references in doc to sign and SignedInfo node will be bigger than 4096
bytes. I belive we need one function to calculate size of SignedInfo
node or this:

unsigned int size = 0;
hashLen = calculateSignedInfoHash(NULL, &size);
XMLChar *hash = new XMLChar[size];
hashLen = calculateSignedInfoHash(hash, &size);

Best regards,
Milan

RE: DSIGSignature::sign()

Posted by Milan Tomic <mi...@setcce.org>.

> Having said that - the return is the size of the hash, not 
> the size of 
> the data being hashed.
I've been tracing TXFMC14n::readBytes() to see how you calculate buffer
length, and mixed it with TXFMBase::readBytes() (BinInputStream
methods).

> Given the SignedInfo is generally SHA-1
Yes, it is allways SHA1 (HMAC, RSA, DSA) and XSEC doesn't support other,
so 20 would be enough. If hash algorithm is different than SHA1 error
message is: "Hash method unknown in DSIGSignature::verify()" although
calculateSignedInfoHash() function is beeing called from both sign() and
verify().

Best regards,
Milan

Re: DSIGSignature::sign()

Posted by Berin Lautenbach <be...@wingsofhermes.org>.

Milan,

It's not the most elegant code is it? :>.

Having said that - the return is the size of the hash, not the size of 
the data being hashed.  Given the SignedInfo is generally SHA-1, the 
size returned should be 20 bytes.  (My 4096 buffer is probably overkill :>.)

But you are right, I am being lazy.

Cheers,
	Berin

Milan Tomic wrote:

> 
>         I've found this line in sign() function:
> 
> hashLen = calculateSignedInfoHash(hash, 4096);
> 
>         The size 4096 is size of buffer for SignedInfo node (after 
> canonicalization), but what will happen if someone have, for example, 20 
> references in doc to sign and SignedInfo node will be bigger than 4096 
> bytes. I belive we need one function to calculate size of SignedInfo 
> node or this:
> 
> unsigned int size = 0;
> hashLen = calculateSignedInfoHash(NULL, &size);
> XMLChar *hash = new XMLChar[size];
> hashLen = calculateSignedInfoHash(hash, &size);
> 
> Best regards,
> Milan
>