You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by sc...@apache.org on 2008/09/19 18:36:31 UTC

svn commit: r697146 - in /xml/security/trunk/c/src/enc/OpenSSL: OpenSSLCryptoKeyDSA.cpp OpenSSLCryptoKeyRSA.cpp

Author: scantor
Date: Fri Sep 19 09:36:31 2008
New Revision: 697146

URL: http://svn.apache.org/viewvc?rev=697146&view=rev
Log:
https://issues.apache.org/bugzilla/show_bug.cgi?id=45828

Modified:
    xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp
    xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp

Modified: xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp?rev=697146&r1=697145&r2=697146&view=diff
==============================================================================
--- xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp (original)
+++ xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp Fri Sep 19 09:36:31 2008
@@ -35,18 +35,14 @@
 
 #include <openssl/dsa.h>
 
-OpenSSLCryptoKeyDSA::OpenSSLCryptoKeyDSA() {
-
-	// Create a new key to be loaded as we go
-
-	mp_dsaKey = DSA_new();
-
+OpenSSLCryptoKeyDSA::OpenSSLCryptoKeyDSA() : mp_dsaKey(NULL) {
 };
+
 OpenSSLCryptoKeyDSA::~OpenSSLCryptoKeyDSA() {
 
 
 	// If we have a DSA, delete it
-	// OpenSSL will ensure the memory holding any private key is overwritten
+	// OpenSSL will ensure the memory holding any private key is freed.
 
 	if (mp_dsaKey)
 		DSA_free(mp_dsaKey);
@@ -126,7 +122,7 @@
 	// Create a new key to be loaded as we go
 
 	mp_dsaKey = DSA_new();
-	
+
 	if (k == NULL || k->type != EVP_PKEY_DSA)
 		return;	// Nothing to do with us
 
@@ -148,7 +144,7 @@
 //           Verify a signature encoded as a Base64 string
 // --------------------------------------------------------------------------------
 
-bool OpenSSLCryptoKeyDSA::verifyBase64Signature(unsigned char * hashBuf, 
+bool OpenSSLCryptoKeyDSA::verifyBase64Signature(unsigned char * hashBuf,
 								 unsigned int hashLen,
 								 char * base64Signature,
 								 unsigned int sigLen) {
@@ -169,10 +165,10 @@
 	int rc;
 
 	EVP_DecodeInit(&m_dctx);
-	rc = EVP_DecodeUpdate(&m_dctx, 
-						  sigVal, 
-						  &sigValLen, 
-						  (unsigned char *) base64Signature, 
+	rc = EVP_DecodeUpdate(&m_dctx,
+						  sigVal,
+						  &sigValLen,
+						  (unsigned char *) base64Signature,
 						  sigLen);
 
 	if (rc < 0) {
@@ -182,7 +178,7 @@
 	}
 	int t = 0;
 
-	EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t); 
+	EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t);
 
 	sigValLen += t;
 
@@ -229,7 +225,7 @@
 	sigValTranslatedLen = i2d_DSA_SIG(dsa_sig, &sigValTranslated);
 
 	// Now we have a signature and a key - lets check
-	
+
 	err = DSA_do_verify(hashBuf, hashLen, dsa_sig, mp_dsaKey);
 
 	DSA_SIG_free(dsa_sig);
@@ -279,7 +275,7 @@
 	unsigned int rawLen;
 
 	rawLen = BN_bn2bin(dsa_sig->r, rawSigBuf);
-	
+
 	if (rawLen <= 0) {
 
 		throw XSECCryptoException(XSECCryptoException::DSAError,

Modified: xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp
URL: http://svn.apache.org/viewvc/xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp?rev=697146&r1=697145&r2=697146&view=diff
==============================================================================
--- xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp (original)
+++ xml/security/trunk/c/src/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp Fri Sep 19 09:36:31 2008
@@ -43,14 +43,11 @@
 #include <memory.h>
 
 OpenSSLCryptoKeyRSA::OpenSSLCryptoKeyRSA() :
+mp_rsaKey(NULL),
 mp_oaepParams(NULL),
 m_oaepParamsLen(0) {
-
-	// Create a new key to be loaded as we go
-
-	mp_rsaKey = RSA_new();
-
 };
+
 OpenSSLCryptoKeyRSA::~OpenSSLCryptoKeyRSA() {
 
 
@@ -141,7 +138,7 @@
 	m_oaepParamsLen = 0;
 
 	mp_rsaKey = RSA_new();
-	
+
 	if (k == NULL || k->type != EVP_PKEY_RSA)
 		return;	// Nothing to do with us
 
@@ -175,7 +172,7 @@
 //           Verify a signature encoded as a Base64 string
 // --------------------------------------------------------------------------------
 
-bool OpenSSLCryptoKeyRSA::verifySHA1PKCS1Base64Signature(const unsigned char * hashBuf, 
+bool OpenSSLCryptoKeyRSA::verifySHA1PKCS1Base64Signature(const unsigned char * hashBuf,
 								 unsigned int hashLen,
 								 const char * base64Signature,
 								 unsigned int sigLen,
@@ -198,15 +195,15 @@
 	char * cleanedBase64Signature;
 	unsigned int cleanedBase64SignatureLen = 0;
 
-	cleanedBase64Signature = 
+	cleanedBase64Signature =
 		XSECCryptoBase64::cleanBuffer(base64Signature, sigLen, cleanedBase64SignatureLen);
 	ArrayJanitor<char> j_cleanedBase64Signature(cleanedBase64Signature);
 
 	EVP_DecodeInit(&m_dctx);
-	rc = EVP_DecodeUpdate(&m_dctx, 
-						  sigVal, 
-						  &sigValLen, 
-						  (unsigned char *) cleanedBase64Signature, 
+	rc = EVP_DecodeUpdate(&m_dctx,
+						  sigVal,
+						  &sigValLen,
+						  (unsigned char *) cleanedBase64Signature,
 						  cleanedBase64SignatureLen);
 
 	if (rc < 0) {
@@ -216,7 +213,7 @@
 	}
 	int t = 0;
 
-	EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t); 
+	EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t);
 
 	sigValLen += t;
 
@@ -235,8 +232,8 @@
 	// padding should be and what the message digest OID should
 	// be.
 
-	int decryptSize = RSA_public_decrypt(sigValLen, 
-											 sigVal, 
+	int decryptSize = RSA_public_decrypt(sigValLen,
+											 sigVal,
 											 decryptBuf,
 											 mp_rsaKey,
 											 RSA_PKCS1_PADDING);
@@ -252,7 +249,7 @@
 	/* Check the OID */
 	int oidLen = 0;
 	unsigned char * oid = getRSASigOID(hm, oidLen);
-	
+
 	if (oid == NULL) {
 		throw XSECCryptoException(XSECCryptoException::RSAError,
 			"OpenSSL:RSA::verify() - Unsupported HASH algorithm for RSA");
@@ -261,11 +258,11 @@
 	if (decryptSize != (int) (oidLen + hashLen) || hashLen != oid[oidLen-1]) {
 
 		return false;
-	
+
 	}
 
 	for (t = 0; t < oidLen; ++t) {
-		
+
 		if (oid[t] != decryptBuf[t]) {
 
 			return false;
@@ -316,9 +313,9 @@
 	int oidLen;
 	int encryptLen;
 	int preEncryptLen;
-	
+
 	oid = getRSASigOID(hm, oidLen);
-	
+
 	if (oid == NULL) {
 		throw XSECCryptoException(XSECCryptoException::RSAError,
 			"OpenSSL:RSA::sign() - Unsupported HASH algorithm for RSA");
@@ -386,7 +383,7 @@
 // --------------------------------------------------------------------------------
 
 unsigned int OpenSSLCryptoKeyRSA::privateDecrypt(const unsigned char * inBuf,
-								 unsigned char * plainBuf, 
+								 unsigned char * plainBuf,
 								 unsigned int inLength,
 								 unsigned int maxOutLength,
 								 PaddingType padding,
@@ -429,7 +426,7 @@
 							plainBuf,
 							mp_rsaKey,
 							RSA_PKCS1_PADDING);
-		
+
 		if (decryptSize < 0) {
 
 			throw XSECCryptoException(XSECCryptoException::RSAError,
@@ -516,7 +513,7 @@
 // --------------------------------------------------------------------------------
 
 unsigned int OpenSSLCryptoKeyRSA::publicEncrypt(const unsigned char * inBuf,
-								 unsigned char * cipherBuf, 
+								 unsigned char * cipherBuf,
 								 unsigned int inLength,
 								 unsigned int maxOutLength,
 								 PaddingType padding,
@@ -544,7 +541,7 @@
 							cipherBuf,
 							mp_rsaKey,
 							RSA_PKCS1_PADDING);
-		
+
 		if (encryptSize < 0) {
 
 			throw XSECCryptoException(XSECCryptoException::RSAError,
@@ -592,7 +589,7 @@
 								cipherBuf,
 								mp_rsaKey,
 								RSA_NO_PADDING);
-			
+
 
 			if (encryptSize < 0) {
 
@@ -650,7 +647,7 @@
 		ret->m_oaepParamsLen = 0;
 	}
 
-	// Duplicate parameters 
+	// Duplicate parameters
 
 	if (mp_rsaKey->n)
 		ret->mp_rsaKey->n = BN_dup(mp_rsaKey->n);