You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by bl...@apache.org on 2003/06/01 00:51:30 UTC
cvs commit: xml-security/c/src/enc/WinCAPI WinCAPICryptoKeyHMAC.cpp
blautenb 2003/05/31 15:51:30
Modified: c/src/enc XSECCryptoKey.hpp XSECCryptoKeyHMAC.hpp
XSECCryptoProvider.hpp XSECCryptoX509.hpp
XSECKeyInfoResolver.hpp
XSECKeyInfoResolverDefault.hpp
c/src/enc/OpenSSL OpenSSLCryptoKeyDSA.cpp
OpenSSLCryptoKeyHMAC.cpp OpenSSLCryptoKeyRSA.cpp
c/src/enc/WinCAPI WinCAPICryptoKeyHMAC.cpp
Log:
Updates to handling of key material + extra dox
Revision Changes Path
1.6 +4 -1 xml-security/c/src/enc/XSECCryptoKey.hpp
Index: XSECCryptoKey.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/XSECCryptoKey.hpp,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- XSECCryptoKey.hpp 7 Apr 2003 12:27:13 -0000 1.5
+++ XSECCryptoKey.hpp 31 May 2003 22:51:29 -0000 1.6
@@ -129,6 +129,9 @@
/**
* \brief Destructor
+ *
+ * Implementations must ensure that the held key is properly destroyed
+ * (overwritten) when key objects are deleted.
*/
virtual ~XSECCryptoKey() {};
1.5 +2 -1 xml-security/c/src/enc/XSECCryptoKeyHMAC.hpp
Index: XSECCryptoKeyHMAC.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/XSECCryptoKeyHMAC.hpp,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- XSECCryptoKeyHMAC.hpp 2 Mar 2003 08:21:01 -0000 1.4
+++ XSECCryptoKeyHMAC.hpp 31 May 2003 22:51:29 -0000 1.5
@@ -126,6 +126,7 @@
* If an interface class does not implement these functions, a simple
* stub that does nothing should be used.
*/
+ //@{
/**
* \brief Set the key
1.6 +9 -16 xml-security/c/src/enc/XSECCryptoProvider.hpp
Index: XSECCryptoProvider.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/XSECCryptoProvider.hpp,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- XSECCryptoProvider.hpp 19 May 2003 12:29:38 -0000 1.5
+++ XSECCryptoProvider.hpp 31 May 2003 22:51:29 -0000 1.6
@@ -95,14 +95,14 @@
* particular virtual class objects.</p>
*
* <p>The cryptographic interface has been kept as thin as possible.
- * In particular, the classes are not meant to provide a complete
+ * The classes are not meant to provide a complete
* wrapper for the cryptographic libraries involved. The application
* program is expected to deal directly with the chosen library. This
* ensures that the xml-security library can perform the functions it
* needs to, but does not constrain the application in what it can do.</p>
*
- * <p>Thus three type of methods are available on any cryptographic
- * object.</p>
+ * <p>Therefore, three type of methods are available on any cryptographic
+ * class.</p>
*
* <ul>
* <li><em>Required</em> methods are those absolutely necessary for
@@ -118,9 +118,12 @@
* <li><em>Library Specific</em> methods are those methods that are
* unique to a particular library. For example, the OpenSSLCryptoX509
* class has a Library Specific constructor that takes an OpenSSL
- * X509 structure as its argument.
+ * X509 structure as its argument.</li>
* </ul>
*
+ * <p>Unless marked otherwise, all methods defined in the XSECCrypto*
+ * classes are <em>Required</em>.</p>
+ *
* <p>The particular instantiation of XSECCryptoProvider that is to
* be used is set via the XSECPlatformUtils#Initialise() function
* call. If no provider is passed in, the Initialise function
@@ -133,23 +136,12 @@
* this time there is no way to have different signature
* objects use different CryptoProviders</p>
*
- * @note This abstraction layer is currently under construction and
- * is very subject to change. In particular, the layer currently
- * has calls to do things like extract keys from X509 certificates.
- * This is not strictly necessary for the library to work correctly
- * and may be removed - or made optional.
- * @todo Add an ability to handle "optional" functions. The library
+ * @todo Add an ability to better handle "optional" functions. The library
* should make a call to the
* provider to see whether an optional function (e.g. extract key from
* X509) has been
* provided.
*
- * @note The virtual classes (XSECCrypto*) only describe the functions
- * necessary for the library to work. Other functions need to also
- * be implemented to allow applications to setup and manipulate the
- * objects appropriately. These functions have not been defined as the
- * manner in which they work is likely to be impacted by the particular
- * cryptographic library being used.
*
*\@{*/
@@ -159,6 +151,7 @@
*\brief Maximum length (in bytes) of any expected Digest results.
*
* This constant defines the maximum length (in bytes) of HASH returns.
+ * We have defined it far and above the size we would normally expect.
*
* @todo This should really come from each of the providers and should
* be implemented as a function call to *CryptoProvider
1.5 +3 -2 xml-security/c/src/enc/XSECCryptoX509.hpp
Index: XSECCryptoX509.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/XSECCryptoX509.hpp,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- XSECCryptoX509.hpp 2 Mar 2003 08:21:01 -0000 1.4
+++ XSECCryptoX509.hpp 31 May 2003 22:51:29 -0000 1.5
@@ -81,7 +81,8 @@
*
* The library uses classes derived from this to process X509 Certificates.
*
- * Strictly speaking, this class is not required. However it is used by
+ * Strictly speaking, this class is not required (and is completely
+ * <em>Optional</em>. However it is used by
* XSECKeyInfoResolverDefault to extract a key from a certificate in cases
* where the caller is not worried about the trust level of the certificate.
*
1.4 +2 -2 xml-security/c/src/enc/XSECKeyInfoResolver.hpp
Index: XSECKeyInfoResolver.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/XSECKeyInfoResolver.hpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- XSECKeyInfoResolver.hpp 1 Mar 2003 06:27:28 -0000 1.3
+++ XSECKeyInfoResolver.hpp 31 May 2003 22:51:29 -0000 1.4
@@ -107,7 +107,7 @@
//@}
- /** @name Interface Functions */
+ /** @name Mandatory Interface Functions */
//@{
/**
1.4 +2 -1 xml-security/c/src/enc/XSECKeyInfoResolverDefault.hpp
Index: XSECKeyInfoResolverDefault.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/XSECKeyInfoResolverDefault.hpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- XSECKeyInfoResolverDefault.hpp 1 Mar 2003 06:27:28 -0000 1.3
+++ XSECKeyInfoResolverDefault.hpp 31 May 2003 22:51:29 -0000 1.4
@@ -96,7 +96,8 @@
* @note This class is <B>very</B> basic. It does not validate
* the trustworthyness of the key in any way. It simply reads
* the key from the first KeyInfo element that actually holds it
- * and returns the result (or NULL) if none is found.
+ * and returns the result (or NULL) if none is found. It is mainly
+ * provided to allow for interoperability testing.
*
*/
1.5 +2 -1 xml-security/c/src/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp
Index: OpenSSLCryptoKeyDSA.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- OpenSSLCryptoKeyDSA.cpp 11 Apr 2003 12:26:26 -0000 1.4
+++ OpenSSLCryptoKeyDSA.cpp 31 May 2003 22:51:30 -0000 1.5
@@ -86,6 +86,7 @@
// If we have a DSA, delete it
+ // OpenSSL will ensure the memory holding any private key is overwritten
if (mp_dsaKey)
DSA_free(mp_dsaKey);
1.4 +3 -1 xml-security/c/src/enc/OpenSSL/OpenSSLCryptoKeyHMAC.cpp
Index: OpenSSLCryptoKeyHMAC.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoKeyHMAC.cpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- OpenSSLCryptoKeyHMAC.cpp 11 Apr 2003 12:26:26 -0000 1.3
+++ OpenSSLCryptoKeyHMAC.cpp 31 May 2003 22:51:30 -0000 1.4
@@ -76,6 +76,7 @@
OpenSSLCryptoKeyHMAC::OpenSSLCryptoKeyHMAC() :m_keyBuf("") {
+ m_keyBuf.isSensitive();
m_keyLen = 0;
};
@@ -83,6 +84,7 @@
void OpenSSLCryptoKeyHMAC::setKey(unsigned char * inBuf, unsigned int inLength) {
m_keyBuf.sbMemcpyIn(inBuf, inLength);
+ m_keyBuf.isSensitive();
m_keyLen = inLength;
}
1.6 +2 -2 xml-security/c/src/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp
Index: OpenSSLCryptoKeyRSA.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- OpenSSLCryptoKeyRSA.cpp 11 Apr 2003 12:26:26 -0000 1.5
+++ OpenSSLCryptoKeyRSA.cpp 31 May 2003 22:51:30 -0000 1.6
@@ -102,7 +102,7 @@
OpenSSLCryptoKeyRSA::~OpenSSLCryptoKeyRSA() {
- // If we have a RSA, delete it
+ // If we have a RSA, delete it (OpenSSL will clear the memory)
if (mp_rsaKey)
RSA_free(mp_rsaKey);
1.2 +2 -1 xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyHMAC.cpp
Index: WinCAPICryptoKeyHMAC.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/enc/WinCAPI/WinCAPICryptoKeyHMAC.cpp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- WinCAPICryptoKeyHMAC.cpp 7 Apr 2003 12:13:35 -0000 1.1
+++ WinCAPICryptoKeyHMAC.cpp 31 May 2003 22:51:30 -0000 1.2
@@ -73,6 +73,7 @@
WinCAPICryptoKeyHMAC::WinCAPICryptoKeyHMAC() :m_keyBuf("") {
+ m_keyBuf.isSensitive();
m_keyLen = 0;
m_k = 0;