You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by sc...@apache.org on 2013/05/14 23:24:14 UTC

svn commit: r1482595 - /santuario/xml-security-cpp/trunk/xsec/xenc/impl/XENCAlgorithmHandlerDefault.cpp

Author: scantor
Date: Tue May 14 21:24:14 2013
New Revision: 1482595

URL: http://svn.apache.org/r1482595
Log:
Fix key size checking, and avoid breaking existing apps.

Modified:
    santuario/xml-security-cpp/trunk/xsec/xenc/impl/XENCAlgorithmHandlerDefault.cpp

Modified: santuario/xml-security-cpp/trunk/xsec/xenc/impl/XENCAlgorithmHandlerDefault.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/xenc/impl/XENCAlgorithmHandlerDefault.cpp?rev=1482595&r1=1482594&r2=1482595&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/xenc/impl/XENCAlgorithmHandlerDefault.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/xenc/impl/XENCAlgorithmHandlerDefault.cpp Tue May 14 21:24:14 2013
@@ -1133,25 +1133,25 @@ XSECCryptoKey * XENCAlgorithmHandlerDefa
 	XSECCryptoSymmetricKey * sk = NULL;
 
 	if (strEquals(uri, DSIGConstants::s_unicodeStrURI3DES_CBC)) {
-        if (keyLen != 192)
+        if (keyLen < 192 / 8)
             throw XSECException(XSECException::CipherError, 
 		        "XENCAlgorithmHandlerDefault - key size was invalid");
 		sk = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_3DES_192);
 	}
 	else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES128_CBC) || strEquals(uri, DSIGConstants::s_unicodeStrURIAES128_GCM)) {
-        if (keyLen != 128)
+        if (keyLen < 128 / 8)
             throw XSECException(XSECException::CipherError, 
 		        "XENCAlgorithmHandlerDefault - key size was invalid");
 		sk = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_128);
 	}
 	else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES192_CBC) || strEquals(uri, DSIGConstants::s_unicodeStrURIAES192_GCM)) {
-        if (keyLen != 192)
+        if (keyLen < 192 / 8)
             throw XSECException(XSECException::CipherError, 
 		        "XENCAlgorithmHandlerDefault - key size was invalid");
 		sk = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_192);
 	}
 	else if (strEquals(uri, DSIGConstants::s_unicodeStrURIAES256_CBC) || strEquals(uri, DSIGConstants::s_unicodeStrURIAES256_GCM)) {
-        if (keyLen != 256)
+        if (keyLen < 256 / 8)
             throw XSECException(XSECException::CipherError, 
 		        "XENCAlgorithmHandlerDefault - key size was invalid");
 		sk = XSECPlatformUtils::g_cryptoProvider->keySymmetric(XSECCryptoSymmetricKey::KEY_AES_256);