cvs commit: xml-security/c/src/enc/OpenSSL OpenSSLCryptoX509.cpp

18 Mar 2003 11:11:26 -0000 

blautenb    2003/03/18 03:11:25

  Modified:    c/src/enc/OpenSSL OpenSSLCryptoX509.cpp
  Log:
  Work around esoteric bug in OpenSSL base64 decoding
  
  Revision  Changes    Path
  1.4       +37 -12    xml-security/c/src/enc/OpenSSL/OpenSSLCryptoX509.cpp
  
  Index: OpenSSLCryptoX509.cpp
  ===================================================================
  RCS file: /home/cvs/xml-security/c/src/enc/OpenSSL/OpenSSLCryptoX509.cpp,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- OpenSSLCryptoX509.cpp     22 Feb 2003 08:47:24 -0000      1.3
  +++ OpenSSLCryptoX509.cpp     18 Mar 2003 11:11:25 -0000      1.4
  @@ -68,11 +68,17 @@
    *
    */
   
  +#include <xsec/framework/XSECDefs.hpp>
  +#include <xsec/framework/XSECError.hpp>
   #include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
   #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp>
   #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>
   #include <xsec/enc/XSECCryptoException.hpp>
   
  +#include <xercesc/util/Janitor.hpp>
  +
  +XSEC_USING_XERCES(ArrayJanitor);
  +
   #include <openssl/evp.h>
   
   OpenSSLCryptoX509::OpenSSLCryptoX509() :
  @@ -127,23 +133,42 @@
   
   void OpenSSLCryptoX509::loadX509Base64Bin(const char * buf, unsigned int 
len) {
   
  -     // Have a Base64 buffer with a binary (DER) encoded certificate
  +     // Free anything currently held.
  +     
  +     if (mp_X509 != NULL)
  +             X509_free(mp_X509);
  +     
  +     // Have to implement using EVP_Decode routines due to a bug in older
  +     // versions of OpenSSL BIO_f_base64
   
  -     BIO * b64 = BIO_new(BIO_f_base64());
  -     BIO * bmem = BIO_new(BIO_s_mem());
  +     int bufLen = len;
  +     unsigned char * outBuf;
  +     XSECnew(outBuf, unsigned char[len + 1]);
  +     ArrayJanitor<unsigned char> j_outBuf(outBuf);
  +
  +     EVP_ENCODE_CTX m_dctx;
  +     EVP_DecodeInit(&m_dctx);
  +
  +     int rc = EVP_DecodeUpdate(&m_dctx, 
  +                                               outBuf, 
  +                                               &bufLen, 
  +                                               (unsigned char *) buf, 
  +                                               len);
   
  -     // BIO_set_mem_eof_return(bmem, 1);
  -     b64 = BIO_push(b64, bmem);
  +     if (rc < 0) {
   
  -     // Now push the encoded X509
  +             throw XSECCryptoException(XSECCryptoException::Base64Error,
  +                     "OpenSSL:Base64 - Error during Base64 Decode of X509 
Certificate");
  +     }
   
  -     BIO_write(bmem, buf, len);
  +     int finalLen;
  +     EVP_DecodeFinal(&m_dctx, &outBuf[bufLen], &finalLen); 
   
  -     // Translate to a true X509
  -     mp_X509 = d2i_X509_bio(b64, NULL);
  +     bufLen += finalLen;
   
  -     // Free the IO structures
  -     BIO_free_all(b64);
  +     if (bufLen > 0) {
  +             mp_X509=  d2i_X509(NULL, &outBuf, bufLen);
  +     }
   
        // Check to see if we have a certificate....
        if (mp_X509 == NULL) {

Reply via email to