SANTUARIO-498 - DSA signature generation is unreliable
Revert fix for OpenSSL < 1.1.
git-svn-id: https://svn.apache.org/repos/asf/santuario/xml-security-cpp/trunk@1894600 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp b/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp
index fe7a065..a8917c1 100644
--- a/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp
+++ b/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp
@@ -395,6 +395,7 @@
DSA_SIG_get0(dsa_sig, &dsaSigR, &dsaSigS);
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
const int DSAsigCompLen = 20; // XMLDSIG spec 6.4.1
unsigned char rawSigBuf[2*DSAsigCompLen];
@@ -407,6 +408,28 @@
throw XSECCryptoException(XSECCryptoException::DSAError,
"OpenSSL:DSA - Error converting signature to raw buffer");
}
+#else
+ // See SANTUARIO-498.
+ // This code is apparently wrong, but I do not have a fix for OpenSSL < 1.1
+ unsigned char* rawSigBuf = new unsigned char[(BN_num_bits(dsaSigR) + BN_num_bits(dsaSigS) + 7) / 8];
+ ArrayJanitor<unsigned char> j_sigbuf(rawSigBuf);
+
+ unsigned int rawLen = BN_bn2bin(dsaSigR, rawSigBuf);
+
+ if (rawLen <= 0) {
+ throw XSECCryptoException(XSECCryptoException::DSAError,
+ "OpenSSL:DSA - Error converting signature to raw buffer");
+ }
+
+ unsigned int rawLenS = BN_bn2bin(dsaSigS, (unsigned char *) &rawSigBuf[rawLen]);
+
+ if (rawLenS <= 0) {
+ throw XSECCryptoException(XSECCryptoException::DSAError,
+ "OpenSSL:DSA - Error converting signature to raw buffer");
+ }
+
+ rawLen += rawLenS;
+#endif
// Now convert to Base 64
@@ -418,7 +441,11 @@
// Translate signature from Base64
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
BIO_write(b64, rawSigBuf, 2*DSAsigCompLen);
+#else
+ BIO_write(b64, rawSigBuf, rawLen);
+#endif
BIO_flush(b64);
unsigned int sigValLen = BIO_read(bmem, base64SignatureBuf, base64SignatureBufLen);
@@ -431,11 +458,9 @@
}
return sigValLen;
-
}
-
XSECCryptoKey * OpenSSLCryptoKeyDSA::clone() const {
OpenSSLCryptoKeyDSA * ret;
