Hi,
I noticed some problems generating XML-signatures with certificates which have a key longer than 1024 bits. DSIGSignature::sign produced an signature without an errors, but when I tried to verify the signature I got an "OpenSSL:RSA::verify() - Error decrypting signature" execption.
The problem was the
char b64Buf[256];
in DSIGSignature::sign. This is to small for longer keys.
The attached patch changes the length to 1024. It works now for keys with a key length of 2048 and 4096.
kind regards, Michael
diff -r -u xml-security-c-1.1.0.orig/src/dsig/DSIGSignature.cpp
xml-security-c-1.1.0/src/dsig/DSIGSignature.cpp
--- xml-security-c-1.1.0.orig/src/dsig/DSIGSignature.cpp 2004-03-07
04:20:51.000000000 +0100
+++ xml-security-c-1.1.0/src/dsig/DSIGSignature.cpp 2004-11-16
12:07:08.000000000 +0100
@@ -1102,7 +1102,7 @@
// Now check the calculated hash
- char b64Buf[256];
+ char b64Buf[1024];
unsigned int b64Len;
safeBuffer b64SB;
@@ -1122,7 +1122,7 @@
hash,
hashLen,
(char *) b64Buf,
- 256);
+ 1024);
if (b64Len <= 0) {
@@ -1152,7 +1152,7 @@
hash,
hashLen,
(char *) b64Buf,
- 256);
+ 1024);
if (b64Len <= 0) {
@@ -1186,7 +1186,7 @@
hashLen,
mp_signedInfo->getHMACOutputLength());
- strncpy(b64Buf, (char *) b64SB.rawBuffer(), 255);
+ strncpy(b64Buf, (char *) b64SB.rawBuffer(), 1024);
break;
default :
