Jesse Pelton wrote:
OpenSSLCryptoKeyRSA::verifySHA1PKCS1Base64Signature() uses OpenSSL's EVP_Decode...() routines to decode the base64 contents of SignatureValue. This fails if line breaks don't occur where OpenSSL thinks they should. I think this is contrary to the specification (see rationale below), and that this function should use XSCryptCryptoBase64, as WinCAPICryptoKeyRSA::verifySHA1PKCS1Base64Signature() does, rather than the EVP_Decode...() routines.
Can you have a look at the code in CVS and let me know what you think? I fixed this a few months ago as I ran into the same problem. But in this case, rather than use XSCryptCryptoBase64 I now "clean" the buffer and still let OpenSSL do it. I suspect the better approach is as you propose - just use XSCryptCryptoBase64, but for some reason I decided to get fancy.
Cheers,
Berin
