Use openssl's base-64 decoding for KDMs.

3 files changed, 43 insertions, 10 deletions

diff --git a/src/kdm.cc b/src/kdm.cc
index 95c293c3..6936bc1e 100644
--- a/src/kdm.cc
+++ b/src/kdm.cc
@@ -18,11 +18,14 @@
 */
 
 #include <iomanip>
+#include <boost/algorithm/string.hpp>
 #include <openssl/rsa.h>
 #include <openssl/pem.h>
+#include <openssl/err.h>
 #include <libcxml/cxml.h>
-#include "KM_util.h"
+#include "util.h"
 #include "kdm.h"
+#include "compose.hpp"
 #include "exceptions.h"
 
 using std::list;
@@ -31,6 +34,7 @@ using std::stringstream;
 using std::hex;
 using std::setw;
 using std::setfill;
+using std::cout;
 using boost::shared_ptr;
 using namespace libdcp;
 
@@ -65,18 +69,18 @@ KDM::KDM (boost::filesystem::path kdm, boost::filesystem::path private_key)
 
 		/* Decode it from base-64 */
 		unsigned char cipher_value[256];
-		ui32_t cipher_value_len;
-		if (Kumu::base64decode (cipher_value_base64->content().c_str(), cipher_value, sizeof (cipher_value), &cipher_value_len)) {
-			RSA_free (rsa);
-			throw MiscError ("could not base-64-decode CipherValue from KDM");
-		}
+		int const cipher_value_len = base64_decode (cipher_value_base64->content(), cipher_value, sizeof (cipher_value));
 
 		/* Decrypt it */
-		unsigned char decrypted[2048];
-		unsigned int const decrypted_len = RSA_private_decrypt (cipher_value_len, cipher_value, decrypted, rsa, RSA_PKCS1_OAEP_PADDING);
-		assert (decrypted_len < sizeof (decrypted));
+		unsigned char* decrypted = new unsigned char[RSA_size(rsa)];
+		int const decrypted_len = RSA_private_decrypt (cipher_value_len, cipher_value, decrypted, rsa, RSA_PKCS1_OAEP_PADDING);
+		if (decrypted_len == -1) {
+			delete[] decrypted;
+			throw MiscError (String::compose ("Could not decrypt KDM (%1)", ERR_error_string (ERR_get_error(), 0)));
+		}
 
 		_ciphers.push_back (KDMCipher (decrypted, decrypted_len));
+		delete[] decrypted;
 	}
 
 	RSA_free (rsa);
diff --git a/src/util.cc b/src/util.cc
index e909e3cb..18fa1b17 100644
--- a/src/util.cc
+++ b/src/util.cc
@@ -405,3 +405,30 @@ bool libdcp::operator!= (libdcp::Size const & a, libdcp::Size const & b)
 	return !(a == b);
 }
 
+/** The base64 decode routine in KM_util.cpp gives different values to both
+ *  this and the command-line base64 for some inputs.  Not sure why.
+ */
+int
+libdcp::base64_decode (string const & in, unsigned char* out, int out_length)
+{
+	BIO* b64 = BIO_new (BIO_f_base64 ());
+
+	/* This means the input should have no newlines */
+	BIO_set_flags (b64, BIO_FLAGS_BASE64_NO_NL);
+
+	/* Copy our input string, removing newlines */
+	char in_buffer[in.size() + 1];
+	char* p = in_buffer;
+	for (size_t i = 0; i < in.size(); ++i) {
+		if (in[i] != '\n' && in[i] != '\r') {
+			*p++ = in[i];
+		}
+	}
+		
+	BIO* bmem = BIO_new_mem_buf (in_buffer, p - in_buffer);
+	bmem = BIO_push (b64, bmem);
+	int const N = BIO_read (bmem, out, out_length);
+	BIO_free_all (bmem);
+
+	return N;
+}
diff --git a/src/util.h b/src/util.h
index 8b5f76bb..fab7bd37 100644
--- a/src/util.h
+++ b/src/util.h
@@ -72,7 +72,9 @@ extern void init ();
 extern void sign (xmlpp::Element* parent, CertificateChain const & certificates, std::string const & signer_key);
 extern void add_signature_value (xmlpp::Element* parent, CertificateChain const & certificates, std::string const & signer_key, std::string const & ns);
 extern void add_signer (xmlpp::Element* parent, CertificateChain const & certificates, std::string const & ns);
-	
+
+extern int base64_decode (std::string const & in, unsigned char* out, int out_length);
+
 }
 
 #endif