[xmlsec] Encrypt and Decrypt
Aleksey Sanin
aleksey@aleksey.com
Sun, 26 Jan 2003 16:20:33 -0800
You are using wrong option for CVS update :) The command
cvs update -j <tag>
means "update trunk (tip) with branch/tag <tag>". In your case,
you are getting merge of 0.0.X branch to the tip and this creates
a lot of conflicts :) I would suggest to do a fresh checkout as follows:
mv xmlsec xmlsec.old
export CVSROOT=:pserver:anonymous@anoncvs.gnome.org:2401/cvs/gnome
cvs -z3 checkout -r XMLSEC_0_0_X_BRANCH xmlsec
cd xmlsec
./autogen.sh
./configure
make
make check
If you want to disable all error/warning messages you might either set
xmlSecPrintErrorMessages variable from xmlsec/errors.h to 0 (zero) or use
your own error calbacks. Please not that not all the errors reported are
fatal.
This significantly depends on your application requirements. For xmlsec
command line utility I ignore as much errors as I can. However,
everything is
reported (and this is the reason why you do see some messages in the log
files after 'make check').
And finally, the main problem.
> And ./enc2 rsakey.pem test.xml, produces:
> (ciphers.c:445): error 19: invalid data : padding is greater than buffer
> (ciphers.c:316): error 2: xmlsec operation failed : xmlSecCipherFinal
> - -1
> (ciphers.c:335): error 2: xmlsec operation failed :
> xmlSecBinTransformFlush - -1
> (xmlenc.c:1758): error 2: xmlsec operation failed :
> xmlSecBinTransformWFlush - -1
> (xmlenc.c:1614): error 2: xmlsec operation failed :
> xmlSecCipherValueNodeRead - -1
> (xmlenc.c:1036): error 2: xmlsec operation failed :
> xmlSecCipherDataNodeRead - -1
> Error: decryption failed
>
You actually found a bug :( Turns out that there was a change in
OpenSSL 0.9.7
between beta3 and the release that made EVP_CipherUpdate/EVP_CipherFinal
behave slightly different on the last block. Somehow, my test suite
('make check')
does not show this error (I still don't know why but I'll find out). But
it's there and
I don;t see a simple way to fix it (sick!) and I'll need some time.
Meantime, all examples
work just great with 0.9.6.
Thanks for finding that and sorry for inconvinience,
Aleksey