[xmlsec] Encrypt and Decrypt

Aleksey Sanin aleksey@aleksey.com
Sun, 26 Jan 2003 16:20:33 -0800


You are using wrong option for CVS update :)  The command
        cvs update -j <tag>
means "update trunk (tip) with branch/tag <tag>". In your case,
you are getting merge of 0.0.X branch to the tip and this creates
a lot of conflicts :) I would suggest to do a fresh checkout as follows:

    mv xmlsec xmlsec.old  
    export CVSROOT=:pserver:anonymous@anoncvs.gnome.org:2401/cvs/gnome
    cvs -z3 checkout -r XMLSEC_0_0_X_BRANCH xmlsec
    cd xmlsec
    ./autogen.sh
    ./configure
    make
    make check

If you want to disable all error/warning messages you might either set
xmlSecPrintErrorMessages variable from xmlsec/errors.h to 0 (zero) or use
your own error calbacks. Please not that not all the errors reported are 
fatal.
This significantly depends on your application requirements. For xmlsec
command line utility I ignore as much errors as I can. However, 
everything is
reported (and this is the reason why you do see some messages in the log
files after 'make check').

And finally, the main problem.

> And ./enc2  rsakey.pem test.xml, produces:
>  (ciphers.c:445): error 19: invalid data : padding is greater than buffer
>  (ciphers.c:316): error 2: xmlsec operation failed : xmlSecCipherFinal 
> - -1
>  (ciphers.c:335): error 2: xmlsec operation failed : 
> xmlSecBinTransformFlush - -1
>  (xmlenc.c:1758): error 2: xmlsec operation failed : 
> xmlSecBinTransformWFlush - -1
>  (xmlenc.c:1614): error 2: xmlsec operation failed : 
> xmlSecCipherValueNodeRead - -1
>  (xmlenc.c:1036): error 2: xmlsec operation failed : 
> xmlSecCipherDataNodeRead - -1
> Error: decryption failed
>
You actually found a bug :( Turns out that  there was a change in 
OpenSSL 0.9.7
between beta3 and the release that made EVP_CipherUpdate/EVP_CipherFinal
behave slightly different on the last block. Somehow, my test suite 
('make check')
does not show this error (I still don't know why but I'll find out). But 
it's there and
I don;t see a simple way to fix it (sick!) and I'll need some time. 
Meantime, all examples
work just great with 0.9.6.

Thanks for finding that and sorry for inconvinience,

Aleksey