[xmlsec] Padding in xmlsec

Kaushalye Kapuruge kaushalye at wso2.com
Mon Dec 18 23:04:40 PST 2006

Hi Aleksey,
I tried to inter-op my xml encryption implementation with xml-sec. But 
it didn't work. :( I followed the specification but seems there is a 
problem with padding.

For example if I'm using 3-DES (block size=8)a buffer of size 64 to 
call  EVP_CipherUpdate and my plain text is of length let's say 117,
In this case I've to pad before my second call to EVP_CipherUpdate. Right?
If so what should be the size of the pad for the last block?
Is it 11 (=N*64-117) OR 3 (=n*8 - 117)?
As I understood according to the specification 
(http://www.w3.org/TR/xmlenc-core/ ) this should be 3.
So I should have a suffix of XX3, where X can be any value.
Then I have another problem.
This padding will fill-up from places 126-128. How should I fill places 
from 117 to 126?
Also to disable the default padding in openssl I used 
EVP_CIPHER_CTX_set_padding(&ctx, 0);
Is there any thing I have to do beyond this. Like setting certain 
parameters in the EVP_CIPHER_CTX.
I checked your implementation, and according to that I did the same hack 
for openssl.
I calculated the padlen as padLen = EVP_CIPHER_block_size(ctx->cipher) - 
But I always get 0 for ctx.buf_len :(

Aleksey Sanin wrote:
>> But why is it limited only for OPENSSL 0.9.6? Does that mean versions 
>> after 0.9.6 have the support for padding specified in XML Encryption 
>> specification.
> Other way around :) With OpenSSL 0.9.6 there is no way to support
> padding specified in XML Encryption specification. For older version
> of OpenSSL, everything is fine and there is full compatibility
> with XML Encryption spec.
>> Moreover is your padding compatible with other crypto libraries such 
>> as Bouncy Castle Crypto API?
> Well, if it supports the padding from XML Encryption specification
> then "yes".
> Aleksey

More information about the xmlsec mailing list