[xmlsec] Whitespace problem while encrypting

Stefan Schulze Frielinghaus stefan at seekline.net
Wed Mar 26 11:33:53 PST 2008


There seems to be a problem with extra whitespace depending of the
original layout of a XML file. Consider the following example.

XML input file A:
<?xml version="1.0"?>
<RootNode><Secret>blub&lt;get$test</Secret></RootNode>

XML input file B:
<?xml version="1.0"?>
<RootNode>
        <Secret>blub&lt;get$test</Secret>
</RootNode>

Both files have the same meaning in XML language but if the content of
node "Secret" gets encrypted they are differently saved. The example
application out-file.c (see attachment) generates the following
encrypted XML files:

XML encrypted output of file A:
<?xml version="1.0" encoding="UTF-8"?>
<RootNode>
  <Secret>
    <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"
Type="http://www.w3.org/2001/04/xmlenc#Content">
<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<CipherData>
<CipherValue>PgcLxYie+I99jvqj6OtmzO/lPX0P/Fb/4mdMaw7DJRM=</CipherValue>
</CipherData>
</EncryptedData>
  </Secret>
</RootNode>

XML encrypted output of file B:
<?xml version="1.0" encoding="UTF-8"?>
<RootNode>
        <Secret><EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"
Type="http://www.w3.org/2001/04/xmlenc#Content">
<EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<CipherData>
<CipherValue>hmUZxuFh9aCS7IdZIO/JXR5r8gPcha8Og08MTM3J9s8=</CipherValue>
</CipherData>
</EncryptedData></Secret>
</RootNode>

As you can already see the CipherValue differs. If you now decrypt both
files a different content of node "Secret" will be generated (try the
application in.c from attachment). The document dump is the same for
both files but if you use xmlNodeGetContent() different values will be
extracted:

xmlNodeGetContent() of encrypted file A:
XXX
    blub<get$test
  XXX

xmlNodeGetContent() of encrypted file B:
XXXblub<get$testXXX

I added the XXX's to demonstrate the whitespace.

I think the problem has to be in the encryption functions of XMLsec
because several other tests showed that the decryption functions worked
fine.

Any idea what the problem could be?

-Stefan

PS: I'm using xmlsec1-1.2.11 with libxml2-2.6.31 on a Fedora 8 PPC
machine
PSS: The following command is generated by the Makefile (defines could
be interesting?!):
gcc -g -D__XMLSEC_FUNCTION__=__FUNCTION__ -DXMLSEC_NO_GOST=1
-DXMLSEC_NO_XKMS=1 -I/usr/local/xmlsec/include/xmlsec1
-I/usr/include/libxml2 -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1
-DXMLSEC_CRYPTO=\"openssl\" -DUNIX_SOCKETS  -g -L/usr/local/xmlsec/lib
-L/usr/lib -ldl -lxmlsec1 -lxslt -lxml2 -lz -lm  in.c   -o in


-------------- next part --------------
A non-text attachment was scrubbed...
Name: in.c
Type: text/x-csrc
Size: 4083 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20080326/97078ba0/in-0002.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Makefile
Type: text/x-makefile
Size: 237 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20080326/97078ba0/Makefile-0002.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: out-file.c
Type: text/x-csrc
Size: 3687 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20080326/97078ba0/out-file-0002.bin


More information about the xmlsec mailing list