[xmlsec] upgrading from xmlsec1-1.2.16 to xmlsec1-1.2.29

Floodeenjr, Thomas thomas_floodeenjr at mentor.com
Tue Feb 4 05:31:38 PST 2020


We are in the process of upgrading from openssl-1.0.2g to openssl-1.1.1d and from libxml2-2.7.8 to libxml2-2.9.9. We are also upgrading from xmlsec1-1.2.16 to xmlsec1-1.2.29.

The code we have been using for years to encrypt our xml is no longer working.

static bool S_EncryptXMLNode(xmlDocPtr _doc, xmlNodePtr _node, xmlSecKeysMngrPtr _keysMngr, xmlChar* _keyName)
    bool            localRet = false;
    xmlNodePtr      encDataNode = NULL;
    xmlSecEncCtxPtr encCtx = NULL;

    localRet = SDDInfrasecUtil::CreateEncryptedDataNode(_doc, xmlSecTypeEncElement, _keyName, &encDataNode);

    if (true == localRet) {
        encCtx = xmlSecEncCtxCreate(_keysMngr);
        if (NULL == encCtx) {
            fprintf(stderr,"Error: failed to create encryption context\n");
            xmlFreeNode(encDataNode);   encDataNode = NULL;
            localRet = false;
        } else {
            encCtx->defEncMethodId = xmlSecTransformAes128CbcId;

    if ((NULL != encDataNode) && (NULL != encCtx)) {
       if (xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, _node) < 0) {
            fprintf(stderr,"Error: encryption failed\n");
            xmlFreeNode(encDataNode);       encDataNode = NULL;
            xmlSecEncCtxDestroy(encCtx);    encCtx = NULL;
            localRet = false;
        } else {
            encDataNode = NULL;
    if (NULL != encCtx)         xmlSecEncCtxDestroy(encCtx);
    if (NULL != encDataNode)    xmlFreeNode(encDataNode);

    return localRet;

Encryption fails on this line: if (xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, _node) < 0) {
It worked before the upgrade.

Is there something we need to change?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20200204/b4634039/attachment.htm>

More information about the xmlsec mailing list