[xmlsec] upgrading from xmlsec1-1.2.16 to xmlsec1-1.2.29

Floodeenjr, Thomas thomas_floodeenjr at mentor.com
Tue Feb 4 11:45:25 PST 2020


It turns out the key manager issue was a red herring. I had some debug/release runtime issues.

So I am back to the original question:

We are in the process of upgrading from openssl-1.0.2g to openssl-1.1.1d and from libxml2-2.7.8 to libxml2-2.9.9. We are also upgrading from xmlsec1-1.2.16 to xmlsec1-1.2.29.

The code we have been using for years to encrypt our xml is no longer working.

static bool S_EncryptXMLNode(xmlDocPtr _doc, xmlNodePtr _node, xmlSecKeysMngrPtr _keysMngr, xmlChar* _keyName)
{
    bool            localRet = false;
    xmlNodePtr      encDataNode = NULL;
    xmlSecEncCtxPtr encCtx = NULL;

    localRet = SDDInfrasecUtil::CreateEncryptedDataNode(_doc, xmlSecTypeEncElement, _keyName, &encDataNode);

    if (true == localRet) {
        encCtx = xmlSecEncCtxCreate(_keysMngr);
        if (NULL == encCtx) {
            fprintf(stderr,"Error: failed to create encryption context\n");
            xmlFreeNode(encDataNode);   encDataNode = NULL;
            localRet = false;
        } else {
            encCtx->defEncMethodId = xmlSecTransformAes128CbcId;
        }
    }

    if ((NULL != encDataNode) && (NULL != encCtx)) {
       if (xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, _node) < 0) {
            fprintf(stderr,"Error: encryption failed\n");
            xmlFreeNode(encDataNode);       encDataNode = NULL;
            xmlSecEncCtxDestroy(encCtx);    encCtx = NULL;
            localRet = false;
        } else {
            encDataNode = NULL;
        }
    }
    if (NULL != encCtx)         xmlSecEncCtxDestroy(encCtx);
    if (NULL != encDataNode)    xmlFreeNode(encDataNode);

    return localRet;
}

Encryption fails on this line: if (xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, _node) < 0) {
It worked before the upgrade.

Is there something we need to change?

Thanks,
-Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20200204/ae13792c/attachment.htm>


More information about the xmlsec mailing list