Aleksey,
Following the progression of our code, according to this call stack:
Application.exe!xmlParseCDSect(_xmlParserCtxt * ctxt) Line 9748 C
Application.exe!xmlParseContent(_xmlParserCtxt * ctxt) Line 9831
C
Application.exe!xmlParseInNodeContext(_xmlNode * node, const char *
data, int datalen, int options, _xmlNode * * lst) Line 13682 C
Application.exe!xmlSecReplaceNodeBufferAndReturn(_xmlNode * node, const
unsigned char * buffer, unsigned int size, _xmlNode * * replaced) Line 632
C
Application.exe!xmlSecReplaceNodeBuffer(_xmlNode * node, const unsigned
char * buffer, unsigned int size) Line 609 C
> Application.exe!xmlSecEncCtxDecrypt(_xmlSecEncCtx * encCtx, _xmlNode *
> node) Line 562 C
Inside xmlSecReplaceNodeBufferAndReturn(), we call
xmlParseInNodeContext(node->parent, (const char*)buffer, size,
XML_PARSE_NODICT, &results);
It looks like the call in xmlSecReplaceNodeBufferAndReturn() hard-codes the
option to "XML_PARSE_NODICT", and gives us no option to pass in the
XML_PARSE_HUGE parameter we need when we call xmlSecEncCtxDecrypt().
Any ideas how to get around this?
Thanks,
-Tom
-----Original Message-----
From: Aleksey Sanin <[email protected]>
Sent: Friday, March 27, 2020 5:17 PM
To: Floodeenjr, Thomas <[email protected]>; [email protected]
Subject: Re: [xmlsec] xmlsec1-1.2.16 to xmlsec1-1.2.29 decrypt problems
Great. I am not aware of any issues with this flag. Since you posted to libxml2
mailing list, I am sure you fill get the answer shortly.
Aleksey
On 3/27/20 2:55 PM, Floodeenjr, Thomas wrote:
> Aleksey,
>
> It seems we found the problem. Before we decrypt, we call doc = xmlReadFile(
> filePath, NULL, XML_PARSE_HUGE ); It seems the XML_PARSE_HUGE flag is not
> honored in libxml2. I am not sure if this is a bug in libxml2, or if it is a
> new "feature". We are looking for a way to work around this. If we hard-code
> it in xmlCtxtUseOptionsInternal(), i.e., ctxt->options |= XML_PARSE_HUGE;,
> then our code decrypts fine.
>
> Thanks for your replies.
>
> -Tom
>
>
>
> -----Original Message-----
> From: Aleksey Sanin <[email protected]>
> Sent: Friday, March 27, 2020 10:32 AM
> To: Floodeenjr, Thomas <[email protected]>;
> [email protected]
> Subject: Re: [xmlsec] xmlsec1-1.2.16 to xmlsec1-1.2.29 decrypt
> problems
>
> Hi Thomas,
>
> I am not aware of any limitations on file sizes. I would suggest to either
> set a breakpoint or dump the decrypted data before the call to
> xmlParseInNodeContext() to see what's wrong. There are a couple options I can
> think of:
> 1) Decryption is completely incorrect and you will see junk in the buffer.
> 2) Decryption is correct but the data is truncated.
>
> Let me know what do you find.
>
> Aleksey
>
> On 3/27/20 6:07 AM, Floodeenjr, Thomas wrote:
>> Aleksey,
>>
>> Is there a limitation with xmlsec1-1.2.29 on the size of the
>> encrypted XML that is being decrypted? The file seems to encrypt OK,
>> but will not decrypt. (290 MB). Smaller files work fine both ways. We
>> are using
>> libxml2-2.9.9 and openssl-1.1.1d. (Previously we used libxml2-2.7.8
>> and openssl-1.0.2g, and it worked fine.)
>>
>> Thanks,
>> -Tom
>>
>> -----Original Message-----
>> From: xmlsec <[email protected]> On Behalf Of Floodeenjr,
>> Thomas
>> Sent: Thursday, March 26, 2020 12:52 PM
>> To: Aleksey Sanin <[email protected]>; [email protected]
>> Subject: Re: [xmlsec] xmlsec1-1.2.16 to xmlsec1-1.2.29 decrypt
>> problems
>>
>> It returns here with -1
>>
>> if(ret != XML_ERR_OK) {
>> xmlSecXmlError("xmlParseInNodeContext", NULL);
>> return(-1);
>> }
>>
>> -----Original Message-----
>> From: Aleksey Sanin <[email protected]>
>> Sent: Thursday, March 26, 2020 11:05 AM
>> To: Floodeenjr, Thomas <[email protected]>;
>> [email protected]
>> Subject: Re: [xmlsec] xmlsec1-1.2.16 to xmlsec1-1.2.29 decrypt
>> problems
>>
>> What error do you get?
>>
>> Aleksey
>>
>> On 3/26/20 8:26 AM, Floodeenjr, Thomas wrote:
>>> Hello,
>>>
>>> We recently upgraded from xmlsec1-1.2.16 to xmlsec1-1.2.29. We have
>>> some data created in 1.2.16 that we can decrypt, but it fails to
>>> decrypt in 1.2.29.
>>>
>>> Application.exe!xmlSecCheckNodeName(_xmlNode *
>>> const cur, const unsigned char * name, const unsigned char * ns)
>>> Line 210 C
>>>
>>>>
>>>> Application.exe!xmlSecEncCtxEncDataNodeRead(_xmlSecEncCtx * encCtx,
>>>> _xmlNode * node) Line 696 C
>>>
>>>
>>> Application.exe!xmlSecEncCtxDecryptToBuffer(_xmlSecEncCtx
>>> * encCtx, _xmlNode * node) Line 597 C
>>>
>>> Application.exe!xmlSecEncCtxDecrypt(_xmlSecEncCtx *
>>> encCtx, _xmlNode * node) Line 524 C
>>>
>>> Other items do decrypt fine with both versions. Any ideas what we
>>> can look into?
>>>
>>> Thanks,
>>>
>>> -Tom
>>>
>>>
>>> _______________________________________________
>>> xmlsec mailing list
>>> [email protected]
>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>
>> _______________________________________________
>> xmlsec mailing list
>> [email protected]
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
> _______________________________________________
> xmlsec mailing list
> [email protected]
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
