[xmlsec] problem encrypting / decrypting content of an empty element

Mon, 09 Feb 2004 03:41:25 -0800

Hi all,
I've discovered a decryption problem (and no relevant discussion / solution):

When one has encrypted an empty element (e.g. <a/>) using encrypt-element-content type (xmlSecTypeEncContent), and then tries to decrypt it back, the decryption process fails.

The problem is the buffer holding the decrypted data is empty (it's ok - the content of the element having been encypted was empty, too). However, even the buffer is empty, the xmlSecReplaceNodeBuffer() function is called to replace the <EncryptedData> node with the result of the decryption = buffer (which is empty), and the xmlSecReplaceNodeBuffer() function asserts on non-empty buffer.

See xmlenc.c, about line 605.

My question is: is this behaviour intentional?
Don't you want to encrypt empty elements as encrypt-element-content :-)?

If you'll find my notice "legal", you would take a look at the patch being attached.

best regards,
 Tomas Sieger

--- xmlenc.c.orig       Mon Feb  9 11:11:04 2004
+++ xmlenc.c    Mon Feb  9 11:16:22 2004
@@ -601,17 +601,24 @@
        }
        encCtx->resultReplaced = 1;                            
     } else if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, 
xmlSecTypeEncContent)) {
-       /* replace the node with the buffer */
-       ret = xmlSecReplaceNodeBuffer(node, xmlSecBufferGetData(buffer), 
xmlSecBufferGetSize(buffer));
-       if(ret < 0) {
-           xmlSecError(XMLSEC_ERRORS_HERE,
-                       NULL,
-                       "xmlSecReplaceNodeBuffer",
-                       XMLSEC_ERRORS_R_XMLSEC_FAILED,
-                       "node=%s",
-                       xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
-           return(-1);         
-       }       
+        /* replace the node with the buffer */
+        if (xmlSecBufferGetSize(buffer) == 0) {
+            /* the buffer is empty (because the element content being encrypted was 
empty, too);
+             * simply remove the <EncryptedData/> node since there is nothing to 
replace it */
+            xmlUnlinkNode(node);
+            xmlFreeNode(node);
+        } else {
+            ret = xmlSecReplaceNodeBuffer(node, xmlSecBufferGetData(buffer), 
xmlSecBufferGetSize(buffer));
+            if(ret < 0) {
+                xmlSecError(XMLSEC_ERRORS_HERE,
+                            NULL,
+                            "xmlSecReplaceNodeBuffer",
+                            XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                            "node=%s",
+                            xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+                return(-1);
+            }
+        }
        encCtx->resultReplaced = 1;                            
     }
     return(0);

Reply via email to