[Encryption] Unexpected behaviour due to uninitialised values

[Jérémy Coulon <je...@free.fr>]

Hello,

I started using XML Security (C++) in my own project a few days ago.

I created a simple command line tool based on simpleEncrypt and 
simpleDecrypt examples.
My goal is to create a small utility for encrypting/decrypting xml files 
with AES256_CBC (randomly generated key) and RSA_15 Public/Private keys 
(loaded from PEM files).

I ran into an error when I tried decrypting my previously encrypted xml 
file :
An error occurred during an encryption 
operation                                                
   Message: OpenSSL:SymmetricKey::decryptFinish - Out of range padding 
value in final block

I used valgrind to track down the problem and it seems to be related to 
the use of uninitilised value during both encrypting and decrypting.

A patch is available in attachment.
The main problem is in XSECSafeBuffer.cpp
The 2 other files modification are just small memory leaks.

Please let me know if something is wrong with my patch.

Thanks.
Jérémy

Re: [Encryption] Unexpected behaviour due to uninitialised values

[Jérémy Coulon <je...@free.fr>]

OK.
I created bug 49148.

Jeremy


Scott Cantor a écrit :
>> Please let me know if something is wrong with my patch.
>>     
>
> Bugs need to be reported to http://issues.apache.org/bugzilla
>
> It's also necessary that you're running the latest version and if you can
> verify that the bug fix actually works, that's extremely helpful.
>
> -- Scott
>
>
>
>
>
>   

RE: [Encryption] Unexpected behaviour due to uninitialised values

[Scott Cantor <ca...@osu.edu>]

> Please let me know if something is wrong with my patch.

Bugs need to be reported to http://issues.apache.org/bugzilla

It's also necessary that you're running the latest version and if you can
verify that the bug fix actually works, that's extremely helpful.

-- Scott