[xmlsec] xmlSecDSigCtxVerify fails

Aleksey Sanin aleksey at aleksey.com
Thu Jan 28 20:42:50 PST 2010


Can you reproduce the problem with xmlsec command line utility?
Unfortunately, I don't have mips around and I can't debug this. It
smells like some compilation issue either in xmlsec or openssl.
Try to compile openssl from C code, don't use assembler. And also
try to disable all the optimizations in the openssl and gcc.

Aleksey


On 1/28/2010 8:32 PM, mahendra N wrote:
> we are using xmlsec 1.2.12 to check whether a license file is tampered.
> Were are tesing it on x86, SPARC and mips. xmlSecDSigCtxVerify function
> is used to check whether the signature is valid or not. on  x86 and
> SPARC i get the logs as :
>
> xmlSecOpenSSLEvpDigestVerify:         XmlSec Error data and digest do
> not match (12)
>
> xmlSecDSigCtxPtr->status = xmlSecDSigStatusInvalid;
>
> but in case of mips the logs are;
>
> xmlSecOpenSSLEvpDigestVerify:         XmlSec Error data and digest do
> not match (12)
>
> xmlSecDSigCtxPtr->status = xmlSecDSigStatusSucceeded;
>
> so tampering of license is undetected on mips.
>
>
> 2010/1/28 Aleksey Sanin <aleksey at aleksey.com <mailto:aleksey at aleksey.com>>
>
>     Sorry, I don't understand. Can you provide an example?
>
>     Aleksey
>
>
>     On 1/28/2010 3:45 AM, mahendra N wrote:
>
>         Hi,
>                  We are using xmlSecDSigCtxVerify API to check whether a
>         license
>         file is tampered. . The license file is in w3 XML format.
>         Shouldn the
>         status element of xmlSecDSigCtxPtr structure capture the error
>         if the
>         license file is tampered. but ,its happening, but the error is
>         caught by
>         signKey element on x86, but the signKey accesses a wrong pointer in
>         mips. how should we go about the issue..
>         Thanks and Reagrds,
>         Mahendra Naik
>
>
>
>         _______________________________________________
>         xmlsec mailing list
>         xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>         http://www.aleksey.com/mailman/listinfo/xmlsec
>
>


More information about the xmlsec mailing list