[xmlsec] --untrustedXXXX cmd line option

Roumen Petrov xmlsec at roumenpetrov.info
Mon Jul 7 06:56:34 PDT 2003 

Hi all,

code from .../apps/xmlsec.c show that we can call xmlsec1 with more than 
one option --untrustedXXX file_name,
but when xmlsec is build with openssl, source code in 
.../src/openssl/x509vfy.c method xmlSecOpenSSLX509StoreAdoptCert() is:

===========================================================
....
int
xmlSecOpenSSLX509StoreAdoptCert(xmlSecKeyDataStorePtr store, X509* cert, 
xmlSecKeyDataType type) {
    if((type & xmlSecKeyDataTypeTrusted) != 0) {
        xmlSecAssert2(ctx->xst != NULL, -1);
        ....
    } else {
        xmlSecAssert2(ctx->untrusted != NULL, -1);

        ret = sk_X509_push(ctx->untrusted, cert);
        if(ret != 1) {
            xmlSecError(XMLSEC_ERRORS_HERE,
                        
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
                        "sk_X509_push",
                        XMLSEC_ERRORS_R_CRYPTO_FAILED,
                        XMLSEC_ERRORS_NO_MESSAGE);
            return(-1);
        }
....
===========================================================
OpenSSL function sk_X509_push return number of certificates in stack.
When stack ctx->untrusted contain one cert. on next call of 
 xmlSecOpenSSLX509StoreAdoptCert(..) sk_X509_push return 2 and check ( 
ret != 1 )  fail.

Where/What is problem:
- xmlsec1 can accept only one untrusted certificate, i.e. 
.../apps/xmlsec.c should skip extra --untrustedXXX options;
- after sk_X509_push check should be if ( ret < 1 );
- all source code is correct. But in that case xmlsec1 core dump and 
might .../src/openssl/x509vfy.c source should pop from untrusted stack 
to avoid core dump or never to push a cert. when stack contain already one;
?


All is tested with xmlsec 1.0.3 and CVS version. Test file rumen-sn.tmp 
is attached and test commans are:
apps/xmlsec1 verify \
  --untrusted-der tests/keys/dsacert.der \
  --[un]trusted-der tests/keys/ca2cert.der \
  --trusted-der tests/keys/cacert.der \
  rumen-sn.tmp

-------------- next part --------------
<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
    <Reference URI="http://www.w3.org/TR/xml-stylesheet">
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
      <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
    </Reference>
  </SignedInfo>
  <SignatureValue>vAS4NUtweyTpauQlw0OKw38j6K9iV3hagtCV6T8FoEpsaXwp/+q+Ag==</SignatureValue>
  <KeyInfo>
    <X509Data>
    <X509SubjectName>emailAddress=xmlsec at aleksey.com,CN=Aleksey Sanin,OU=Third Level DSA Certificate,O=XML Security Library (http://www.aleksey.com/xmlsec),ST=California,C=US</X509SubjectName>
<X509SubjectName>emailAddress=xmlsec at aleksey.com,CN=Aleksey Sanin,OU=Second Level Certificate,O=XML Security Library (http://www.aleksey.com/xmlsec),ST=California,C=US</X509SubjectName>
</X509Data>
  </KeyInfo>
</Signature>

More information about the xmlsec mailing list