[xmlsec] Wrong key selection in simple keys store?

Wouter wsh at xs4all.nl
Sat Sep 13 11:59:18 PDT 2003


I encountered the following problem: I have an instance of the simple keys
store, that contains 3 keys: 1) aes-256 2) aes-192, and 3) aes-128.

Then I want to retrieve a key based upon a keyinfo request structure. The
structure contains information that an aes key is to be searched for with
a size of 128 bits. However the simple keys store returns to me the
aes-256 bits key (the first key in the list).

The following selection routine fails,
found in keys.c:141, in the function
int xmlSecKeyReqMatchKeyValue(xmlSecKeyReqPtr keyReq, xmlSecKeyDataPtr

if((keyReq->keyBitsSize > 0) &&
   (xmlSecKeyDataGetSize(value) > 0) &&
   (xmlSecKeyDataGetSize(value) < keyReq->keyBitsSize)) {


keyReq->keyBitsSize = 128
xmlSecKeyDataGetSize(value) returns 256 (the current selected key in the
simple keysstore)

The function should return 0, since I'm looking for 128 bits key, not for
256 bits key, but one can clearly see that even when key sizes do not
match, still 1 is returned, meaning a match is found between request and
selected key.

This code is used for almost any crypto library, so I would expect this
failure to be found much earlier. However since apparently it is unnoticed
until now, I get the feeling I'm missing something here... Could anybody
shine a light here and tell me if this is a bug, or am I missing something


More information about the xmlsec mailing list