[xmlsec] Sign verification problems after SLES 11.3 system security update

Aleksey Sanin aleksey at aleksey.com
Mon Apr 27 10:08:23 PDT 2015


You might want to file a bug about SLES :) It's hard to say what
have changed.

Aleksey

On 4/27/15 10:05 AM, spam at intlt.ru wrote:
> Yes, I did. I even tried to rebuild it from your latest git sources. This error occurs only with DSA keys, with RSA everything is ok.
> 
> 27.04.2015, 19:39, "Aleksey Sanin" <aleksey at aleksey.com>:
>> Did you rebuild xmlsec after the upgrade?
>>
>> Aleksey
>>
>> On 4/26/15 11:20 PM, Igor Sokolov wrote:
>>>  Something weird happened after SLES 11.3 system update. There was a bunch of Openssl security updates.
>>>  xmlsec1 sign verification is just stop working.
>>>  On other systems (non-SLES: Mint, Windows) with the same key and file everything is ok.
>>>  Output:
>>>  xmlsec1 verify --print-debug --privkey-pem ibrsStubPublicKey.pem request.txt
>>>  error : Unknown IO error
>>>  func=xmlSecKeysMngrGetKey:file=keys.c:line=1370:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed:
>>>  func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=889:obj=unknown:subj=unknown:error=45:key is not found:
>>>  func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=581:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed:
>>>  func=xmlSecDSigCtxVerify:file=xmldsig.c:line=382:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec library function failed:
>>>  Error: signature failed
>>>  ERROR
>>>  SignedInfo References (ok/all): 1/1
>>>  Manifests References (ok/all): 0/0
>>>  = VERIFICATION CONTEXT
>>>  == Status: unknown
>>>  == flags: 0x00000000
>>>  == flags2: 0x00000000
>>>  == Key Info Read Ctx:
>>>  = KEY INFO READ CONTEXT
>>>  == flags: 0x00000000
>>>  == flags2: 0x00000000
>>>  == enabled key data: all
>>>  == RetrievalMethod level (cur/max): 0/1
>>>  == TRANSFORMS CTX (status=0)
>>>  == flags: 0x00000000
>>>  == flags2: 0x00000000
>>>  == enabled transforms: all
>>>  === uri: NULL
>>>  === uri xpointer expr: NULL
>>>  == EncryptedKey level (cur/max): 0/1
>>>  === KeyReq:
>>>  ==== keyId: dsa
>>>  ==== keyType: 0x00000001
>>>  ==== keyUsage: 0x00000002
>>>  ==== keyBitsSize: 0
>>>  === list size: 0
>>>  == Key Info Write Ctx:
>>>  = KEY INFO WRITE CONTEXT
>>>  == flags: 0x00000000
>>>  == flags2: 0x00000000
>>>  == enabled key data: all
>>>  == RetrievalMethod level (cur/max): 0/1
>>>  == TRANSFORMS CTX (status=0)
>>>  == flags: 0x00000000
>>>  == flags2: 0x00000000
>>>  == enabled transforms: all
>>>  === uri: NULL
>>>  === uri xpointer expr: NULL
>>>  == EncryptedKey level (cur/max): 0/1
>>>  === KeyReq:
>>>  ==== keyId: NULL
>>>  ==== keyType: 0x00000001
>>>  ==== keyUsage: 0xffffffff
>>>  ==== keyBitsSize: 0
>>>  === list size: 0
>>>  == Signature Transform Ctx:
>>>  == TRANSFORMS CTX (status=0)
>>>  == flags: 0x00000000
>>>  == flags2: 0x00000000
>>>  == enabled transforms: all
>>>  === uri: NULL
>>>  === uri xpointer expr: NULL
>>>  === Transform: c14n-with-comments (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments)
>>>  === Transform: dsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#dsa-sha1)
>>>  == Signature Method:
>>>  === Transform: dsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#dsa-sha1)
>>>  == SignedInfo References List:
>>>  === list size: 1
>>>  = REFERENCE VERIFICATION CONTEXT
>>>  == Status: succeeded
>>>  == URI: ""
>>>  == Reference Transform Ctx:
>>>  == TRANSFORMS CTX (status=2)
>>>  == flags: 0x00000000
>>>  == flags2: 0x00000000
>>>  == enabled transforms: all
>>>  === uri: NULL
>>>  === uri xpointer expr: NULL
>>>  === Transform: enveloped-signature (href=http://www.w3.org/2000/09/xmldsig#enveloped-signature)
>>>  === Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
>>>  === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
>>>  === Transform: membuf-transform (href=NULL)
>>>  == Digest Method:
>>>  === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
>>>  == Manifest References List:
>>>  === list size: 0
>>>  Error: failed to verify file "request.txt"
>>>  _______________________________________________
>>>  xmlsec mailing list
>>>  xmlsec at aleksey.com
>>>  http://www.aleksey.com/mailman/listinfo/xmlsec


More information about the xmlsec mailing list