<br><div id="ymail_android_signature"><br></div><div id="ymail_android_signature"><br></div><div id="ymail_android_signature">It is very strange.</div><div id="ymail_android_signature">I did a new build and the run time is using exact same version.</div><div id="ymail_android_signature"><br></div><div id="ymail_android_signature">It is latest .22 version.</div><div id="ymail_android_signature">Same result.</div><div id="ymail_android_signature">Will try debug further.</div><div id="ymail_android_signature"><br></div><div id="ymail_android_signature">BTW,  was the dump produced actually a valid verify ( verify ok )? </div><div id="ymail_android_signature"><br></div><div id="ymail_android_signature"><br></div><div id="ymail_android_signature"><br></div><div id="ymail_android_signature"><br></div> <br> <blockquote style="margin: 0 0 20px 0;"> <header style="font-family:Roboto, sans-serif; color:#6D00F6;"> <div>On Fri, 13 May, 2016 at 16:56, Aleksey Sanin</div><div><aleksey@aleksey.com> wrote:</div> </header> <div style="padding: 10px 0 0 20px; margin: 10px 0 0 0; border-left: 1px solid #6D00F6;"> <div id="msgSandbox_AGdVfbwAANapVzX5EA8yoMrJ2FSk_TEXT" class="msgSandbox" style="padding: 1.5em 0.5em 0.5em 1.2em; word-wrap: break-word;">Hm... The only idea I have is that you compile with different<br clear="none">flags or link against a different version of xmlsec library.<br clear="none">It looks like dsigCtx->status points to a different place in<br clear="none">memory.<br clear="none"><br clear="none">Aleksey<br clear="none"><br clear="none">On 5/13/16 2:16 AM, <a shape="rect" ymailto="mailto:moore43132@yahoo.com" href="javascript:return">moore43132@yahoo.com</a> wrote:<br clear="none">> Hello Aleksey & thank you for reply.<br clear="none">> I cannot see obvious error in the dump.<br clear="none">> Can you point it out if present?<br clear="none">> <br clear="none">> Also if indeed a digest is incorrect, would you expect the status to<br clear="none">> invalid? (rather than garbage value)<br clear="none">> <br clear="none">> Attached is the dump.<br clear="none">> <br clear="none">> Also some code that I added as a result of ID related errors of faq 3.2<br clear="none">> This is main difference to one of your verify examples<br clear="none">> Without this code, I get lots of errors.<br clear="none">> <br clear="none">> With it, the verification runs thru, but with the contradictory result<br clear="none">> in status. <br clear="none">> <br clear="none">> Appreciate your input. <br clear="none">> Thank you. <br clear="none">> On Friday, 13 May 2016, 2:56:22, Aleksey Sanin <<a shape="rect" ymailto="mailto:aleksey@aleksey.com" href="javascript:return">aleksey@aleksey.com</a>> wrote:<br clear="none">> <br clear="none">> <br clear="none">> Look through the whole dump. One of the digests is likely invalid.<br clear="none">> <br clear="none">> Aleksey<br clear="none">> <br clear="none">> On 5/12/16 2:37 PM, <a shape="rect" ymailto="mailto:moore43132@yahoo.com" href="javascript:return">moore43132@yahoo.com</a> <mailto:<a shape="rect" ymailto="mailto:moore43132@yahoo.com" href="javascript:return">moore43132@yahoo.com</a>><br clear="none">> wrote:<br clear="none">>> <br clear="none">>> Hello<br clear="none">>><br clear="none">>><br clear="none">>> Any thoughts on how the following can happen would be much appreciate.<br clear="none">>><br clear="none">>><br clear="none">>> Have some code like this which is preceeded by creating a verify contxt<br clear="none">>> etc etc just like examples::<br clear="none">>><br clear="none">>> ...<br clear="none">>> ...<br clear="none">>>        /* print verification result to stdout */<br clear="none">>>        if(dsigCtx->status == xmlSecDSigStatusSucceeded) {<br clear="none">>>                fprintf(stdout, "RESULT: Signature is OK  %d\n",<br clear="none">>> dsigCtx->status);<br clear="none">>>        } else {<br clear="none">>>                fprintf(stdout, "RESULT: Signature is INVALID %d\n",<br clear="none">>> dsigCtx->status);<br clear="none">>>        }<br clear="none">>>        fprintf(stdout,<br clear="none">>> "---------------------------------------------------\n");<br clear="none">>><br clear="none">>><br clear="none">>>        xmlSecDSigCtxDebugDump(dsigCtx, stdout);<br clear="none">>> ...<br clear="none">>> ...<br clear="none">>><br clear="none">>><br clear="none">>> And get the following output:<br clear="none">>><br clear="none">>><br clear="none">>> RESULT: Signature is INVALID 7219120<br clear="none">>> ---------------------------------------------------<br clear="none">>> = VERIFICATION CONTEXT<br clear="none">>> == Status: succeeded<br clear="none">>> == flags: 0x0000000e<br clear="none">>> == flags2: 0x00000000<br clear="none">>> == Key Info Read Ctx:<br clear="none">>> = KEY INFO READ CONTEXT<br clear="none">>> == flags: 0x00000000<br clear="none">>> == flags2: 0x00000000<br clear="none">>> == enabled key data: all<br clear="none">>> == RetrievalMethod level (cur/max): 0/1<br clear="none">>> == TRANSFORMS CTX (status=0)<br clear="none">>> == flags: 0x00000000<br clear="none">>> == flags2: 0x00000000<br clear="none">>> == enabled transforms: all<br clear="none">>> === uri: NULL<br clear="none">>> === uri xpointer expr: NULL<br clear="none">>> == EncryptedKey level (cur/max): 0/1<br clear="none">>> === KeyReq:<br clear="none">>> ==== keyId: rsa<br clear="none">>> ==== keyType: 0x00000001<br clear="none">>> ==== keyUsage: 0x00000002<br clear="none">>> ==== keyBitsSize: 0<br clear="none">>> === list size: 0<br clear="none">>> == Key Info Write Ctx:<br clear="none">>> = KEY INFO WRITE CONTEXT<br clear="none">>> == flags: 0x00000000<br clear="none">>> == flags2: 0x00000000<br clear="none">>> == enabled key data: all<br clear="none">>> == RetrievalMethod level (cur/max): 0/1<br clear="none">>> == TRANSFORMS CTX (status=0)<br clear="none">>> == flags: 0x00000000<br clear="none">>> == flags2: 0x00000000<br clear="none">>> == enabled transforms: all<br clear="none">>> === uri: NULL<br clear="none">>> === uri xpointer expr: NULL<br clear="none">>> == EncryptedKey level (cur/max): 0/1<br clear="none">>> === KeyReq:<br clear="none">>> ==== keyId: NULL<br clear="none">>> ==== keyType: 0x00000001<br clear="none">>> ==== keyUsage: 0xffffffff<br clear="none">>> ==== keyBitsSize: 0<br clear="none">>> === list size: 0<br clear="none">>> == Signature Transform Ctx:<br clear="none">>> == TRANSFORMS CTX (status=2)<br clear="none">>> == flags: 0x00000000<br clear="none">>> == flags2: 0x00000000<br clear="none">>> == enabled transforms: all<br clear="none">>> === uri: NULL<br clear="none">>> === uri xpointer expr: NULL<br clear="none">>> === Transform: exc-c14n (href=<a shape="rect" href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank">http://www.w3.org/2001/10/xml-exc-c14n#</a>)<br clear="none">>> === Transform: membuf-transform (href=NULL)<br clear="none">>> === Transform: rsa-sha1 (href=<a shape="rect" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1" target="_blank">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>)<br clear="none">>> === Transform: membuf-transform (href=NULL)<br clear="none">>> == Signature Method:<br clear="none">>> === Transform: rsa-sha1 (href=<a shape="rect" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1" target="_blank">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>)<br clear="none">>> == Signature Key:<br clear="none">>> == KEY<br clear="none">>> === method: RSAKeyValue<br clear="none">>> === key type: Public<br clear="none">>> === key usage: -1<br clear="none">>> === key not valid before: 1458586152<br clear="none">>> === key not valid after: 1774118952<br clear="none">>> === rsa key: size = 2048<br clear="none">>> === list size: 1<br clear="none">>> === X509 Data:<br clear="none">>> ==== Key Certificate:<br clear="none">>> ==== Subject Name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<br clear="none">>> ==== Issuer Name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<br clear="none">>> ==== Issuer Serial: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<br clear="none">>> ==== Certificate:<br clear="none">>> ==== Subject Name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<br clear="none">>> ==== Issuer Name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX<br clear="none">>> ==== Issuer Serial: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX<br clear="none">>> == SignedInfo References List:<br clear="none">>> === list size: 1<br clear="none">>> = REFERENCE VERIFICATION CONTEXT<br clear="none">>> == Status: succeeded<br clear="none">>> == URI: "#_c4e9522ba1289864766f54df6a04eae5b77fd7c70d"<br clear="none">>> == Reference Transform Ctx:<br clear="none">>> == TRANSFORMS CTX (status=2)<br clear="none">>> == flags: 0x00000000<br clear="none">>> == flags2: 0x00000000<br clear="none">>> == enabled transforms: all<br clear="none">>> === uri:<br clear="none">>> === uri xpointer expr: #_c4e9522ba1289864766f54df6a04eae5b77fd7c70d<br clear="none">>> === Transform: xpointer (href=<a shape="rect" href="http://www.w3.org/2001/04/xmldsig-more/xptr" target="_blank">http://www.w3.org/2001/04/xmldsig-more/xptr</a>)<br clear="none">>> === Transform: enveloped-signature<br clear="none">>> (href=<a shape="rect" href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" target="_blank">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>)<br clear="none">>> === Transform: exc-c14n (href=<a shape="rect" href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank">http://www.w3.org/2001/10/xml-exc-c14n#</a>)<br clear="none">>> === Transform: membuf-transform (href=NULL)<br clear="none">>> === Transform: sha1 (href=<a shape="rect" href="http://www.w3.org/2000/09/xmldsig#sha1" target="_blank">http://www.w3.org/2000/09/xmldsig#sha1</a>)<br clear="none">>> === Transform: membuf-transform (href=NULL)<br clear="none">>> == Digest Method:<br clear="none">>> === Transform: sha1 (href=<a shape="rect" href="http://www.w3.org/2000/09/xmldsig#sha1" target="_blank">http://www.w3.org/2000/09/xmldsig#sha1</a>)<br clear="none">>> == PreDigest data - start buffer:<br clear="none">>> ....<br clear="none">>> ....<br clear="none">>><br clear="none">>> ....<br clear="none">>><br clear="none">>><br clear="none">>> Any ideas how this could happen?<br clear="none">>><br clear="none">>> The dump prints the status as being successful.<br clear="none">>> This as per the setting of the dsigCtx->status in<br clear="none">>> xmlSecDSigCtxDebugDump() function in xmldsig.c<br clear="none">>><br clear="none">>><br clear="none">>> But how is it printing some garbage value before hand? (7219120)<br clear="none">>> Why is it not initialized or set to unknown/invalid.<br clear="none">>><br clear="none">>><br clear="none">>> Would appreciate any insight? No other logs/erros from the xmlsec are<br clear="none">>> evident.<br clear="none">>><br clear="none">>> Are there any other logs I could refer to?<br clear="none">>> Would appreciate any thoughts.<br clear="none">> <br clear="none">>><br clear="none">>><br clear="none">>><br clear="none">>><br clear="none">>><br clear="none">>><br clear="none">>><br clear="none">>><br clear="none">>><br clear="none">>><br clear="none">>> _______________________________________________<br clear="none">>> xmlsec mailing list<br clear="none">>> <a shape="rect" ymailto="mailto:xmlsec@aleksey.com" href="javascript:return">xmlsec@aleksey.com</a> <mailto:<a shape="rect" ymailto="mailto:xmlsec@aleksey.com" href="javascript:return">xmlsec@aleksey.com</a>><br clear="none">>> <a shape="rect" href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/mailman/listinfo/xmlsec</a><div class="yQTDBase yqt1368660538" id="yqtfd75894"><br clear="none">> <br clear="none">>><br clear="none">> <br clear="none">> <br clear="none">> <br clear="none">> <br clear="none">> _______________________________________________<br clear="none">> xmlsec mailing list<br clear="none">> <a shape="rect" ymailto="mailto:xmlsec@aleksey.com" href="javascript:return">xmlsec@aleksey.com</a><br clear="none">> <a shape="rect" href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/mailman/listinfo/xmlsec</a><br clear="none">> <br clear="none"></div></div> </div> </blockquote>