[xmlsec] Sign verification problems after SLES 11.3 system security update

spam at intlt.ru spam at intlt.ru
Mon Apr 27 10:22:35 PDT 2015 

I'am not sure they will pay attention to this problem, because SLES did not officially maintain xmlsec package. Maybe you could advise me, where to look at? I have seen patch about DSA in your repo, maybe this thing related somehow?

27.04.2015, 20:08, "Aleksey Sanin" <aleksey at aleksey.com>:
> You might want to file a bug about SLES :) It's hard to say what
> have changed.
>
> Aleksey
>
> On 4/27/15 10:05 AM, spam at intlt.ru wrote:
>>  Yes, I did. I even tried to rebuild it from your latest git sources. This error occurs only with DSA keys, with RSA everything is ok.
>>
>>  27.04.2015, 19:39, "Aleksey Sanin" <aleksey at aleksey.com>:
>>>  Did you rebuild xmlsec after the upgrade?
>>>
>>>  Aleksey
>>>
>>>  On 4/26/15 11:20 PM, Igor Sokolov wrote:
>>>>   Something weird happened after SLES 11.3 system update. There was a bunch of Openssl security updates.
>>>>   xmlsec1 sign verification is just stop working.
>>>>   On other systems (non-SLES: Mint, Windows) with the same key and file everything is ok.
>>>>   Output:
>>>>   xmlsec1 verify --print-debug --privkey-pem ibrsStubPublicKey.pem request.txt
>>>>   error : Unknown IO error
>>>>   func=xmlSecKeysMngrGetKey:file=keys.c:line=1370:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed:
>>>>   func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=889:obj=unknown:subj=unknown:error=45:key is not found:
>>>>   func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=581:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed:
>>>>   func=xmlSecDSigCtxVerify:file=xmldsig.c:line=382:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec library function failed:
>>>>   Error: signature failed
>>>>   ERROR
>>>>   SignedInfo References (ok/all): 1/1
>>>>   Manifests References (ok/all): 0/0
>>>>   = VERIFICATION CONTEXT
>>>>   == Status: unknown
>>>>   == flags: 0x00000000
>>>>   == flags2: 0x00000000
>>>>   == Key Info Read Ctx:
>>>>   = KEY INFO READ CONTEXT
>>>>   == flags: 0x00000000
>>>>   == flags2: 0x00000000
>>>>   == enabled key data: all
>>>>   == RetrievalMethod level (cur/max): 0/1
>>>>   == TRANSFORMS CTX (status=0)
>>>>   == flags: 0x00000000
>>>>   == flags2: 0x00000000
>>>>   == enabled transforms: all
>>>>   === uri: NULL
>>>>   === uri xpointer expr: NULL
>>>>   == EncryptedKey level (cur/max): 0/1
>>>>   === KeyReq:
>>>>   ==== keyId: dsa
>>>>   ==== keyType: 0x00000001
>>>>   ==== keyUsage: 0x00000002
>>>>   ==== keyBitsSize: 0
>>>>   === list size: 0
>>>>   == Key Info Write Ctx:
>>>>   = KEY INFO WRITE CONTEXT
>>>>   == flags: 0x00000000
>>>>   == flags2: 0x00000000
>>>>   == enabled key data: all
>>>>   == RetrievalMethod level (cur/max): 0/1
>>>>   == TRANSFORMS CTX (status=0)
>>>>   == flags: 0x00000000
>>>>   == flags2: 0x00000000
>>>>   == enabled transforms: all
>>>>   === uri: NULL
>>>>   === uri xpointer expr: NULL
>>>>   == EncryptedKey level (cur/max): 0/1
>>>>   === KeyReq:
>>>>   ==== keyId: NULL
>>>>   ==== keyType: 0x00000001
>>>>   ==== keyUsage: 0xffffffff
>>>>   ==== keyBitsSize: 0
>>>>   === list size: 0
>>>>   == Signature Transform Ctx:
>>>>   == TRANSFORMS CTX (status=0)
>>>>   == flags: 0x00000000
>>>>   == flags2: 0x00000000
>>>>   == enabled transforms: all
>>>>   === uri: NULL
>>>>   === uri xpointer expr: NULL
>>>>   === Transform: c14n-with-comments (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments)
>>>>   === Transform: dsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#dsa-sha1)
>>>>   == Signature Method:
>>>>   === Transform: dsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#dsa-sha1)
>>>>   == SignedInfo References List:
>>>>   === list size: 1
>>>>   = REFERENCE VERIFICATION CONTEXT
>>>>   == Status: succeeded
>>>>   == URI: ""
>>>>   == Reference Transform Ctx:
>>>>   == TRANSFORMS CTX (status=2)
>>>>   == flags: 0x00000000
>>>>   == flags2: 0x00000000
>>>>   == enabled transforms: all
>>>>   === uri: NULL
>>>>   === uri xpointer expr: NULL
>>>>   === Transform: enveloped-signature (href=http://www.w3.org/2000/09/xmldsig#enveloped-signature)
>>>>   === Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
>>>>   === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
>>>>   === Transform: membuf-transform (href=NULL)
>>>>   == Digest Method:
>>>>   === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
>>>>   == Manifest References List:
>>>>   === list size: 0
>>>>   Error: failed to verify file "request.txt"
>>>>   _______________________________________________
>>>>   xmlsec mailing list
>>>>   xmlsec at aleksey.com
>>>>   http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list