[xmlsec] Inconsistent dsigCtx->status value

moore43132 at yahoo.com moore43132 at yahoo.com
Thu May 12 14:37:49 PDT 2016


 Hello

Any thoughts on how the following can happen would be much appreciate.

Have some code like this which is preceeded by creating a verify contxt etc etc just like examples::
......        /* print verification result to stdout */        if(dsigCtx->status == xmlSecDSigStatusSucceeded) {                fprintf(stdout, "RESULT: Signature is OK  %d\n", dsigCtx->status);        } else {                fprintf(stdout, "RESULT: Signature is INVALID %d\n", dsigCtx->status);        }        fprintf(stdout, "---------------------------------------------------\n");

        xmlSecDSigCtxDebugDump(dsigCtx, stdout);......

And get the following output:


RESULT: Signature is INVALID 7219120---------------------------------------------------= VERIFICATION CONTEXT== Status: succeeded== flags: 0x0000000e== flags2: 0x00000000== Key Info Read Ctx:= KEY INFO READ CONTEXT== flags: 0x00000000== flags2: 0x00000000== enabled key data: all== RetrievalMethod level (cur/max): 0/1== TRANSFORMS CTX (status=0)== flags: 0x00000000== flags2: 0x00000000== enabled transforms: all=== uri: NULL=== uri xpointer expr: NULL== EncryptedKey level (cur/max): 0/1=== KeyReq:==== keyId: rsa==== keyType: 0x00000001==== keyUsage: 0x00000002==== keyBitsSize: 0=== list size: 0== Key Info Write Ctx:= KEY INFO WRITE CONTEXT== flags: 0x00000000== flags2: 0x00000000== enabled key data: all== RetrievalMethod level (cur/max): 0/1== TRANSFORMS CTX (status=0)== flags: 0x00000000== flags2: 0x00000000== enabled transforms: all=== uri: NULL=== uri xpointer expr: NULL== EncryptedKey level (cur/max): 0/1=== KeyReq:==== keyId: NULL==== keyType: 0x00000001==== keyUsage: 0xffffffff==== keyBitsSize: 0=== list size: 0== Signature Transform Ctx:== TRANSFORMS CTX (status=2)== flags: 0x00000000== flags2: 0x00000000== enabled transforms: all=== uri: NULL=== uri xpointer expr: NULL=== Transform: exc-c14n (href=http://www.w3.org/2001/10/xml-exc-c14n#)=== Transform: membuf-transform (href=NULL)=== Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)=== Transform: membuf-transform (href=NULL)== Signature Method:=== Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)== Signature Key:== KEY=== method: RSAKeyValue=== key type: Public=== key usage: -1=== key not valid before: 1458586152=== key not valid after: 1774118952=== rsa key: size = 2048=== list size: 1=== X509 Data:==== Key Certificate:==== Subject Name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==== Issuer Name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==== Issuer Serial: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==== Certificate:==== Subject Name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==== Issuer Name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==== Issuer Serial: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX== SignedInfo References List:=== list size: 1= REFERENCE VERIFICATION CONTEXT== Status: succeeded== URI: "#_c4e9522ba1289864766f54df6a04eae5b77fd7c70d"== Reference Transform Ctx:== TRANSFORMS CTX (status=2)== flags: 0x00000000== flags2: 0x00000000== enabled transforms: all=== uri: === uri xpointer expr: #_c4e9522ba1289864766f54df6a04eae5b77fd7c70d=== Transform: xpointer (href=http://www.w3.org/2001/04/xmldsig-more/xptr)=== Transform: enveloped-signature (href=http://www.w3.org/2000/09/xmldsig#enveloped-signature)=== Transform: exc-c14n (href=http://www.w3.org/2001/10/xml-exc-c14n#)=== Transform: membuf-transform (href=NULL)=== Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)=== Transform: membuf-transform (href=NULL)== Digest Method:=== Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)== PreDigest data - start buffer:........
....

Any ideas how this could happen?
The dump prints the status as being successful.This as per the setting of the dsigCtx->status inxmlSecDSigCtxDebugDump() function in xmldsig.c


But how is it printing some garbage value before hand? (7219120)Why is it not initialized or set to unknown/invalid. 

Would appreciate any insight? No other logs/erros from the xmlsec are evident.
Are there any other logs I could refer to?
Would appreciate any thoughts. 







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20160512/483a6f2c/attachment.html>


More information about the xmlsec mailing list