[xmlsec] xmlsec1 sign problem with openssl 1.0.2j

Alexopoulou, Georgia georgia.alexopoulou at unify.com
Wed Nov 9 04:04:34 PST 2016 

Hello Aleksey,

Thanks a lot for your quick response.
I compiled the code with the latest changes and I still have the same error.
The error appears only when RSA keys are used.
When I generated a DSA key and tried to sign everything worked fine.

See the new error output below:

../xmlsec1 sign --privkey-pem rsakey.pem --output signrsa.xml sign1-tmpl.xml 
func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=498:obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto library function failed:openssl error: 101101678: digital envelope routines: EVP_SignFinal wrong public key type
func=xmlSecTransformDefaultPushBin:file=transforms.c:line=2235:obj=rsa-sha1:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:final=1
func=xmlSecTransformIOBufferClose:file=transforms.c:line=2919:obj=rsa-sha1:subj=xmlSecTransformPushBin:error=1:xmlsec library function failed: 
func=xmlSecTransformC14NPushXml:file=c14n.c:line=279:obj=c14n:subj=xmlOutputBufferClose:error=5:libxml2 library function failed: 
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1264:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed:transform=c14n
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=647:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxSign:file=xmldsig.c:line=323:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec library function failed: 
Error: signature failed 
Error: failed to sign file "sign1-tmpl.xml"


I cannot understand what the "wrong public key type" means. But when I generate a new RSA key with openssl and try that I still get the same error.


Regards,
Georgia


-----Original Message-----
From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
Sent: Wednesday, November 09, 2016 4:11 AM
To: Alexopoulou, Georgia; xmlsec at aleksey.com
Subject: Re: [xmlsec] xmlsec1 sign problem with openssl 1.0.2j

I modified the OpenSSL error reporting to print out more details (https://github.com/lsh123/xmlsec/pull/57). It's merged into master and this should help you with debugging.

Best,

Aleksey

On 11/8/16 11:14 AM, Aleksey Sanin wrote:
> As a wild guess, I would suggest to check that you are loading correct 
> versions of all the shared library. I'll add better reporting for 
> openssl errors in a day or two -- this will help with debugging it 
> further.
> 
> Aleksey
> 
> On 11/8/16 4:57 AM, Alexopoulou, Georgia wrote:
>> Hello to all,
>>
>>  
>>
>> I have cross compiled libxmlsec1 for powerpc arch with openssl 1.0.2j 
>> in order to use it in a project.
>>
>> I just run the examples in the example folder and I encountered the 
>> following errors:
>>
>>  
>>
>> ../xmlsec1 sign --crypto openssl --privkey rsakey.pem --output 
>> signtest.xml sign1-tmpl.xml
>>
>> func=xmlSecOpenSSLEvpSignatureExecute:file=evp_signatures.c:line=522:
>> obj=rsa-sha1:subj=EVP_SignFinal:error=4:crypto
>> library function failed:
>>
>> func=xmlSecTransformDefaultPushBin:file=transforms.c:line=2235:obj=rs
>> a-sha1:subj=xmlSecTransformExecute:error=1:xmlsec
>> library function failed:final=1
>>
>> func=xmlSecTransformIOBufferClose:file=transforms.c:line=2919:obj=rsa
>> -sha1:subj=xmlSecTransformPushBin:error=1:xmlsec
>> library function failed:
>>
>> func=xmlSecTransformC14NPushXml:file=c14n.c:line=279:obj=c14n:subj=xm
>> lOutputBufferClose:error=5:libxml2
>> library function failed:
>>
>> func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1264:obj=unk
>> nown:subj=xmlSecTransformPushXml:error=1:xmlsec
>> library function failed:transform=c14n
>>
>> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=647:obj=un
>> known:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec
>> library function failed:
>>
>> func=xmlSecDSigCtxSign:file=xmldsig.c:line=323:obj=unknown:subj=xmlSe
>> cDSigCtxSignatureProcessNode:error=1:xmlsec
>> library function failed:
>>
>> Error: signature failed
>>
>> Error: failed to sign file "sign1-tmpl.xml"
>>
>>  
>>
>> Info:
>>
>> XMLSec version number: 1.2.23
>>
>> The platform/compiler you are using: linux kernel 3.12.19-rt30 
>> powerpc
>>
>> The exact xmlsec utility command line: see above. Command at stated 
>> in example README
>>
>> All the files mentioned in this command line: see above. I used the 
>> files in example folder
>>
>> The xmlsec utility output: See above
>>
>>  
>>
>>  
>>
>> Kind regards,
>>
>> Georgia
>>
>>
>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>

More information about the xmlsec mailing list