IMHO, you have data corruption somewhere in your program. The fact
that you can't reproduce the problem with xmlsec command line tool
indicates to me that this is somewhere in your code.
Did you try valgrind?
Aleksey
On 2/2/2010 11:34 PM, mahendra N wrote:
Hi Aleksey,
Still I am not able to reproduce the error on command
line. I have done some further analysis on the topic.
I was looking through the xmlsec-1.2.12 code,
We verify the signature using /xmlSecDSigCtxVerify/ function in xmldsig.c
There is a very strange behavior observed, /xmlSecDSigCtxVerify
/returns/ xmlSecDSigStatusInvalid / when an XML file is tampered. the
function works perfectly fine , but some how the value of status is
always /xmlSecDSigStatusSucceeded /when it returns from
/xmlSecDSigCtxVerify /
I put some print statements in the xmlsec code in /xmlSecDSigCtxVerify
/function.
the function returns dSigCtx->status = /xmlSecDSigStatusInvalid but the
it is always /
/dSigCtx->status = /xmlSecDSigStatusSucceeded /when we try to print the
value of /dSigCtx->status after return from
x/mlSecDSigCtxVerify/ function. even when I modified the code and set
/dSigCtx->status = /xmlSecDSigStatusUnknown /, the value of
/dSigCtx->status was //xmlSecDSigStatusSucceeded after return form ////
/xmlSecDSigCtxVerify /function.//////////
//
//
//Some how the value of /dSigCtx->status is being set to
//xmlSecDSigStatusSucceeded /always.Any help would be greatly
appreciated.////
////
////
////Thanks in advance,////
////Mahendra Naik////
2010/2/1 Aleksey Sanin <[email protected] <mailto:[email protected]>>
The symbol lookup problem is again related to multiple version of
xmlsec library.
This makes me suspicious that the second problem is also caused by
mismatch of between headers and actual loaded .so library.
One more idea - try to compile xmlsec as static library w/o
dynamic loading for crypto library.
Aleksey
On 2/1/2010 4:11 AM, mahendra N wrote:
Hi aleksey,
Yes, there were multiple versions of library on my
system. I have resolved the issue now. Now i get the following error
xmlsec1: symbol lookup error: /usr/lib64/libxmlsec1.so.1: undefined
symbol: xmlSecNameAESKeyValue
And one more observation:
when i try to access the following value
dsigCtx->signMethod->status ; i get a segmentation fault on
windriver
linux(mips). but it works fine on red hat linux(x86).
Regards,
Mahendra Naik
2010/1/29 Aleksey Sanin <[email protected]
<mailto:[email protected]> <mailto:[email protected]
<mailto:[email protected]>>>
You have multiple versions of the library on your system.
Incorrect LD_LIBRARY_PATH?
Aleksey
On 1/29/2010 1:24 AM, mahendra N wrote:
Hi Aleksey,
when i try to reproduce the error , i
get the
following error
func=xmlSecCheckVersionExt:file=xmlsec.c:line=170:obj=unknown:subj=unknown:error=1:xmlsec
library function failed:mode=abi compatible;expected minor
version=2;real minor version=2;expected subminor
version=12;real
subminor version=11
Error: loaded xmlsec library version is not compatible.
Error: initialization failed
Thanks and Regards,
Mahendra Naik
2010/1/29 Aleksey Sanin <[email protected]
<mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>
<mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>>
Can you reproduce the problem with xmlsec command
line utility?
Unfortunately, I don't have mips around and I can't
debug
this. It
smells like some compilation issue either in xmlsec
or openssl.
Try to compile openssl from C code, don't use
assembler. And
also
try to disable all the optimizations in the openssl
and gcc.
Aleksey
On 1/28/2010 8:32 PM, mahendra N wrote:
we are using xmlsec 1.2.12 to check whether a
license
file is
tampered.
Were are tesing it on x86, SPARC and mips.
xmlSecDSigCtxVerify
function
is used to check whether the signature is valid
or not.
on x86 and
SPARC i get the logs as :
xmlSecOpenSSLEvpDigestVerify: XmlSec
Error data and
digest do
not match (12)
xmlSecDSigCtxPtr->status = xmlSecDSigStatusInvalid;
but in case of mips the logs are;
xmlSecOpenSSLEvpDigestVerify: XmlSec
Error data and
digest do
not match (12)
xmlSecDSigCtxPtr->status =
xmlSecDSigStatusSucceeded;
so tampering of license is undetected on mips.
2010/1/28 Aleksey Sanin <[email protected]
<mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>
<mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>
<mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>
<mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>>>
Sorry, I don't understand. Can you provide
an example?
Aleksey
On 1/28/2010 3:45 AM, mahendra N wrote:
Hi,
We are using
xmlSecDSigCtxVerify API to
check
whether a
license
file is tampered. . The license file is
in w3
XML format.
Shouldn the
status element of xmlSecDSigCtxPtr structure
capture the
error
if the
license file is tampered. but ,its
happening,
but the
error is
caught by
signKey element on x86, but the signKey
accesses
a wrong
pointer in
mips. how should we go about the issue..
Thanks and Reagrds,
Mahendra Naik
_______________________________________________
xmlsec mailing list
[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>
<mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>
<mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>
<mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>>
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
