[xmlsec] Mscrypto patch 2, for cvs XMLSEC_MSCRYPTO_083103 branch

Aleksey Sanin aleksey at aleksey.com
Wed Sep 3 17:08:40 PDT 2003

Great! The patch is applied and commited! Thanks again for your work!
And I have some comments bellow.

>The patch includes:
>- Fix out-of-box compile error(s)
Good! I am downloading fresh MS Platform SDK now, hope to try your code 
tonight :)

>- Code formatting (wrong identing, etc.) (At least I hope it's better
>now :)

>- Fixes for signatures (RSA-SHA1) and RSA key wrapping (PKCS1). I've
>tested these against OpenSSL generated signatures and encrypted keys
>(together with des3-cbc) with success.
What about using the test suite from the xmlsec library itself? It 
requires cygwin but
I guess you already have it. Just run the following commands from the 
top level
source folder:

       > sh ./tests/testDSig.sh ./tests <path to xmlsec> der
       > sh ./tests/testEnc.sh ./tests <path to xmlsec> der

Probably we can add a new "test" option to win32 makefile as well 
(again, assuming
the cygwin is installed). I'll probably try to do it tonight.

>- Added mscrypto descriptions to a couple of html files (docs dir). An
>interesting issue I encountered: I don't know under what license exactly
>MS CryptoAPI libs (crypt32.lib) are distributed. The libraries are part
>of the OS, and are also distributed together with MS internet explorer.
>I couldn't find any quick info on this, and I didn't dive into details
>for this. So I put unknown in the license matrix :)
I updated it with my understanding of the situation: the libraries are 
part of the OS thus it inherits
the OS license. There is no problem with using these libraries with 
proprietary or MIT/BSD licensed
applications. Also GPL license allows using it with non-GPL libraries if 
the later is part of the OS.
It's clear that we have exactly that case thus there should be no 
problem too (unless MS change
license and restrict GPL programs from running on Windows all together :) ).

>Another issue on the documentation. It was not completely clear to me
>what could be regarded as supported by the mscrypto lib and what not,
>since I had the feeling in the support matrix are both core libxmlsec
>functionalities and crypto engine specific functionalities. 
Yes. These matrixes are taken from W3C interop pages for XMLDSig and 
XMLEnc. I feel that
using the same matrixes is a right thing because people may quickly 
compare functionality
for different xmlsec-<crypto> libraries with any other library listed on 
W3C interop pages. I checked
the pages for xmlsec-mscrypto and everything seems ok to me.

>Aleksey, could please apply the patch to the cvs branch? This time the
>patch is in UNIX format :) 
Cool! Thanks a lot! BTW, while applying your patch I found a couple 
files in docs/ folder with DOS
end of line which caused some problems :)

>I also discovered that I wrongly submitted the file mscerstore.c to
>src/mscrypto with the initial release of the mscrypto support. This file
>is not used, and can safely be removed (also from the cvs tree).
Done. File is removed.

>Have fun with the new code :)
As I wrote I hope to try it out tonight :)


More information about the xmlsec mailing list