[xmlsec] OpenSSL Gost support - final patch

Aleksey Sanin aleksey at aleksey.com
Sat Sep 3 11:31:01 PDT 2011


Give me a few days to look at the patch first :)

Aleksey


On 9/3/11 11:29 AM, Dmitry Belyavsky wrote:
> Greetings!
>
> Thank you! If I can help you with test cases, i'l be glad.
>
> When do you plan to release a new version as production?
>
> On Sat, Sep 3, 2011 at 9:10 PM, Aleksey Sanin<aleksey at aleksey.com>  wrote:
>> Great, thank you! Let me take a look and I will definitely merge it.
>>
>>
>> Aleksey
>>
>> On 9/3/11 4:55 AM, Dmitry Belyavsky wrote:
>>
>> Greetings!
>>
>> I've found an linking error and now openssl xmlsec works with the
>> Russian GOST digital signature algorythm. Here is the patch.
>>
>> The only known bugfeature is related with the absence of functions
>> determining whether the public key only or both private and public are
>> available in EVP_PKEY struct in modern openssl.
>>
>> The result is compatible with gost mscrypto signature. Example test:
>>
>> apps/.libs/xmlsec1 --verify --trusted-pem tests/keys/gost2001ca.pem
>> --verification-time "2006-04-01 00:00:00"
>> tests/aleksey-xmldsig-01/enveloped-gost.xml
>>
>> works, the signature and digest are verified successfully.
>>
>> The usage of GOST algorythms requires OpenSSL 1.0 or later. It should
>> be configured according to README.gost instructions. The library
>> should be builded with --enable-gost parameter.
>>
>> I hope you'll find this patch suitable for distribution.
>>
>> Thank you!
>>
>>
>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
>
>


More information about the xmlsec mailing list