[xmlsec] GOST 28147-89 CFB && padding issue
Aleksey Sanin
aleksey at aleksey.com
Tue Mar 10 16:09:32 PDT 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Yeah, the XML Enc spec has a non-standard padding for AES/DES and
this is the reason for this code.
I would much prefer to add a flag customPadding to the struct
_xmlSecOpenSSLEvpBlockCipherCtx that would determine this and then
set this flag from the xmlSecOpenSSLEvpBlockCipherInitialize()
function. This is much cleaner.
Thanks,
Aleksey
On 3/10/15 12:13 PM, Nikolay Shaplov wrote:
>
> I've succsessuflly implemented GOST 28147-89 symmetric transform.
> You can see alpha version of a patch.
>
> I think i will add cfb suffix to all transform names, as gost98
> works by default in cfb mode. And this mode is recommended. (cbc
> even has only custom implementation as it is out of standard)
>
> I also met an issue I'd like to discuss...
>
> cfb mode do not need padding. And for AES and DES encryption some
> strange efforts are made in openssl/ciphers.c in functions
>
> xmlSecOpenSSLEvpBlockCipherCtxUpdate
> xmlSecOpenSSLEvpBlockCipherCtxFinal
>
> So I've wrapped all padding code in
>
> if ((xmlSecKeyDataId*) ctx->keyId != (xmlSecKeyDataId*)
> xmlSecOpenSSLKeyDataGost28147_89Id)
>
> and everything work well now.
>
> I am not sure that it is the best way to do the trick... If this
> way is good enough I will indent code in proper way there. If not,
> tell me what way to use...
>
>
>
> _______________________________________________ xmlsec mailing
> list xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJU/3msAAoJEEEbi2vACtCgM7YQAJq6DpXXHZiu9jLTCHT2030P
l97Yk3ExSWsKel86oUzeoPNCMKeT7BqY+tUZO5EuuimhZnTKWcFYxHbbBJzHsNwo
E7IA2D21zwEhX0O6Je6wEG0JTE4omGv98zcUsgOijX6dXQJ94kiiKILFEcLVrg9N
PHLxWr+gfHefkzXHDkaZcO5yXeo9SUyWsQfMEPg5bL1nHMGjIGjP0mhpFS6G4Z5v
z/23X5GY6zTBG51r4qjKKLjRTSdkZ25yiIO1nf+LJIpjQZEqOvNq0hZpkjs4oWCe
iuspvihuWdo1VbIEz8og08BLCL3H5Yh5yKx9CEl/7e3BOId4tW7yDh5Zczbue92/
KIQeQAmHNgntxVIFms+TqRswX9ORuEw7HNDH2i9QTmZnTcbo2rnMq+KkrZWKmyvq
Q1h8L496/Mp8S7MoP5V+7UKmaD9vAaUF5zJZ8FOsV4BLdCKX4SJ3WPNsrgT6VhsW
HFb5otgkoS8K8+LGY86N8Y5K8Tg8WUW6X/rCthqOUaMAD5OB3Xj9zn0fvHLWDGqI
N2TO+m+BMErni86BS0xL+s+5CzUG0ucZ8ZQzrovqKi1RLDE07H0Nib524xjsfPg8
4O42JaaF2q3E/jtltHrOp92HOq4EeFiInvcsajdyKWD3PNxhx4CGot9G/H68kPf1
gpGauYP+VLpFU6zcrE5X
=Ti+S
-----END PGP SIGNATURE-----
More information about the xmlsec
mailing list