[xmlsec] Thoughts on a new mscng backend

Aleksey Sanin aleksey at aleksey.com
Mon May 7 09:59:43 PDT 2018 

Thank you!

Aleksey

On 5/7/18 12:23 AM, Dmitry Belyavsky wrote:
> I'll ask whether there is any CNG-based GOST implementation.
> 
> On Sat, May 5, 2018 at 5:08 AM, Aleksey Sanin <aleksey at aleksey.com
> <mailto:aleksey at aleksey.com>> wrote:
> 
>     Thanks for all the code you've wrote!
> 
>     I think the only area missing is GOST algorithms support. It
>     requires special configs/dlls on Windows so I don't know if
>     it is even available for MSCNG. May be someone on the list
>     has direct knowledge and can chime in?
> 
>     I was planning to ask you what would be the right time to do
>     an xmlsec release. Sounds like in a couple weeks is the right
>     timeline. I think it would be great to have others play with
>     mscng to find out any issues. But otherwise, it looks great!
> 
>     Aleksey
> 
>     On 5/4/18 8:33 AM, Miklos Vajna wrote:
>     > Hi,
>     >
>     > On Thu, Jan 04, 2018 at 03:24:51PM -0800, Aleksey Sanin
>     <aleksey at aleksey.com <mailto:aleksey at aleksey.com>> wrote:
>     >> That sounds like a great plan! I would recommend to use the
>     >> skeleton folder to start.
>     >
>     > Thanks for all the reviews, current master looks reasonable to me
>     when I
>     > compare 'make check' output of the mscrypto and mscng backends:
>     >
>     > - 0 tests pass only on mscrypto
>     > - 126 tests pass on both mscrypto and mscng
>     > - 3 tests pass only on mscng (ecdsa signing with sha1/256/512)
>     >
>     > I wonder what else is missing so it could be claimed that the mscng
>     > backend is more or less a drop-in replacement for the mscrypto one.
>     > There are two things I can think of:
>     >
>     > - mscrypto supports reading your OS-level certificates and use that
>     >   during e.g. signing.
>     >
>     > - There are a few functions which are part of the mscrypto public API
>     >   (e.g. xmlSecMSCryptoX509StoreAdoptKeyStore()) and there is no mscng
>     >   equivalent yet. Those are probably interesting as e.g. LibreOffice
>     >   uses those functions.
>     >
>     > I plan to get to these two in the next few weeks. But is there
>     anything
>     > else larger missing?
>     >
>     > Thanks,
>     >
>     > Miklos
>     >
>     >
>     >
>     > _______________________________________________
>     > xmlsec mailing list
>     > xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>     > http://www.aleksey.com/mailman/listinfo/xmlsec
>     <http://www.aleksey.com/mailman/listinfo/xmlsec>
>     >
>     _______________________________________________
>     xmlsec mailing list
>     xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>     http://www.aleksey.com/mailman/listinfo/xmlsec
>     <http://www.aleksey.com/mailman/listinfo/xmlsec>
> 
> 
> 
> 
> -- 
> SY, Dmitry Belyavsky

More information about the xmlsec mailing list