[xmlsec] Re: GOST support in xmlsec

Dmitry Belyavsky beldmit at cryptocom.ru
Tue Feb 7 06:44:29 PST 2006


Greetings!

On Tue, 7 Feb 2006, Aleksey Sanin wrote:

> > Also a huge part of the patch contains end-of-line's unification - a lot
> > of lines in src/mscrypto contains \r\n in some but not all lines.
>
> Hi, Dmitry!
>
> Thanks for the patch! I'll take a look at it today. One request:
> can you send me a patch produced with "cvs diff -uw" command, please?
> I would like to separate the "interesting" part and fix end-of-lines
> problem separately.

Here it is.
Thank you!

-- 
SY, Dmitry Belyavsky (ICQ UIN 11116575)
-------------- next part --------------
Index: include/xmlsec/app.h
===================================================================
RCS file: /cvs/xmlsec/include/xmlsec/app.h,v
retrieving revision 1.1.1.1
retrieving revision 1.5
diff -u -w -r1.1.1.1 -r1.5
--- include/xmlsec/app.h	6 Dec 2005 09:29:17 -0000	1.1.1.1
+++ include/xmlsec/app.h	13 Dec 2005 14:31:46 -0000	1.5
@@ -66,6 +66,13 @@
 #define xmlSecKeyDataDsaId			xmlSecKeyDataDsaGetKlass()
 XMLSEC_EXPORT xmlSecKeyDataId			xmlSecKeyDataDsaGetKlass	(void);		
 /** 
+ * xmlSecKeyDataGost2001Id:
+ * 
+ * The GOST2001 key klass.
+ */
+#define xmlSecKeyDataGost2001Id			xmlSecKeyDataGost2001GetKlass()
+XMLSEC_EXPORT xmlSecKeyDataId			xmlSecKeyDataGost2001GetKlass	(void);		
+/** 
  * xmlSecKeyDataHmacId:
  * 
  * The DHMAC key klass.
@@ -177,6 +184,14 @@
 XMLSEC_EXPORT xmlSecTransformId			xmlSecTransformDsaSha1GetKlass	(void);	
 
 /**
+ * xmlSecTransformGost2001GostR3411_94Id:
+ * 
+ * The GOST2001-GOSTR3411_94 signature transform klass.
+ */
+#define xmlSecTransformGost2001GostR3411_94Id		xmlSecTransformGost2001GostR3411_94GetKlass()
+XMLSEC_EXPORT xmlSecTransformId			xmlSecTransformGost2001GostR3411_94GetKlass	(void);	
+
+/**
  * xmlSecTransformHmacMd5Id:
  * 
  * The HMAC with MD5 signature transform klass.
@@ -303,6 +318,13 @@
  */
 #define xmlSecTransformRsaOaepId		xmlSecTransformRsaOaepGetKlass()
 XMLSEC_EXPORT xmlSecTransformId			xmlSecTransformRsaOaepGetKlass	(void);	
+/**
+ * xmlSecTransformGostR3411_94Id:
+ * 
+ * The GOSTR3411_94 digest transform klass.
+ */
+#define xmlSecTransformGostR3411_94Id			xmlSecTransformGostR3411_94GetKlass()
+XMLSEC_EXPORT xmlSecTransformId			xmlSecTransformGostR3411_94GetKlass	(void);
 /**
  * xmlSecTransformSha1Id:
  * 
Index: include/xmlsec/private.h
===================================================================
RCS file: /cvs/xmlsec/include/xmlsec/private.h,v
retrieving revision 1.1.1.1
retrieving revision 1.6
diff -u -w -r1.1.1.1 -r1.6
--- include/xmlsec/private.h	6 Dec 2005 09:29:17 -0000	1.1.1.1
+++ include/xmlsec/private.h	13 Dec 2005 14:31:46 -0000	1.6
@@ -403,6 +403,7 @@
     xmlSecCryptoKeyDataGetKlassMethod		 keyDataAesGetKlass;
     xmlSecCryptoKeyDataGetKlassMethod		 keyDataDesGetKlass;
     xmlSecCryptoKeyDataGetKlassMethod		 keyDataDsaGetKlass;
+    xmlSecCryptoKeyDataGetKlassMethod		 keyDataGost2001GetKlass;
     xmlSecCryptoKeyDataGetKlassMethod		 keyDataHmacGetKlass;
     xmlSecCryptoKeyDataGetKlassMethod		 keyDataRsaGetKlass;
     xmlSecCryptoKeyDataGetKlassMethod		 keyDataX509GetKlass;
@@ -425,6 +426,7 @@
     xmlSecCryptoTransformGetKlassMethod		 transformDes3CbcGetKlass;
     xmlSecCryptoTransformGetKlassMethod		 transformKWDes3GetKlass;
     xmlSecCryptoTransformGetKlassMethod		 transformDsaSha1GetKlass;
+    xmlSecCryptoTransformGetKlassMethod		 transformGost2001GostR3411_94GetKlass;
     xmlSecCryptoTransformGetKlassMethod		 transformHmacMd5GetKlass;
     xmlSecCryptoTransformGetKlassMethod		 transformHmacRipemd160GetKlass;
     xmlSecCryptoTransformGetKlassMethod		 transformHmacSha1GetKlass;
@@ -443,6 +445,7 @@
     xmlSecCryptoTransformGetKlassMethod		 transformRsaSha512GetKlass;
     xmlSecCryptoTransformGetKlassMethod		 transformRsaPkcs1GetKlass;
     xmlSecCryptoTransformGetKlassMethod		 transformRsaOaepGetKlass;
+    xmlSecCryptoTransformGetKlassMethod		 transformGostR3411_94GetKlass;
     xmlSecCryptoTransformGetKlassMethod		 transformSha1GetKlass;
     xmlSecCryptoTransformGetKlassMethod		 transformSha224GetKlass;
     xmlSecCryptoTransformGetKlassMethod		 transformSha256GetKlass;
Index: include/xmlsec/strings.h
===================================================================
RCS file: /cvs/xmlsec/include/xmlsec/strings.h,v
retrieving revision 1.1.1.1
retrieving revision 1.5
diff -u -w -r1.1.1.1 -r1.5
--- include/xmlsec/strings.h	6 Dec 2005 09:29:17 -0000	1.1.1.1
+++ include/xmlsec/strings.h	13 Dec 2005 14:31:46 -0000	1.5
@@ -314,6 +314,18 @@
 
 /*************************************************************************
  *
+ * GOST2001 strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameGOST2001KeyValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeGOST2001KeyValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefGOST2001KeyValue[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameGost2001GostR3411_94[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefGost2001GostR3411_94[];
+
+/*************************************************************************
+ *
  * EncryptedKey
  *
  ************************************************************************/
@@ -448,6 +460,14 @@
 XMLSEC_EXPORT_VAR const xmlChar xmlSecNameRsaOaep[];
 XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefRsaOaep[];
 XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeRsaOAEPparams[];
+
+/*************************************************************************
+ *
+ * GOSTR3411_94 strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameGostR3411_94[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefGostR3411_94[];
 
 /*************************************************************************
  *
Index: include/xmlsec/templates.h
===================================================================
RCS file: /cvs/xmlsec/include/xmlsec/templates.h,v
retrieving revision 1.1.1.1
retrieving revision 1.3
diff -u -w -r1.1.1.1 -r1.3
--- include/xmlsec/templates.h	6 Dec 2005 09:29:17 -0000	1.1.1.1
+++ include/xmlsec/templates.h	15 Dec 2005 16:56:03 -0000	1.3
@@ -117,6 +117,8 @@
  *
  **********************************************************************/ 
 XMLSEC_EXPORT xmlNodePtr xmlSecTmplX509DataAddIssuerSerial	(xmlNodePtr x509DataNode);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplX509IssuerSerialAddIssuerName(xmlNodePtr x509IssuerSerialNode, const xmlChar* issuerName);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplX509IssuerSerialAddSerialNumber(xmlNodePtr x509IssuerSerialNode, const xmlChar* serial);
 XMLSEC_EXPORT xmlNodePtr xmlSecTmplX509DataAddSubjectName	(xmlNodePtr x509DataNode);
 XMLSEC_EXPORT xmlNodePtr xmlSecTmplX509DataAddSKI		(xmlNodePtr x509DataNode);
 XMLSEC_EXPORT xmlNodePtr xmlSecTmplX509DataAddCertificate	(xmlNodePtr x509DataNode);
Index: include/xmlsec/mscrypto/crypto.h
===================================================================
RCS file: /cvs/xmlsec/include/xmlsec/mscrypto/crypto.h,v
retrieving revision 1.1.1.1
retrieving revision 1.5
diff -u -w -r1.1.1.1 -r1.5
--- include/xmlsec/mscrypto/crypto.h	6 Dec 2005 09:29:17 -0000	1.1.1.1
+++ include/xmlsec/mscrypto/crypto.h	13 Dec 2005 14:31:46 -0000	1.5
@@ -80,6 +80,33 @@
 
 /********************************************************************
  *
+ * GOST2001 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_GOST
+
+/**
+ * xmlSecMSCryptoKeyDataGost2001Id:
+ * 
+ * The GOST2001 key klass.
+ */
+#define xmlSecMSCryptoKeyDataGost2001Id \
+	xmlSecMSCryptoKeyDataGost2001GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId 	xmlSecMSCryptoKeyDataGost2001GetKlass	(void);
+
+/**
+ * xmlSecMSCryptoTransformGost2001GostR3411_94Id:
+ * 
+ * The GOST2001 GOSTR3411_94 signature transform klass.
+ */
+#define xmlSecMSCryptoTransformGost2001GostR3411_94Id \
+	xmlSecMSCryptoTransformGost2001GostR3411_94GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformGost2001GostR3411_94GetKlass(void);
+
+#endif /* XMLSEC_NO_GOST */
+
+/********************************************************************
+ *
  * RSA transforms
  *
  *******************************************************************/
@@ -142,6 +169,23 @@
 	xmlSecMSCryptoTransformSha1GetKlass()
 XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformSha1GetKlass(void);
 #endif /* XMLSEC_NO_SHA1 */
+
+/********************************************************************
+ *
+ * GOSTR3411_94 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_GOST
+
+/**
+ * xmlSecMSCryptoTransformGostR3411_94Id:
+ * 
+ * The GOSTR3411_94 digest transform klass.
+ */
+#define xmlSecMSCryptoTransformGostR3411_94Id \
+	xmlSecMSCryptoTransformGostR3411_94GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformGostR3411_94GetKlass(void);
+#endif /* XMLSEC_NO_GOST */
 
 /********************************************************************
  *
Index: include/xmlsec/mscrypto/symbols.h
===================================================================
RCS file: /cvs/xmlsec/include/xmlsec/mscrypto/symbols.h,v
retrieving revision 1.1.1.1
retrieving revision 1.6
diff -u -w -r1.1.1.1 -r1.6
--- include/xmlsec/mscrypto/symbols.h	6 Dec 2005 09:29:17 -0000	1.1.1.1
+++ include/xmlsec/mscrypto/symbols.h	13 Dec 2005 14:31:46 -0000	1.6
@@ -36,6 +36,7 @@
 #define xmlSecKeyDataAesId			xmlSecMSCryptoKeyDataAesId
 #define xmlSecKeyDataDesId			xmlSecMSCryptoKeyDataDesId
 #define xmlSecKeyDataDsaId			xmlSecMSCryptoKeyDataDsaId
+#define xmlSecKeyDataGost2001Id			xmlSecMSCryptoKeyDataGost2001Id
 #define xmlSecKeyDataHmacId			xmlSecMSCryptoKeyDataHmacId
 #define xmlSecKeyDataRsaId			xmlSecMSCryptoKeyDataRsaId
 #define xmlSecKeyDataX509Id			xmlSecMSCryptoKeyDataX509Id
@@ -58,6 +59,7 @@
 #define xmlSecTransformDes3CbcId		xmlSecMSCryptoTransformDes3CbcId
 #define xmlSecTransformKWDes3Id			xmlSecMSCryptoTransformKWDes3Id
 #define xmlSecTransformDsaSha1Id		xmlSecMSCryptoTransformDsaSha1Id
+#define xmlSecTransformGost2001GostR3411_94Id		xmlSecMSCryptoTransformGost2001GostR3411_94Id
 #define xmlSecTransformHmacMd5Id		xmlSecMSCryptoTransformHmacMd5Id
 #define xmlSecTransformHmacRipemd160Id		xmlSecMSCryptoTransformHmacRipemd160Id
 #define xmlSecTransformHmacSha1Id		xmlSecMSCryptoTransformHmacSha1Id
@@ -66,6 +68,7 @@
 #define xmlSecTransformRsaPkcs1Id		xmlSecMSCryptoTransformRsaPkcs1Id
 #define xmlSecTransformRsaOaepId		xmlSecMSCryptoTransformRsaOaepId
 #define xmlSecTransformSha1Id			xmlSecMSCryptoTransformSha1Id
+#define xmlSecTransformGostR3411_94Id			xmlSecMSCryptoTransformGostR3411_94Id
 
 /**
  * High level routines form xmlsec command line utility
Index: src/app.c
===================================================================
RCS file: /cvs/xmlsec/src/app.c,v
retrieving revision 1.1.1.1
retrieving revision 1.5
diff -u -w -r1.1.1.1 -r1.5
--- src/app.c	6 Dec 2005 09:29:16 -0000	1.1.1.1
+++ src/app.c	13 Dec 2005 14:31:46 -0000	1.5
@@ -174,6 +174,29 @@
 }
 
 /** 
+ * xmlSecKeyDataGost2001GetKlass:
+ * 
+ * The GOST2001 key data klass.
+ *
+ * Returns GOST2001 key data klass or NULL if an error occurs
+ * (xmlsec-crypto library is not loaded or the GOST2001 key data
+ * klass is not implemented).
+ */
+xmlSecKeyDataId	
+xmlSecKeyDataGost2001GetKlass(void) {
+    if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataGost2001GetKlass == NULL)) {
+	xmlSecError(XMLSEC_ERRORS_HERE,
+		    NULL,
+		    "keyDataGost2001Id",
+		    XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+        return(xmlSecKeyDataIdUnknown);
+    }
+    
+    return(xmlSecCryptoDLGetFunctions()->keyDataGost2001GetKlass());
+}
+
+/** 
  * xmlSecKeyDataHmacGetKlass:
  * 
  * The HMAC key data klass.
@@ -506,6 +529,29 @@
 }
 
 /** 
+ * xmlSecTransformGost2001GostR3411_94GetKlass:
+ * 
+ * The GOST2001-GOSTR3411_94 signature transform klass.
+ *
+ * Returns GOST2001-GOSTR3411_94 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId 
+xmlSecTransformGost2001GostR3411_94GetKlass(void) {	
+    if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformGost2001GostR3411_94GetKlass == NULL)) {
+	xmlSecError(XMLSEC_ERRORS_HERE,
+		    NULL,
+		    "transformGost2001GostR3411_94Id",
+		    XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+        return(xmlSecTransformIdUnknown);
+    }
+    
+    return(xmlSecCryptoDLGetFunctions()->transformGost2001GostR3411_94GetKlass());
+}
+
+/** 
  * xmlSecTransformHmacMd5GetKlass:
  *
  * The HMAC-MD5 transform klass.
@@ -918,6 +964,30 @@
     
     return(xmlSecCryptoDLGetFunctions()->transformRsaOaepGetKlass());
 }
+
+/** 
+ * xmlSecTransformGostR3411_94GetKlass:
+ *
+ * GOSTR3411_94 digest transform klass.
+ *
+ * Returns pointer to GOSTR3411_94 digest transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId 
+xmlSecTransformGostR3411_94GetKlass(void) {
+    if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformGostR3411_94GetKlass == NULL)) {
+	xmlSecError(XMLSEC_ERRORS_HERE,
+		    NULL,
+		    "transformGostR3411_94Id",
+		    XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+        return(xmlSecTransformIdUnknown);
+    }
+    
+    return(xmlSecCryptoDLGetFunctions()->transformGostR3411_94GetKlass());
+}
+
 
 /** 
  * xmlSecTransformSha1GetKlass:
Index: src/dl.c
===================================================================
RCS file: /cvs/xmlsec/src/dl.c,v
retrieving revision 1.1.1.1
retrieving revision 1.5
diff -u -w -r1.1.1.1 -r1.5
--- src/dl.c	6 Dec 2005 09:29:16 -0000	1.1.1.1
+++ src/dl.c	13 Dec 2005 14:31:46 -0000	1.5
@@ -587,6 +587,14 @@
 		    XMLSEC_ERRORS_NO_MESSAGE);
 	return(-1);
     }
+    if((functions->keyDataGost2001GetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataGost2001GetKlass()) < 0)) {
+	xmlSecError(XMLSEC_ERRORS_HERE,
+		    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataGost2001GetKlass())),
+		    "xmlSecKeyDataIdsRegister",
+		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	return(-1);
+    }
     if((functions->keyDataHmacGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataHmacGetKlass()) < 0)) {
 	xmlSecError(XMLSEC_ERRORS_HERE,
 		    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataHmacGetKlass())),
@@ -696,6 +704,15 @@
 	return(-1);
     }    
 
+    if((functions->transformGost2001GostR3411_94GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformGost2001GostR3411_94GetKlass()) < 0) {
+	xmlSecError(XMLSEC_ERRORS_HERE,
+		    xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformGost2001GostR3411_94GetKlass())),
+		    "xmlSecTransformIdsRegister",
+		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	return(-1);
+    }    
+
     if((functions->transformDsaSha1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformDsaSha1GetKlass()) < 0) {
 	xmlSecError(XMLSEC_ERRORS_HERE,
 		    xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformDsaSha1GetKlass())),
@@ -861,6 +878,15 @@
     if((functions->transformRsaOaepGetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaOaepGetKlass()) < 0) {
 	xmlSecError(XMLSEC_ERRORS_HERE,
 		    xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaOaepGetKlass())),
+		    "xmlSecTransformIdsRegister",
+		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	return(-1);
+    }    
+
+    if((functions->transformGostR3411_94GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformGostR3411_94GetKlass()) < 0) {
+	xmlSecError(XMLSEC_ERRORS_HERE,
+		    xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformGostR3411_94GetKlass())),
 		    "xmlSecTransformIdsRegister",
 		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
 		    XMLSEC_ERRORS_NO_MESSAGE);
Index: src/strings.c
===================================================================
RCS file: /cvs/xmlsec/src/strings.c,v
retrieving revision 1.1.1.1
retrieving revision 1.5
diff -u -w -r1.1.1.1 -r1.5
--- src/strings.c	6 Dec 2005 09:29:16 -0000	1.1.1.1
+++ src/strings.c	13 Dec 2005 14:31:46 -0000	1.5
@@ -285,6 +285,21 @@
 
 /*************************************************************************
  *
+ * GOST2001 strings FIXME GOST
+ * This strings are not completely compatible with 
+ * draft-chudov-cryptopro-cpxmldsig-00.txt because implementation we use 
+ * supposes the keys are stored in X.509 certificates.
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameGOST2001KeyValue[]		= "gost2001";
+const xmlChar xmlSecNodeGOST2001KeyValue[]		= "GOST3410-2001-KeyValue";
+const xmlChar xmlSecHrefGOST2001KeyValue[]		= "http://www.w3.org/2000/09/xmldsig#GOST2001KeyValue";
+
+const xmlChar xmlSecNameGost2001GostR3411_94[]		= "gostr34102001-gostr3411";
+const xmlChar xmlSecHrefGost2001GostR3411_94[]		= "http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411";
+
+/*************************************************************************
+ *
  * DSA strings
  *
  ************************************************************************/
@@ -438,6 +453,14 @@
 const xmlChar xmlSecNameRsaOaep[]		= "rsa-oaep-mgf1p";
 const xmlChar xmlSecHrefRsaOaep[]		= "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
 const xmlChar xmlSecNodeRsaOAEPparams[]		= "OAEPparams";
+
+/*************************************************************************
+ *
+ * GOSTR3411_94 strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameGostR3411_94[]			= "gostr3411";
+const xmlChar xmlSecHrefGostR3411_94[]			= "http://www.w3.org/2001/04/xmldsig-more#gostr3411";
 
 /*************************************************************************
  *
Index: src/templates.c
===================================================================
RCS file: /cvs/xmlsec/src/templates.c,v
retrieving revision 1.1.1.1
retrieving revision 1.3
diff -u -w -r1.1.1.1 -r1.3
--- src/templates.c	6 Dec 2005 09:29:16 -0000	1.1.1.1
+++ src/templates.c	15 Dec 2005 16:56:04 -0000	1.3
@@ -1451,6 +1451,92 @@
 }
 
 /**
+ * xmlSecTmplX509IssuerSerialAddIssuerName:
+ * @x509IssuerSerialNode: 	the pointer to <dsig:X509IssuerSerial/> node.
+ * @issuerName:		the issuer name (optional).	
+ *
+ * Adds <dsig:X509IssuerName/> node to the <dsig:X509IssuerSerial/> node @x509IssuerSerialNode.
+ *
+ * Returns the pointer to the newly created <dsig:X509IssuerName/> node or
+ * NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplX509IssuerSerialAddIssuerName(xmlNodePtr x509IssuerSerialNode, const xmlChar* issuerName) {
+	xmlNodePtr res;
+	
+	xmlSecAssert2(x509IssuerSerialNode != NULL, NULL);
+	
+  if(xmlSecFindChild(x509IssuerSerialNode, xmlSecNodeX509IssuerName,
+				xmlSecDSigNs) != NULL) {
+	xmlSecError(XMLSEC_ERRORS_HERE,
+		    NULL,
+		    xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+		    XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	return(NULL);
+	}
+
+	res = xmlSecAddChild(x509IssuerSerialNode, xmlSecNodeX509IssuerName, xmlSecDSigNs);
+    if(res == NULL) {
+	xmlSecError(XMLSEC_ERRORS_HERE,
+		    NULL,
+		    "xmlSecAddChild",
+		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+		    "node=%s",
+		    xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+	return(NULL);	
+    }
+
+		if (issuerName != NULL) {
+			xmlNodeSetContent(res, issuerName);
+		}
+		return(res);
+}
+
+/**
+ * xmlSecTmplX509IssuerSerialAddIssuerName:
+ * @x509IssuerSerialNode: 	the pointer to <dsig:X509IssuerSerial/> node.
+ * @serial:		the serial number (optional).	
+ *
+ * Adds <dsig:X509SerialNumber/> node to the <dsig:X509IssuerSerial/> node @x509IssuerSerialNode.
+ *
+ * Returns the pointer to the newly created <dsig:X509SerialNumber/> node or
+ * NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplX509IssuerSerialAddSerialNumber(xmlNodePtr x509IssuerSerialNode, const xmlChar* serial) {
+	xmlNodePtr res;
+
+	xmlSecAssert2(x509IssuerSerialNode != NULL, NULL);
+
+	if(xmlSecFindChild(x509IssuerSerialNode, xmlSecNodeX509SerialNumber,
+				xmlSecDSigNs) != NULL) {
+		xmlSecError(XMLSEC_ERRORS_HERE,
+				NULL,
+				xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber),
+				XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+				XMLSEC_ERRORS_NO_MESSAGE);
+		return(NULL);
+	}
+
+	res = xmlSecAddChild(x509IssuerSerialNode, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
+	if(res == NULL) {
+		xmlSecError(XMLSEC_ERRORS_HERE,
+				NULL,
+				"xmlSecAddChild",
+				XMLSEC_ERRORS_R_XMLSEC_FAILED,
+				"node=%s",
+				xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+		return(NULL);	
+	}
+
+	if (serial != NULL) {
+		xmlNodeSetContent(res, serial);
+	}
+	return(res);
+}
+
+/**
  * xmlSecTmplX509DataAddSubjectName:
  * @x509DataNode: 	the pointer to <dsig:X509Data/> node.
  * 
Index: src/transforms.c
===================================================================
RCS file: /cvs/xmlsec/src/transforms.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -w -r1.1.1.1 -r1.2
--- src/transforms.c	6 Dec 2005 09:29:16 -0000	1.1.1.1
+++ src/transforms.c	16 Dec 2005 13:18:32 -0000	1.2
@@ -1510,7 +1510,7 @@
     if(id == xmlSecTransformIdUnknown) {
 	xmlSecError(XMLSEC_ERRORS_HERE,
 		    NULL,
-		    "xmlSecTransformIdsListFindByHref",
+		    "xmlSecTransformIdListFindByHref",
 		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
 		    "href=%s", 
 		    xmlSecErrorsSafeString(href));
Index: src/mscrypto/certkeys.c
===================================================================
RCS file: /cvs/xmlsec/src/mscrypto/certkeys.c,v
retrieving revision 1.1.1.1
retrieving revision 1.15
diff -u -w -r1.1.1.1 -r1.15
--- src/mscrypto/certkeys.c	6 Dec 2005 09:29:17 -0000	1.1.1.1
+++ src/mscrypto/certkeys.c	11 Jan 2006 10:08:16 -0000	1.15
@@ -13,6 +13,10 @@
 
 #include <windows.h>
 #include <wincrypt.h>
+#ifndef XMLSEC_NO_GOST
+#include "csp_oid.h"
+#include "csp_calg.h"
+#endif
 
 #include <xmlsec/xmlsec.h>
 #include <xmlsec/xmltree.h>
@@ -24,6 +28,7 @@
 
 #include <xmlsec/mscrypto/certkeys.h>
 #include <xmlsec/mscrypto/crypto.h>
+#include <xmlsec/mscrypto/x509.h>
 
 #define XMLSEC_CONTAINER_NAME "xmlsec-key-container"
 
@@ -427,7 +432,7 @@
         BOOL fCallerFreeProv = FALSE;
 
         if (!CryptAcquireCertificatePrivateKey(pCert, 
-					       CRYPT_ACQUIRE_USE_PROV_INFO_FLAG, 
+						CRYPT_ACQUIRE_COMPARE_KEY_FLAG, 
 					       NULL, 
 					       &hProv, 
 					       &(ctx->dwKeySpec), 
@@ -796,6 +801,20 @@
     }
 #endif /* XMLSEC_NO_DSA */	
 
+#ifndef XMLSEC_NO_GOST/* FIXME GOST if we don't use CryptoPro oids, we should change it*/
+    if (!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId,  szOID_MAGPRO_PUBKEY_SIGN_R3410_2001_CP) || !strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId,  szOID_MAGPRO_PUBKEY_SIGN_R3410_2001)) {
+	data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataGost2001Id);
+	if(data == NULL) {
+		xmlSecError(XMLSEC_ERRORS_HERE,
+	    		    NULL,
+			    "xmlSecKeyDataCreate",
+			    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+			    "xmlSecMSCryptoKeyDataGost2001Id");
+		return(NULL);	    
+	}
+    }
+#endif /* XMLSEC_NO_GOST*/	
+
     if (NULL == data) {
     	xmlSecError(XMLSEC_ERRORS_HERE,
 		    NULL,
@@ -2408,3 +2427,223 @@
 #endif /* XMLSEC_NO_DSA */
 
 
+#ifndef XMLSEC_NO_GOST
+/**************************************************************************
+ *
+ * GOST2001 xml key representation processing. Contain errors.
+ *
+ *************************************************************************/
+static int		xmlSecMSCryptoKeyDataGost2001Initialize(xmlSecKeyDataPtr data);
+static int		xmlSecMSCryptoKeyDataGost2001Duplicate(xmlSecKeyDataPtr dst,
+							 xmlSecKeyDataPtr src);
+static void		xmlSecMSCryptoKeyDataGost2001Finalize(xmlSecKeyDataPtr data);
+static int		xmlSecMSCryptoKeyDataGost2001XmlRead	(xmlSecKeyDataId id,
+							 xmlSecKeyPtr key,
+							 xmlNodePtr node,
+							 xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int		xmlSecMSCryptoKeyDataGost2001XmlWrite(xmlSecKeyDataId id,
+							 xmlSecKeyPtr key,
+							 xmlNodePtr node,
+							 xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int		xmlSecMSCryptoKeyDataGost2001Generate(xmlSecKeyDataPtr data,
+							 xmlSecSize sizeBits,
+							 xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecMSCryptoKeyDataGost2001GetType(xmlSecKeyDataPtr data);
+static xmlSecSize	 xmlSecMSCryptoKeyDataGost2001GetSize(xmlSecKeyDataPtr data);
+static void		 xmlSecMSCryptoKeyDataGost2001DebugDump(xmlSecKeyDataPtr data,
+							 FILE* output);
+static void		xmlSecMSCryptoKeyDataGost2001DebugXmlDump(xmlSecKeyDataPtr data,
+							 FILE* output);
+
+static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataGost2001Klass = {
+    sizeof(xmlSecKeyDataKlass),
+    xmlSecMSCryptoKeyDataSize,
+
+    /* data */
+    xmlSecNameGOST2001KeyValue,
+    xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, 
+					/* xmlSecKeyDataUsage usage; */
+    /*xmlSecHrefGOST2001KeyValue*/NULL,		/* const xmlChar* href; */
+    /*xmlSecNodeGOST2001KeyValue*/NULL,		/* const xmlChar* dataNodeName; */
+    xmlSecDSigNs,			/* const xmlChar* dataNodeNs; */
+    
+    /* constructors/destructor */
+    xmlSecMSCryptoKeyDataGost2001Initialize,	/* xmlSecKeyDataInitializeMethod initialize; */
+    xmlSecMSCryptoKeyDataGost2001Duplicate,	/* xmlSecKeyDataDuplicateMethod duplicate; */
+    xmlSecMSCryptoKeyDataGost2001Finalize,	/* xmlSecKeyDataFinalizeMethod finalize; */
+    NULL, /* xmlSecMSCryptoKeyDataGost2001Generate,*/	/* xmlSecKeyDataGenerateMethod generate; */
+    
+    /* get info */
+    xmlSecMSCryptoKeyDataGost2001GetType, 	/* xmlSecKeyDataGetTypeMethod getType; */
+    xmlSecMSCryptoKeyDataGost2001GetSize,	/* xmlSecKeyDataGetSizeMethod getSize; */
+    NULL,				/* xmlSecKeyDataGetIdentifier getIdentifier; */    
+
+    /* read/write */
+    NULL,	/* xmlSecKeyDataXmlReadMethod xmlRead; */
+    NULL,	/* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+    NULL,				/* xmlSecKeyDataBinReadMethod binRead; */
+    NULL,				/* xmlSecKeyDataBinWriteMethod binWrite; */
+
+    /* debug */
+    xmlSecMSCryptoKeyDataGost2001DebugDump,	/* xmlSecKeyDataDebugDumpMethod debugDump; */
+    xmlSecMSCryptoKeyDataGost2001DebugXmlDump,/* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+    /* reserved for the future */
+    NULL,				/* void* reserved0; */
+    NULL,				/* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoKeyDataGost2001GetKlass:
+ * 
+ * The GOST2001 key data klass.
+ *
+ * Returns pointer to GOST2001 key data klass.
+ */
+xmlSecKeyDataId 
+xmlSecMSCryptoKeyDataGost2001GetKlass(void) {
+    return(&xmlSecMSCryptoKeyDataGost2001Klass);
+}
+
+
+static int
+xmlSecMSCryptoKeyDataGost2001Initialize(xmlSecKeyDataPtr data) {
+    xmlSecMSCryptoKeyDataCtxPtr ctx;
+
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id), xmlSecKeyDataTypeUnknown);
+
+    xmlSecMSCryptoKeyDataInitialize(data);
+
+    ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+    xmlSecAssert2(ctx != NULL, -1);
+
+    ctx->providerName = "MagPro CSP";
+    ctx->providerType = PROV_MAGPRO_GOST;
+    
+    return(0);
+}
+
+static int
+xmlSecMSCryptoKeyDataGost2001Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecMSCryptoKeyDataGost2001Id), -1);
+    xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecMSCryptoKeyDataGost2001Id), -1);
+
+    return(xmlSecMSCryptoKeyDataDuplicate(dst, src));
+}
+
+static void
+xmlSecMSCryptoKeyDataGost2001Finalize(xmlSecKeyDataPtr data) {
+    xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id));
+    
+    xmlSecMSCryptoKeyDataFinalize(data);
+}
+
+#if 0
+static int
+xmlSecMSCryptoKeyDataGost2001Generate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+    xmlSecMSCryptoKeyDataCtxPtr ctx;
+    HCRYPTPROV hProv = 0; 
+    HCRYPTKEY hKey = 0;
+    DWORD dwKeySpec;
+    DWORD dwSize;
+    int res = -1;
+    int ret;
+
+    xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
+    xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), xmlSecKeyDataTypeUnknown);
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id), -1);
+    xmlSecAssert2(sizeBits > 0, -1);
+
+    ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+
+    if(!CryptAcquireContext(&hProv, XMLSEC_CONTAINER_NAME, ctx->providerName, ctx->providerType, 0)) {
+	    if (NTE_BAD_KEYSET == GetLastError()) {
+	        if(!CryptAcquireContext(&hProv, XMLSEC_CONTAINER_NAME, ctx->providerName, ctx->providerType, CRYPT_NEWKEYSET)) {
+		        xmlSecError(XMLSEC_ERRORS_HERE,
+			            xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+			            "CryptAcquireContext",
+			            XMLSEC_ERRORS_R_CRYPTO_FAILED,
+			            XMLSEC_ERRORS_NO_MESSAGE);
+		        return(-1);
+	        }
+	    } else {
+	        xmlSecError(XMLSEC_ERRORS_HERE,
+			    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+			    "CryptAcquireContext",
+			    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+			    XMLSEC_ERRORS_NO_MESSAGE);
+	        return(-1);
+	    }
+    }
+
+    dwKeySpec = AT_SIGNATURE;
+    dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE);
+    if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) {
+	    xmlSecError(XMLSEC_ERRORS_HERE,
+		        xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+		        "CryptGenKey",
+		        XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		        XMLSEC_ERRORS_NO_MESSAGE);
+	    goto done;
+    }
+
+    ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec, 
+	xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate);
+    if(ret < 0) {
+	    xmlSecError(XMLSEC_ERRORS_HERE,
+		        xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+		        "xmlSecMSCryptoKeyDataAdoptKey",
+		        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+		        XMLSEC_ERRORS_NO_MESSAGE);
+	    goto done;
+    }
+    hProv = 0;
+    hKey = 0;
+
+    /* success */
+    res = 0;
+
+done:
+    if (hProv != 0) {
+    	CryptReleaseContext(hProv, 0);
+    }
+
+    if (hKey != 0) {
+	    CryptDestroyKey(hKey);
+    }
+
+    return(res);
+}
+#endif
+static xmlSecKeyDataType
+xmlSecMSCryptoKeyDataGost2001GetType(xmlSecKeyDataPtr data) {
+    return(xmlSecMSCryptoKeyDataGetType(data));
+}
+
+static xmlSecSize 
+xmlSecMSCryptoKeyDataGost2001GetSize(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id), 0);
+
+    return xmlSecMSCryptoKeyDataGetSize(data);
+}
+
+static void 
+xmlSecMSCryptoKeyDataGost2001DebugDump(xmlSecKeyDataPtr data, FILE* output) {
+    xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id));
+    xmlSecAssert(output != NULL);
+    
+    fprintf(output, "=== dsa key: size = %d\n", 
+	    xmlSecMSCryptoKeyDataGost2001GetSize(data));
+}
+
+static void
+xmlSecMSCryptoKeyDataGost2001DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+    xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id));
+    xmlSecAssert(output != NULL);
+        
+    fprintf(output, "<GOST2001KeyValue size=\"%d\" />\n", 
+	    xmlSecMSCryptoKeyDataGost2001GetSize(data));
+}
+
+#endif /* XMLSEC_NO_GOST*/
Index: src/mscrypto/crypto.c
===================================================================
RCS file: /cvs/xmlsec/src/mscrypto/crypto.c,v
retrieving revision 1.1.1.1
retrieving revision 1.8
diff -u -w -r1.1.1.1 -r1.8
--- src/mscrypto/crypto.c	6 Dec 2005 09:29:16 -0000	1.1.1.1
+++ src/mscrypto/crypto.c	13 Dec 2005 14:31:46 -0000	1.8
@@ -69,6 +69,10 @@
     gXmlSecMSCryptoFunctions->keyDataDsaGetKlass 		= xmlSecMSCryptoKeyDataDsaGetKlass;
 #endif /* XMLSEC_NO_DSA */
 
+#ifndef XMLSEC_NO_GOST
+    gXmlSecMSCryptoFunctions->keyDataGost2001GetKlass 		= xmlSecMSCryptoKeyDataGost2001GetKlass;
+#endif /* XMLSEC_NO_GOST*/
+
 #ifndef XMLSEC_NO_X509
     gXmlSecMSCryptoFunctions->keyDataX509GetKlass 		= xmlSecMSCryptoKeyDataX509GetKlass;
     gXmlSecMSCryptoFunctions->keyDataRawX509CertGetKlass	= xmlSecMSCryptoKeyDataRawX509CertGetKlass;
@@ -103,10 +107,18 @@
     gXmlSecMSCryptoFunctions->transformDsaSha1GetKlass 		= xmlSecMSCryptoTransformDsaSha1GetKlass;
 #endif /* XMLSEC_NO_DSA */
 
+#ifndef XMLSEC_NO_GOST
+    gXmlSecMSCryptoFunctions->transformGost2001GostR3411_94GetKlass 		= xmlSecMSCryptoTransformGost2001GostR3411_94GetKlass;
+#endif /* XMLSEC_NO_GOST */
+
 #ifndef XMLSEC_NO_SHA1    
     gXmlSecMSCryptoFunctions->transformSha1GetKlass 		= xmlSecMSCryptoTransformSha1GetKlass;
 #endif /* XMLSEC_NO_SHA1 */
 
+#ifndef XMLSEC_NO_GOST    
+    gXmlSecMSCryptoFunctions->transformGostR3411_94GetKlass 		= xmlSecMSCryptoTransformGostR3411_94GetKlass;
+#endif /* XMLSEC_NO_GOST */
+
     /**
      * High level routines form xmlsec command line utility
      */ 
@@ -252,7 +264,7 @@
 	return(-1);
     }
 
-    if (FALSE == CryptAcquireContext(&hProv, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
+    if (FALSE == CryptAcquireContext(&hProv, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { /* FIXME GOST */
 	xmlSecError(XMLSEC_ERRORS_HERE,
 		    NULL,
 		    "CryptAcquireContext",
Index: src/mscrypto/csp_calg.h
===================================================================
RCS file: src/mscrypto/csp_calg.h
diff -N src/mscrypto/csp_calg.h
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ src/mscrypto/csp_calg.h	27 Dec 2005 10:18:04 -0000	1.2
@@ -0,0 +1,89 @@
+#ifndef CRYPTOCOM_CSP_CALG_H
+#define CRYPTOCOM_CSP_CALG_H
+
+#define ALG_TYPE_GR3410 (7 << 9)
+
+#define ALG_SID_MAGPRO_R3410_94			64
+#define ALG_SID_MAGPRO_R3410_94_EPHEM	65
+#define ALG_SID_MAGPRO_R3410_2001		66
+#define ALG_SID_MAGPRO_R3410_2001_EPHEM	67
+#define ALG_SID_MAGPRO_28147_89			68
+#define ALG_SID_GR3411					30
+#define ALG_SID_G28147					30
+
+#define ALG_SID_GR3410					30
+#define ALG_SID_DH_EX_SF				30
+#define ALG_SID_DH_EX_EPHEM				31
+#define ALG_SID_PRO_AGREEDKEY_DH		33
+#define ALG_SID_PRO_SIMMETRYKEY			34
+#define ALG_SID_GR3410EL				35
+#define ALG_SID_DH_EL_SF				36
+#define ALG_SID_DH_EL_EPHEM				37
+
+/*! \defgroup CALG_MAGPRO CALG_MAGPRO 
+ *  \brief ???????? CALG_MAGPRO
+ *
+ *  ?????? ???????? ????? ?????
+ * @{ 
+ */
+
+/*! ???????? ????? ????? */
+#define CALG_MAGPRO_SIGN_R3410_94       (ALG_CLASS_SIGNATURE | ALG_TYPE_GR3410 | ALG_SID_MAGPRO_R3410_94)
+/*! ???????? ????? ????? */
+#define CALG_MAGPRO_SIGN_R3410_2001     (ALG_CLASS_SIGNATURE | ALG_TYPE_GR3410 | ALG_SID_MAGPRO_R3410_2001)
+/*! ???????? ????? ????? */
+#define CALG_MAGPRO_DH_R3410_94         (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_MAGPRO_R3410_94)
+/*! ???????? ????? ????? */
+#define CALG_MAGPRO_DH_R3410_2001       (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_MAGPRO_R3410_2001)
+/*! ???????? ????? ????? */
+#define CALG_MAGPRO_DH_R3410_94_EPHEM   (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_MAGPRO_R3410_94_EPHEM)
+/*! ???????? ????? ????? */
+#define CALG_MAGPRO_DH_R3410_2001_EPHEM (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_MAGPRO_R3410_2001_EPHEM)
+/*! ???????? ????? ????? */
+#define CALG_MAGPRO_HASH_R3411_94       (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_GR3411)
+/*! ???????? ????? ????? */
+#define CALG_MAGPRO_HASH_28147_89       (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MAGPRO_28147_89)
+/*! ???????? ????? ????? */
+#define CALG_MAGPRO_ENCR_28147_89       (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_G28147)
+/*! ???????? ?? ????????? ????? ????? */
+#define CALG_GR3410						(ALG_CLASS_SIGNATURE | ALG_TYPE_GR3410 | ALG_SID_GR3410)
+/*! ???????? ?? ????????? ????? ????? */
+#define CALG_GR3410EL					(ALG_CLASS_SIGNATURE | ALG_TYPE_GR3410 | ALG_SID_GR3410EL)
+/*! ???????? ?? ????????? ????? ????? */
+#define CALG_DH_EX_SF					(ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_EX_SF)
+/*! ???????? ?? ????????? ????? ????? */
+#define CALG_DH_EX_EPHEM				(ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_EX_EPHEM)
+/*! ???????? ?? ????????? ????? ????? */
+#define CALG_DH_EL_SF					(ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_EL_SF)
+/*! ???????? ?? ????????? ????? ????? */
+#define CALG_DH_EL_EPHEM				(ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_EL_EPHEM)
+
+/*! @} */
+/*! \defgroup PROV_TYPE PROV_TYPE 
+ *  \brief ???????? PROV_MAGPRO_GOST
+ *
+ *  ?????? ???????? ????? ?????
+ * @{ 
+ */
+
+/*! ???????? ????? ????? */
+#define PROV_MAGPRO_GOST 501
+
+/*! @} */
+/*! \defgroup PP_MAGPRO PP_MAGPRO 
+ *  \brief ?????????????? ?????????
+ *
+ *  ?????? ???????? ????? ?????
+ * @{ 
+ */
+
+/*! ???????? ????? ????? */
+#define PP_RNGTYPE			201
+/*! ???????? ????? ????? */
+#define PP_RNGSHARED		202
+/*! ???????? ????? ????? */
+#define PP_SETUP_UI			203
+
+/*! @} */
+
+#endif //CRYPTOCOM_CSP_CALG_H
Index: src/mscrypto/csp_oid.h
===================================================================
RCS file: src/mscrypto/csp_oid.h
diff -N src/mscrypto/csp_oid.h
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ src/mscrypto/csp_oid.h	6 Dec 2005 13:50:53 -0000	1.1
@@ -0,0 +1,108 @@
+#ifndef CRYPTOCOM_OIDS_csp_H
+#define CRYPTOCOM_OIDS_csp_H
+/* Autogenerated from master.oid by oid2h.tcl */
+
+/*! \defgroup szOID_MAGPRO szOID_MAGPRO 
+ *  \brief ???????? OID-?? ?????????? ?????????? ????????????????? ????? (CSP)
+ *
+ *  ?????? ???????? ????? ?????
+ * @{ 
+ */
+
+/*! GOST 34.10-94 Diffie-Hellman algorithm Cryptocom LTD */
+#define szOID_MAGPRO_DH_R3410_94 "1.2.643.2.9.1.3.1"
+
+/*! GOST 34.10-2001 Diffie-Hellman algorithm Cryptocom LTD */
+#define szOID_MAGPRO_DH_R3410_2001 "1.2.643.2.9.1.3.2"
+
+/*  */
+#define szOID_MAGPRO_DH_R3410_94_EPHEM "1.2.643.2.9.1.3.1"
+
+/*  */
+#define szOID_MAGPRO_DH_R3410_2001_EPHEM "1.2.643.2.9.1.3.2"
+
+/*! GOST 34.10/11-94 digital signature algorithm Cryptocom LTD with digest */
+#define szOID_MAGPRO_SIGN_R3410_94 "1.2.643.2.9.1.3.3"
+
+/*! GOST 34.10-2001 digital signature algorithm with digest */
+#define szOID_MAGPRO_SIGN_R3410_2001 "1.2.643.2.9.1.3.4"
+
+/*! GOST 28147-89 MAC algorithm Cryptocom LTD */
+#define szOID_MAGPRO_HASH_28147_89 "1.2.643.2.9.1.4.1"
+
+/* ???? ?????? ??? ?????? */
+#define szOID_MAGPRO_PUBKEY_DH_R3410_94 "1.2.643.2.9.1.5.1"
+
+/* ???? ?????? ??? ?????? */
+#define szOID_MAGPRO_PUBKEY_DH_R3410_2001 "1.2.643.2.9.1.5.2"
+
+/*! GOST 34.10/11-94 digital signature algorithm Cryptocom LTD */
+#define szOID_MAGPRO_PUBKEY_SIGN_R3410_94 "1.2.643.2.9.1.5.3"
+
+/*! GOST 34.10-2001 digital signature algorithm */
+#define szOID_MAGPRO_PUBKEY_SIGN_R3410_2001 "1.2.643.2.9.1.5.4"
+
+/*! GOST 28147-89 encryption parameters */
+#define szOID_MAGPRO_PARAM_ENCR_28147_89 "1.2.643.2.9.1.6.1"
+
+/*! GOST 34.10-2001 public key parameters */
+#define szOID_MAGPRO_PARAM_PK_CC_01 "1.2.643.2.9.1.8.1"
+
+/*! GOST 28147-89 symmetric cipher Cryptocom LTD */
+#define szOID_MAGPRO_ENCR_28147_89 "1.2.643.2.2.21"
+
+/*! GOST 34.10-2001 digital signature algorithm CryptoPro LTD */
+#define szOID_MAGPRO_SIGN_R3410_2001_CP "1.2.643.2.2.3"
+
+/*! GOST 34.10/11-94 digital signature algorithm CryptoPro LTD */
+#define szOID_MAGPRO_SIGN_R3410_94_CP "1.2.643.2.2.4"
+
+/*! GOST 34.11-94 digest algorithm Cryptocom LTD */
+#define szOID_MAGPRO_HASH_R3411_94 "1.2.643.2.2.9"
+
+/*! GOST 34.10-2001 digital signature algorithm CryptoPro LTD public key */
+#define szOID_MAGPRO_PUBKEY_SIGN_R3410_2001_CP "1.2.643.2.2.19"
+
+/*! GOST 34.10/11-94 digital signature algorithm CryptoPro LTD public key */
+#define szOID_MAGPRO_PUBKEY_SIGN_R3410_94_CP "1.2.643.2.2.20"
+
+/*! GostR3411-94-CryptoProParamSet */
+#define szOID_MAGPRO_PARAM_HASH_3411_94 "1.2.643.2.2.30.1"
+
+/*! GostR3410-94-CryptoPro-A-ParamSet */
+#define szOID_MAGPRO_PARAM_PK_CC_94 "1.2.643.2.2.32.2"
+
+
+#define szOID_CP_PARAM_R3411_94_DEF "1.2.643.2.2.30.1"	/* ???? ? 34.11-94, ????????? ?? ????????? */
+#define szOID_CP_PARAM_R3411_94_1	"1.2.643.2.2.30.2"
+#define szOID_CP_PARAM_R3411_94_2	"1.2.643.2.2.30.3"
+#define szOID_CP_PARAM_R3411_94_3	"1.2.643.2.2.30.4"
+
+#define szOID_CP_PARAM_28147_89_DEF "1.2.643.2.2.31.1"	/* ???? 28147-89, ????????? ?? ????????? */
+#define szOID_CP_PARAM_28147_89_1	"1.2.643.2.2.31.2"	/* ???? 28147-89, ????????? ?????????? 1 */
+#define szOID_CP_PARAM_28147_89_2	"1.2.643.2.2.31.3" 	/* ???? 28147-89, ????????? ?????????? 2 */
+#define szOID_CP_PARAM_28147_89_3	"1.2.643.2.2.31.4"	/* ???? 28147-89, ????????? ?????????? 3 */
+#define szOID_CP_PARAM_28147_89_4	"1.2.643.2.2.31.5"	/* ???? 28147-89, ????????? ????? 1.1 */
+#define szOID_CP_PARAM_28147_89_5	"1.2.643.2.2.31.6"	/* ???? 28147-89, ????????? ????? 1.0 */
+#define szOID_CP_PARAM_28147_89_6	"1.2.643.2.2.31.7"	/* ???? 28147-89, ????????? ??? 1 */
+
+/* OID for Signature 1024*/
+#define szOID_CP_PARAM_PK_R3410_94_DEF  "1.2.643.2.2.32.2" 	/*VerbaO*/
+#define szOID_CP_PARAM_PK_R3410_94_S1   "1.2.643.2.2.32.3" 
+#define szOID_CP_PARAM_PK_R3410_94_S2   "1.2.643.2.2.32.4" 
+#define szOID_CP_PARAM_PK_R3410_94_S3   "1.2.643.2.2.32.5" 
+/* OID for DH 1024*/
+#define szOID_CP_PARAM_PK_R3410_94_E1   "1.2.643.2.2.33.1" 
+#define szOID_CP_PARAM_PK_R3410_94_E2   "1.2.643.2.2.33.2" 
+#define szOID_CP_PARAM_PK_R3410_94_E3   "1.2.643.2.2.33.3" 
+
+#define szOID_CP_PARAM_PK_R3410_2001_DEF "1.2.643.2.2.35.1"	/* ???? ? 34.10-2001, ????????? ?? ????????? */
+#define szOID_CP_PARAM_PK_R3410_2001_S0	 "1.2.643.2.2.35.2"	/* ???? ? 34.10-2001, ????????? ????? 2.x */
+#define szOID_CP_PARAM_PK_R3410_2001_S1	 "1.2.643.2.2.35.3"	/* ???? ? 34.10-2001, ????????? ??????? 1 */
+#define szOID_CP_PARAM_PK_R3410_2001_E0	 "1.2.643.2.2.36.0"	/* ???? ? 34.10-2001, ????????? ?????? ?? ????????? */
+#define szOID_CP_PARAM_PK_R3410_2001_E1	 "1.2.643.2.2.36.1"	/* ???? ? 34.10-2001, ????????? ?????? 1 */
+
+
+/*! @} */
+
+#endif
Index: src/mscrypto/digests.c
===================================================================
RCS file: /cvs/xmlsec/src/mscrypto/digests.c,v
retrieving revision 1.1.1.1
retrieving revision 1.7
diff -u -w -r1.1.1.1 -r1.7
--- src/mscrypto/digests.c	6 Dec 2005 09:29:17 -0000	1.1.1.1
+++ src/mscrypto/digests.c	27 Dec 2005 10:18:04 -0000	1.7
@@ -11,6 +11,9 @@
 #include <string.h>
 #include <windows.h>
 #include <wincrypt.h>
+#ifndef XMLSEC_NO_GOST
+#include "csp_calg.h"
+#endif
 
 #include <xmlsec/xmlsec.h>
 #include <xmlsec/keys.h>
@@ -63,6 +66,12 @@
     }
 #endif /* XMLSEC_NO_SHA1 */    
     
+#ifndef XMLSEC_NO_GOST
+    if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGostR3411_94Id)) {
+	return(1);
+    }
+#endif /* XMLSEC_NO_GOST*/    
+    
     return(0);
 }
 
@@ -85,6 +94,24 @@
     } else 
 #endif /* XMLSEC_NO_SHA1 */    
 
+#ifndef XMLSEC_NO_GOST
+    if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGostR3411_94Id)) {
+		ctx->alg_id = CALG_MAGPRO_HASH_R3411_94;
+
+    /* TODO: Check what provider is best suited here.... */
+    if (!CryptAcquireContext(&ctx->provider, NULL, 0, PROV_MAGPRO_GOST, CRYPT_VERIFYCONTEXT)) {
+	xmlSecError(XMLSEC_ERRORS_HERE, 
+		    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+		    NULL,
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	return(-1);
+    }
+
+    return(0);
+    } else 
+#endif /* XMLSEC_NO_GOST*/    
+
     {
 	xmlSecError(XMLSEC_ERRORS_HERE, 
 		    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
@@ -335,4 +362,48 @@
     return(&xmlSecMSCryptoSha1Klass);
 }
 #endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_GOST
+/******************************************************************************
+ *
+ * GOSTR3411_94
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoGostR3411_94Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),		/* size_t klassSize */
+    xmlSecMSCryptoDigestSize,			/* size_t objSize */
+
+    xmlSecNameGostR3411_94,				/* const xmlChar* name; */
+    xmlSecHrefGostR3411_94, 				/* const xmlChar* href; */
+    xmlSecTransformUsageDigestMethod,		/* xmlSecTransformUsage usage; */
+    xmlSecMSCryptoDigestInitialize,		/* xmlSecTransformInitializeMethod initialize; */
+    xmlSecMSCryptoDigestFinalize,		/* xmlSecTransformFinalizeMethod finalize; */
+    NULL,					/* xmlSecTransformNodeReadMethod readNode; */
+    NULL,					/* xmlSecTransformNodeWriteMethod writeNode; */
+    NULL,					/* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    NULL,					/* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecMSCryptoDigestVerify,			/* xmlSecTransformVerifyMethod verify; */
+    xmlSecTransformDefaultGetDataType,		/* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,		/* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,		/* xmlSecTransformPopBinMethod popBin; */
+    NULL,					/* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,					/* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecMSCryptoDigestExecute,		/* xmlSecTransformExecuteMethod execute; */    
+    NULL,					/* void* reserved0; */
+    NULL,					/* void* reserved1; */
+};
+
+/** 
+ * xmlSecMSCryptoTransformGostR3411_94GetKlass:
+ *
+ * GOSTR3411_94 digest transform klass.
+ *
+ * Returns pointer to GOSTR3411_94 digest transform klass.
+ */
+xmlSecTransformId 
+xmlSecMSCryptoTransformGostR3411_94GetKlass(void) {
+    return(&xmlSecMSCryptoGostR3411_94Klass);
+}
+#endif /* XMLSEC_NO_GOST*/
 
Index: src/mscrypto/signatures.c
===================================================================
RCS file: /cvs/xmlsec/src/mscrypto/signatures.c,v
retrieving revision 1.1.1.1
retrieving revision 1.8
diff -u -w -r1.1.1.1 -r1.8
--- src/mscrypto/signatures.c	6 Dec 2005 09:29:16 -0000	1.1.1.1
+++ src/mscrypto/signatures.c	27 Dec 2005 10:18:04 -0000	1.8
@@ -13,6 +13,9 @@
 
 #include <windows.h>
 #include <wincrypt.h>
+#ifndef XMLSEC_NO_GOST
+#include "csp_calg.h"
+#endif
 
 #include <xmlsec/xmlsec.h>
 #include <xmlsec/keys.h>
@@ -22,6 +25,7 @@
 #include <xmlsec/mscrypto/crypto.h>
 #include <xmlsec/mscrypto/symbols.h>
 #include <xmlsec/mscrypto/certkeys.h>
+#include <xmlsec/mscrypto/x509.h>
 
 /**************************************************************************
  *
@@ -74,6 +78,12 @@
     }
 #endif /* XMLSEC_NO_DSA */
 
+#ifndef XMLSEC_NO_GOST
+    if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2001GostR3411_94Id)) {
+	return(1);
+    }
+#endif /* XMLSEC_NO_GOST*/
+
 #ifndef XMLSEC_NO_RSA
     if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha1Id)) {
 	return(1);
@@ -101,6 +111,13 @@
     } else 
 #endif /* XMLSEC_NO_RSA */
 
+#ifndef XMLSEC_NO_GOST
+    if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2001GostR3411_94Id)) {
+	ctx->digestAlgId    = CALG_MAGPRO_HASH_R3411_94;
+	ctx->keyId	    = xmlSecMSCryptoKeyDataGost2001Id;
+    } else 
+#endif /* XMLSEC_NO_GOST*/
+
 #ifndef XMLSEC_NO_DSA
     if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformDsaSha1Id)) {
 	ctx->digestAlgId    = CALG_SHA1;
@@ -243,6 +260,13 @@
     	    *l-- = *j++;
 	    *m-- = *k++;
 	}
+    } else if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2001GostR3411_94Id)) {
+			/*FIXME GOST */
+	j = (BYTE *)data;
+	l = tmpBuf + dataSize - 1;
+	while (l >= tmpBuf) {
+	    *l-- = *j++;
+	}
     } else if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha1Id)) {
 	j = (BYTE *)data;
 	l = tmpBuf + dataSize - 1;
@@ -439,6 +463,14 @@
 		    *m-- = *i++;
 		    *n-- = *j++;
 		}
+    } else if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2001GostR3411_94Id)) {
+			/*FIXME GOST */
+		i = tmpBuf;
+		j = outBuf + dwSigLen - 1;
+
+		while (j >= outBuf) {
+		    *j-- = *i++;
+		}
 	    } else if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha1Id)) {
 		i = tmpBuf;
 		j = outBuf + dwSigLen - 1;
@@ -571,4 +603,52 @@
 }
 
 #endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_GOST
+/****************************************************************************
+ *
+ * GOST2001-GOSTR3411_94 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecMSCryptoGost2001GostR3411_94Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),		/* xmlSecSize klassSize */
+    xmlSecMSCryptoSignatureSize,	        /* xmlSecSize objSize */
+
+    xmlSecNameGost2001GostR3411_94,				/* const xmlChar* name; */
+    xmlSecHrefGost2001GostR3411_94, 				/* const xmlChar* href; */
+    xmlSecTransformUsageSignatureMethod,	/* xmlSecTransformUsage usage; */
+    
+    xmlSecMSCryptoSignatureInitialize,	        /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecMSCryptoSignatureFinalize,		/* xmlSecTransformFinalizeMethod finalize; */
+    NULL,					/* xmlSecTransformNodeReadMethod readNode; */
+    NULL,					/* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecMSCryptoSignatureSetKeyReq,		/* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    xmlSecMSCryptoSignatureSetKey,		/* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecMSCryptoSignatureVerify,		/* xmlSecTransformVerifyMethod verify; */
+    xmlSecTransformDefaultGetDataType,		/* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,		/* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,		/* xmlSecTransformPopBinMethod popBin; */
+    NULL,					/* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,					/* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecMSCryptoSignatureExecute,		/* xmlSecTransformExecuteMethod execute; */
+    
+    NULL,					/* void* reserved0; */
+    NULL,					/* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformGost2001GostR3411_94GetKlass:
+ * 
+ * The GOST2001-GOSTR3411_94 signature transform klass.
+ *
+ * Returns GOST2001-GOSTR3411_94 signature transform klass.
+ */
+xmlSecTransformId 
+xmlSecMSCryptoTransformGost2001GostR3411_94GetKlass(void) {
+    return(&xmlSecMSCryptoGost2001GostR3411_94Klass);
+}
+
+#endif /* XMLSEC_NO_GOST*/
 
Index: src/mscrypto/x509vfy.c
===================================================================
RCS file: /cvs/xmlsec/src/mscrypto/x509vfy.c,v
retrieving revision 1.1.1.1
retrieving revision 1.8
diff -u -w -r1.1.1.1 -r1.8
--- src/mscrypto/x509vfy.c	6 Dec 2005 09:29:16 -0000	1.1.1.1
+++ src/mscrypto/x509vfy.c	13 Jan 2006 18:50:48 -0000	1.8
@@ -261,34 +261,118 @@
     xmlFree(subject);
 }
 
+/**
+ @cert: the certificate we check
+ @pfTime: pointer to FILETIME that we are interested in
+ @store_untrusted: untrusted certificates added via API
+ @store_doc: untrusted certificates/CRLs extracted from a document
+ */
 static BOOL
-xmlSecMSCryptoX509StoreConstructCertsChain(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cert, HCERTSTORE certs, 
-			      xmlSecKeyInfoCtx* keyInfoCtx) {
-    xmlSecMSCryptoX509StoreCtxPtr ctx;
-    PCCERT_CONTEXT issuerCert = NULL;
-    FILETIME fTime;
-    DWORD flags;
+xmlSecBuildChainUsingWinapi (PCCERT_CONTEXT cert, LPFILETIME pfTime,
+		HCERTSTORE store_untrusted, HCERTSTORE store_doc)
+{
+	PCCERT_CHAIN_CONTEXT     pChainContext = NULL;
+	CERT_CHAIN_PARA          chainPara;
+	BOOL rc = FALSE;
+	HCERTSTORE store_add = NULL;
+
+	/* Initialize data structures. */
+
+	memset(&chainPara, 0, sizeof(CERT_CHAIN_PARA));
+	chainPara.cbSize = sizeof(CERT_CHAIN_PARA);
+
+	/* Create additional store for CertGetCertificateChain() */
+	store_add = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0, 0, NULL);
+	if (!store_add) {
+		xmlSecError(XMLSEC_ERRORS_HERE,
+					"chain additional collection store",
+					"CertOpenStore",
+					XMLSEC_ERRORS_R_CRYPTO_FAILED,
+					XMLSEC_ERRORS_NO_MESSAGE);
+		goto end;
+	}
+	if (!CertAddStoreToCollection(store_add, store_doc, 0, 0)) {
+		xmlSecError(XMLSEC_ERRORS_HERE,
+					"adding document store",
+					"CertAddStoreToCollection",
+					XMLSEC_ERRORS_R_CRYPTO_FAILED,
+					XMLSEC_ERRORS_NO_MESSAGE);
+		goto end;
+	}
+	if (!CertAddStoreToCollection(store_add, store_untrusted, 0, 0)) {
+		xmlSecError(XMLSEC_ERRORS_HERE,
+					"adding untrusted store",
+					"CertAddStoreToCollection",
+					XMLSEC_ERRORS_R_CRYPTO_FAILED,
+					XMLSEC_ERRORS_NO_MESSAGE);
+		goto end;
+	}
     
-    xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE);
-    xmlSecAssert2(cert != NULL, FALSE);
-    xmlSecAssert2(cert->pCertInfo != NULL, FALSE);
-    xmlSecAssert2(certs != NULL, FALSE);
-    xmlSecAssert2(keyInfoCtx != NULL, FALSE);
+	/* Build a chain using CertGetCertificateChain
+	 and the certificate retrieved. */
+	if(!CertGetCertificateChain(
+				NULL,                  /* use the default chain engine */
+				cert,
+				pfTime,
+				store_add,
+				&chainPara,
+				CERT_CHAIN_REVOCATION_CHECK_CHAIN,
+				NULL,
+				&pChainContext))
+	{
+    	xmlSecError(XMLSEC_ERRORS_HERE,
+		    "building certificate chain, checking root",
+		    "CertGetCertificateChain",
+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+		goto end;
+	}
+	if (pChainContext->TrustStatus.dwErrorStatus == CERT_TRUST_REVOCATION_STATUS_UNKNOWN) {
+		CertFreeCertificateChain(pChainContext); pChainContext = NULL;
+		if(!CertGetCertificateChain(
+			   NULL,                  /* use the default chain engine */
+			   cert,
+			   pfTime,
+			   store_add,
+			   &chainPara,
+			   CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT,
+			   NULL,
+			   &pChainContext))
+		{
+			xmlSecError(XMLSEC_ERRORS_HERE,
+						"building certificate chain, excluding root",
+						"CertGetCertificateChain",
+						XMLSEC_ERRORS_R_CRYPTO_FAILED,
+						XMLSEC_ERRORS_NO_MESSAGE);
+			goto end;
+		}
+	}
 
-    ctx = xmlSecMSCryptoX509StoreGetCtx(store);
-    xmlSecAssert2(ctx != NULL, FALSE);
-    xmlSecAssert2(ctx->trusted != NULL, FALSE);
-    xmlSecAssert2(ctx->untrusted != NULL, FALSE);
+	if (pChainContext->TrustStatus.dwErrorStatus == CERT_TRUST_NO_ERROR)
+		rc = TRUE;
 
-    if(keyInfoCtx->certsVerificationTime > 0) {
-	    /* convert the time to FILETIME */
-    	xmlSecMSCryptoUnixTimeToFileTime(keyInfoCtx->certsVerificationTime, &fTime);
-    } else {
-	    /* Defaults to current time */
-	    GetSystemTimeAsFileTime(&fTime);
+end:
+	if (pChainContext) CertFreeCertificateChain(pChainContext);
+	if (store_add) CertCloseStore(store_add, 0);
+	return (rc);
     }
 
-    if (!xmlSecMSCrypoVerifyCertTime(cert, &fTime)) {
+/**
+ @cert: the certificate we check
+ @pfTime: pointer to FILETIME that we are interested in
+ @store_trusted: trusted certificates added via API
+ @store_untrusted: untrusted certificates added via API
+ @certs: untrusted certificates/CRLs extracted from a document
+ @store: pointer to store klass passed to error functions
+ */
+static BOOL
+xmlSecMSCryptoBuildCertChainManually (PCCERT_CONTEXT cert, LPFILETIME pfTime,
+	HCERTSTORE store_trusted, HCERTSTORE store_untrusted, HCERTSTORE certs,
+	xmlSecKeyDataStorePtr store) {
+	PCCERT_CONTEXT issuerCert = NULL;
+    DWORD flags;
+
+    if (!xmlSecMSCrypoVerifyCertTime(cert, pfTime)) {
     	xmlSecMSCryptoX509StoreCertError(store, cert, CERT_STORE_TIME_VALIDITY_FLAG);
 	    return(FALSE);
     }
@@ -301,7 +385,7 @@
      * Try to find the cert in the trusted cert store. We will trust

      * the certificate in the trusted store.

 	 */

-    issuerCert = CertFindCertificateInStore(ctx->trusted, 

+    issuerCert = CertFindCertificateInStore(store_trusted, 
 			    X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,

 			    0,

 			    CERT_FIND_SUBJECT_NAME,

@@ -309,6 +393,8 @@
 			    NULL);

     if( issuerCert != NULL) {

 		/* We have found the trusted cert, so return true */

+	    /* todo: do we want to verify the trusted cert's revocation? we must,
+		 * I think */
 		CertFreeCertificateContext( issuerCert ) ;

 		return( TRUE ) ;

     }

@@ -319,7 +405,7 @@
     }

 
     /* try to find issuer cert in the trusted cert in the store */
-    issuerCert = CertFindCertificateInStore(ctx->trusted, 
+    issuerCert = CertFindCertificateInStore(store_trusted, 
 			    X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
 			    0,
 			    CERT_FIND_SUBJECT_NAME,
@@ -332,7 +418,8 @@
 	        CertFreeCertificateContext(issuerCert);
 	        return(FALSE);
         }
-	    /* todo: do we want to verify the trusted cert? */
+	    /* todo: do we want to verify the trusted cert? we must check
+		 * revocation, I think */
 	    CertFreeCertificateContext(issuerCert);
 	    return(TRUE);
     }
@@ -351,7 +438,7 @@
 	        CertFreeCertificateContext(issuerCert);
 	        return(FALSE);
         }
-    	if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) {
+    	if(!xmlSecMSCryptoBuildCertChainManually(cert, pfTime, store_trusted, store_untrusted, certs, store)) {
 	        xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
 	        CertFreeCertificateContext(issuerCert);
 	        return(FALSE);
@@ -361,7 +448,7 @@
     }
 
     /* try the untrusted certs in the store */
-    issuerCert = CertFindCertificateInStore(ctx->untrusted, 
+    issuerCert = CertFindCertificateInStore(store_untrusted, 
 			    X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
 			    0,
 			    CERT_FIND_SUBJECT_NAME,
@@ -374,7 +461,7 @@
 	        CertFreeCertificateContext(issuerCert);
 	        return(FALSE);
         }
-	    if(!xmlSecMSCryptoX509StoreConstructCertsChain(store, issuerCert, certs, keyInfoCtx)) {
+    	if(!xmlSecMSCryptoBuildCertChainManually(cert, pfTime, store_trusted, store_untrusted, certs, store)) {
 	        CertFreeCertificateContext(issuerCert);
 	        return(FALSE);
 	    }
@@ -385,6 +472,44 @@
     return(FALSE);
 }
 
+static BOOL
+xmlSecMSCryptoX509StoreConstructCertsChain(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cert, HCERTSTORE certs, 
+			      xmlSecKeyInfoCtx* keyInfoCtx) {
+    xmlSecMSCryptoX509StoreCtxPtr ctx;
+    PCCERT_CONTEXT tempCert = NULL;
+    FILETIME fTime;
+    
+    xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE);
+    xmlSecAssert2(cert != NULL, FALSE);
+    xmlSecAssert2(cert->pCertInfo != NULL, FALSE);
+    xmlSecAssert2(certs != NULL, FALSE);
+    xmlSecAssert2(keyInfoCtx != NULL, FALSE);
+
+    ctx = xmlSecMSCryptoX509StoreGetCtx(store);
+    xmlSecAssert2(ctx != NULL, FALSE);
+    xmlSecAssert2(ctx->trusted != NULL, FALSE);
+    xmlSecAssert2(ctx->untrusted != NULL, FALSE);
+
+    if(keyInfoCtx->certsVerificationTime > 0) {
+	    /* convert the time to FILETIME */
+    	xmlSecMSCryptoUnixTimeToFileTime(keyInfoCtx->certsVerificationTime, &fTime);
+    } else {
+	    /* Defaults to current time */
+	    GetSystemTimeAsFileTime(&fTime);
+    }
+
+	tempCert = CertEnumCertificatesInStore(ctx->trusted, NULL);
+	if (tempCert) {
+		/* If ctx->trusted has any certificated, we trust the user for
+		 * all the information about certificates... */
+		CertFreeCertificateContext(tempCert);
+		return xmlSecMSCryptoBuildCertChainManually(cert, &fTime, ctx->trusted, ctx->untrusted, certs, store);
+	} else {
+		/* ... otherwise we trust the system for trusted root certificates. */
+		return xmlSecBuildChainUsingWinapi(cert, &fTime, ctx->untrusted, certs);
+	}
+}
+
 /**
  * xmlSecMSCryptoX509StoreVerify:
  * @store:		the pointer to X509 certificate context store klass.
Index: src/skeleton/crypto.c
===================================================================
RCS file: /cvs/xmlsec/src/skeleton/crypto.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -w -r1.1.1.1 -r1.2
--- src/skeleton/crypto.c	6 Dec 2005 09:29:17 -0000	1.1.1.1
+++ src/skeleton/crypto.c	11 Jan 2006 13:30:24 -0000	1.2
@@ -64,6 +64,10 @@
     gXmlSecSkeletonFunctions->keyDataDsaGetKlass 	= xmlSecSkeletonKeyDataDsaGetKlass;
 #endif /* XMLSEC_NO_DSA */    
 
+#ifndef XMLSEC_NO_GOST
+    gXmlSecSkeletonFunctions->keyDataGost2001GetKlass 	= xmlSecSkeletonKeyDataGost2001GetKlass;
+#endif /* XMLSEC_NO_GOST */    
+
 #ifndef XMLSEC_NO_HMAC  
     gXmlSecSkeletonFunctions->keyDataHmacGetKlass 	= xmlSecSkeletonKeyDataHmacGetKlass;
 #endif /* XMLSEC_NO_HMAC */    
@@ -105,6 +109,10 @@
     gXmlSecSkeletonFunctions->transformDsaSha1GetKlass 		= xmlSecSkeletonTransformDsaSha1GetKlass;
 #endif /* XMLSEC_NO_DSA */
 
+#ifndef XMLSEC_NO_GOST
+    gXmlSecSkeletonFunctions->transformGost2001GostR3411_94GetKlass 		= xmlSecSkeletonTransformGost2001GostR3411_94GetKlass;
+#endif /* XMLSEC_GOST */
+
 #ifndef XMLSEC_NO_HMAC
     gXmlSecSkeletonFunctions->transformHmacSha1GetKlass 	= xmlSecSkeletonTransformHmacSha1GetKlass;
     gXmlSecSkeletonFunctions->transformHmacRipemd160GetKlass 	= xmlSecSkeletonTransformHmacRipemd160GetKlass;
@@ -124,6 +132,10 @@
 #ifndef XMLSEC_NO_SHA1    
     gXmlSecSkeletonFunctions->transformSha1GetKlass 		= xmlSecSkeletonTransformSha1GetKlass;
 #endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_GOST    
+    gXmlSecSkeletonFunctions->transformGostR3411_94GetKlass 		= xmlSecSkeletonTransformGostR3411_94GetKlass;
+#endif /* XMLSEC_NO_GOST */
 
     /**
      * High level routines form xmlsec command line utility


More information about the xmlsec mailing list