[xmlsec] OpenSSL Gost support - final patch

Dmitry Belyavsky beldmit at gmail.com
Sat Sep 3 04:55:38 PDT 2011


Greetings!

I've found an linking error and now openssl xmlsec works with the
Russian GOST digital signature algorythm. Here is the patch.

The only known bugfeature is related with the absence of functions
determining whether the public key only or both private and public are
available in EVP_PKEY struct in modern openssl.

The result is compatible with gost mscrypto signature. Example test:

apps/.libs/xmlsec1 --verify --trusted-pem tests/keys/gost2001ca.pem
--verification-time "2006-04-01 00:00:00"
tests/aleksey-xmldsig-01/enveloped-gost.xml

works, the signature and digest are verified successfully.

The usage of GOST algorythms requires OpenSSL 1.0 or later. It should
be configured according to README.gost instructions. The library
should be builded with --enable-gost parameter.

I hope you'll find this patch suitable for distribution.

Thank you!

-- 
SY, Dmitry Belyavsky
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ossl_gost.diff.gz
Type: application/x-gzip
Size: 2745 bytes
Desc: not available
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20110903/1ec7e22f/attachment.bin>


More information about the xmlsec mailing list