[xmlsec] OpenSSL Gost support - final patch

Aleksey Sanin aleksey at aleksey.com
Tue Sep 6 15:32:35 PDT 2011


Dmitry,

Thanks for your patch! I made a couple minor fixes and pushed the 
changes to git.
I would appreciate if you try the git version to make sure everything is 
good and then
I will be happy to do a release.

Thanks again!

Aleksey


On 9/3/11 4:55 AM, Dmitry Belyavsky wrote:
> Greetings!
>
> I've found an linking error and now openssl xmlsec works with the
> Russian GOST digital signature algorythm. Here is the patch.
>
> The only known bugfeature is related with the absence of functions
> determining whether the public key only or both private and public are
> available in EVP_PKEY struct in modern openssl.
>
> The result is compatible with gost mscrypto signature. Example test:
>
> apps/.libs/xmlsec1 --verify --trusted-pem tests/keys/gost2001ca.pem
> --verification-time "2006-04-01 00:00:00"
> tests/aleksey-xmldsig-01/enveloped-gost.xml
>
> works, the signature and digest are verified successfully.
>
> The usage of GOST algorythms requires OpenSSL 1.0 or later. It should
> be configured according to README.gost instructions. The library
> should be builded with --enable-gost parameter.
>
> I hope you'll find this patch suitable for distribution.
>
> Thank you!
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20110906/552e7ad7/attachment.html>


More information about the xmlsec mailing list