[xmlsec] OpenSSL Gost support - final patch
Dmitry Belyavsky
beldmit at gmail.com
Tue Sep 6 20:52:16 PDT 2011
Greetings!
It seems to work. It's compatible with example provided before
(xmlsec1 --verify --trusted-pem tests/keys/gost2001ca.pem
--verification-time "2006-04-01 00:00:00"
tests/aleksey-xmldsig-01/enveloped-gost.xml is successful) and
self-compatible.
On Wed, Sep 7, 2011 at 2:32 AM, Aleksey Sanin <aleksey at aleksey.com> wrote:
> Dmitry,
>
> Thanks for your patch! I made a couple minor fixes and pushed the changes to
> git.
> I would appreciate if you try the git version to make sure everything is
> good and then
> I will be happy to do a release.
>
> Thanks again!
>
> Aleksey
>
> On 9/3/11 4:55 AM, Dmitry Belyavsky wrote:
>
> Greetings!
>
> I've found an linking error and now openssl xmlsec works with the
> Russian GOST digital signature algorythm. Here is the patch.
>
> The only known bugfeature is related with the absence of functions
> determining whether the public key only or both private and public are
> available in EVP_PKEY struct in modern openssl.
>
> The result is compatible with gost mscrypto signature. Example test:
>
> apps/.libs/xmlsec1 --verify --trusted-pem tests/keys/gost2001ca.pem
> --verification-time "2006-04-01 00:00:00"
> tests/aleksey-xmldsig-01/enveloped-gost.xml
>
> works, the signature and digest are verified successfully.
>
> The usage of GOST algorythms requires OpenSSL 1.0 or later. It should
> be configured according to README.gost instructions. The library
> should be builded with --enable-gost parameter.
>
> I hope you'll find this patch suitable for distribution.
>
> Thank you!
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
--
SY, Dmitry Belyavsky
More information about the xmlsec
mailing list