[xmlsec] xmlsec + openssl + GOST2012: patch

Nikolay Shaplov dhyan at nataraj.su
Fri Oct 3 10:11:06 PDT 2014


On Friday 03 October 2014 09:55:32 Aleksey Sanin wrote:
> Thanks! Let me take a look at the patch in the next couple weeks
> (sorry, swamped with other things right now...)
> 
> Nikolay, what is the right way to patch OpenSSL to support GOST2012?
I think Dmitry will answer that question better than me, 'cause I've got 
patched openssl version from him. 

> Are there any instructions I can follow?
The instructions for version Dmitry I hope will send you is same as they were  
for building with older gost. In Russian it is discribed here:
http://www.cryptocom.ru/opensource/openssl101.html 
Sorry, I still did not understand if you read/speak russian or not. If not, 
then use GOST building instuction from current stable openssl tarball.


Also you might find useful this link
http://tools.ietf.org/html/draft-chudov-cryptopro-cpxmldsig-09
it is a draft for RFC about GOST and xmlsec

> Best,
> 
> Aleksey
> 
> On 10/3/14, 12:43 AM, Dmitry Belyavsky wrote:
> > Hello Aleksey,
> > 
> > Nikolay was in contact with me during the implementation of the patch.
> > So the only significant problem I know is lack of support of GOST 2012
> > in OpenSSL upstream.
> > 
> > 
> > On Thu, Oct 2, 2014 at 11:07 PM, Aleksey Sanin <aleksey at aleksey.com
> > 
> > <mailto:aleksey at aleksey.com>> wrote:
> >     Thanks, Nikolay! I will review the patch shortly and I would love
> >     to hear what Dmitry thinks about it.
> >     
> >     Best,
> >     Aleksey
> >     
> >     On 10/2/14, 12:04 AM, Nikolay Shaplov wrote:
> >     > Hi!
> >     > 
> >     > Here is a patch that adds GOST2012 openssl support to xmlsec.
> >     > 
> >     > GOST2012 is not accepted in openssl right now, but there is several
> >     > proposed implementation.
> >     > 
> >     > You might need to change md_gost12_256 and md_gost12_512 to what
> >     > identifiers they used in certain openssl GOST2012 patch.
> >     > 
> >     > 
> >     > 
> >     > _______________________________________________ xmlsec mailing
> >     > list xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
> >     > http://www.aleksey.com/mailman/listinfo/xmlsec
> >     
> >     _______________________________________________
> >     xmlsec mailing list
> >     xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
> >     http://www.aleksey.com/mailman/listinfo/xmlsec
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20141003/410db8d7/attachment.sig>


More information about the xmlsec mailing list