[xmlsec] Thoughts on a new mscng backend

Aleksey Sanin aleksey at aleksey.com
Fri May 4 19:08:34 PDT 2018


Thanks for all the code you've wrote!

I think the only area missing is GOST algorithms support. It
requires special configs/dlls on Windows so I don't know if
it is even available for MSCNG. May be someone on the list
has direct knowledge and can chime in?

I was planning to ask you what would be the right time to do
an xmlsec release. Sounds like in a couple weeks is the right
timeline. I think it would be great to have others play with
mscng to find out any issues. But otherwise, it looks great!

Aleksey

On 5/4/18 8:33 AM, Miklos Vajna wrote:
> Hi,
> 
> On Thu, Jan 04, 2018 at 03:24:51PM -0800, Aleksey Sanin <aleksey at aleksey.com> wrote:
>> That sounds like a great plan! I would recommend to use the
>> skeleton folder to start.
> 
> Thanks for all the reviews, current master looks reasonable to me when I
> compare 'make check' output of the mscrypto and mscng backends:
> 
> - 0 tests pass only on mscrypto
> - 126 tests pass on both mscrypto and mscng
> - 3 tests pass only on mscng (ecdsa signing with sha1/256/512)
> 
> I wonder what else is missing so it could be claimed that the mscng
> backend is more or less a drop-in replacement for the mscrypto one.
> There are two things I can think of:
> 
> - mscrypto supports reading your OS-level certificates and use that
>   during e.g. signing.
> 
> - There are a few functions which are part of the mscrypto public API
>   (e.g. xmlSecMSCryptoX509StoreAdoptKeyStore()) and there is no mscng
>   equivalent yet. Those are probably interesting as e.g. LibreOffice
>   uses those functions.
> 
> I plan to get to these two in the next few weeks. But is there anything
> else larger missing?
> 
> Thanks,
> 
> Miklos
> 
> 
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
> 


More information about the xmlsec mailing list