[xmlsec] Thoughts on a new mscng backend

Aleksey Sanin aleksey at aleksey.com
Wed May 9 10:21:45 PDT 2018


Thanks for checking!

Aleksey

On 5/9/18 6:30 AM, Dmitry Belyavsky wrote:
> No, there is no GOST CNG-based backend.
> 
> On Mon, May 7, 2018 at 7:59 PM, Aleksey Sanin <aleksey at aleksey.com
> <mailto:aleksey at aleksey.com>> wrote:
> 
>     Thank you!
> 
>     Aleksey
> 
>     On 5/7/18 12:23 AM, Dmitry Belyavsky wrote:
>     > I'll ask whether there is any CNG-based GOST implementation.
>     > 
>     > On Sat, May 5, 2018 at 5:08 AM, Aleksey Sanin <aleksey at aleksey.com <mailto:aleksey at aleksey.com>
>     > <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>> wrote:
>     > 
>     >     Thanks for all the code you've wrote!
>     > 
>     >     I think the only area missing is GOST algorithms support. It
>     >     requires special configs/dlls on Windows so I don't know if
>     >     it is even available for MSCNG. May be someone on the list
>     >     has direct knowledge and can chime in?
>     > 
>     >     I was planning to ask you what would be the right time to do
>     >     an xmlsec release. Sounds like in a couple weeks is the right
>     >     timeline. I think it would be great to have others play with
>     >     mscng to find out any issues. But otherwise, it looks great!
>     > 
>     >     Aleksey
>     > 
>     >     On 5/4/18 8:33 AM, Miklos Vajna wrote:
>     >     > Hi,
>     >     >
>     >     > On Thu, Jan 04, 2018 at 03:24:51PM -0800, Aleksey Sanin
>     >     <aleksey at aleksey.com <mailto:aleksey at aleksey.com>
>     <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>> wrote:
>     >     >> That sounds like a great plan! I would recommend to use the
>     >     >> skeleton folder to start.
>     >     >
>     >     > Thanks for all the reviews, current master looks reasonable
>     to me
>     >     when I
>     >     > compare 'make check' output of the mscrypto and mscng backends:
>     >     >
>     >     > - 0 tests pass only on mscrypto
>     >     > - 126 tests pass on both mscrypto and mscng
>     >     > - 3 tests pass only on mscng (ecdsa signing with sha1/256/512)
>     >     >
>     >     > I wonder what else is missing so it could be claimed that
>     the mscng
>     >     > backend is more or less a drop-in replacement for the
>     mscrypto one.
>     >     > There are two things I can think of:
>     >     >
>     >     > - mscrypto supports reading your OS-level certificates and
>     use that
>     >     >   during e.g. signing.
>     >     >
>     >     > - There are a few functions which are part of the mscrypto
>     public API
>     >     >   (e.g. xmlSecMSCryptoX509StoreAdoptKeyStore()) and there is
>     no mscng
>     >     >   equivalent yet. Those are probably interesting as e.g.
>     LibreOffice
>     >     >   uses those functions.
>     >     >
>     >     > I plan to get to these two in the next few weeks. But is there
>     >     anything
>     >     > else larger missing?
>     >     >
>     >     > Thanks,
>     >     >
>     >     > Miklos
>     >     >
>     >     >
>     >     >
>     >     > _______________________________________________
>     >     > xmlsec mailing list
>     >     > xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>     <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>
>     >     > http://www.aleksey.com/mailman/listinfo/xmlsec
>     <http://www.aleksey.com/mailman/listinfo/xmlsec>
>     >     <http://www.aleksey.com/mailman/listinfo/xmlsec
>     <http://www.aleksey.com/mailman/listinfo/xmlsec>>
>     >     >
>     >     _______________________________________________
>     >     xmlsec mailing list
>     >     xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>     <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>
>     >     http://www.aleksey.com/mailman/listinfo/xmlsec
>     <http://www.aleksey.com/mailman/listinfo/xmlsec>
>     >     <http://www.aleksey.com/mailman/listinfo/xmlsec
>     <http://www.aleksey.com/mailman/listinfo/xmlsec>>
>     >
>     >
>     >
>     >
>     > --
>     > SY, Dmitry Belyavsky
> 
> 
> 
> 
> -- 
> SY, Dmitry Belyavsky


More information about the xmlsec mailing list