Greetings! The openssl gost engine is loaded, openssl uses it successfully.
OPENSSL_CONF=./apps/openssl.cnf ./apps/openssl dgst -md_gost94 file works correctly. OPENSSL_CONF=../openssl-1.0.0d/apps/openssl.cnf LD_LIBRARY_PATH=./src/openssl/.libs:./src/.libs ./apps/.libs/xmlsec1 --verify tests/aleksey-xmldsig-01/enveloped-gost.xml prints call trace: ----------- func=xmlSecOpenSSLEvpSignatureInitialize:file=signatures.c:line=225:obj=gostr34102001-gostr3411:subj=unknown:error=31:invalid transform: func=xmlSecTransformCreate:file=transforms.c:line=1436:obj=gostr34102001-gostr3411:subj=id-initialize:error=1:xmlsec library function failed: func=xmlSecTransformNodeRead:file=transforms.c:line=1568:obj=unknown:subj=xmlSecTransformCreate:error=1:xmlsec library function failed:transform=gostr34102001-gostr3411 func=xmlSecTransformCtxNodeRead:file=transforms.c:line=694:obj=unknown:subj=xmlSecTransformNodeRead:error=1:xmlsec library function failed:name=SignatureMethod func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=742:obj=unknown:subj=xmlSecTransformCtxNodeRead:error=1:xmlsec library function failed:node=SignatureMethod func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library function failed: func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: Error: signature failed ERROR SignedInfo References (ok/all): 0/0 Manifests References (ok/all): 0/0 Error: failed to verify file "tests/aleksey-xmldsig-01/enveloped-gost.xml" ---------- On Fri, Sep 2, 2011 at 8:35 PM, Aleksey Sanin <[email protected]> wrote: > I guess you need to configure openssl to load gost. From the error you > describe, it just can't find gost algorithm. > > Aleksey > > On 9/2/11 9:19 AM, Dmitry Belyavsky wrote: > > Greetings! > > Here is the incomplete patch to provide minimal support of GOST > digital signature and digests to OpenSSL-based version of the xmlsec. > Unfortunately, I didn't understand how to make it complete, though I > suppose I know what I've missed smth to make the library available to > sign... > > I try to test verifying file tests/aleksey-xmldsig/enveloped-gost.xml > with the xmlsec cmdline utility but the > EVP_get_digestbyname("md_gost94") returns NULL, though the gost > openssl engine is loaded. > > Can you show me what I'm missing? > > Thank you! > > On Fri, Sep 2, 2011 at 12:55 AM, Aleksey Sanin <[email protected]> wrote: > > There is GOST implementation for MS Crypto. > > Aleksey > > > On 9/1/11 1:13 PM, Dmitry Belyavsky wrote: > > Greetings! > > What does the phrase from log > > Test: /aleksey-xmldsig-01/enveloped-gost (success) > > mean? Has it really been tested? If so, I've just completed my > mission... If not, how can I enable this test for OpenSSL? > > Thank you! > On Thu, Aug 18, 2011 at 11:11 PM, Aleksey Sanin<[email protected]> > wrote: > > Sorry, I already forgot file names :) You don't need key transport. You > need > actual > key data implementation: see src/openssl/evp.c > > Aleksey > > > On 8/18/11 12:08 PM, Dmitry Belyavsky wrote: > > Greetings! > > Sorry, I don't understand. The Gost algorithm is DSA-like, not > RSA-like. Why should I implement the rsa-like transport?.. > > Thank you! > > On Thu, Aug 18, 2011 at 11:05 PM, Aleksey Sanin<[email protected]> > wrote: > > Yes. You don't need to do X509 certs but you need to define a key to > use > with the gost algorithm :) > > Aleksey > > > On 8/18/11 12:03 PM, Dmitry Belyavsky wrote: > > Greetings! > > Do you mean smth similar to src/openssl/kt_rsa.c? > I hope I don't need it using the X509 cert format. Am I wrong? > > On Thu, Aug 18, 2011 at 10:43 PM, Aleksey Sanin<[email protected]> > wrote: > > You also need to implement key type for gost keys. Take a look at how > RSA keys are done. > > Aleksey > > > On 8/18/11 11:39 AM, Dmitry Belyavsky wrote: > > Greetings! > > I'm implementing the Russian GOST support to OpenSSL-builded XMLSec. > I > have some questions. > > 1. The support is expected to be in X.509 format only. I hope that > linking against OpenSSL 1.0 will work good enough after I implement > the necessary transforms. When I run make check, I get the > following: > > > Test: /aleksey-xmldsig-01/enveloped-gost (success) > /home/beldmit/xmlsec1-1.2.18/apps/xmlsec1 check-transforms --crypto > openssl --crypto-config /tmp/xmlsec-crypto-config > enveloped-signature > gostr34102001-gostr3411 gostr3411 > Transforms "enveloped-signature" found > Transforms "gostr34102001-gostr3411" found > Transforms "gostr3411" found > /home/beldmit/xmlsec1-1.2.18/apps/xmlsec1 check-key-data --crypto > openssl --crypto-config /tmp/xmlsec-crypto-config gost > Error: key data "gost" not found > > How can I fix it? > > 2. I configure XMLSec with > > ./configure --with-openssl=/usr --with-pic=yes --enable-gost > But it seems to use static linking instead of using dynamic. How can > I > fix > it? > > Thank you! > > > > > > > _______________________________________________ > xmlsec mailing list > [email protected] > http://www.aleksey.com/mailman/listinfo/xmlsec > -- SY, Dmitry Belyavsky _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
