I've succsessuflly implemented GOST 28147-89 symmetric transform. You can see alpha version of a patch.
I think i will add cfb suffix to all transform names, as gost98 works by default in cfb mode. And this mode is recommended. (cbc even has only custom implementation as it is out of standard) I also met an issue I'd like to discuss... cfb mode do not need padding. And for AES and DES encryption some strange efforts are made in openssl/ciphers.c in functions xmlSecOpenSSLEvpBlockCipherCtxUpdate xmlSecOpenSSLEvpBlockCipherCtxFinal So I've wrapped all padding code in if ((xmlSecKeyDataId*) ctx->keyId != (xmlSecKeyDataId*) xmlSecOpenSSLKeyDataGost28147_89Id) and everything work well now. I am not sure that it is the best way to do the trick... If this way is good enough I will indent code in proper way there. If not, tell me what way to use...
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
