<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body>
<div class="BodyFragment"><font size="2"><span style="font-size:10pt;">
<div class="PlainText">Sure thing. Two files are attached. First, a patch to Net::DNS::SEC. Note that there are two other<br>
changes mixed in with this patch. (1) I think there was a bug with Digest::BubbleBabble being optional,<br>
and (2) I added support for SHA384 DS records. <br>
<br>
The second file is SEC/GOST.pm. It uses the Perl Inline module and some openssl calls to implement<br>
the GOST verification. One of the things I struggled with was the setting the DIRECTORY option when<br>
calling the Inline module. I think the default is to create something in the current directory and<br>
my particular application doesn't have a writable current directory. I don't know if the /var/tmp<br>
inline directory is very safe.<br>
<br>
Note that Digest::GOST::CryptoPro is used when generating DS records. If someone only wants to<br>
generate DS records, they can do that just in Perl. The Inline/openssl code is needed to validate<br>
signatures. I did not write any code to generate GOST signatures.<br>
<br>
<br>
<br>
</div>
</span></font></div>
<div class="BodyFragment"><font size="2"><span style="font-size:10pt;">
<div class="PlainText"><br>
<br>
<br>
<br>
<br>
<br>
On Oct 28, 2013, at 2:07 PM, Dick Franks <rwfranks@acm.org> wrote:<br>
<br>
> Duane,<br>
> <br>
> I would be interested to see your solution to this, even if it is not pretty.<br>
> <br>
> Dick Franks<br>
> ________________________<br>
> <br>
> <br>
> <br>
> On 16 January 2013 17:46, Wessels, Duane <dwessels@verisign.com> wrote:<br>
> On the subject of GOST, for what it's worth I also have code to validate GOST RRSIGs.<br>
> Since there doesn't seem to be a perl module that already does this, I resorted to<br>
> using the Inline module and calling the openssl library functions. Its not very<br>
> pretty but it does work. I can share it if there is interest, but I don't think it<br>
> fits very well into the Net::DNS::SEC package as-is.<br>
> <br>
> DW<br>
> _______________________________________________<br>
> net-dns-users mailing list<br>
> net-dns-users@nlnetlabs.nl<br>
> <a href="https://www.nlnetlabs.nl/mailman/listinfo/net-dns-users">https://www.nlnetlabs.nl/mailman/listinfo/net-dns-users</a><br>
> <br>
> _______________________________________________<br>
> net-dns-users mailing list<br>
> net-dns-users@nlnetlabs.nl<br>
> <a href="https://www.nlnetlabs.nl/mailman/listinfo/net-dns-users">https://www.nlnetlabs.nl/mailman/listinfo/net-dns-users</a><br>
<br>
</div>
</span></font></div>
</body>
</html>