[ldns-users] GOST algorithm validation does not work

Zbynek Michl zbynek.michl at nic.cz
Thu Jul 1 15:49:15 UTC 2010


Hi Wouter,

On 1.7.2010 17:24, W.C.A. Wijngaards wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Zbynek,
>
> Did you compile ldns with --enable-gost?

Yes.

export CFLAGS="-m64 -fPIC"
./configure --enable-gost --with-ssl=../openssl-1.0.0a
make

> Did openssl compile yourself
> (gost included by default),

Yes.

./Configure linux-x86_64 shared -fPIC
make
make test

or is openssl from the distro (is gost.so
> installed?)?

No, I have sources from www.openssl.org.


Btw when I used ldns 1.6.3 without GOST and openssl 0.9.8l before, I got:
ldns_verify() result: Unknown cryptographic algorithm.
So there is some change... :)

Regards,
Zbynek

> Best regards,
>     Wouter
>
> On 07/01/2010 04:45 PM, Zbynek Michl wrote:
>> Hi,
>>
>> I am trying to validate signed domain name using GOST algorithm, but
>> unsuccessfully (ldns r3283, openssl 1.0.0a).
>>
>> Here is an input of ldns_verify():
>>
>> www.m-system.net.    76874    IN    A    69.64.81.2
>> www.m-system.net.    76874    IN    RRSIG    A 12 3 86400 20100723062450
>> 20100623062450 64666 m-system.net.
>> ZKhex8zNMVcLnHFHt31y5cOlngVWBHTH5AxhCK2VPK3Jz6RrvFK21F9thuMErAyIIFj0GLadJpNTEAuSkwzubA==
>> ;{id = 64666}
>> m-system.net.    76874    IN    DNSKEY    256 3 12
>> vvJWsxH3J5IZ6YEcG1C+MaYGX/YwzIeFoIXgUOuGHx/fvet0SJefkPE0il40Sm4T4y5aYN8vyZLQgtJYiCYIbQ==
>> ;{id = 64666 (zsk), size = 512b}
>> m-system.net.    76874    IN    DNSKEY    257 3 12
>> BDtDa2UxLe7cdDs9bX/X1Y/UXuhJnDrGDRuVQW0BBo8QF1Pr959WBI5QylNxyKp9Rm4yslb1hj4BQUEUWpOLWw==
>> ;{id = 27152 (ksk), size = 512b}
>>
>> ldns_verify() result: Bogus DNSSEC signature
>>
>> What could be wrong? Domain name signature should be OK as far as I know.
>>
>> Thanks,
>> Zbynek
>> _______________________________________________
>> ldns-users mailing list
>> ldns-users at open.nlnetlabs.nl
>> http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkwsszAACgkQkDLqNwOhpPhWggCglnFCfeNSXRr71RSmeo0UEV3C
> TOUAoKLK68S0/WGz9tOeIrNaTGCHSwtV
> =SwpL
> -----END PGP SIGNATURE-----
> _______________________________________________
> ldns-users mailing list
> ldns-users at open.nlnetlabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/ldns-users



More information about the ldns-users mailing list