[ldns-users] GOST algorithm validation does not work
Zbynek Michl
zbynek.michl at nic.cz
Thu Jul 1 16:01:28 UTC 2010
So the problem is probably in openssl. I use statically compiled libcrypto.a
which does not include GOST functions...
Zbynek
On 1.7.2010 17:49, Zbynek Michl wrote:
> Hi Wouter,
>
> On 1.7.2010 17:24, W.C.A. Wijngaards wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi Zbynek,
>>
>> Did you compile ldns with --enable-gost?
>
> Yes.
>
> export CFLAGS="-m64 -fPIC"
> ./configure --enable-gost --with-ssl=../openssl-1.0.0a
> make
>
>> Did openssl compile yourself
>> (gost included by default),
>
> Yes.
>
> ./Configure linux-x86_64 shared -fPIC
> make
> make test
>
> or is openssl from the distro (is gost.so
>> installed?)?
>
> No, I have sources from www.openssl.org.
>
>
> Btw when I used ldns 1.6.3 without GOST and openssl 0.9.8l before, I got:
> ldns_verify() result: Unknown cryptographic algorithm.
> So there is some change... :)
>
> Regards,
> Zbynek
>
>> Best regards,
>> Wouter
>>
>> On 07/01/2010 04:45 PM, Zbynek Michl wrote:
>>> Hi,
>>>
>>> I am trying to validate signed domain name using GOST algorithm, but
>>> unsuccessfully (ldns r3283, openssl 1.0.0a).
>>>
>>> Here is an input of ldns_verify():
>>>
>>> www.m-system.net. 76874 IN A 69.64.81.2
>>> www.m-system.net. 76874 IN RRSIG A 12 3 86400 20100723062450
>>> 20100623062450 64666 m-system.net.
>>> ZKhex8zNMVcLnHFHt31y5cOlngVWBHTH5AxhCK2VPK3Jz6RrvFK21F9thuMErAyIIFj0GLadJpNTEAuSkwzubA==
>>>
>>> ;{id = 64666}
>>> m-system.net. 76874 IN DNSKEY 256 3 12
>>> vvJWsxH3J5IZ6YEcG1C+MaYGX/YwzIeFoIXgUOuGHx/fvet0SJefkPE0il40Sm4T4y5aYN8vyZLQgtJYiCYIbQ==
>>>
>>> ;{id = 64666 (zsk), size = 512b}
>>> m-system.net. 76874 IN DNSKEY 257 3 12
>>> BDtDa2UxLe7cdDs9bX/X1Y/UXuhJnDrGDRuVQW0BBo8QF1Pr959WBI5QylNxyKp9Rm4yslb1hj4BQUEUWpOLWw==
>>>
>>> ;{id = 27152 (ksk), size = 512b}
>>>
>>> ldns_verify() result: Bogus DNSSEC signature
>>>
>>> What could be wrong? Domain name signature should be OK as far as I
>>> know.
>>>
>>> Thanks,
>>> Zbynek
>>> _______________________________________________
>>> ldns-users mailing list
>>> ldns-users at open.nlnetlabs.nl
>>> http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2.0.14 (GNU/Linux)
>> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>>
>> iEYEARECAAYFAkwsszAACgkQkDLqNwOhpPhWggCglnFCfeNSXRr71RSmeo0UEV3C
>> TOUAoKLK68S0/WGz9tOeIrNaTGCHSwtV
>> =SwpL
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> ldns-users mailing list
>> ldns-users at open.nlnetlabs.nl
>> http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
More information about the ldns-users
mailing list