[ldns-users] GOST algorithm validation does not work
Zbynek Michl
zbynek.michl at nic.cz
Thu Jul 1 17:13:18 UTC 2010
Yes, it is! I recompiled openssl with enable-static-engine and validation works
now :)
Regards,
Zbynek
On 1.7.2010 18:01, Zbynek Michl wrote:
> So the problem is probably in openssl. I use statically compiled
> libcrypto.a which does not include GOST functions...
>
> Zbynek
>
> On 1.7.2010 17:49, Zbynek Michl wrote:
>> Hi Wouter,
>>
>> On 1.7.2010 17:24, W.C.A. Wijngaards wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Hi Zbynek,
>>>
>>> Did you compile ldns with --enable-gost?
>>
>> Yes.
>>
>> export CFLAGS="-m64 -fPIC"
>> ./configure --enable-gost --with-ssl=../openssl-1.0.0a
>> make
>>
>>> Did openssl compile yourself
>>> (gost included by default),
>>
>> Yes.
>>
>> ./Configure linux-x86_64 shared -fPIC
>> make
>> make test
>>
>> or is openssl from the distro (is gost.so
>>> installed?)?
>>
>> No, I have sources from www.openssl.org.
>>
>>
>> Btw when I used ldns 1.6.3 without GOST and openssl 0.9.8l before, I got:
>> ldns_verify() result: Unknown cryptographic algorithm.
>> So there is some change... :)
>>
>> Regards,
>> Zbynek
>>
>>> Best regards,
>>> Wouter
>>>
>>> On 07/01/2010 04:45 PM, Zbynek Michl wrote:
>>>> Hi,
>>>>
>>>> I am trying to validate signed domain name using GOST algorithm, but
>>>> unsuccessfully (ldns r3283, openssl 1.0.0a).
>>>>
>>>> Here is an input of ldns_verify():
>>>>
>>>> www.m-system.net. 76874 IN A 69.64.81.2
>>>> www.m-system.net. 76874 IN RRSIG A 12 3 86400 20100723062450
>>>> 20100623062450 64666 m-system.net.
>>>> ZKhex8zNMVcLnHFHt31y5cOlngVWBHTH5AxhCK2VPK3Jz6RrvFK21F9thuMErAyIIFj0GLadJpNTEAuSkwzubA==
>>>>
>>>>
>>>> ;{id = 64666}
>>>> m-system.net. 76874 IN DNSKEY 256 3 12
>>>> vvJWsxH3J5IZ6YEcG1C+MaYGX/YwzIeFoIXgUOuGHx/fvet0SJefkPE0il40Sm4T4y5aYN8vyZLQgtJYiCYIbQ==
>>>>
>>>>
>>>> ;{id = 64666 (zsk), size = 512b}
>>>> m-system.net. 76874 IN DNSKEY 257 3 12
>>>> BDtDa2UxLe7cdDs9bX/X1Y/UXuhJnDrGDRuVQW0BBo8QF1Pr959WBI5QylNxyKp9Rm4yslb1hj4BQUEUWpOLWw==
>>>>
>>>>
>>>> ;{id = 27152 (ksk), size = 512b}
>>>>
>>>> ldns_verify() result: Bogus DNSSEC signature
>>>>
>>>> What could be wrong? Domain name signature should be OK as far as I
>>>> know.
>>>>
>>>> Thanks,
>>>> Zbynek
>>>> _______________________________________________
>>>> ldns-users mailing list
>>>> ldns-users at open.nlnetlabs.nl
>>>> http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v2.0.14 (GNU/Linux)
>>> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>>>
>>> iEYEARECAAYFAkwsszAACgkQkDLqNwOhpPhWggCglnFCfeNSXRr71RSmeo0UEV3C
>>> TOUAoKLK68S0/WGz9tOeIrNaTGCHSwtV
>>> =SwpL
>>> -----END PGP SIGNATURE-----
>>> _______________________________________________
>>> ldns-users mailing list
>>> ldns-users at open.nlnetlabs.nl
>>> http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
More information about the ldns-users
mailing list