[ldns-users] GOST algorithm validation does not work
W.C.A. Wijngaards
wouter at NLnetLabs.nl
Fri Jul 2 07:15:23 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Zbynek,
Good to hear that you solved it.
There is also a bugfix in the svn trunk of ldns that helps with
dynamically linked openssl - gost.so.
Best regards,
Wouter
On 07/01/2010 07:13 PM, Zbynek Michl wrote:
> Yes, it is! I recompiled openssl with enable-static-engine and
> validation works now :)
>
> Regards,
> Zbynek
>
> On 1.7.2010 18:01, Zbynek Michl wrote:
>> So the problem is probably in openssl. I use statically compiled
>> libcrypto.a which does not include GOST functions...
>>
>> Zbynek
>>
>> On 1.7.2010 17:49, Zbynek Michl wrote:
>>> Hi Wouter,
>>>
>>> On 1.7.2010 17:24, W.C.A. Wijngaards wrote:
> Hi Zbynek,
>
> Did you compile ldns with --enable-gost?
>>>>
>>>> Yes.
>>>>
>>>> export CFLAGS="-m64 -fPIC"
>>>> ./configure --enable-gost --with-ssl=../openssl-1.0.0a
>>>> make
>>>>
> Did openssl compile yourself
> (gost included by default),
>>>>
>>>> Yes.
>>>>
>>>> ./Configure linux-x86_64 shared -fPIC
>>>> make
>>>> make test
>>>>
>>>> or is openssl from the distro (is gost.so
> installed?)?
>>>>
>>>> No, I have sources from www.openssl.org.
>>>>
>>>>
>>>> Btw when I used ldns 1.6.3 without GOST and openssl 0.9.8l before, I
>>>> got:
>>>> ldns_verify() result: Unknown cryptographic algorithm.
>>>> So there is some change... :)
>>>>
>>>> Regards,
>>>> Zbynek
>>>>
> Best regards,
> Wouter
>
> On 07/01/2010 04:45 PM, Zbynek Michl wrote:
>>>>>> Hi,
>>>>>>
>>>>>> I am trying to validate signed domain name using GOST algorithm, but
>>>>>> unsuccessfully (ldns r3283, openssl 1.0.0a).
>>>>>>
>>>>>> Here is an input of ldns_verify():
>>>>>>
>>>>>> www.m-system.net. 76874 IN A 69.64.81.2
>>>>>> www.m-system.net. 76874 IN RRSIG A 12 3 86400 20100723062450
>>>>>> 20100623062450 64666 m-system.net.
>>>>>> ZKhex8zNMVcLnHFHt31y5cOlngVWBHTH5AxhCK2VPK3Jz6RrvFK21F9thuMErAyIIFj0GLadJpNTEAuSkwzubA==
>>>>>>
>>>>>>
>>>>>>
>>>>>> ;{id = 64666}
>>>>>> m-system.net. 76874 IN DNSKEY 256 3 12
>>>>>> vvJWsxH3J5IZ6YEcG1C+MaYGX/YwzIeFoIXgUOuGHx/fvet0SJefkPE0il40Sm4T4y5aYN8vyZLQgtJYiCYIbQ==
>>>>>>
>>>>>>
>>>>>>
>>>>>> ;{id = 64666 (zsk), size = 512b}
>>>>>> m-system.net. 76874 IN DNSKEY 257 3 12
>>>>>> BDtDa2UxLe7cdDs9bX/X1Y/UXuhJnDrGDRuVQW0BBo8QF1Pr959WBI5QylNxyKp9Rm4yslb1hj4BQUEUWpOLWw==
>>>>>>
>>>>>>
>>>>>>
>>>>>> ;{id = 27152 (ksk), size = 512b}
>>>>>>
>>>>>> ldns_verify() result: Bogus DNSSEC signature
>>>>>>
>>>>>> What could be wrong? Domain name signature should be OK as far as I
>>>>>> know.
>>>>>>
>>>>>> Thanks,
>>>>>> Zbynek
>>>>>> _______________________________________________
>>>>>> ldns-users mailing list
>>>>>> ldns-users at open.nlnetlabs.nl
>>>>>> http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
>
_______________________________________________
ldns-users mailing list
ldns-users at open.nlnetlabs.nl
http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
> _______________________________________________
> ldns-users mailing list
> ldns-users at open.nlnetlabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkwtkgsACgkQkDLqNwOhpPg/0gCgs7l/DRzodtNJD/fyivPi8oP2
AqgAn0M/lAMFYsDDGyytWNy3LMO6eus4
=8sod
-----END PGP SIGNATURE-----
More information about the ldns-users
mailing list