On Tue, Jun 25, 2019 at 5:56 AM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
>
> On Mon, 2019-06-24 at 23:11 +0300, Vitaly Chikunov wrote:
> > Mimi,
> >
> > On Mon, Jun 24, 2019 at 03:47:27PM -0400, Mimi Zohar wrote:
> > > On Mon, 2019-06-24 at 22:23 +0300, Vitaly Chikunov wrote:
> > > >
> > > > > > With and without this change, the sha family is working properly, but
> > > > > > with this patch set, I'm now seeing "sign_hash_v2: signing failed:
> > > > > > (invalid digest)" for gost/streebog. Previously it worked.
> > > >
> > > > If it worked before this is strange. It should not. What patchset
> > > > version it was?
> > >
> > > No, I'm saying that I built both openssl and the gost engine a while
> > > ago. There's been some gost engine updates since then, which are
> > > dependent on a newer version of openssl. So I'll need to rebuild both
> > > openssl and the gost engine in order to re-test.
> >
> > Hm. I don't see a difference in signing code.
> >
> > Only the difference is there was no `log_err("sign_hash_v2: signing
> > failed: (%s)\n", ...)` about singing failure, because, I thought, the
> > caller would report it anyway, because of `return -1`.
>
> Thanks, Vitaly, for all your help. It's now working properly.
>
> Mimi
>
I tested various generation and verification options and also backward
and forward compatibility.
Everything was fine for me....
--
Thanks,
Dmitry
