Hi Mikhail,
On Sun, 2020-02-16 at 14:10 +0300, Mikhail Novosyolov wrote:
> LibreSSL in most cases can be used as a drop-in replacement of OpenSSL.
> Commit 07d799cb6c37 "ima-evm-utils: Preload OpenSSL engine via '--engine' option"
> added OpenSSL-specific functions: "engines" were removed from LibreSSL long ago.
> Instead of requiring to attach GOST support via an external library ("engine"),
> LibreSSL has build-in implementation of GOST.
>
> Commit ebbfc41ad6ba "ima-evm-utils: try to load digest by its alias" is also not OK
> for LibreSSL because LibreSSL uses different digest names:
> md_gost12_256 -> streebog256
> md_gost12_512 -> streebog512
>
> Example how it works when linked with LibreSSL:
> $ libressl dgst -streebog256 testfile
> streebog256(a)= 04123f539a213e97c802cc229d474c6aa32a825a360b2a933a949fd925208d9ce1bb
> $ evmctl -v ima_hash -a streebog256 testfile
> hash(streebog256): 04123f539a213e97c802cc229d474c6aa32a825a360b2a933a949fd925208d9ce1bb
> $ evmctl -v ima_hash -a md_gost12_256 testfile
> EVP_get_digestbyname(md_gost12_256) failed
>
> TODO: it would be nice to map
> md_gost12_256 <-> streebog256
> md_gost12_512 <-> streebog512
> in evmctl CLI arguements to make the same commands work on systems both
> where evmctl is linked with LibreSSL and with OpenSSL.
>
> Fixes: 07d799cb6c37 ("ima-evm-utils: Preload OpenSSL engine via '--engine' option")
> Fixes: ebbfc41ad6ba ("ima-evm-utils: try to load digest by its alias")
> Signed-off-by: Mikhail Novosyolov <m.novosyolov@xxxxxxxxxxxx>
Patches need to be posted as plain text, not Mime. Please use "git
format-patch" and "git send-email".
thanks,
Mimi
