MacOS Mojave 10.14.5, OpenSSL-1.1.1c (Macports-installed). Engines defined in the openssl.cnf file: ############# [engine_section] pkcs11 = pkcs11_section gost = gost_section [pkcs11_section] engine_id = pkcs11 dynamic_path = /opt/local/lib/engines-1.1/libpkcs11.so MODULE_PATH = /Library/OpenSC/lib/opensc-pkcs11.so init = 0 [gost_section] engine_id = gost dynamic_path = /opt/local/lib/engines-1.1/gost.dylib default_algorithms = ALL CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet init = 1 ############# Note, whether the above has "init = 1" or not, does not alter the outcome. Engine in question is "gost". First, the engine does not load automatically/dynamically. For "openssl dgst" I have to specify it explicitly, otherwise the algorithms it provides, are not available: $ openssl dgst -md_gost94 ~/LastTest.log dgst: Unrecognized flag md_gost94 dgst: Use -help for summary. $ openssl dgst -engine gost -md_gost94 ~/LastTest.log engine "gost" set. md_gost94(/Users/ur20980/LastTest.log)= e82e6e515c86851498eac606722b50b724b1f95952d4edb7202029f127751816 $ Second - even when I explicitly specify the engine, "openssl speed" refuses to recognize the ciphers provided by it, though "openssl enc" shows that it can access them: $ openssl speed -engine gost -evp gost89-cbc speed: gost89-cbc is an unknown cipher or digest $ openssl enc -engine gost -ciphers engine "gost" set. Supported ciphers: -aes-128-cbc -aes-128-cfb -aes-128-cfb1 -aes-128-cfb8 -aes-128-ctr -aes-128-ecb . . . . . -des3-wrap -desx -desx-cbc -gost89 -gost89-cbc -gost89-cnt -gost89-cnt-12 -grasshopper-cbc -grasshopper-cfb -grasshopper-ctr -grasshopper-ecb -grasshopper-ofb -id-aes128-wrap -id-aes128-wrap-pad -id-aes192-wrap Seems like a bug...? -- Regards, Uri
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
