Re: Ciphers provided by engine not accessible...?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello, 

пн, 22 июля 2019 г., 19:58 Blumenthal, Uri - 0553 - MITLL <uri@xxxxxxxxxx>:

Is this a full configuration file?

 

It certainly isn’t – but I figured I’d post only the relevant part of it, rather than “crowding” the mailing list with something unnecessary.

 

Are there any other parts of the openssl.cnf that could be related to this issue, or help diagnose it’s cause?

 


Does your configuration file contain a header similar to described in the Gost engine documentation? If no, the gost section is not processed. 

I don't remember any significant changes in 1.1.1 engine processing, and it works with 1.0.2

Sorry for brevity, I'll be able to look in more details only at the beginning of August. 

 

 

пт, 19 июля 2019 г., 21:09 Blumenthal, Uri - 0553 - MITLL <uri@xxxxxxxxxx>:

MacOS Mojave 10.14.5, OpenSSL-1.1.1c (Macports-installed).

Engines defined in the openssl.cnf file:

#############
[engine_section]
pkcs11 = pkcs11_section
gost   = gost_section

[pkcs11_section]
engine_id = pkcs11
dynamic_path = /opt/local/lib/engines-1.1/libpkcs11.so
MODULE_PATH  = /Library/OpenSC/lib/opensc-pkcs11.so
init = 0

[gost_section]
engine_id = gost
dynamic_path = /opt/local/lib/engines-1.1/gost.dylib
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
init = 1
#############

Note, whether the above has "init = 1" or not, does not alter the outcome.

Engine in question is "gost".

First, the engine does not load automatically/dynamically. For "openssl dgst" I have to specify it explicitly, otherwise the algorithms it provides, are not available:

$ openssl dgst -md_gost94 ~/LastTest.log
dgst: Unrecognized flag md_gost94
dgst: Use -help for summary.
$ openssl dgst -engine gost -md_gost94 ~/LastTest.log
engine "gost" set.
md_gost94(/Users/ur20980/LastTest.log)= e82e6e515c86851498eac606722b50b724b1f95952d4edb7202029f127751816
$

Second - even when I explicitly specify the engine, "openssl speed" refuses to recognize the ciphers provided by it, though "openssl enc" shows that it can access them:

$ openssl speed -engine gost -evp gost89-cbc
speed: gost89-cbc is an unknown cipher or digest
$ openssl enc -engine gost -ciphers
engine "gost" set.
Supported ciphers:
-aes-128-cbc               -aes-128-cfb               -aes-128-cfb1             
-aes-128-cfb8              -aes-128-ctr               -aes-128-ecb       
. . . . .
-des3-wrap                 -desx                      -desx-cbc                 
-gost89                    -gost89-cbc                -gost89-cnt               
-gost89-cnt-12             -grasshopper-cbc           -grasshopper-cfb         
-grasshopper-ctr           -grasshopper-ecb           -grasshopper-ofb         
-id-aes128-wrap            -id-aes128-wrap-pad        -id-aes192-wrap


Seems like a bug...?
--
Regards,
Uri


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux