Re: openssl and pluggable engine digests

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

On 14.02.2023 17:07, Dmitry Belyavsky wrote:
Which engine do you use?
I'd strongly recommend using gost-engine
(https://github.com/gost-engine/engine) loading it via config.
Also I'm not sure that `streebog256` is supported - it's an alias, the
name is `md_gost12_256`

On Tue, Feb 14, 2023 at 1:01 PM Eugene M. Zheganin <eugene@xxxxxxxxx> wrote:

My bad, this is indeed  https://github.com/gost-engine/engine, I've just checked (phantom memories):

===Cut===
# git remote -v
origin  https://github.com/gost-engine/engine (fetch)
origin  https://github.com/gost-engine/engine (push) 
# git log | head -n 10  
commit b2b4d629f100eaee9f5942a106b1ccefe85b8808

Author: Dmitry Belyavskiy <beldmit@xxxxxxxxx>

Date:   Sat May 21 20:20:20 2022 +0200



    On unpacking key blob output buffer size should be fixed

     
    Related: CVE-2022-29242



commit 7df766124f87768b43b9e8947c5a01e17545772c

Author: Dmitry Belyavskiy <beldmit@xxxxxxxxx>

===Cut===

And I've also checked the md5 sum on gost.so, and it's compy in the build directory, so it's the same file:


# md5sum /home/emz/src/engine/build/bin/gost.so  
3464035a7a21ba47f2e0120e0ffb4af8  /home/emz/src/engine/build/bin/gost.so

# md5sum /usr/local/openssl-3.0.7/lib64/engines-3/gost.so  
3464035a7a21ba47f2e0120e0ffb4af8  /usr/local/openssl-3.0.7/lib64/engines-3/gost.s


===Cut===

# /usr/local/libressl/bin/openssl req -newkey gost2001 -pkeyopt dgst:md_gost12_256 -pkeyopt paramset:A -md_gost12_256 -nodes \
-subj "/C=Some/ST=Some/O=FooBar LLC/CN=Jane Doe/emailaddress=doe@xxxxxxx" -keyout /tmp/key.pem -out /tmp/csr.pem -utf8
Key parameter error "dgst:md_gost12_256" 
# /usr/local/libressl/bin/openssl req -engine gost -engine_impl gost -newkey gost2001 -pkeyopt dgst:md_gost12_256 \
-pkeyopt paramset:A -md_gost12_256 -nodes -subj "/C=Some/ST=Some/O=FooBar LLC/CN=Jane Doe/emailaddress=doe@xxxxxxx" -keyout /tmp/key.pem -out /tmp/csr.pem -utf8
Engine "gost" set.
req: Use -help for summary. 
# /usr/local/libressl/bin/openssl req -engine gost -newkey gost2001 -pkeyopt dgst:md_gost12_256 -pkeyopt paramset:A \
-md_gost12_256 -nodes -subj "/C=Some/ST=Some/O=FooBar LLC/CN=Jane Doe/emailaddress=doe@xxxxxxx" -keyout /tmp/key.pem -out /tmp/csr.pem -utf8                   
Engine "gost" set.
Key parameter error "dgst:md_gost12_256"

===Cut===

So, the problem persists at least on it's version from May, 2022. Is there any chance these commands will work on more recent version of the engine or do I completely misunderstand how they should be called ?

Engine is plugged in as:

===Cut===


[openssl_init]
engines = engine_section
providers = provider_sect

[engine_section]
gost = gost_section

[gost_section]
engine_id = gost
dynamic_path = /usr/local/openssl-3.0.7/lib64/engines-3/gost.so
default_algorithms = ALL

===Cut===

Thanks.

Eugene.


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux