Ciphers provided by engine not accessible...?

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Fri Jul 19 18:09:02 UTC 2019 

MacOS Mojave 10.14.5, OpenSSL-1.1.1c (Macports-installed).

Engines defined in the openssl.cnf file:

#############
[engine_section]
pkcs11 = pkcs11_section
gost   = gost_section

[pkcs11_section]
engine_id = pkcs11
dynamic_path = /opt/local/lib/engines-1.1/libpkcs11.so
MODULE_PATH  = /Library/OpenSC/lib/opensc-pkcs11.so
init = 0

[gost_section]
engine_id = gost
dynamic_path = /opt/local/lib/engines-1.1/gost.dylib
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
init = 1
#############

Note, whether the above has "init = 1" or not, does not alter the outcome.

Engine in question is "gost". 

First, the engine does not load automatically/dynamically. For "openssl dgst" I have to specify it explicitly, otherwise the algorithms it provides, are not available:

$ openssl dgst -md_gost94 ~/LastTest.log
dgst: Unrecognized flag md_gost94
dgst: Use -help for summary.
$ openssl dgst -engine gost -md_gost94 ~/LastTest.log
engine "gost" set.
md_gost94(/Users/ur20980/LastTest.log)= e82e6e515c86851498eac606722b50b724b1f95952d4edb7202029f127751816
$

Second - even when I explicitly specify the engine, "openssl speed" refuses to recognize the ciphers provided by it, though "openssl enc" shows that it can access them:

$ openssl speed -engine gost -evp gost89-cbc
speed: gost89-cbc is an unknown cipher or digest
$ openssl enc -engine gost -ciphers
engine "gost" set.
Supported ciphers:
-aes-128-cbc               -aes-128-cfb               -aes-128-cfb1             
-aes-128-cfb8              -aes-128-ctr               -aes-128-ecb       
. . . . .
-des3-wrap                 -desx                      -desx-cbc                 
-gost89                    -gost89-cbc                -gost89-cnt               
-gost89-cnt-12             -grasshopper-cbc           -grasshopper-cfb          
-grasshopper-ctr           -grasshopper-ecb           -grasshopper-ofb          
-id-aes128-wrap            -id-aes128-wrap-pad        -id-aes192-wrap


Seems like a bug...?
-- 
Regards,
Uri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5249 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190719/35b3e114/attachment.bin>

More information about the openssl-users mailing list