Ciphers provided by engine not accessible...?
Dmitry Belyavsky
beldmit at gmail.com
Mon Jul 22 08:33:34 UTC 2019
Dear Uri,
Is this a full configuration file?
пт, 19 июля 2019 г., 21:09 Blumenthal, Uri - 0553 - MITLL <uri at ll.mit.edu>:
> MacOS Mojave 10.14.5, OpenSSL-1.1.1c (Macports-installed).
>
> Engines defined in the openssl.cnf file:
>
> #############
> [engine_section]
> pkcs11 = pkcs11_section
> gost = gost_section
>
> [pkcs11_section]
> engine_id = pkcs11
> dynamic_path = /opt/local/lib/engines-1.1/libpkcs11.so
> MODULE_PATH = /Library/OpenSC/lib/opensc-pkcs11.so
> init = 0
>
> [gost_section]
> engine_id = gost
> dynamic_path = /opt/local/lib/engines-1.1/gost.dylib
> default_algorithms = ALL
> CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
> init = 1
> #############
>
> Note, whether the above has "init = 1" or not, does not alter the outcome.
>
> Engine in question is "gost".
>
> First, the engine does not load automatically/dynamically. For "openssl
> dgst" I have to specify it explicitly, otherwise the algorithms it
> provides, are not available:
>
> $ openssl dgst -md_gost94 ~/LastTest.log
> dgst: Unrecognized flag md_gost94
> dgst: Use -help for summary.
> $ openssl dgst -engine gost -md_gost94 ~/LastTest.log
> engine "gost" set.
> md_gost94(/Users/ur20980/LastTest.log)=
> e82e6e515c86851498eac606722b50b724b1f95952d4edb7202029f127751816
> $
>
> Second - even when I explicitly specify the engine, "openssl speed"
> refuses to recognize the ciphers provided by it, though "openssl enc" shows
> that it can access them:
>
> $ openssl speed -engine gost -evp gost89-cbc
> speed: gost89-cbc is an unknown cipher or digest
> $ openssl enc -engine gost -ciphers
> engine "gost" set.
> Supported ciphers:
> -aes-128-cbc -aes-128-cfb -aes-128-cfb1
>
> -aes-128-cfb8 -aes-128-ctr -aes-128-ecb
> . . . . .
> -des3-wrap -desx -desx-cbc
>
> -gost89 -gost89-cbc -gost89-cnt
>
> -gost89-cnt-12 -grasshopper-cbc -grasshopper-cfb
>
> -grasshopper-ctr -grasshopper-ecb -grasshopper-ofb
>
> -id-aes128-wrap -id-aes128-wrap-pad -id-aes192-wrap
>
>
> Seems like a bug...?
> --
> Regards,
> Uri
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190722/b9d4a7fd/attachment.html>
More information about the openssl-users
mailing list