<div dir="auto"><div>Hello, <br><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">пн, 22 июля 2019 г., 19:58 Blumenthal, Uri - 0553 - MITLL <<a href="mailto:uri@ll.mit.edu">uri@ll.mit.edu</a>>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple"><div class="m_-3072180460759479561WordSection1"><p class="MsoNormal" style="margin-left:.5in">Is this a full configuration file?<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">It certainly isn’t – but I figured I’d post only the relevant part of it, rather than “crowding” the mailing list with something unnecessary.<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Are there any other parts of the openssl.cnf that could be related to this issue, or help diagnose it’s cause?<u></u><u></u></p><p class="MsoNormal"><u></u> </p></div></div></blockquote></div></div><div dir="auto"><br></div><div dir="auto">Does your configuration file contain a header similar to described in the Gost engine documentation? If no, the gost section is not processed. </div><div dir="auto"><br></div><div dir="auto">I don't remember any significant changes in 1.1.1 engine processing, and it works with 1.0.2</div><div dir="auto"><br></div><div dir="auto">Sorry for brevity, I'll be able to look in more details only at the beginning of August. </div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple"><div class="m_-3072180460759479561WordSection1"><p class="MsoNormal"><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal" style="margin-left:.5in"><u></u> <u></u></p><div><div><p class="MsoNormal" style="margin-left:.5in">пт, 19 июля 2019 г., 21:09 Blumenthal, Uri - 0553 - MITLL <<a href="mailto:uri@ll.mit.edu" target="_blank" rel="noreferrer">uri@ll.mit.edu</a>>:<u></u><u></u></p></div><blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in"><p class="MsoNormal" style="margin-left:.5in">MacOS Mojave 10.14.5, OpenSSL-1.1.1c (Macports-installed).<br><br>Engines defined in the openssl.cnf file:<br><br>#############<br>[engine_section]<br>pkcs11 = pkcs11_section<br>gost = gost_section<br><br>[pkcs11_section]<br>engine_id = pkcs11<br>dynamic_path = /opt/local/lib/engines-1.1/libpkcs11.so<br>MODULE_PATH = /Library/OpenSC/lib/opensc-pkcs11.so<br>init = 0<br><br>[gost_section]<br>engine_id = gost<br>dynamic_path = /opt/local/lib/engines-1.1/gost.dylib<br>default_algorithms = ALL<br>CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet<br>init = 1<br>#############<br><br>Note, whether the above has "init = 1" or not, does not alter the outcome.<br><br>Engine in question is "gost". <br><br>First, the engine does not load automatically/dynamically. For "openssl dgst" I have to specify it explicitly, otherwise the algorithms it provides, are not available:<br><br>$ openssl dgst -md_gost94 ~/LastTest.log<br>dgst: Unrecognized flag md_gost94<br>dgst: Use -help for summary.<br>$ openssl dgst -engine gost -md_gost94 ~/LastTest.log<br>engine "gost" set.<br>md_gost94(/Users/ur20980/LastTest.log)= e82e6e515c86851498eac606722b50b724b1f95952d4edb7202029f127751816<br>$<br><br>Second - even when I explicitly specify the engine, "openssl speed" refuses to recognize the ciphers provided by it, though "openssl enc" shows that it can access them:<br><br>$ openssl speed -engine gost -evp gost89-cbc<br>speed: gost89-cbc is an unknown cipher or digest<br>$ openssl enc -engine gost -ciphers<br>engine "gost" set.<br>Supported ciphers:<br>-aes-128-cbc -aes-128-cfb -aes-128-cfb1 <br>-aes-128-cfb8 -aes-128-ctr -aes-128-ecb <br>. . . . .<br>-des3-wrap -desx -desx-cbc <br>-gost89 -gost89-cbc -gost89-cnt <br>-gost89-cnt-12 -grasshopper-cbc -grasshopper-cfb <br>-grasshopper-ctr -grasshopper-ecb -grasshopper-ofb <br>-id-aes128-wrap -id-aes128-wrap-pad -id-aes192-wrap<br><br><br>Seems like a bug...?<br>-- <br>Regards,<br>Uri<u></u><u></u></p></blockquote></div></div></div>
</blockquote></div></div></div>