[openssl-dev] scrypt as a PKEY KDF
Johannes Bauer
dfnsonfsduifb at gmx.de
Sat Jul 22 18:26:56 UTC 2017
Hi list,
I've been trying for a while to get scrypt and PBKDF2 exposed via the
command line interface. My original attempt was rejected and I thought I
wouldn't care anymore. But then I picked it up and implemented the route
that Stephen suggested (https://github.com/openssl/openssl/pull/1533).
Surprisingly, it wasn't too difficult and I have a first shot that
somwhat works with scrypt. Much of the work was figuring out how/where
to properly register NIDs and such.
So now I do have two questions. First, could someone please provide
feedback if this is generally the correct way I'm going at it? Secondly,
I'm having a concrete and really bad issue: failing tests. I haven't
actually *added* tests for the scrypt PKEY yet and am seeing failing
tests in the PKEY facility at places that I haven't touched --
therefore, I'm completely clueless why this is happening. Concretely,
this is what I'm seeing:
$ TESTS=30 HARNESS_VERBOSE=1 make test
[...] # INFO: @ test/evp_test.c:2263
# recipes/30-test_evp_data/evpmac.txt:20: Source of above error;
unexpected error MAC_PKEY_CTX_ERROR
# 140208181980992:error:0609D09C:digital envelope
routines:int_ctx_new:unsupported algorithm:crypto/evp/pmeth_lib.c:130:
# ERROR: (ptr) 'genctx = EVP_PKEY_CTX_new_id(expected->type,
NULL) != NULL' failed @ test/evp_test.c:900
# 0x0
[...
# INFO: @ test/evp_test.c:2263
# recipes/30-test_evp_data/evppkey.txt:17379: Source of above
error; unexpected error DIGESTSIGNINIT_ERROR
# 139826426584896:error:0609D09C:digital envelope
routines:int_ctx_new:unsupported algorithm:crypto/evp/pmeth_lib.c:130:
# INFO: @ test/evp_test.c:2263
# recipes/30-test_evp_data/evppkey.txt:17386: Source of above
error; unexpected error DIGESTSIGNINIT_ERROR
# 139826426584896:error:0609D09C:digital envelope
routines:int_ctx_new:unsupported algorithm:crypto/evp/pmeth_lib.c:130:
They point to test source data of SipHash and somewhere in Ed25519 code.
Nothing I've touched in a mile. Yet, clearly, my branch is the source of
the error. So any pointers on what I messed up would be very much
appreciated.
You can view my code at
https://github.com/openssl/openssl/compare/master...johndoe31415:new_kdfs
Thanks for your time,
Cheers,
Johannes
More information about the openssl-dev
mailing list