Ciphers provided by engine not accessible...?

Dmitry Belyavsky beldmit at gmail.com
Mon Jul 22 18:22:12 UTC 2019


Great!

The CBC implementation was rather limited. If you have any specific
requirements, fill free to fill a bug report in the engine repo.

пн, 22 июля 2019 г., 21:16 Blumenthal, Uri - 0553 - MITLL <uri at ll.mit.edu>:

> Are there any other parts of the openssl.cnf that could be related to this
> issue, or help diagnose it’s cause?
> Does your configuration file contain a header similar to described in the
> Gost engine documentation? If no, the gost section is not processed.
>
> I don't remember any significant changes in 1.1.1 engine processing, and
> it works with 1.0.2
>
> Sorry for brevity, I'll be able to look in more details only at the
> beginning of August.
>
> Darn… You were right – that header (openssl_conf = openssl_def) was NOT
> present. Adding it resulted in success (with some error messages):
>
> $ openssl speed -engine gost -evp gost89-cbc
> engine "gost" set.
> Doing gost89-cbc for 3s on 16 size blocks: 13107440 gost89-cbc's in 2.99s
> Doing gost89-cbc for 3s on 64 size blocks: 3383428 gost89-cbc's in 3.00s
> Doing gost89-cbc for 3s on 256 size blocks: 849765 gost89-cbc's in 3.00s
> Doing gost89-cbc for 3s on 1024 size blocks: 211166 gost89-cbc's in 3.00s
> Doing gost89-cbc for 3s on 8192 size blocks: 26167 gost89-cbc's in 3.01s
> Doing gost89-cbc for 3s on 16384 size blocks: 13338 gost89-cbc's in 3.00s
> 4571538880:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng
> error:/Users/ur20980/src/engine/gost_crypt.c:671:
> 4571538880:error:0607C085:digital envelope
> routines:EVP_CIPHER_CTX_ctrl:ctrl operation not
> implemented:crypto/evp/evp_enc.c:628:
> 4571538880:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng
> error:/Users/ur20980/src/engine/gost_crypt.c:671:
> 4571538880:error:0607C085:digital envelope
> routines:EVP_CIPHER_CTX_ctrl:ctrl operation not
> implemented:crypto/evp/evp_enc.c:628:
> 4571538880:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng
> error:/Users/ur20980/src/engine/gost_crypt.c:671:
> 4571538880:error:0607C085:digital envelope
> routines:EVP_CIPHER_CTX_ctrl:ctrl operation not
> implemented:crypto/evp/evp_enc.c:628:
> 4571538880:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng
> error:/Users/ur20980/src/engine/gost_crypt.c:671:
> 4571538880:error:0607C085:digital envelope
> routines:EVP_CIPHER_CTX_ctrl:ctrl operation not
> implemented:crypto/evp/evp_enc.c:628:
> 4571538880:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng
> error:/Users/ur20980/src/engine/gost_crypt.c:671:
> 4571538880:error:0607C085:digital envelope
> routines:EVP_CIPHER_CTX_ctrl:ctrl operation not
> implemented:crypto/evp/evp_enc.c:628:
> 4571538880:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng
> error:/Users/ur20980/src/engine/gost_crypt.c:671:
> 4571538880:error:0607C085:digital envelope
> routines:EVP_CIPHER_CTX_ctrl:ctrl operation not
> implemented:crypto/evp/evp_enc.c:628:
> $ openssl speed -engine gost -evp grasshopper-cfb
> engine "gost" set.
> Doing grasshopper-cfb for 3s on 16 size blocks: 19210088 grasshopper-cfb's
> in 3.00s
> Doing grasshopper-cfb for 3s on 64 size blocks: 5210373 grasshopper-cfb's
> in 3.00s
> Doing grasshopper-cfb for 3s on 256 size blocks: 1320249 grasshopper-cfb's
> in 3.00s
> Doing grasshopper-cfb for 3s on 1024 size blocks: 328343 grasshopper-cfb's
> in 3.00s
> Doing grasshopper-cfb for 3s on 8192 size blocks: 41459 grasshopper-cfb's
> in 3.00s
> Doing grasshopper-cfb for 3s on 16384 size blocks: 20488 grasshopper-cfb's
> in 3.00s
> 4541392320:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng
> error:/Users/ur20980/src/engine/gost_grasshopper_cipher.c:558:
> 4541392320:error:0607C085:digital envelope
> routines:EVP_CIPHER_CTX_ctrl:ctrl operation not
> implemented:crypto/evp/evp_enc.c:628:
> 4541392320:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng
> error:/Users/ur20980/src/engine/gost_grasshopper_cipher.c:558:
> 4541392320:error:0607C085:digital envelope
> routines:EVP_CIPHER_CTX_ctrl:ctrl operation not
> implemented:crypto/evp/evp_enc.c:628:
> 4541392320:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng
> error:/Users/ur20980/src/engine/gost_grasshopper_cipher.c:558:
> 4541392320:error:0607C085:digital envelope
> routines:EVP_CIPHER_CTX_ctrl:ctrl operation not
> implemented:crypto/evp/evp_enc.c:628:
> 4541392320:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng
> error:/Users/ur20980/src/engine/gost_grasshopper_cipher.c:558:
> 4541392320:error:0607C085:digital envelope
> routines:EVP_CIPHER_CTX_ctrl:ctrl operation not
> implemented:crypto/evp/evp_enc.c:628:
> 4541392320:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng
> error:/Users/ur20980/src/engine/gost_grasshopper_cipher.c:558:
> 4541392320:error:0607C085:digital envelope
> routines:EVP_CIPHER_CTX_ctrl:ctrl operation not
> implemented:crypto/evp/evp_enc.c:628:
> 4541392320:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng
> error:/Users/ur20980/src/engine/gost_grasshopper_cipher.c:558:
> 4541392320:error:0607C085:digital envelope
> routines:EVP_CIPHER_CTX_ctrl:ctrl operation not
> implemented:crypto/evp/evp_enc.c:628:
> $
>
>
>
>
> пт, 19 июля 2019 г., 21:09 Blumenthal, Uri - 0553 - MITLL <mailto:
> uri at ll.mit.edu>:
> MacOS Mojave 10.14.5, OpenSSL-1.1.1c (Macports-installed).
>
> Engines defined in the openssl.cnf file:
>
> #############
> [engine_section]
> pkcs11 = pkcs11_section
> gost   = gost_section
>
> [pkcs11_section]
> engine_id = pkcs11
> dynamic_path = /opt/local/lib/engines-1.1/libpkcs11.so
> MODULE_PATH  = /Library/OpenSC/lib/opensc-pkcs11.so
> init = 0
>
> [gost_section]
> engine_id = gost
> dynamic_path = /opt/local/lib/engines-1.1/gost.dylib
> default_algorithms = ALL
> CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
> init = 1
> #############
>
> Note, whether the above has "init = 1" or not, does not alter the outcome.
>
> Engine in question is "gost".
>
> First, the engine does not load automatically/dynamically. For "openssl
> dgst" I have to specify it explicitly, otherwise the algorithms it
> provides, are not available:
>
> $ openssl dgst -md_gost94 ~/LastTest.log
> dgst: Unrecognized flag md_gost94
> dgst: Use -help for summary.
> $ openssl dgst -engine gost -md_gost94 ~/LastTest.log
> engine "gost" set.
> md_gost94(/Users/ur20980/LastTest.log)=
> e82e6e515c86851498eac606722b50b724b1f95952d4edb7202029f127751816
> $
>
> Second - even when I explicitly specify the engine, "openssl speed"
> refuses to recognize the ciphers provided by it, though "openssl enc" shows
> that it can access them:
>
> $ openssl speed -engine gost -evp gost89-cbc
> speed: gost89-cbc is an unknown cipher or digest
> $ openssl enc -engine gost -ciphers
> engine "gost" set.
> Supported ciphers:
> -aes-128-cbc               -aes-128-cfb               -aes-128-cfb1
>
> -aes-128-cfb8              -aes-128-ctr               -aes-128-ecb
> . . . . .
> -des3-wrap                 -desx                      -desx-cbc
>
> -gost89                    -gost89-cbc                -gost89-cnt
>
> -gost89-cnt-12             -grasshopper-cbc           -grasshopper-cfb
>
> -grasshopper-ctr           -grasshopper-ecb           -grasshopper-ofb
>
> -id-aes128-wrap            -id-aes128-wrap-pad        -id-aes192-wrap
>
>
> Seems like a bug...?
> --
> Regards,
> Uri
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190722/73c0cf89/attachment-0001.html>


More information about the openssl-users mailing list