<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">Hello, <br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 14.02.2023 17:07, Dmitry Belyavsky
wrote:
</div>
<blockquote type="cite"
cite="mid:CADqLbzJOVMjjypUkAti-H=8Lt=Pcwa27vBrUhRKVAOPJASf9uQ@mail.gmail.com">
<pre class="moz-quote-pre" wrap="">
Which engine do you use?
I'd strongly recommend using gost-engine
(<a class="moz-txt-link-freetext" href="https://github.com/gost-engine/engine">https://github.com/gost-engine/engine</a>) loading it via config.
Also I'm not sure that `streebog256` is supported - it's an alias, the
name is `md_gost12_256`
On Tue, Feb 14, 2023 at 1:01 PM Eugene M. Zheganin <a class="moz-txt-link-rfc2396E" href="mailto:eugene@zhegan.in"><eugene@zhegan.in></a> wrote:
</pre>
</blockquote>
<p>My bad, this is indeed <a class="moz-txt-link-freetext" href="https://github.com/gost-engine/engine">https://github.com/gost-engine/engine</a>,
I've just checked (phantom memories):</p>
<pre>
<span style="font-family:monospace"><span style="color:#000000;background-color:#ffffff;">===Cut===
# git remote -v</span><span style="color:#000000;background-color:#ffffff;">
origin <a class="moz-txt-link-freetext" href="https://github.com/gost-engine/engine">https://github.com/gost-engine/engine</a> (fetch)</span>
origin <a class="moz-txt-link-freetext" href="https://github.com/gost-engine/engine">https://github.com/gost-engine/engine</a> (push) </span></pre>
<pre><span style="font-family:monospace"><span style="color:#000000;background-color:#ffffff;"># git log | head -n 10 </span>
commit b2b4d629f100eaee9f5942a106b1ccefe85b8808
Author: Dmitry Belyavskiy <a class="moz-txt-link-rfc2396E" href="mailto:beldmit@gmail.com"><beldmit@gmail.com></a>
Date: Sat May 21 20:20:20 2022 +0200
On unpacking key blob output buffer size should be fixed
Related: CVE-2022-29242
commit 7df766124f87768b43b9e8947c5a01e17545772c
Author: Dmitry Belyavskiy <a class="moz-txt-link-rfc2396E" href="mailto:beldmit@gmail.com"><beldmit@gmail.com></a>
</span></pre>
<p>===Cut===<br>
</p>
<p><span style="font-family:monospace"><span
style="color:#000000;background-color:#ffffff;">And I've also
checked the md5 sum on gost.so, and it's compy in the build
directory, so it's the same file:</span></span></p>
<p><br>
<span style="font-family:monospace"><span
style="color:#000000;background-color:#ffffff;"><span
style="font-family:monospace"><span
style="color:#000000;background-color:#ffffff;"># md5sum
/home/emz/src/engine/build/bin/gost.so </span><br>
3464035a7a21ba47f2e0120e0ffb4af8
/home/emz/src/engine/build/bin/gost.so
<br>
<br>
# md5sum /usr/local/openssl-3.0.7/lib64/engines-3/gost.so <br>
3464035a7a21ba47f2e0120e0ffb4af8
/usr/local/openssl-3.0.7/lib64/engines-3/gost.s<br>
</span></span></span></p>
<p><br>
<span style="font-family:monospace"><span
style="color:#000000;background-color:#ffffff;">===Cut===</span></span></p>
<pre><span style="font-family:monospace"><span style="color:#000000;background-color:#ffffff;"># /usr/local/libressl/bin/openssl req -newkey gost2001 -pkeyopt dgst:md_gost12_256 -pkeyopt paramse</span>t:A -md_gost12_256 -nodes \
-subj "/C=Some/ST=Some/O=FooBar LLC/CN=Jane <a class="moz-txt-link-abbreviated" href="mailto:Doe/emailaddress=doe@foo.bar">Doe/emailaddress=doe@foo.bar</a>" -keyout /tmp/key.pem -out /tmp/csr.pem -utf8
Key parameter error "dgst:md_gost12_256" </span></pre>
<pre><span style="font-family:monospace"><span style="color:#000000;background-color:#ffffff;"># /usr/local/libressl/bin/openssl req -engine gost -engine_impl gost -newkey gost2001 -pkeyopt dgst</span>:md_gost12_256 \
-pkeyopt paramset:A -md_gost12_256 -nodes -subj </span><span style="font-family:monospace"><span style="font-family:monospace">"/C=Some/ST=Some/O=FooBar LLC/CN=Jane <a class="moz-txt-link-abbreviated" href="mailto:Doe/emailaddress=doe@foo.bar">Doe/emailaddress=doe@foo.bar</a>"</span> -keyout /tmp/key.pem -out /tmp/csr.pem -utf8
Engine "gost" set.
</span><span style="font-family:monospace">req: Use -help for summary. </span></pre>
<pre><span style="font-family:monospace"><span style="color:#000000;background-color:#ffffff;"># /usr/local/libressl/bin/openssl req -engine gost -newkey gost2001 -pkeyopt dgst:md_gost12_256 -pk</span>eyopt paramset:A \
-md_gost12_256 -nodes -subj </span><span style="font-family:monospace"><span style="font-family:monospace">"/C=Some/ST=Some/O=FooBar LLC/CN=Jane <a class="moz-txt-link-abbreviated" href="mailto:Doe/emailaddress=doe@foo.bar">Doe/emailaddress=doe@foo.bar</a>"</span> -keyout /tmp/key.pem -out /tmp/csr.pem -utf8 </span></pre>
<pre><span style="font-family:monospace">Engine "gost" set.
</span></pre>
<pre><span style="font-family:monospace">Key parameter error "dgst:md_gost12_256"</span></pre>
<p><span style="font-family:monospace">===Cut===</span></p>
<p><span style="font-family:monospace">So, the problem persists at
least on it's version from May, 2022. Is there any chance these
commands will work on more recent version of the engine or do I
completely misunderstand how they should be called ?<br>
</span></p>
<p><span style="font-family:monospace">Engine is plugged in as:</span></p>
<p><span style="font-family:monospace">===Cut===</span></p>
<p><br>
<span style="font-family:monospace"><span
style="font-family:monospace"><span
style="color:#000000;background-color:#ffffff;">[openssl_init]
</span><br>
engines = engine_section
<br>
providers = provider_sect
<br>
<br>
[engine_section]
<br>
gost = gost_section
<br>
<br>
[gost_section]
<br>
engine_id = gost
<br>
dynamic_path =
/usr/local/openssl-3.0.7/lib64/engines-3/gost.so
<br>
default_algorithms = ALL<br>
</span></span></p>
<span style="font-family:monospace"><span
style="font-family:monospace"><span
style="color:#b2b2b2;background-color:#1818b2;"></span></span></span><span
style="font-family:monospace"><span style="font-family:monospace"></span></span>
<p><span style="font-family:monospace">===Cut===<br>
</span></p>
<p><span style="font-family:monospace">Thanks.<br>
</span></p>
<p><span style="font-family:monospace">Eugene.<br>
</span></p>
</body>
</html>