Re: Ciphers provided by engine not accessible...?

[Blumenthal, Uri - 0553 - MITLL]

Are there any other parts of the openssl.cnf that could be related to this 
issue, or help diagnose it’s cause?
Does your configuration file contain a header similar to described in the Gost 
engine documentation? If no, the gost section is not processed. 

I don't remember any significant changes in 1.1.1 engine processing, and it 
works with 1.0.2

Sorry for brevity, I'll be able to look in more details only at the beginning 
of August. 

Darn… You were right – that header (openssl_conf = openssl_def) was NOT 
present. Adding it resulted in success (with some error messages):

$ openssl speed -engine gost -evp gost89-cbc
engine "gost" set.
Doing gost89-cbc for 3s on 16 size blocks: 13107440 gost89-cbc's in 2.99s
Doing gost89-cbc for 3s on 64 size blocks: 3383428 gost89-cbc's in 3.00s
Doing gost89-cbc for 3s on 256 size blocks: 849765 gost89-cbc's in 3.00s
Doing gost89-cbc for 3s on 1024 size blocks: 211166 gost89-cbc's in 3.00s
Doing gost89-cbc for 3s on 8192 size blocks: 26167 gost89-cbc's in 3.01s
Doing gost89-cbc for 3s on 16384 size blocks: 13338 gost89-cbc's in 3.00s
4571538880:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng 
error:/Users/ur20980/src/engine/gost_crypt.c:671:
4571538880:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl 
operation not implemented:crypto/evp/evp_enc.c:628:
4571538880:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng 
error:/Users/ur20980/src/engine/gost_crypt.c:671:
4571538880:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl 
operation not implemented:crypto/evp/evp_enc.c:628:
4571538880:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng 
error:/Users/ur20980/src/engine/gost_crypt.c:671:
4571538880:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl 
operation not implemented:crypto/evp/evp_enc.c:628:
4571538880:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng 
error:/Users/ur20980/src/engine/gost_crypt.c:671:
4571538880:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl 
operation not implemented:crypto/evp/evp_enc.c:628:
4571538880:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng 
error:/Users/ur20980/src/engine/gost_crypt.c:671:
4571538880:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl 
operation not implemented:crypto/evp/evp_enc.c:628:
4571538880:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng 
error:/Users/ur20980/src/engine/gost_crypt.c:671:
4571538880:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl 
operation not implemented:crypto/evp/evp_enc.c:628:
$ openssl speed -engine gost -evp grasshopper-cfb
engine "gost" set.
Doing grasshopper-cfb for 3s on 16 size blocks: 19210088 grasshopper-cfb's in 
3.00s
Doing grasshopper-cfb for 3s on 64 size blocks: 5210373 grasshopper-cfb's in 
3.00s
Doing grasshopper-cfb for 3s on 256 size blocks: 1320249 grasshopper-cfb's in 
3.00s
Doing grasshopper-cfb for 3s on 1024 size blocks: 328343 grasshopper-cfb's in 
3.00s
Doing grasshopper-cfb for 3s on 8192 size blocks: 41459 grasshopper-cfb's in 
3.00s
Doing grasshopper-cfb for 3s on 16384 size blocks: 20488 grasshopper-cfb's in 
3.00s
4541392320:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng 
error:/Users/ur20980/src/engine/gost_grasshopper_cipher.c:558:
4541392320:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl 
operation not implemented:crypto/evp/evp_enc.c:628:
4541392320:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng 
error:/Users/ur20980/src/engine/gost_grasshopper_cipher.c:558:
4541392320:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl 
operation not implemented:crypto/evp/evp_enc.c:628:
4541392320:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng 
error:/Users/ur20980/src/engine/gost_grasshopper_cipher.c:558:
4541392320:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl 
operation not implemented:crypto/evp/evp_enc.c:628:
4541392320:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng 
error:/Users/ur20980/src/engine/gost_grasshopper_cipher.c:558:
4541392320:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl 
operation not implemented:crypto/evp/evp_enc.c:628:
4541392320:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng 
error:/Users/ur20980/src/engine/gost_grasshopper_cipher.c:558:
4541392320:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl 
operation not implemented:crypto/evp/evp_enc.c:628:
4541392320:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng 
error:/Users/ur20980/src/engine/gost_grasshopper_cipher.c:558:
4541392320:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl 
operation not implemented:crypto/evp/evp_enc.c:628:
$




пт, 19 июля 2019 г., 21:09 Blumenthal, Uri - 0553 - MITLL 
<mailto:u...@ll.mit.edu>:
MacOS Mojave 10.14.5, OpenSSL-1.1.1c (Macports-installed).

Engines defined in the openssl.cnf file:

#############
[engine_section]
pkcs11 = pkcs11_section
gost   = gost_section

[pkcs11_section]
engine_id = pkcs11
dynamic_path = /opt/local/lib/engines-1.1/libpkcs11.so
MODULE_PATH  = /Library/OpenSC/lib/opensc-pkcs11.so
init = 0

[gost_section]
engine_id = gost
dynamic_path = /opt/local/lib/engines-1.1/gost.dylib
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
init = 1
#############

Note, whether the above has "init = 1" or not, does not alter the outcome.

Engine in question is "gost". 

First, the engine does not load automatically/dynamically. For "openssl dgst" I 
have to specify it explicitly, otherwise the algorithms it provides, are not 
available:

$ openssl dgst -md_gost94 ~/LastTest.log
dgst: Unrecognized flag md_gost94
dgst: Use -help for summary.
$ openssl dgst -engine gost -md_gost94 ~/LastTest.log
engine "gost" set.
md_gost94(/Users/ur20980/LastTest.log)= 
e82e6e515c86851498eac606722b50b724b1f95952d4edb7202029f127751816
$

Second - even when I explicitly specify the engine, "openssl speed" refuses to 
recognize the ciphers provided by it, though "openssl enc" shows that it can 
access them:

$ openssl speed -engine gost -evp gost89-cbc
speed: gost89-cbc is an unknown cipher or digest
$ openssl enc -engine gost -ciphers
engine "gost" set.
Supported ciphers:
-aes-128-cbc               -aes-128-cfb               -aes-128-cfb1             
-aes-128-cfb8              -aes-128-ctr               -aes-128-ecb       
. . . . .
-des3-wrap                 -desx                      -desx-cbc                 
-gost89                    -gost89-cbc                -gost89-cnt               
-gost89-cnt-12             -grasshopper-cbc           -grasshopper-cfb          
-grasshopper-ctr           -grasshopper-ecb           -grasshopper-ofb          
-id-aes128-wrap            -id-aes128-wrap-pad        -id-aes192-wrap


Seems like a bug...?
-- 
Regards,
Uri

smime.p7s
Description: S/MIME cryptographic signature