Great! The CBC implementation was rather limited. If you have any specific requirements, fill free to fill a bug report in the engine repo.
пн, 22 июля 2019 г., 21:16 Blumenthal, Uri - 0553 - MITLL <u...@ll.mit.edu>: > Are there any other parts of the openssl.cnf that could be related to this > issue, or help diagnose it’s cause? > Does your configuration file contain a header similar to described in the > Gost engine documentation? If no, the gost section is not processed. > > I don't remember any significant changes in 1.1.1 engine processing, and > it works with 1.0.2 > > Sorry for brevity, I'll be able to look in more details only at the > beginning of August. > > Darn… You were right – that header (openssl_conf = openssl_def) was NOT > present. Adding it resulted in success (with some error messages): > > $ openssl speed -engine gost -evp gost89-cbc > engine "gost" set. > Doing gost89-cbc for 3s on 16 size blocks: 13107440 gost89-cbc's in 2.99s > Doing gost89-cbc for 3s on 64 size blocks: 3383428 gost89-cbc's in 3.00s > Doing gost89-cbc for 3s on 256 size blocks: 849765 gost89-cbc's in 3.00s > Doing gost89-cbc for 3s on 1024 size blocks: 211166 gost89-cbc's in 3.00s > Doing gost89-cbc for 3s on 8192 size blocks: 26167 gost89-cbc's in 3.01s > Doing gost89-cbc for 3s on 16384 size blocks: 13338 gost89-cbc's in 3.00s > 4571538880:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng > error:/Users/ur20980/src/engine/gost_crypt.c:671: > 4571538880:error:0607C085:digital envelope > routines:EVP_CIPHER_CTX_ctrl:ctrl operation not > implemented:crypto/evp/evp_enc.c:628: > 4571538880:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng > error:/Users/ur20980/src/engine/gost_crypt.c:671: > 4571538880:error:0607C085:digital envelope > routines:EVP_CIPHER_CTX_ctrl:ctrl operation not > implemented:crypto/evp/evp_enc.c:628: > 4571538880:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng > error:/Users/ur20980/src/engine/gost_crypt.c:671: > 4571538880:error:0607C085:digital envelope > routines:EVP_CIPHER_CTX_ctrl:ctrl operation not > implemented:crypto/evp/evp_enc.c:628: > 4571538880:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng > error:/Users/ur20980/src/engine/gost_crypt.c:671: > 4571538880:error:0607C085:digital envelope > routines:EVP_CIPHER_CTX_ctrl:ctrl operation not > implemented:crypto/evp/evp_enc.c:628: > 4571538880:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng > error:/Users/ur20980/src/engine/gost_crypt.c:671: > 4571538880:error:0607C085:digital envelope > routines:EVP_CIPHER_CTX_ctrl:ctrl operation not > implemented:crypto/evp/evp_enc.c:628: > 4571538880:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng > error:/Users/ur20980/src/engine/gost_crypt.c:671: > 4571538880:error:0607C085:digital envelope > routines:EVP_CIPHER_CTX_ctrl:ctrl operation not > implemented:crypto/evp/evp_enc.c:628: > $ openssl speed -engine gost -evp grasshopper-cfb > engine "gost" set. > Doing grasshopper-cfb for 3s on 16 size blocks: 19210088 grasshopper-cfb's > in 3.00s > Doing grasshopper-cfb for 3s on 64 size blocks: 5210373 grasshopper-cfb's > in 3.00s > Doing grasshopper-cfb for 3s on 256 size blocks: 1320249 grasshopper-cfb's > in 3.00s > Doing grasshopper-cfb for 3s on 1024 size blocks: 328343 grasshopper-cfb's > in 3.00s > Doing grasshopper-cfb for 3s on 8192 size blocks: 41459 grasshopper-cfb's > in 3.00s > Doing grasshopper-cfb for 3s on 16384 size blocks: 20488 grasshopper-cfb's > in 3.00s > 4541392320:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng > error:/Users/ur20980/src/engine/gost_grasshopper_cipher.c:558: > 4541392320:error:0607C085:digital envelope > routines:EVP_CIPHER_CTX_ctrl:ctrl operation not > implemented:crypto/evp/evp_enc.c:628: > 4541392320:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng > error:/Users/ur20980/src/engine/gost_grasshopper_cipher.c:558: > 4541392320:error:0607C085:digital envelope > routines:EVP_CIPHER_CTX_ctrl:ctrl operation not > implemented:crypto/evp/evp_enc.c:628: > 4541392320:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng > error:/Users/ur20980/src/engine/gost_grasshopper_cipher.c:558: > 4541392320:error:0607C085:digital envelope > routines:EVP_CIPHER_CTX_ctrl:ctrl operation not > implemented:crypto/evp/evp_enc.c:628: > 4541392320:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng > error:/Users/ur20980/src/engine/gost_grasshopper_cipher.c:558: > 4541392320:error:0607C085:digital envelope > routines:EVP_CIPHER_CTX_ctrl:ctrl operation not > implemented:crypto/evp/evp_enc.c:628: > 4541392320:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng > error:/Users/ur20980/src/engine/gost_grasshopper_cipher.c:558: > 4541392320:error:0607C085:digital envelope > routines:EVP_CIPHER_CTX_ctrl:ctrl operation not > implemented:crypto/evp/evp_enc.c:628: > 4541392320:error:8106A07A:lib(129):GOST_CIPHER_CTL:rng > error:/Users/ur20980/src/engine/gost_grasshopper_cipher.c:558: > 4541392320:error:0607C085:digital envelope > routines:EVP_CIPHER_CTX_ctrl:ctrl operation not > implemented:crypto/evp/evp_enc.c:628: > $ > > > > > пт, 19 июля 2019 г., 21:09 Blumenthal, Uri - 0553 - MITLL <mailto: > u...@ll.mit.edu>: > MacOS Mojave 10.14.5, OpenSSL-1.1.1c (Macports-installed). > > Engines defined in the openssl.cnf file: > > ############# > [engine_section] > pkcs11 = pkcs11_section > gost = gost_section > > [pkcs11_section] > engine_id = pkcs11 > dynamic_path = /opt/local/lib/engines-1.1/libpkcs11.so > MODULE_PATH = /Library/OpenSC/lib/opensc-pkcs11.so > init = 0 > > [gost_section] > engine_id = gost > dynamic_path = /opt/local/lib/engines-1.1/gost.dylib > default_algorithms = ALL > CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet > init = 1 > ############# > > Note, whether the above has "init = 1" or not, does not alter the outcome. > > Engine in question is "gost". > > First, the engine does not load automatically/dynamically. For "openssl > dgst" I have to specify it explicitly, otherwise the algorithms it > provides, are not available: > > $ openssl dgst -md_gost94 ~/LastTest.log > dgst: Unrecognized flag md_gost94 > dgst: Use -help for summary. > $ openssl dgst -engine gost -md_gost94 ~/LastTest.log > engine "gost" set. > md_gost94(/Users/ur20980/LastTest.log)= > e82e6e515c86851498eac606722b50b724b1f95952d4edb7202029f127751816 > $ > > Second - even when I explicitly specify the engine, "openssl speed" > refuses to recognize the ciphers provided by it, though "openssl enc" shows > that it can access them: > > $ openssl speed -engine gost -evp gost89-cbc > speed: gost89-cbc is an unknown cipher or digest > $ openssl enc -engine gost -ciphers > engine "gost" set. > Supported ciphers: > -aes-128-cbc -aes-128-cfb -aes-128-cfb1 > > -aes-128-cfb8 -aes-128-ctr -aes-128-ecb > . . . . . > -des3-wrap -desx -desx-cbc > > -gost89 -gost89-cbc -gost89-cnt > > -gost89-cnt-12 -grasshopper-cbc -grasshopper-cfb > > -grasshopper-ctr -grasshopper-ecb -grasshopper-ofb > > -id-aes128-wrap -id-aes128-wrap-pad -id-aes192-wrap > > > Seems like a bug...? > -- > Regards, > Uri >
