Hello!
I've made a quick fix to solve this problem (attached). The main problem
with this fix is to move locally-defined engine constants to the level of
evp.h, so if you suggest a better solution, I am ready to implement it.
Thank you!
On Tue, Sep 16, 2014 at 9:29 PM, Dmitry Belyavsky via RT <[email protected]>
wrote:
> Hello Openssl Team!
>
> I use openssl 1.0.1i with some patches in the GOST engine.
> The command line is
>
> openssl speed -engine gost -evp gost-mac
>
> I get an error:
> 3074107544:error:80073074:lib(128):GOST_IMIT_UPDATE:mac key not
> set:gost_crypt.c:654:
> (the line number where the error occurs may differ from the current one
> from 1.0.1i).
>
> So gost-mac is treated as digest and the tests are using the EVP_Digest
> method. But the gost-mac differs from common digests because it usage
> requires a mac key to be set.
>
> What is the best way to fix it? Should I hardcode the gost-mac support in
> apps/speed.c to process it correctly or there is a better way?
>
> Thank you!
>
> --
> SY, Dmitry Belyavsky
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [email protected]
> Automated List Manager [email protected]
>
--
SY, Dmitry Belyavsky
Index: crypto/evp/evp.h
===================================================================
--- crypto/evp/evp.h (revision 10555)
+++ crypto/evp/evp.h (working copy)
@@ -227,6 +227,8 @@
/* Minimum Algorithm specific ctrl value */
#define EVP_MD_CTRL_ALG_CTRL 0x1000
+#define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL+3)
+#define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL+4)
#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0}
Index: engines/ccgost/gost_lcl.h
===================================================================
--- engines/ccgost/gost_lcl.h (revision 10555)
+++ engines/ccgost/gost_lcl.h (working copy)
@@ -172,8 +172,8 @@
extern EVP_CIPHER cipher_gost;
extern EVP_CIPHER cipher_gost_cpacnt;
extern EVP_CIPHER cipher_gost_cpcnt_12;
-#define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL+3)
-#define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL+4)
+/*#define EVP_MD_CTRL_KEY_LEN (EVP_MD_CTRL_ALG_CTRL+3)
+#define EVP_MD_CTRL_SET_KEY (EVP_MD_CTRL_ALG_CTRL+4)*/
/* EVP_PKEY_METHOD key encryption callbacks */
/* From gost94_keyx.c */
int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t
*outlen, const unsigned char* key, size_t key_len );
Index: apps/speed.c
===================================================================
--- apps/speed.c (revision 10555)
+++ apps/speed.c (working copy)
@@ -1985,17 +1985,37 @@
EVP_CIPHER_CTX_cleanup(&ctx);
}
if (evp_md)
- {
+ {
names[D_EVP]=OBJ_nid2ln(evp_md->type);
print_message(names[D_EVP],save_count,
- lengths[j]);
+ lengths[j]);
+ if (evp_md->type == NID_id_Gost28147_89_MAC)
+ {
+ Time_F(START);
+ for (count=0,run=1;
COND(save_count*4*lengths[0]/lengths[j]); count++)
+ {
+ EVP_MD_CTX ctx;
- Time_F(START);
- for (count=0,run=1;
COND(save_count*4*lengths[0]/lengths[j]); count++)
-
EVP_Digest(buf,lengths[j],&(md[0]),NULL,evp_md,NULL);
+ EVP_MD_CTX_init(&ctx);
+
EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
+ EVP_DigestInit_ex(&ctx, evp_md,
NULL);
+ evp_md->md_ctrl(&ctx,
EVP_MD_CTRL_SET_KEY, 32, (void *)key32);
+ EVP_DigestUpdate(&ctx, buf,
lengths[j]);
+ EVP_DigestFinal_ex(&ctx, md,
NULL);
+ EVP_MD_CTX_cleanup(&ctx);
+ }
- d=Time_F(STOP);
+ d=Time_F(STOP);
}
+ else
+ {
+ Time_F(START);
+ for (count=0,run=1;
COND(save_count*4*lengths[0]/lengths[j]); count++)
+
EVP_Digest(buf,lengths[j],&(md[0]),NULL,evp_md,NULL);
+
+ d=Time_F(STOP);
+ }
+ }
print_result(D_EVP,j,count,d);
}
}
