On 16/09/14 19:31, Dmitry Belyavsky wrote:> Hello! > > I've made a quick fix to solve this problem (attached). The main problem > with this fix is to move locally-defined engine constants to the level > of evp.h, so if you suggest a better solution, I am ready to implement it. > > Thank you! > > > On Tue, Sep 16, 2014 at 9:29 PM, Dmitry Belyavsky via RT <[email protected] > <mailto:[email protected]>> wrote: > > Hello Openssl Team! > > I use openssl 1.0.1i with some patches in the GOST engine. > The command line is > > openssl speed -engine gost -evp gost-mac > > I get an error: > 3074107544:error:80073074:lib(128):GOST_IMIT_UPDATE:mac key not > set:gost_crypt.c:654: > (the line number where the error occurs may differ from the current one > from 1.0.1i). > > So gost-mac is treated as digest and the tests are using the EVP_Digest > method. But the gost-mac differs from common digests because it usage > requires a mac key to be set. > > What is the best way to fix it? Should I hardcode the gost-mac > support in > apps/speed.c to process it correctly or there is a better way? > > Thank you!
speed does not currently support EVP style MACs of any description (i.e. it can't do an EVP HMAC or an EVP CMAC). The EVP way of doing MACs is described here: http://wiki.openssl.org/index.php/EVP_Signing_and_Verifying i.e. you use EVP_DigestSign*, and NOT EVP_Digest as in your patch. I don't know anything about the GOST engine, so I don't know whether it supports this style of operation or not. However if I were going to add support for this into speed then I would start by implementing support for EVP style HMAC/CMAC - and then extend it to GOST. I'm closing this ticket for now. Please reply and cc [email protected] to reopen it if you come back with a different patch. Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
