'Re: OSSL 0.9.8 Engine problems'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Re: OSSL 0.9.8 Engine problems
From:       Nils Larsch <nlarsch () gmx ! net>
Date:       2005-08-31 20:53:51
Message-ID: 431618DF.4090603 () gmx ! net
[Download RAW message or body]

Steffen Pankratz wrote:
> On Tue, 30 Aug 2005 23:53:37 +0200
> Nils Larsch <nlarsch@gmx.net> wrote:
> 
> 
> > Steffen Pankratz wrote:
> > ...
> > 
> > > > well, if openssl is build without DES support the DES nids are not
> > > > added to the internal list of OIDs when OPENSSL_add_all_ciphers is
> > > > called, hence the OBJ_* functions know nothing about DES.
> > > > 
> > > 
> > > logical
> > > any chance to make openssl aware of -des-ecb when build without DES cipher \
> > > support using a dynamic Engine module?
> > 
> > what about adding the necessary ciphers in the engine initialization
> > function (have a look at crypto/evp/c_allc.c to see which functions
> > are necessary) ?
> 
> will try later
> for this i have to load the Engine module before i can use "openssl enc -engine \
> ...", right?

yep, otherwise apps/enc.c doesn't know "-des-ecb".

> 
> > > > > but loading seems to be ok
> > > > > 
> > > > > openssl enc -engine des-ecb
> > > > > engine "des-ecb" set.
> > > > > 
> > > > > i tried a OSSL build with DES cipher support and got this
> > > > > 
> > > > > openssl enc -engine des-ecb -e -des-ecb -out testo -in testi
> > > > > parallel processing
> > > > > engine "des-ecb" set.
> > > > > enter des-ecb encryption password:
> > > > > Verifying - enter des-ecb encryption password:
> > > > > Error setting cipher DES-ECB
> > > > > 10220:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl \
> > > > > operation not implemented:evp_enc.c:533: 10220:error:0607B086:digital \
> > > > > envelope routines:EVP_CipherInit_ex:initialization error:evp_enc.c:171:
> > > > 
> > > > is the EVP_CIPH_CTRL_INIT flag set in the EVP_CIPHER structure ?
> > > 
> > > it is (if you like, code is attached)
> > 
> > if the flag is set you must provide a support for this flag in
> > EVP_CIPHER::ctrl otherwise you get the above error (so if you don't
> > need that functionality don't use it).
> > 
> 
> even if i set the EVP_CIPH_CTRL_INIT flag to NULL i get this errormessage and on \
> the other hand if the EVP_CIPH_CTRL_INIT is set to des_ctrl there is a \
> implementation for this in my des-ecb.c 
> so it seems to be another problem

no, I've just tested your code (with some necessary modifications) and
it seems to work. You set the EVP_CIPH_CTRL_INIT (== 64) flag in your
cipher_des_ecb structure hence you must add support for EVP_CTRL_INIT
in the switch statement in your des_ctrl function otherwise it can't
work (or don't set this flag in cipher_des_ecb).

Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic