Hello Matt, the improved patch is attached. It uses the EVP_DigestSign* API instead of EVP_digest and does not modify any header files.
Thank you! On Wed, Sep 17, 2014 at 2:22 AM, Matt Caswell via RT <r...@openssl.org> wrote: > On 16/09/14 19:31, Dmitry Belyavsky wrote:> Hello! > > > > I've made a quick fix to solve this problem (attached). The main problem > > with this fix is to move locally-defined engine constants to the level > > of evp.h, so if you suggest a better solution, I am ready to implement > it. > > > > Thank you! > > > > > > On Tue, Sep 16, 2014 at 9:29 PM, Dmitry Belyavsky via RT <r...@openssl.org > > <mailto:r...@openssl.org>> wrote: > > > > Hello Openssl Team! > > > > I use openssl 1.0.1i with some patches in the GOST engine. > > The command line is > > > > openssl speed -engine gost -evp gost-mac > > > > I get an error: > > 3074107544:error:80073074:lib(128):GOST_IMIT_UPDATE:mac key not > > set:gost_crypt.c:654: > > (the line number where the error occurs may differ from the current one > > from 1.0.1i). > > > > So gost-mac is treated as digest and the tests are using the EVP_Digest > > method. But the gost-mac differs from common digests because it usage > > requires a mac key to be set. > > > > What is the best way to fix it? Should I hardcode the gost-mac > > support in > > apps/speed.c to process it correctly or there is a better way? > > > > Thank you! > > speed does not currently support EVP style MACs of any description (i.e. it > can't do an EVP HMAC or an EVP CMAC). > > The EVP way of doing MACs is described here: > http://wiki.openssl.org/index.php/EVP_Signing_and_Verifying > > i.e. you use EVP_DigestSign*, and NOT EVP_Digest as in your patch. > > I don't know anything about the GOST engine, so I don't know whether it > supports this style of operation or not. However if I were going to add > support > for this into speed then I would start by implementing support for EVP > style > HMAC/CMAC - and then extend it to GOST. > > I'm closing this ticket for now. Please reply and cc r...@openssl.org to > reopen > it if you come back with a different patch. > > Matt > > -- SY, Dmitry Belyavsky
Index: apps/speed.c =================================================================== --- apps/speed.c (revision 10555) +++ apps/speed.c (working copy) @@ -1985,17 +1985,44 @@ EVP_CIPHER_CTX_cleanup(&ctx); } if (evp_md) - { + { names[D_EVP]=OBJ_nid2ln(evp_md->type); print_message(names[D_EVP],save_count, - lengths[j]); + lengths[j]); + if (evp_md->type == NID_id_Gost28147_89_MAC) + { + Time_F(START); + for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++) + { + EVP_MD_CTX mac_ctx; + EVP_PKEY * mac_key; + size_t mac_key_size=32; + size_t siglen = sizeof(md); - Time_F(START); - for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++) - EVP_Digest(buf,lengths[j],&(md[0]),NULL,evp_md,NULL); + EVP_MD_CTX_init(&mac_ctx); + EVP_MD_CTX_set_flags(&mac_ctx,EVP_MD_CTX_FLAG_ONESHOT); - d=Time_F(STOP); + mac_key = EVP_PKEY_new_mac_key(evp_md->type, NULL, key32, mac_key_size); + + EVP_DigestSignInit(&mac_ctx, NULL, evp_md, NULL, mac_key); + EVP_PKEY_free(mac_key); + + EVP_DigestSignUpdate(&mac_ctx, buf, lengths[j]); + EVP_DigestSignFinal(&mac_ctx, md, &siglen); + EVP_MD_CTX_cleanup(&mac_ctx); + } + + d=Time_F(STOP); } + else + { + Time_F(START); + for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++) + EVP_Digest(buf,lengths[j],&(md[0]),NULL,evp_md,NULL); + + d=Time_F(STOP); + } + } print_result(D_EVP,j,count,d); } }