In the branches 1.0.0, 1.0.1 and 1.0.2 of OpenSSL, some command line commands which accepts cipher argument (at least enc, cms and smime) delays engine initialization until all the command-line options are parsed.
Thus, if user specifies cipher, which is available only from engine, such as -gost89, these commands report "Unknown cipher" if appropriate engine is not specified in the configuration file. I.e. it is not possible to run openssl enc -engine gost -gost89 -e or openssl cms -engine gost -encrypt -gost89 while openssl dgst -engine gost -md_gost94 works just fine. Also, it is not possible to get list of ciphers including engine-provided ones, using openssl enc -engine gost -help, because help is printed inside option-parsing loop before engine is initialized. Problem is already fixed in the master branch, where option parsing is completely reworked. FIX is quite trivial for the branches mentioned above too. Just move call of setup_engine up into the option parsing loop. This would also minimize need of #ifndef OPENSSL_NO_ENGINE conditional, because all engine initialization would go into one place _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
