Hi list, I've been trying for a while to get scrypt and PBKDF2 exposed via the command line interface. My original attempt was rejected and I thought I wouldn't care anymore. But then I picked it up and implemented the route that Stephen suggested (https://github.com/openssl/openssl/pull/1533).
Surprisingly, it wasn't too difficult and I have a first shot that somwhat works with scrypt. Much of the work was figuring out how/where to properly register NIDs and such. So now I do have two questions. First, could someone please provide feedback if this is generally the correct way I'm going at it? Secondly, I'm having a concrete and really bad issue: failing tests. I haven't actually *added* tests for the scrypt PKEY yet and am seeing failing tests in the PKEY facility at places that I haven't touched -- therefore, I'm completely clueless why this is happening. Concretely, this is what I'm seeing: $ TESTS=30 HARNESS_VERBOSE=1 make test [...] # INFO: @ test/evp_test.c:2263 # recipes/30-test_evp_data/evpmac.txt:20: Source of above error; unexpected error MAC_PKEY_CTX_ERROR # 140208181980992:error:0609D09C:digital envelope routines:int_ctx_new:unsupported algorithm:crypto/evp/pmeth_lib.c:130: # ERROR: (ptr) 'genctx = EVP_PKEY_CTX_new_id(expected->type, NULL) != NULL' failed @ test/evp_test.c:900 # 0x0 [... # INFO: @ test/evp_test.c:2263 # recipes/30-test_evp_data/evppkey.txt:17379: Source of above error; unexpected error DIGESTSIGNINIT_ERROR # 139826426584896:error:0609D09C:digital envelope routines:int_ctx_new:unsupported algorithm:crypto/evp/pmeth_lib.c:130: # INFO: @ test/evp_test.c:2263 # recipes/30-test_evp_data/evppkey.txt:17386: Source of above error; unexpected error DIGESTSIGNINIT_ERROR # 139826426584896:error:0609D09C:digital envelope routines:int_ctx_new:unsupported algorithm:crypto/evp/pmeth_lib.c:130: They point to test source data of SipHash and somewhere in Ed25519 code. Nothing I've touched in a mile. Yet, clearly, my branch is the source of the error. So any pointers on what I messed up would be very much appreciated. You can view my code at https://github.com/openssl/openssl/compare/master...johndoe31415:new_kdfs Thanks for your time, Cheers, Johannes -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev