Behaviour changed between 1.1.0 and 1.1.1

I can't reproduce the issue, using latest master for both gost and openssl:

/tmpram/gost > export OPENSSL_ENGINES=/tmpram/gost/engine/bin 

/tmpram/gost > /tmpram/openssl-111-pre9-dev/bin/openssl pkey -engine gost -pubout -text -in tmp.pem

engine "gost" set.

Private key: 28A509558DB1969DB89A4CB517D8A759EAB79A6D09FEECDAE87B03BECA604B36

/tmpram/gost > /tmpram/openssl-111-pre9-dev/bin/openssl pkey -engine gost -pubout -text -in a.pem  

engine "gost" set.

-----BEGIN PUBLIC KEY-----

MGMwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEDQwAEQORQaJaqv4S10bz4

jw112dGlrtD+DyGR8TqkhmOvlJB46VUIbpBsEHs8nn0pXtzsIfEwgV8Oxo/QA0Ri

Qu5j7SU=

-----END PUBLIC KEY-----

Private key: 46150327559001221F9F1F9A50CD9E6A0CD5F5D0ADEA6439C1DB5E9EBD994BF6

Public key:

   X:789094AF6386A43AF191210FFED0AEA5D1D9750D8FF8BCD1B584BFAA966850E4

   Y:25ED63EE42624403D08FC60E5F8130F121ECDC5E297D9E3C7B106C906E0855E9

Parameter set: id-GostR3410-2001-CryptoPro-A-ParamSet

On Fri, 17 Aug 2018 at 18:15, Dmitry Belyavsky <[hidden email]> wrote:

Hello,

I use my engine providing gost algorithms (https://github.com/gost-engine/engine). It seems not to have any relevant changes between 1.1.0 and current master, but the command 

OPENSSL_CONF=engine.conf openssl pkey -pubout -text -in tmp.pem

works ok for 1.1.0 version and does not work for current master.

For the file a.pem both versions provide similar output.

engine.conf is minimal conf to load gost engine:

=============

openssl_conf = openssl_def

[openssl_def]

engines = engine_section

[engine_section]

gost = gost_section

[gost_section]

engine_id = gost

dynamic_path = /path/to/libgost.so

default_algorithms = ALL

CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet

===============

I've found out that behavior of the function EC_POINT_get_affine_coordinates_GFp has changed between versions 1.1.0 and current master. 

Also I found that pkey command ignores result of the calls to EVP_PKEY_print_public and EVP_PKEY_print_private.

Could you please clarify whether it's a bug in my engine or something  incompatible in openssl code?

Thank you!

--

SY, Dmitry Belyavsky

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

You just reproduced it :)

Output for the file a.pem contains Private key, Public key and Parameter set; the one for tmp.pem does not.

You are right, I was expecting some kind of error, and realized that there was something strange just after hitting the Send button, as usual!

Anyway, I think I found the problem, with the invaluable help of Billy Brumley in the backstage!

It's a bug in the current GFp_simple_ladder implementation that was not catched by existing regression testing.

I'll open a proper PR to fix this as soon as we finish to test the alternative implementation.

In the meantime you might open a proper issue in Github for this problem so that the bug will be properly tracked!