Behaviour changed between 1.1.0 and 1.1.1

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Behaviour changed between 1.1.0 and 1.1.1

Dmitry Belyavsky-3
Hello,

I use my engine providing gost algorithms (https://github.com/gost-engine/engine). It seems not to have any relevant changes between 1.1.0 and current master, but the command 

OPENSSL_CONF=engine.conf openssl pkey -pubout -text -in tmp.pem

works ok for 1.1.0 version and does not work for current master.
For the file a.pem both versions provide similar output.

engine.conf is minimal conf to load gost engine:
=============
openssl_conf = openssl_def
[openssl_def]
engines = engine_section

[engine_section]
gost = gost_section

[gost_section]
engine_id = gost
dynamic_path = /path/to/libgost.so
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
===============

I've found out that behavior of the function EC_POINT_get_affine_coordinates_GFp has changed between versions 1.1.0 and current master. 

Also I found that pkey command ignores result of the calls to EVP_PKEY_print_public and EVP_PKEY_print_private.

Could you please clarify whether it's a bug in my engine or something  incompatible in openssl code?

Thank you!
--
SY, Dmitry Belyavsky

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

a.pem (208 bytes) Download Attachment
tmp.pem (208 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Behaviour changed between 1.1.0 and 1.1.1

Nicola
I can't reproduce the issue, using latest master for both gost and openssl:

/tmpram/gost > export OPENSSL_ENGINES=/tmpram/gost/engine/bin 
/tmpram/gost > /tmpram/openssl-111-pre9-dev/bin/openssl pkey -engine gost -pubout -text -in tmp.pem
engine "gost" set.
Private key: 28A509558DB1969DB89A4CB517D8A759EAB79A6D09FEECDAE87B03BECA604B36
/tmpram/gost > /tmpram/openssl-111-pre9-dev/bin/openssl pkey -engine gost -pubout -text -in a.pem  
engine "gost" set.
-----BEGIN PUBLIC KEY-----
MGMwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEDQwAEQORQaJaqv4S10bz4
jw112dGlrtD+DyGR8TqkhmOvlJB46VUIbpBsEHs8nn0pXtzsIfEwgV8Oxo/QA0Ri
Qu5j7SU=
-----END PUBLIC KEY-----
Private key: 46150327559001221F9F1F9A50CD9E6A0CD5F5D0ADEA6439C1DB5E9EBD994BF6
Public key:
   X:789094AF6386A43AF191210FFED0AEA5D1D9750D8FF8BCD1B584BFAA966850E4
   Y:25ED63EE42624403D08FC60E5F8130F121ECDC5E297D9E3C7B106C906E0855E9
Parameter set: id-GostR3410-2001-CryptoPro-A-ParamSet


On Fri, 17 Aug 2018 at 18:15, Dmitry Belyavsky <[hidden email]> wrote:
Hello,

I use my engine providing gost algorithms (https://github.com/gost-engine/engine). It seems not to have any relevant changes between 1.1.0 and current master, but the command 

OPENSSL_CONF=engine.conf openssl pkey -pubout -text -in tmp.pem

works ok for 1.1.0 version and does not work for current master.
For the file a.pem both versions provide similar output.

engine.conf is minimal conf to load gost engine:
=============
openssl_conf = openssl_def
[openssl_def]
engines = engine_section

[engine_section]
gost = gost_section

[gost_section]
engine_id = gost
dynamic_path = /path/to/libgost.so
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
===============

I've found out that behavior of the function EC_POINT_get_affine_coordinates_GFp has changed between versions 1.1.0 and current master. 

Also I found that pkey command ignores result of the calls to EVP_PKEY_print_public and EVP_PKEY_print_private.

Could you please clarify whether it's a bug in my engine or something  incompatible in openssl code?

Thank you!
--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Behaviour changed between 1.1.0 and 1.1.1

Dmitry Belyavsky-3
Dear Nicola,

You just reproduced it :)

Output for the file a.pem contains Private key, Public key and Parameter set; the one for tmp.pem does not.

On Fri, Aug 17, 2018 at 6:42 PM Nicola <[hidden email]> wrote:
I can't reproduce the issue, using latest master for both gost and openssl:

/tmpram/gost > export OPENSSL_ENGINES=/tmpram/gost/engine/bin 
/tmpram/gost > /tmpram/openssl-111-pre9-dev/bin/openssl pkey -engine gost -pubout -text -in tmp.pem
engine "gost" set.
Private key: 28A509558DB1969DB89A4CB517D8A759EAB79A6D09FEECDAE87B03BECA604B36
/tmpram/gost > /tmpram/openssl-111-pre9-dev/bin/openssl pkey -engine gost -pubout -text -in a.pem  
engine "gost" set.
-----BEGIN PUBLIC KEY-----
MGMwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEDQwAEQORQaJaqv4S10bz4
jw112dGlrtD+DyGR8TqkhmOvlJB46VUIbpBsEHs8nn0pXtzsIfEwgV8Oxo/QA0Ri
Qu5j7SU=
-----END PUBLIC KEY-----
Private key: 46150327559001221F9F1F9A50CD9E6A0CD5F5D0ADEA6439C1DB5E9EBD994BF6
Public key:
   X:789094AF6386A43AF191210FFED0AEA5D1D9750D8FF8BCD1B584BFAA966850E4
   Y:25ED63EE42624403D08FC60E5F8130F121ECDC5E297D9E3C7B106C906E0855E9
Parameter set: id-GostR3410-2001-CryptoPro-A-ParamSet


On Fri, 17 Aug 2018 at 18:15, Dmitry Belyavsky <[hidden email]> wrote:
Hello,

I use my engine providing gost algorithms (https://github.com/gost-engine/engine). It seems not to have any relevant changes between 1.1.0 and current master, but the command 

OPENSSL_CONF=engine.conf openssl pkey -pubout -text -in tmp.pem

works ok for 1.1.0 version and does not work for current master.
For the file a.pem both versions provide similar output.

engine.conf is minimal conf to load gost engine:
=============
openssl_conf = openssl_def
[openssl_def]
engines = engine_section

[engine_section]
gost = gost_section

[gost_section]
engine_id = gost
dynamic_path = /path/to/libgost.so
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
===============

I've found out that behavior of the function EC_POINT_get_affine_coordinates_GFp has changed between versions 1.1.0 and current master. 

Also I found that pkey command ignores result of the calls to EVP_PKEY_print_public and EVP_PKEY_print_private.

Could you please clarify whether it's a bug in my engine or something  incompatible in openssl code?

Thank you!
--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
SY, Dmitry Belyavsky

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Behaviour changed between 1.1.0 and 1.1.1

Nicola
You just reproduced it :)

Output for the file a.pem contains Private key, Public key and Parameter set; the one for tmp.pem does not.

You are right, I was expecting some kind of error, and realized that there was something strange just after hitting the Send button, as usual!

Anyway, I think I found the problem, with the invaluable help of Billy Brumley in the backstage!

It's a bug in the current GFp_simple_ladder implementation that was not catched by existing regression testing.

I'll open a proper PR to fix this as soon as we finish to test the alternative implementation.

In the meantime you might open a proper issue in Github for this problem so that the bug will be properly tracked!


Thanks for reporting this,

Nicola Tuveri


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Behaviour changed between 1.1.0 and 1.1.1

Dmitry Belyavsky-3
Dear Nicola,
On Fri, Aug 17, 2018 at 11:00 PM Nicola <[hidden email]> wrote:
You just reproduced it :)

Output for the file a.pem contains Private key, Public key and Parameter set; the one for tmp.pem does not.

You are right, I was expecting some kind of error, and realized that there was something strange just after hitting the Send button, as usual!

Anyway, I think I found the problem, with the invaluable help of Billy Brumley in the backstage!

It's a bug in the current GFp_simple_ladder implementation that was not catched by existing regression testing.

I'll open a proper PR to fix this as soon as we finish to test the alternative implementation.

Thank you very much!
 

In the meantime you might open a proper issue in Github for this problem so that the bug will be properly tracked!


--
SY, Dmitry Belyavsky

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Behaviour changed between 1.1.0 and 1.1.1

Nicola
Just created the PR: https://github.com/openssl/openssl/pull/7000

Thanks again for reporting this!

Nicola Tuveri

On Sat, 18 Aug 2018 at 00:15, Dmitry Belyavsky <[hidden email]> wrote:
Dear Nicola,
On Fri, Aug 17, 2018 at 11:00 PM Nicola <[hidden email]> wrote:
You just reproduced it :)

Output for the file a.pem contains Private key, Public key and Parameter set; the one for tmp.pem does not.

You are right, I was expecting some kind of error, and realized that there was something strange just after hitting the Send button, as usual!

Anyway, I think I found the problem, with the invaluable help of Billy Brumley in the backstage!

It's a bug in the current GFp_simple_ladder implementation that was not catched by existing regression testing.

I'll open a proper PR to fix this as soon as we finish to test the alternative implementation.

Thank you very much!
 

In the meantime you might open a proper issue in Github for this problem so that the bug will be properly tracked!


--
SY, Dmitry Belyavsky
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users