OSSL 0.9.8 Engine problems

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

OSSL 0.9.8 Engine problems

Steffen Pankratz
Hi

I compiled OSSL with no-des, so there is no  DES cipher available in OSSL.
I build a Engine module which supports the des-ecb cipher.

openssl engine -vvvv dynamic -pre "SO_PATH:~/openssl-0.9.8/engines/des-ecb.so" -pre LOAD -t
(dynamic) Dynamic engine loading support
[Success]: SO_PATH:~/openssl-0.9.8/engines/des-ecb.so
[Success]: LOAD
Loaded: (des-ecb) DES-ECB engine support
     [ available ]

if i try to use the engine:
openssl enc -engine des-ecb -e -des-ecb -out testo -in testi

i get:
unknown option '-des-ecb'

is it cause my NID is wrong, the Engine module isn't loaded properly or OSSL is compiled without DES cipher support?

but loading seems to be ok

openssl enc -engine des-ecb
engine "des-ecb" set.

i tried a OSSL build with DES cipher support and got this

openssl enc -engine des-ecb -e -des-ecb -out testo -in testi
parallel processing
engine "des-ecb" set.
enter des-ecb encryption password:
Verifying - enter des-ecb encryption password:
Error setting cipher DES-ECB
10220:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl operation not implemented:evp_enc.c:533:
10220:error:0607B086:digital envelope routines:EVP_CipherInit_ex:initialization error:evp_enc.c:171:

In the rsaref sample those functions are also not implemented, so what is wrong?
Also why does OSSL need DES cipher support enabled if i want to implement it as a Engine module?

--
Best regards, Steffen Pankratz.
 
PGP PUBLIC KEY: http://www.kratz00.org/kratz00.at.gmx.de.asc
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OSSL 0.9.8 Engine problems

Nils Larsch
Steffen Pankratz wrote:

> Hi
>
> I compiled OSSL with no-des, so there is no  DES cipher available in OSSL.
> I build a Engine module which supports the des-ecb cipher.
>
> openssl engine -vvvv dynamic -pre "SO_PATH:~/openssl-0.9.8/engines/des-ecb.so" -pre LOAD -t
> (dynamic) Dynamic engine loading support
> [Success]: SO_PATH:~/openssl-0.9.8/engines/des-ecb.so
> [Success]: LOAD
> Loaded: (des-ecb) DES-ECB engine support
>      [ available ]
>
> if i try to use the engine:
> openssl enc -engine des-ecb -e -des-ecb -out testo -in testi
>
> i get:
> unknown option '-des-ecb'
>
> is it cause my NID is wrong, the Engine module isn't loaded properly or OSSL is compiled without DES cipher support?

well, if openssl is build without DES support the DES nids are not
added to the internal list of OIDs when OPENSSL_add_all_ciphers is
called, hence the OBJ_* functions know nothing about DES.

>
> but loading seems to be ok
>
> openssl enc -engine des-ecb
> engine "des-ecb" set.
>
> i tried a OSSL build with DES cipher support and got this
>
> openssl enc -engine des-ecb -e -des-ecb -out testo -in testi
> parallel processing
> engine "des-ecb" set.
> enter des-ecb encryption password:
> Verifying - enter des-ecb encryption password:
> Error setting cipher DES-ECB
> 10220:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl operation not implemented:evp_enc.c:533:
> 10220:error:0607B086:digital envelope routines:EVP_CipherInit_ex:initialization error:evp_enc.c:171:

is the EVP_CIPH_CTRL_INIT flag set in the EVP_CIPHER structure ?

Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OSSL 0.9.8 Engine problems

Steffen Pankratz
On Sat, 27 Aug 2005 13:22:19 +0200
Nils Larsch <[hidden email]> wrote:

> Steffen Pankratz wrote:
> > Hi
> >
> > I compiled OSSL with no-des, so there is no  DES cipher available in OSSL.
> > I build a Engine module which supports the des-ecb cipher.
> >
> > openssl engine -vvvv dynamic -pre "SO_PATH:~/openssl-0.9.8/engines/des-ecb.so" -pre LOAD -t
> > (dynamic) Dynamic engine loading support
> > [Success]: SO_PATH:~/openssl-0.9.8/engines/des-ecb.so
> > [Success]: LOAD
> > Loaded: (des-ecb) DES-ECB engine support
> >      [ available ]
> >
> > if i try to use the engine:
> > openssl enc -engine des-ecb -e -des-ecb -out testo -in testi
> >
> > i get:
> > unknown option '-des-ecb'
> >
> > is it cause my NID is wrong, the Engine module isn't loaded properly or OSSL is compiled without DES cipher support?
>
> well, if openssl is build without DES support the DES nids are not
> added to the internal list of OIDs when OPENSSL_add_all_ciphers is
> called, hence the OBJ_* functions know nothing about DES.
>
logical
any chance to make openssl aware of -des-ecb when build without DES cipher support using a dynamic Engine module?

> >
> > but loading seems to be ok
> >
> > openssl enc -engine des-ecb
> > engine "des-ecb" set.
> >
> > i tried a OSSL build with DES cipher support and got this
> >
> > openssl enc -engine des-ecb -e -des-ecb -out testo -in testi
> > parallel processing
> > engine "des-ecb" set.
> > enter des-ecb encryption password:
> > Verifying - enter des-ecb encryption password:
> > Error setting cipher DES-ECB
> > 10220:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl operation not implemented:evp_enc.c:533:
> > 10220:error:0607B086:digital envelope routines:EVP_CipherInit_ex:initialization error:evp_enc.c:171:
>
> is the EVP_CIPH_CTRL_INIT flag set in the EVP_CIPHER structure ?
it is (if you like, code is attached)

basically i took the rsaref example and the openssl DES implementation and tried to build a dynamic Engine module

--
Best regards, Steffen Pankratz.


des-ecb.c (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: OSSL 0.9.8 Engine problems

Nils Larsch
Steffen Pankratz wrote:
...
>>well, if openssl is build without DES support the DES nids are not
>>added to the internal list of OIDs when OPENSSL_add_all_ciphers is
>>called, hence the OBJ_* functions know nothing about DES.
>>
>
> logical
> any chance to make openssl aware of -des-ecb when build without DES cipher support using a dynamic Engine module?

what about adding the necessary ciphers in the engine initialization
function (have a look at crypto/evp/c_allc.c to see which functions
are necessary) ?

>
>>>but loading seems to be ok
>>>
>>>openssl enc -engine des-ecb
>>>engine "des-ecb" set.
>>>
>>>i tried a OSSL build with DES cipher support and got this
>>>
>>>openssl enc -engine des-ecb -e -des-ecb -out testo -in testi
>>>parallel processing
>>>engine "des-ecb" set.
>>>enter des-ecb encryption password:
>>>Verifying - enter des-ecb encryption password:
>>>Error setting cipher DES-ECB
>>>10220:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl operation not implemented:evp_enc.c:533:
>>>10220:error:0607B086:digital envelope routines:EVP_CipherInit_ex:initialization error:evp_enc.c:171:
>>
>>is the EVP_CIPH_CTRL_INIT flag set in the EVP_CIPHER structure ?
>
> it is (if you like, code is attached)

if the flag is set you must provide a support for this flag in
EVP_CIPHER::ctrl otherwise you get the above error (so if you don't
need that functionality don't use it).

Cheers,
Nils

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OSSL 0.9.8 Engine problems

Steffen Pankratz
On Tue, 30 Aug 2005 23:53:37 +0200
Nils Larsch <[hidden email]> wrote:

> Steffen Pankratz wrote:
> ...
> >>well, if openssl is build without DES support the DES nids are not
> >>added to the internal list of OIDs when OPENSSL_add_all_ciphers is
> >>called, hence the OBJ_* functions know nothing about DES.
> >>
> >
> > logical
> > any chance to make openssl aware of -des-ecb when build without DES cipher support using a dynamic Engine module?
>
> what about adding the necessary ciphers in the engine initialization
> function (have a look at crypto/evp/c_allc.c to see which functions
> are necessary) ?
will try later
for this i have to load the Engine module before i can use "openssl enc -engine ...", right?

> >
> >>>but loading seems to be ok
> >>>
> >>>openssl enc -engine des-ecb
> >>>engine "des-ecb" set.
> >>>
> >>>i tried a OSSL build with DES cipher support and got this
> >>>
> >>>openssl enc -engine des-ecb -e -des-ecb -out testo -in testi
> >>>parallel processing
> >>>engine "des-ecb" set.
> >>>enter des-ecb encryption password:
> >>>Verifying - enter des-ecb encryption password:
> >>>Error setting cipher DES-ECB
> >>>10220:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl operation not implemented:evp_enc.c:533:
> >>>10220:error:0607B086:digital envelope routines:EVP_CipherInit_ex:initialization error:evp_enc.c:171:
> >>
> >>is the EVP_CIPH_CTRL_INIT flag set in the EVP_CIPHER structure ?
> >
> > it is (if you like, code is attached)
>
> if the flag is set you must provide a support for this flag in
> EVP_CIPHER::ctrl otherwise you get the above error (so if you don't
> need that functionality don't use it).
>
even if i set the EVP_CIPH_CTRL_INIT flag to NULL i get this errormessage and on the other hand if the EVP_CIPH_CTRL_INIT is set to des_ctrl
there is a implementation for this in my des-ecb.c

so it seems to be another problem

--
Best regards, Steffen Pankratz.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OSSL 0.9.8 Engine problems

Dr. Stephen Henson
On Wed, Aug 31, 2005, Steffen Pankratz wrote:

> On Tue, 30 Aug 2005 23:53:37 +0200
> even if i set the EVP_CIPH_CTRL_INIT flag to NULL i get this errormessage and on the other hand if the EVP_CIPH_CTRL_INIT is set to des_ctrl
> there is a implementation for this in my des-ecb.c
>
> so it seems to be another problem
>

What value have you used for the flags field in EVP_CIPHER?

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OSSL 0.9.8 Engine problems

Nils Larsch
In reply to this post by Steffen Pankratz
Steffen Pankratz wrote:

> On Tue, 30 Aug 2005 23:53:37 +0200
> Nils Larsch <[hidden email]> wrote:
>
>
>>Steffen Pankratz wrote:
>>...
>>
>>>>well, if openssl is build without DES support the DES nids are not
>>>>added to the internal list of OIDs when OPENSSL_add_all_ciphers is
>>>>called, hence the OBJ_* functions know nothing about DES.
>>>>
>>>
>>>logical
>>>any chance to make openssl aware of -des-ecb when build without DES cipher support using a dynamic Engine module?
>>
>>what about adding the necessary ciphers in the engine initialization
>>function (have a look at crypto/evp/c_allc.c to see which functions
>>are necessary) ?
>
> will try later
> for this i have to load the Engine module before i can use "openssl enc -engine ...", right?

yep, otherwise apps/enc.c doesn't know "-des-ecb".

>
>>>>>but loading seems to be ok
>>>>>
>>>>>openssl enc -engine des-ecb
>>>>>engine "des-ecb" set.
>>>>>
>>>>>i tried a OSSL build with DES cipher support and got this
>>>>>
>>>>>openssl enc -engine des-ecb -e -des-ecb -out testo -in testi
>>>>>parallel processing
>>>>>engine "des-ecb" set.
>>>>>enter des-ecb encryption password:
>>>>>Verifying - enter des-ecb encryption password:
>>>>>Error setting cipher DES-ECB
>>>>>10220:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl operation not implemented:evp_enc.c:533:
>>>>>10220:error:0607B086:digital envelope routines:EVP_CipherInit_ex:initialization error:evp_enc.c:171:
>>>>
>>>>is the EVP_CIPH_CTRL_INIT flag set in the EVP_CIPHER structure ?
>>>
>>>it is (if you like, code is attached)
>>
>>if the flag is set you must provide a support for this flag in
>>EVP_CIPHER::ctrl otherwise you get the above error (so if you don't
>>need that functionality don't use it).
>>
>
> even if i set the EVP_CIPH_CTRL_INIT flag to NULL i get this errormessage and on the other hand if the EVP_CIPH_CTRL_INIT is set to des_ctrl
> there is a implementation for this in my des-ecb.c
>
> so it seems to be another problem

no, I've just tested your code (with some necessary modifications) and
it seems to work. You set the EVP_CIPH_CTRL_INIT (== 64) flag in your
cipher_des_ecb structure hence you must add support for EVP_CTRL_INIT
in the switch statement in your des_ctrl function otherwise it can't
work (or don't set this flag in cipher_des_ecb).

Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OSSL 0.9.8 Engine problems

Steffen Pankratz
On Wed, 31 Aug 2005 22:53:51 +0200
Nils Larsch <[hidden email]> wrote:

> Steffen Pankratz wrote:
> > On Tue, 30 Aug 2005 23:53:37 +0200
> > Nils Larsch <[hidden email]> wrote:
> >
> >
> >>Steffen Pankratz wrote:
> >>...
> >>
> >>>>well, if openssl is build without DES support the DES nids are not
> >>>>added to the internal list of OIDs when OPENSSL_add_all_ciphers is
> >>>>called, hence the OBJ_* functions know nothing about DES.
> >>>>
> >>>
> >>>logical
> >>>any chance to make openssl aware of -des-ecb when build without DES cipher support using a dynamic Engine module?
> >>
> >>what about adding the necessary ciphers in the engine initialization
> >>function (have a look at crypto/evp/c_allc.c to see which functions
> >>are necessary) ?
> >
> > will try later
> > for this i have to load the Engine module before i can use "openssl enc -engine ...", right?
>
> yep, otherwise apps/enc.c doesn't know "-des-ecb".
still no luck with this

while initalizing the engine i do a EVP_add_cipher call with a reference to my EVP_CIPHER struct
in the openssl program i use the engine command to load the engine before i use the enc command

i get a: 'added(des-ecb) DES-ECB engine support'

but enc still doesn't know about -des-ecb, so what did i miss

> >
> >>>>>but loading seems to be ok
> >>>>>
> >>>>>openssl enc -engine des-ecb
> >>>>>engine "des-ecb" set.
> >>>>>
> >>>>>i tried a OSSL build with DES cipher support and got this
> >>>>>
> >>>>>openssl enc -engine des-ecb -e -des-ecb -out testo -in testi
> >>>>>parallel processing
> >>>>>engine "des-ecb" set.
> >>>>>enter des-ecb encryption password:
> >>>>>Verifying - enter des-ecb encryption password:
> >>>>>Error setting cipher DES-ECB
> >>>>>10220:error:0607C085:digital envelope routines:EVP_CIPHER_CTX_ctrl:ctrl operation not implemented:evp_enc.c:533:
> >>>>>10220:error:0607B086:digital envelope routines:EVP_CipherInit_ex:initialization error:evp_enc.c:171:
> >>>>
> >>>>is the EVP_CIPH_CTRL_INIT flag set in the EVP_CIPHER structure ?
> >>>
> >>>it is (if you like, code is attached)
> >>
> >>if the flag is set you must provide a support for this flag in
> >>EVP_CIPHER::ctrl otherwise you get the above error (so if you don't
> >>need that functionality don't use it).
> >>
> >
> > even if i set the EVP_CIPH_CTRL_INIT flag to NULL i get this errormessage and on the other hand if the EVP_CIPH_CTRL_INIT is set to des_ctrl
> > there is a implementation for this in my des-ecb.c
> >
> > so it seems to be another problem
>
> no, I've just tested your code (with some necessary modifications) and
> it seems to work. You set the EVP_CIPH_CTRL_INIT (== 64) flag in your
> cipher_des_ecb structure hence you must add support for EVP_CTRL_INIT
> in the switch statement in your des_ctrl function otherwise it can't
> work (or don't set this flag in cipher_des_ecb).
>
i got it, seems to work now
i hope i did all of the 'some necessary modifications' :)

thank you

--
Hypnos powered by LFS SVN-20041206 (Linux 2.6.12.5)
        visit http://www.kratz00.org/
                        http://liflg.org/

Best regards, Steffen Pankratz.
 
PGP PUBLIC KEY: http://www.kratz00.org/kratz00.at.gmx.de.asc

des-ecb.c (7K) Download Attachment