scrypt as a PKEY KDF

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

scrypt as a PKEY KDF

Johannes Bauer-2
Hi list,

I've been trying for a while to get scrypt and PBKDF2 exposed via the
command line interface. My original attempt was rejected and I thought I
wouldn't care anymore. But then I picked it up and implemented the route
that Stephen suggested (https://github.com/openssl/openssl/pull/1533).

Surprisingly, it wasn't too difficult and I have a first shot that
somwhat works with scrypt. Much of the work was figuring out how/where
to properly register NIDs and such.

So now I do have two questions. First, could someone please provide
feedback if this is generally the correct way I'm going at it? Secondly,
I'm having a concrete and really bad issue: failing tests. I haven't
actually *added* tests for the scrypt PKEY yet and am seeing failing
tests in the PKEY facility at places that I haven't touched --
therefore, I'm completely clueless why this is happening. Concretely,
this is what I'm seeing:

$ TESTS=30 HARNESS_VERBOSE=1 make test


[...]        # INFO:  @ test/evp_test.c:2263
        # recipes/30-test_evp_data/evpmac.txt:20: Source of above error;
unexpected error MAC_PKEY_CTX_ERROR
        # 140208181980992:error:0609D09C:digital envelope
routines:int_ctx_new:unsupported algorithm:crypto/evp/pmeth_lib.c:130:
        # ERROR: (ptr) 'genctx = EVP_PKEY_CTX_new_id(expected->type,
NULL) != NULL' failed @ test/evp_test.c:900
        # 0x0

[...

        # INFO:  @ test/evp_test.c:2263
        # recipes/30-test_evp_data/evppkey.txt:17379: Source of above
error; unexpected error DIGESTSIGNINIT_ERROR
        # 139826426584896:error:0609D09C:digital envelope
routines:int_ctx_new:unsupported algorithm:crypto/evp/pmeth_lib.c:130:
        # INFO:  @ test/evp_test.c:2263
        # recipes/30-test_evp_data/evppkey.txt:17386: Source of above
error; unexpected error DIGESTSIGNINIT_ERROR
        # 139826426584896:error:0609D09C:digital envelope
routines:int_ctx_new:unsupported algorithm:crypto/evp/pmeth_lib.c:130:


They point to test source data of SipHash and somewhere in Ed25519 code.
Nothing I've touched in a mile. Yet, clearly, my branch is the source of
the error. So any pointers on what I messed up would be very much
appreciated.

You can view my code at

https://github.com/openssl/openssl/compare/master...johndoe31415:new_kdfs

Thanks for your time,
Cheers,
Johannes
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev