[tor-dev] Why the limited HW engine algos in crypto.c?

Joshua Datko jbdatko at gmail.com
Mon Oct 28 17:11:37 UTC 2013


Ah yes, thanks.  I will cross-reference the tor spec with openssl and
submit a patch for consideration.


On Mon, Oct 28, 2013 at 9:57 AM, Nick Mathewson <nickm at alum.mit.edu> wrote:

> On Mon, Oct 28, 2013 at 11:46 AM, Joshua Datko <jbdatko at gmail.com> wrote:
> > Why is there a limited set of OpenSSL engine algorithms chosen in
> crypto.c
> > (code below)?
> >
> > log_engine("RSA", ENGINE_get_default_RSA());
> > log_engine("DH", ENGINE_get_default_DH());
> > log_engine("RAND", ENGINE_get_default_RAND());
> > log_engine("SHA1", ENGINE_get_digest_engine(NID_sha1));
> > log_engine("3DES", ENGINE_get_cipher_engine(NID_des_ede3_ecb));
> > log_engine("AES", ENGINE_get_cipher_engine(NID_aes_128_ecb));
>
>
> I think you're misunderstanding that code.  That function is called
> "log_engine", not "load_engine."  The actual loading and registering
> of engines happens earlier in the crypto_global_init() function.  All
> that the log_engine function does is to log a short message about
> which engine was chosen.
>
> That said, it would sure be nice to have a more up-to-date list of
> engines logged. I'd be happy to take a patch for that.
>
>  [...]
> > Also, I was a bit surprised to see ECB mode.  Is it true that ECB, when
> used
> > as a stream generator, is equal to CTR mode?  ECB mode is not mentioned
> in
> > the spec and after some digging, I found a reference to it [1] for
> > encrypting at most one block length of data in the header.
>
> Yup.  It's used to implement counter mode.  "ECB" in this case is an
> alias for "Just the raw AES block function."   Nobody should ever use
> ECB except as a building block for something that isn't ECB.
>
>
> best wishes,
> --
> Nick
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20131028/8486cc63/attachment.html>


More information about the tor-dev mailing list