[tor-dev] Why the limited HW engine algos in crypto.c?
jbdatko at gmail.com
Mon Oct 28 17:11:37 UTC 2013
Ah yes, thanks. I will cross-reference the tor spec with openssl and
submit a patch for consideration.
On Mon, Oct 28, 2013 at 9:57 AM, Nick Mathewson <nickm at alum.mit.edu> wrote:
> On Mon, Oct 28, 2013 at 11:46 AM, Joshua Datko <jbdatko at gmail.com> wrote:
> > Why is there a limited set of OpenSSL engine algorithms chosen in
> > (code below)?
> > log_engine("RSA", ENGINE_get_default_RSA());
> > log_engine("DH", ENGINE_get_default_DH());
> > log_engine("RAND", ENGINE_get_default_RAND());
> > log_engine("SHA1", ENGINE_get_digest_engine(NID_sha1));
> > log_engine("3DES", ENGINE_get_cipher_engine(NID_des_ede3_ecb));
> > log_engine("AES", ENGINE_get_cipher_engine(NID_aes_128_ecb));
> I think you're misunderstanding that code. That function is called
> "log_engine", not "load_engine." The actual loading and registering
> of engines happens earlier in the crypto_global_init() function. All
> that the log_engine function does is to log a short message about
> which engine was chosen.
> That said, it would sure be nice to have a more up-to-date list of
> engines logged. I'd be happy to take a patch for that.
> > Also, I was a bit surprised to see ECB mode. Is it true that ECB, when
> > as a stream generator, is equal to CTR mode? ECB mode is not mentioned
> > the spec and after some digging, I found a reference to it  for
> > encrypting at most one block length of data in the header.
> Yup. It's used to implement counter mode. "ECB" in this case is an
> alias for "Just the raw AES block function." Nobody should ever use
> ECB except as a building block for something that isn't ECB.
> best wishes,
> tor-dev mailing list
> tor-dev at lists.torproject.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tor-dev