Ah yes, thanks. I will cross-reference the tor spec with openssl and submit a patch for consideration.
On Mon, Oct 28, 2013 at 9:57 AM, Nick Mathewson nickm@alum.mit.edu wrote:
On Mon, Oct 28, 2013 at 11:46 AM, Joshua Datko jbdatko@gmail.com wrote:
Why is there a limited set of OpenSSL engine algorithms chosen in
crypto.c
(code below)?
log_engine("RSA", ENGINE_get_default_RSA()); log_engine("DH", ENGINE_get_default_DH()); log_engine("RAND", ENGINE_get_default_RAND()); log_engine("SHA1", ENGINE_get_digest_engine(NID_sha1)); log_engine("3DES", ENGINE_get_cipher_engine(NID_des_ede3_ecb)); log_engine("AES", ENGINE_get_cipher_engine(NID_aes_128_ecb));
I think you're misunderstanding that code. That function is called "log_engine", not "load_engine." The actual loading and registering of engines happens earlier in the crypto_global_init() function. All that the log_engine function does is to log a short message about which engine was chosen.
That said, it would sure be nice to have a more up-to-date list of engines logged. I'd be happy to take a patch for that.
[...]
Also, I was a bit surprised to see ECB mode. Is it true that ECB, when
used
as a stream generator, is equal to CTR mode? ECB mode is not mentioned
in
the spec and after some digging, I found a reference to it [1] for encrypting at most one block length of data in the header.
Yup. It's used to implement counter mode. "ECB" in this case is an alias for "Just the raw AES block function." Nobody should ever use ECB except as a building block for something that isn't ECB.
best wishes,
Nick _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev