Export regulations and DES-only crypto and 'Ohhhh jeeee'
lanas
lanas at securenet.net
Fri Aug 8 00:31:24 CEST 2008
Hallo,
> Assuming you are in the US, that is not true. These
> restrictions have been dropped several years ago. Except for
> some banned countries.
It's not the US. It's a more conservative country (regarding this)
located north of the US ;-)
>> ./configure --enable-ciphers="des rfc2268"
>> I've seen that if RC2 is not included, then the build fails. It
> I doubt that. rc2 is not different from the other ciphers.
You are right as far as I've verified the version that was used. It
was 1.2.3 so I upgraded to 1.4.1 before doing anything else new. The
problem was there in 1.2.3, but not in 1.4.1 now.
So now I'm using 1.4.1.
In a vague attempt at finding out the cause of the problem, I've also
added a printf() statement in:
cipher.c:
cipher_get_keylen (int algorithm)
{
[...]
ath_mutex_lock (&ciphers_registered_lock);
printf("Looking for algorithm: %d\n", algorithm);
[...]
}
The above will be shown in the results below.
So now I'm doing:
./configure --enable-ciphers="des"
make
make check
And the result is:
PASS: ac-schemes
PASS: ac-data
Looking for algorithm: 302
Looking for algorithm: 302
Looking for algorithm: 302
Looking for algorithm: 302
Looking for algorithm: 302
Looking for algorithm: 302
Looking for algorithm: 2
Looking for algorithm: 2
Looking for algorithm: 2
Looking for algorithm: 2
Looking for algorithm: 2
Looking for algorithm: 2
aes-cbc-cts, grcy_open_cipher failed: Invalid cipher algorithm
cbc-mac algo 7, grcy_open_cipher failed: Invalid cipher algorithm
aes-ctr, grcy_open_cipher failed: Invalid cipher algorithm
aes-cfb, grcy_open_cipher failed: Invalid cipher algorithm
aes-ofb, grcy_open_cipher failed: Invalid cipher algorithm
FAIL: basic
Further down we find the results of some tests:
ECB CBC
--------------- --------------- etc...
Looking for algorithm: 2
3DES 140ms 150ms 150ms 160ms
Looking for algorithm: 302
DES 60ms 60ms 60ms 60ms
And of course, the error is reported at the conclusion:
PASS: benchmark
========================================
1 of 16 tests failed
Please report to bug-libgcrypt at gnupg.org
========================================
make[2]: *** [check-TESTS] Error 1
make[2]: Leaving directory
`/data/debian386/rr1/dists/rr1/sandbox/libgcrypt11/libgcrypt11-1.4.1.rr1/tests'
make[1]: *** [check-am] Error 2
make[1]: Leaving directory
`/data/debian386/rr1/dists/rr1/sandbox/libgcrypt11/libgcrypt11-1.4.1.rr1/tests'
make: *** [check-recursive] Error 1
So this is one problem.
Now, since I do not want 3DES, I edit cipher.c to comment it out:
../cipher/cipher.c
#if USE_DES
{ &_gcry_cipher_spec_des, GCRY_CIPHER_DES },
/* { &_gcry_cipher_spec_tripledes, GCRY_CIPHER_3DES }, */
#endif
A grep on USE_CAST5, done after the configure step below,returns:
grep -r USE_CAST5 *
cipher/cipher.c:#if USE_CAST5
config.h:/* #undef USE_CAST5 */
config.h.in:#undef USE_CAST5
configure:#define USE_CAST5 1
configure.ac: AC_DEFINE(USE_CAST5, 1, [Defined if this module should be included])
tests/basic.c:#if USE_CAST5
And then I do:
make clean
./configure --enable-ciphers="des"
make
make check
(I probably do not need to reconfigure ...)
And then, we do not have the above error, but instead we have the Ohhh
jeee error:
PASS: ac-schemes
PASS: ac-data
Looking for algorithm: 302
Looking for algorithm: 302
Looking for algorithm: 302
Looking for algorithm: 302
Looking for algorithm: 302
Looking for algorithm: 302
Looking for algorithm: 2
Ohhhh jeeee: cipher 2 not found
/bin/sh: line 4: 24082 Aborted ${dir}$tst
FAIL: basic
ECB CBC
--------------- --------------- etc...
Looking for algorithm: 302
DES 60ms 60ms 60ms 70ms
And everything else passes OK, amd one error is reported at the end at
the conclusion.
I do not see why it tries to access algorithm # 2 even though it's
comment out of the definition. Could it be that a DES structure
implicitly makes a reference to 3DES even though it's, in this case,
not wanted ?
Let me know if I can be of any help.
Vielen dank für ihre Hilfe !
Tschüß.
More information about the Gcrypt-devel
mailing list