[openssl.org #16] openssl-engine-0.9.6d-beta1 crypto/Makefile.ssl patch
[[EMAIL PROTECTED] - Wed May 1 12:20:35 2002]: ! echo #define DATE \`date`\; \ ! echo #define DATE \`LC_TIME=C date`\; \ Is anybody aware of a platform on which this would cause trouble? Best regards, Lutz __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Integration of AES algorith to OpenSSL Crypto library
Hi, I have one question regarding internals of OpenSSL Crypto library. The situation is as follows: I am going to integrate AES cipher to OpenSSL Crypto library. Regarding of AES algorithm implemnetation - we have the following functions: //rijndael_setup() should be called at startup of the programvoid rijndael_setup(RIJNDAEL_context *ctx, size_t keysize, const UINT8 *key); //rijndael_encrypt() should be called for every 16 bytes of the stream to be encryptedvoid rijndael_encrypt(RIJNDAEL_context *context, const UINT8 *plaintext, UINT8 *ciphertext); //rijndael_decrypt() should be called for every 16 bytes of the stream to be decryptedvoid rijndael_decrypt(RIJNDAEL_context *context, const UINT8 *ciphertext, UINT8 *plaintext); The question: Is anybody here who canprovide me someguidelinesonthe integration of AES cipher to OpenSSL Crypto library ? What files should be changed/customized ? Thanks, in advance. -Best regards,Ildar GabdullineProject Manager, STELT Telecommailto : [EMAIL PROTECTED]WWW : www.realeast.ru
Re: Integration of AES algorith to OpenSSL Crypto library
On Thu, May 02, 2002 at 04:33:54PM +0400, Ildar Gabdulline wrote: I have one question regarding internals of OpenSSL Crypto library. The situation is as follows: I am going to integrate AES cipher to OpenSSL Crypto library. Regarding of AES algorithm implemnetation - we have the following functions: //rijndael_setup() should be called at startup of the program void rijndael_setup(RIJNDAEL_context *ctx, size_t keysize, const UINT8 *key); //rijndael_encrypt() should be called for every 16 bytes of the stream to be encrypted void rijndael_encrypt(RIJNDAEL_context *context, const UINT8 *plaintext, UINT8 *ciphertext); //rijndael_decrypt() should be called for every 16 bytes of the stream to be decrypted void rijndael_decrypt(RIJNDAEL_context *context, const UINT8 *ciphertext, UINT8 *plaintext); The question: Is anybody here who can provide me some guidelines on the integration of AES cipher to OpenSSL Crypto library ? What files should be changed/customized ? Have a look into the upcoming 0.9.7 version of OpenSSL. AES is integrated into it. Just do it the same way we did it. Hmm, or even just stop wasting your time, because it is already in there :-) Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Questions about PKI
SAHKI K?vin 1 avenue Pierre S?mard 94200 Ivrys Sur Seine [EMAIL PROTECTED] Mr or Mrs, I'm a sudent in network technologie at EPITA (a french computing school in Paris) and I'm in telecommunication specialisation. I've to do a report on PKI. More exactely my report deals about the comparaison of the different PKI solution. During my research, I've discovered your PKI products. I would like to know if you could help me sending me some technical documentations in order to compare your products with other PKI products. I think that there are 5 PKI families: - open products like OpenCA - products to build a in house PKI like Baltimore, Entrust... - integrated product like Windows 2000 - outsourcing PKI infrastructure - certification autority who only deliver certification like enditrust or click and trust. During my research I have found different point to compare the PKI : - Certificate support - Revocation methods - Scalability - Security - PKI topologies - Registration mechanisms for all the functions (email, VPN, Web ...) - Directory support - Smart Card support - Key management - Interoperability - Algorithm supported In order to make easy this comparaison I have created a comparaison table. I've joined this Excel table (tableau_PKI.xls). I would be glade if you could fill it. Thank you for your time and your interest. I'm looking foreward to reading you. Yours sincerely tableau_PKI.xls Description:
Re: Questions about PKI
Hi Kevin, First of all, you're addressing your request to a developper only mailing-list (openssl-dev). That's bad. Second point, it seems you didn't understand that OpenSSL is not a PKI product in itself, built by a company. It's an open source API, developed by volunteers within their spare free time. Last point, I don't think that your teacher would like those volunteers to do your job. If *they* fill in your Excel document, who will get the note? Did you really understand what your teacher asked you to do? On Thu, 2 May 2002, kevin sahki wrote: Mr or Mrs, I'm a sudent in network technologie at EPITA (a french computing school in Paris) and I'm in telecommunication specialisation. I've to do a report on PKI. More exactely my report deals about the comparaison of the different PKI solution. During my research, I've discovered your PKI products. I would like to know if you could help me sending me some technical documentations in order to compare your products with other PKI products. I think that there are 5 PKI families: - open products like OpenCA - products to build a in house PKI like Baltimore, Entrust... - integrated product like Windows 2000 - outsourcing PKI infrastructure - certification autority who only deliver certification like enditrust or click and trust. During my research I have found different point to compare the PKI : - Certificate support - Revocation methods - Scalability - Security - PKI topologies - Registration mechanisms for all the functions (email, VPN, Web ...) - Directory support - Smart Card support - Key management - Interoperability - Algorithm supported In order to make easy this comparaison I have created a comparaison table. I've joined this Excel table (tableau_PKI.xls). I would be glade if you could fill it. Thank you for your time and your interest. I'm looking foreward to reading you. Yours sincerely -- Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5 - Pour moi, que ce soit fr.rec.arts.musique.variete ou fr.rect.arts.chansons, c négatif, parce que je considére pas la musique comme un art, -+- BenC in http://neuneu.mine.nu : Neuneu joue du pipo. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
a question about IDEA
Dear Sir:
In the IDEA cryption test program cfb64_test, I don't know why we must
use encrytion key as decryption key. can you tell me the reason.
static int cfb64_test(unsigned char *cfb_cipher)
{
IDEA_KEY_SCHEDULE eks,dks;
int err=0,i,n;
idea_set_encrypt_key(cfb_key,eks);
idea_set_decrypt_key(eks,dks);
memcpy(cfb_tmp,cfb_iv,8);
n=0;
idea_cfb64_encrypt(plain,cfb_buf1,(long)12,eks, cfb_tmp,n,IDEA_ENCRYPT);
idea_cfb64_encrypt((plain[12]),(cfb_buf1[12]), (long)CFB_TEST_SIZE-12,eks,
cfb_tmp,n,IDEA_ENCRYPT);
if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0)
{
err=1;
printf(idea_cfb64_encrypt encrypt error\n);
for (i=0; iCFB_TEST_SIZE; i+=8)
printf(%s\n,pt((cfb_buf1[i])));
}
memcpy(cfb_tmp,cfb_iv,8);
n=0;
//Why we must first use encryption key to decrypt the 17 bytes data at the
begining of the encrypted data
idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,eks, cfb_tmp,n,IDEA_DECRYPT);
encryption key
//Then we use decryption key to decrypt the else encrypted data
idea_cfb64_encrypt((cfb_buf1[17]),(cfb_buf2[17]),
(long)CFB_TEST_SIZE-17,dks, cfb_tmp,n,IDEA_DECRYPT);
decryption key
if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)
{
err=1;
printf(idea_cfb_encrypt decrypt error\n);
for (i=0; i24; i+=8)
printf(%s\n,pt((cfb_buf2[i])));
}
return(err);
}
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: Integration of AES algorith to OpenSSL Crypto library
Yes, I've got recent 0.9.7 snapshot but openvpn crashes when I link it with the snapshot. I am going to minimize scope of the problem as follows: 1. get stable 0.9.6 release 2. get only AES code and integrate it to 0.9.6 So, I need to know the process of integration of new cipher to Crypto library. I've tried to place the directory with new cipher (aes) inside of the crypto directory, modified root Makefile.ssl and crypto/Makefile.ssl however it seems that it is not enough - new codec does not appear in the list of supported codecs of openvpn executable. So, Is there some HOWTO and another document that shows the process of integration of new codec to Crypto library ? Thanks, in advance. Ildar. - Original Message - From: Richard Levitte - VMS Whacker [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, May 02, 2002 5:09 PM Subject: Re: Integration of AES algorith to OpenSSL Crypto library Uhmm, have you considered looking at recent snapshots? In message 017001c1f1d5$a102fc20$[EMAIL PROTECTED] on Thu, 2 May 2002 16:33:54 +0400, Ildar Gabdulline [EMAIL PROTECTED] said: ildar Hi, ildar ildar I have one question regarding internals of OpenSSL Crypto library. ildar ildar ildar - --- ildar The situation is as follows: ildar ildar I am going to integrate AES cipher to OpenSSL Crypto library. ildar Regarding of AES algorithm implemnetation - we have the following functions: ildar file://rijndael_setup() should be called at startup of the program ildar void rijndael_setup(RIJNDAEL_context *ctx, size_t keysize, const UINT8 *key); ildar file://rijndael_encrypt() should be called for every 16 bytes of the stream to be encrypted ildar void rijndael_encrypt(RIJNDAEL_context *context, const UINT8 *plaintext, UINT8 *ciphertext); ildar file://rijndael_decrypt() should be called for every 16 bytes of the stream to be decrypted ildar void rijndael_decrypt(RIJNDAEL_context *context, const UINT8 *ciphertext, UINT8 *plaintext); ildar ildar ildar - --- ildar ildar The question: ildar ildar Is anybody here who can provide me some guidelines on the integration of AES cipher to OpenSSL Crypto library ? ildar What files should be changed/customized ? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Integration of AES algorith to OpenSSL Crypto library
On Thu, May 02, 2002 at 11:51:49PM +0400, Ildar Gabdulline wrote: I've got recent 0.9.7 snapshot but openvpn crashes when I link it with the snapshot. I am going to minimize scope of the problem as follows: 1. get stable 0.9.6 release 2. get only AES code and integrate it to 0.9.6 OpenSSL 0.9.7 will go beta soon. We intended to start beta this week, but we probably won't manage it before the weekend, so it will become next week. The problem with openvpn thus has to be resolved in the next weeks anyway, so I would rather suppose to spend your time in this direction. So, I need to know the process of integration of new cipher to Crypto library. I've tried to place the directory with new cipher (aes) inside of the crypto directory, modified root Makefile.ssl and crypto/Makefile.ssl however it seems that it is not enough - new codec does not appear in the list of supported codecs of openvpn executable. Ask the author, James Yonan, he is around on this list. And with him around asking about EVP-problems I am would guess that he already nailed down the problem with 0.9.7. Best regards, Lutz PS. Look out for OpenSSL_add_all_ciphers() to get an idea on what might be missing when integrating a new cipher. -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Integration of AES algorith to OpenSSL Crypto library
Thus spake Ildar Gabdulline: Yes, I've got recent 0.9.7 snapshot but openvpn crashes when I link it with the snapshot. I am going to minimize scope of the problem as follows: 1. get stable 0.9.6 release 2. get only AES code and integrate it to 0.9.6 Perhaps you should figure out why openvpn is crashing instead of trying to re-do work which has already been done. AES is already integrated, so if there's a bug, let us know and we'll fix it. S -- Stephen Sprunk So long as they don't get violent, I want to CCIE #3723 let everyone say what they wish, for I myself have K5SSSalways said exactly what pleased me. --Albert Einstein __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
