How to Add new Mode to DES and AES
I am doing some research works on openssl source code, where I need to add some additional mode of operation to openssl, so that the mode is available on openssl app. Formerly I was working on the openssl-0.9.6h code, I did some modification on the following files: ./crypto/evp/c_allc.c ./apps/progs.pl ./crypto/evp/e_des.c ./crypto/evp/evp.h ./crypto/objects/obj_mac.num ./crypto/objects/objects.txt ./crypto/evp/evp_enc.c ./crypto/des/Makefile and added ./crypto/des/ectr_enc.c file (my implementation of counter mode, modified version) and it works. Now I just downloaded openssl-0.9.7b, and I did a manual migrate of all modification I did, to the new source tree. and the compilation error occured as: objects.txt:25:Undefined identifier X9_62_id_fieldType btw, is there any guides that can summarize how to add new mode of operation to openssl ?? Why the changing from 0.9.6h to 0.9.7b makes so many changes? I did noticed that in file ./crypto/evp/e_des.c the expression ctx->c.des_ks is changed to ctx->cipher_data. I need to do the following: 1 add modes to DES, and AES 2 later ensure these modes are useable through TLS or SSL appreciate helps, especially guides to add new mode to DES and AES thanks. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #647] Bug in X509_load_cert_crl_file()
is this slurpee? e-mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: opensc engine and s_client
On Wednesday 23 July 2003 07:44 pm, Dr. Stephen Henson wrote: > On Wed, Jul 23, 2003, Kevin Stefanik wrote: > > Someone asked about getting the s_client app working to test the opensc > > engine for openssl 0.9.7b. From what I can tell, s_client doesn't accept > > a -keyform argument and assumes that the key is in a file. Any > > objections or recommendations if I attempt to change that as below? The > > only real headache will be getting the engine function references into > > the right place. Can I use the SSL_CTX structure that's already being > > passed in for that? > > The easiest way to handle this is to get the key into an EVP_PKEY structure > using load_key() as the other apps do and then pass that to > SSL_CTX_use_PrivateKey(). That way you don't need to make any changes to > the SSL library. > Then it would have to use the UI_METHOD structure for user interface routines instead of the callbacks in SSL_CTX? Right now, s_client doesn't call setup_ui_method. Kevin __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #666] Optimization only with maximal -01
Attached three testlog-Outputs The Hint in INSTALL: If a test fails, look at the output. There may be reasons for the failure that isn't a problem in OpenSSL itself (like a missing or malfunctioning bc). >> If it is a problem with OpenSSL itself, >> try removing any compiler optimization flags from the CFLAG >> line in Makefile.ssl and run "make clean; make". Please send a bug report to <[EMAIL PROTECTED]>, including the output of "make report" in order to be added to the request tracker at http://www.openssl.org/support/rt2.html. helps fine. MfG Klaus-Peter Kuppinger __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: [openssl.org #665] Missing header file
Thankyou for the information. The linuxsocket.org sample program does not include the opensslconf.h header file so I was unaware it was needed. RW -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Lutz Jaenicke via RT Sent: Thursday, July 24, 2003 8:39 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [openssl.org #665] Missing header file On Thu, Jul 24, 2003 at 03:29:34PM +0200, Ron Whiteside via RT wrote: > > Standard Red Hat Linux 9 as shipped on their CD's. In this case I would recommend to send a bug report to Redhat; seems they do not have their dependencies set up correctly. The NO_KRB5 setting is contained in opensslconf.h if KRB5 support is not compiled in. If this does not hold on Red Hat Linux, their corresponding dependencies should be set, such that openssl-dev would require krb5-dev (or whatever the exact packages might be... gssapi??) Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #655] Kerberos: solaris 9 openssl-0.9.7b compileproblem
Remove "FAR" from the two locations it is specified in the KSSL_CTX data structure. MIT Kerberos 1.3 no longer provides dummy definitions for "FAR" as all support for 16-bit platforms (MS-DOS) has been removed. Jeffrey Altman Wayne Rasmussen via RT wrote: config -t results in: Configuring for solaris-sparcv9-gcc /bin/perl ./Configure solaris-sparcv9-gcc --with-krb5-flavor=MIT make has the following warnings: a_type.c:74: warning: dereferencing type-punned pointer will break strict-aliasing rules x_name.c:171: warning: dereferencing type-punned pointer will break strict-aliasing rules x_name.c:177: warning: dereferencing type-punned pointer will break strict-aliasing rules x_name.c:239: warning: dereferencing type-punned pointer will break strict-aliasing rules x_name.c:242: warning: dereferencing type-punned pointer will break strict-aliasing rules pem_lib.c:479: warning: dereferencing type-punned pointer will break strict-aliasing rules ../include/openssl/kssl.h:134: warning: no semicolon at end of struct or union ../include/openssl/kssl.h:135: warning: type defaults to `int' in declaration of `KSSL_CTX' ../include/openssl/kssl.h:135: warning: data definition has no type or storage class ../include/openssl/kssl.h:148: warning: type defaults to `int' in declaration of `kssl_ctx_new' ../include/openssl/kssl.h:148: warning: data definition has no type or storage class ../include/openssl/kssl.h:149: warning: type defaults to `int' in declaration of `kssl_ctx_free' ../include/openssl/kssl.h:149: warning: data definition has no type or storage class ../include/openssl/ssl.h:909: warning: no semicolon at end of struct or union smime.p7s Description: S/MIME Cryptographic Signature
Re: [openssl.org #665] Missing header file
On Thu, Jul 24, 2003 at 03:29:34PM +0200, Ron Whiteside via RT wrote: > > Standard Red Hat Linux 9 as shipped on their CD's. In this case I would recommend to send a bug report to Redhat; seems they do not have their dependencies set up correctly. The NO_KRB5 setting is contained in opensslconf.h if KRB5 support is not compiled in. If this does not hold on Red Hat Linux, their corresponding dependencies should be set, such that openssl-dev would require krb5-dev (or whatever the exact packages might be... gssapi??) Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: opensc engine and s_client
On Wednesday 23 July 2003 07:44 pm, Dr. Stephen Henson wrote: > On Wed, Jul 23, 2003, Kevin Stefanik wrote: > > Someone asked about getting the s_client app working to test the opensc > > engine for openssl 0.9.7b. From what I can tell, s_client doesn't accept > > a -keyform argument and assumes that the key is in a file. Any > > objections or recommendations if I attempt to change that as below? The > > only real headache will be getting the engine function references into > > the right place. Can I use the SSL_CTX structure that's already being > > passed in for that? > > The easiest way to handle this is to get the key into an EVP_PKEY structure > using load_key() as the other apps do and then pass that to > SSL_CTX_use_PrivateKey(). That way you don't need to make any changes to > the SSL library. > > > Also, is there a way to load certificates through the engine interface? > > Not in 0.9.7. The storage engines in 0.9.8 should support that though. > > Steve. Thanks for the info. Just modifying set_cert_stuff to call the engine key loading is much easier; as long as it's clean enough. Are the storage engines in development or just planning stages, now? Where can I peek for more info? Kevin __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: [openssl.org #665] Missing header file
Standard Red Hat Linux 9 as shipped on their CD's. RW -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Lutz Jaenicke via RT Sent: Thursday, July 24, 2003 8:23 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [openssl.org #665] Missing header file On Thu, Jul 24, 2003 at 03:08:42PM +0200, Ron Whiteside via RT wrote: > > I understand that. I think you could include a dummy header file: > #define OpenSSL_NO_KRB5 The default is to build without KRB5 support. Related problems should only occur, if the user explicitly demands KRB5 support. What were your configuration options? Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #665] Missing header file
On Thu, Jul 24, 2003 at 03:08:42PM +0200, Ron Whiteside via RT wrote: > > I understand that. I think you could include a dummy header file: > #define OpenSSL_NO_KRB5 The default is to build without KRB5 support. Related problems should only occur, if the user explicitly demands KRB5 support. What were your configuration options? Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: [openssl.org #665] Missing header file
I understand that. I think you could include a dummy header file: #define OpenSSL_NO_KRB5 RW -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Lutz Jaenicke via RT Sent: Thursday, July 24, 2003 1:58 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [openssl.org #665] Missing header file On Thu, Jul 24, 2003 at 08:40:10AM +0200, Ron Whiteside via RT wrote: > > The krb5.h header file is missing from the tar ball openssl-0.9.7b. The krb5.h header file is part of the Kerberos suite. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]