Re: load_builtin_engines in Linux
Hello, sorry for bumping my question, but I was just wondering, wether might have posted it to the wrong list? cheers Mathias Hy! I want to use a Luna HSM with openssl, so I have downloaded the coresponding patch whic creates an engine and built it (version 0.9.8e). The problem is, that it is not working, because the engine is not a dynamic one but a builtin, and the ENGINE_load_lunaca3 function is nowhere executed. I du through the source code and found the load_builtin_engines function which should do the desired. It is executed via the apps_startup functions (defined in apps.h) in some envorinments but not in linux. Is there any particular reason why this is not done? Can I do any harm, if I just add this function to add_startup in a standard linux envornment? cheers Mathias __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: AES counter mode support missing from EVP
On Tue, 29 Apr 2008, Dr. Stephen Henson wrote: the problem is that now one can't offload AES counter modes to the engine unless the application itself specifies its own EVP functions and structures. However, even then, counter mode IDs and names are missing from obj*.h files so functions like OBJ_nid2sn() crash. That happens with openssl engine -c, for example. It is enough to add following 3 lines to objects.txt so that AES counter mode can be offloaded to the engine using the workaround mentioned: : AES-128-CTR : aes-128-ctr : AES-192-CTR : aes-192-ctr : AES-256-CTR : aes-256-ctr It would be better is standard OIDs existed for these modes and those were added instead. You can create OIDs dynamically with OBJ_create() too, that should work without the need to modify OpenSSL at all. aha, thanks, that's a good idea. It seems to me that I can't use OBJ_create() without providing an OID but ASN1_OBJECT_create() + OBJ_add_object() is OK for me and no phony OIDs are used then. J. -- Jan Pechanec __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]