Re: adding new encryption algorithm to OpenSSL
This explanation may help you to add new algorithms to OpenSSL: http://www.mail-archive.com/openssl-users@openssl.org/msg59630.html On 18 January 2011 08:59, M. V. bored_to_deat...@yahoo.com wrote: hi, for a project, i have to add my own encryption algorithm to racoon (part of ipsec-tools) in freebsd. i realized racoon uses openssl libraries for encryption algorithms. so, i wanted to know , does anyone have any experience in doing such thing? does anyone have any suggestions for me? 1- what's the best and easiest way? adding my algorithm to racoon, openssl or else (as a dynamic library, etc)? 2- is there any example, code template or documentation which could help me doing this? thank you.
[openssl.org #2435] build fails when run inside tee
I am using FreeBSD 8.1-RELEASE amd64 and I am building OpenSSL 1.0.0c When I run `make | tee t` I get output that ends with: /usr/X11R6/bin/perl5 asm/sha1-x86_64.pl elf sha1-x86_64.s gcc -I.. -I../.. -I../asn1 -I../evp -I../../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DWHIRLPOOL_ASM -c -o sha1-x86_64.o sha1-x86_64.s /usr/X11R6/bin/perl5 asm/sha512-x86_64.pl elf sha256-x86_64.s .text .globl sha256_block_data_order .type sha256_block_data_order,@function .align 16 sha256_block_data_order: pushq %rbx ... asm ... .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 gcc -I.. -I../.. -I../asn1 -I../evp -I../../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DWHIRLPOOL_ASM -c -o sha256-x86_64.o sha256-x86_64.s gcc: sha256-x86_64.s: No such file or directory gcc: No input files specified *** Error code 1 This appears to be due to a bug in crypto/perlasm/x86_64-xlate.pl which stats its stdout and its output file to see if it needs to redirect its output. Or it could be due to a bug in the Makefile which invokes the script inconsistently. When it is running inside tee it gets 0,0 for the device and inode of stdout, and undef,undef for the device and inode of the nonexistent output file. These compare numerically equal so it thinks they are the same, and spits its output to stdout instead of redirecting it to the output file. One possibility is to fix the perl script like this: --- crypto/perlasm/x86_64-xlate.pl~ 2010-10-10 22:14:17.0 +0100 +++ crypto/perlasm/x86_64-xlate.pl 2011-01-18 16:49:06.0 + @@ -66,7 +66,7 @@ my ($outdev,$outino,@junk)=stat($output); open STDOUT,$output || die can't open $output: $! - if ($stddev!=$outdev || $stdino!=$outino); + if (!defined($outdev) || $stddev!=$outdev || $stdino!=$outino); } my $gas=1; $gas=0 if ($output =~ /\.asm$/); Alternatively it could be due to a bug in the Makefile which invokes the perl asm scripts inconsistently. --- crypto/sha/Makefile~2008-11-12 08:19:03.0 + +++ crypto/sha/Makefile 2011-01-18 17:06:15.0 + @@ -61,8 +61,8 @@ # Solaris make has to be explicitly told sha1-x86_64.s: asm/sha1-x86_64.pl; $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) $@ -sha256-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@ -sha512-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@ +sha256-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@ +sha512-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@ sha1-sparcv9.s:asm/sha1-sparcv9.pl;$(PERL) asm/sha1-sparcv9.pl $@ $(CFLAGS) sha256-sparcv9.s:asm/sha512-sparcv9.pl;$(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS) sha512-sparcv9.s:asm/sha512-sparcv9.pl;$(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS) Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5 TO 7, DECREASING 4 OR 5, OCCASIONALLY 6 LATER IN HUMBER AND THAMES. MODERATE OR ROUGH. RAIN THEN FAIR. GOOD. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2436] pkcs12 enhancement and a correction to the doc of x509
When converting pkcs12 files with several (CA)-certificates, the resulting pem files do not have a textual view of the certficates, something with is often desirable. The enclosed patch adds support for -text, -nameopt and -certopt parameters to pkcs12 which behave as with the x509 command. and a missing -certopt in synopsis for x509 doc Peter Sylvester diff -r -p openssl-SNAP-20110119/apps/pkcs12.c openssl-SNAP-20110119mod/apps/pkcs12.c *** openssl-SNAP-20110119/apps/pkcs12.c 2010-05-15 03:00:07.0 +0200 --- openssl-SNAP-20110119mod/apps/pkcs12.c 2011-01-19 12:15:44.0 +0100 *** static int set_pbe(BIO *err, int *ppbe, *** 92,97 --- 92,100 int MAIN(int, char **); + unsigned long nmflag = 0, certflag = 0; + int text=0; + int MAIN(int argc, char **argv) { ENGINE *e = NULL; *** int MAIN(int argc, char **argv) *** 130,135 --- 133,139 apps_startup(); + nmflag = 0, certflag = 0; text = 0; enc = EVP_des_ede3_cbc(); if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); *** int MAIN(int argc, char **argv) *** 261,266 --- 265,276 args++; CAfile = *args; } else badarg = 1; + } else if (!strcmp (*args, -text)) + text = 1; + else if (strcmp(*argv,-certopt) == 0) { + badarg = (--argc 1 || !set_cert_ex(certflag, *(++argv))) ; + } else if (strcmp(*argv,-nameopt) == 0) { + badarg = (--argc 1 || !set_name_ex(nmflag, *(++argv))) ; #ifndef OPENSSL_NO_ENGINE } else if (!strcmp(*args,-engine)) { if (args[1]) { *** int MAIN(int argc, char **argv) *** 333,338 --- 343,352 BIO_printf(bio_err,the random number generator\n); BIO_printf(bio_err, -CSP name Microsoft CSP name\n); BIO_printf(bio_err, -LMK Add local machine keyset attribute to private key\n); + BIO_printf(bio_err, -text print certificates in text form\n); + BIO_printf(bio_err, -nameopt arg various certificate name options\n); + BIO_printf(bio_err, -certopt arg various certificate text options\n); + goto end; } *** int dump_certs_pkeys_bag (BIO *out, PKCS *** 799,805 if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) return 1; if (!(x509 = PKCS12_certbag2x509(bag))) return 0; ! dump_cert_text (out, x509); PEM_write_bio_X509 (out, x509); X509_free(x509); break; --- 813,822 if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) return 1; if (!(x509 = PKCS12_certbag2x509(bag))) return 0; ! if (text) ! X509_print_ex(out,x509,nmflag,certflag); ! else ! dump_cert_text (out, x509); PEM_write_bio_X509 (out, x509); X509_free(x509); break; diff -r -p openssl-SNAP-20110119/doc/apps/pkcs12.pod openssl-SNAP-20110119mod/doc/apps/pkcs12.pod *** openssl-SNAP-20110119/doc/apps/pkcs12.pod 2006-12-21 22:00:35.0 +0100 --- openssl-SNAP-20110119mod/doc/apps/pkcs12.pod 2011-01-19 14:30:19.0 +0100 *** Bopenssl Bpkcs12 *** 40,45 --- 40,48 [B-CAfile file] [B-CApath dir] [B-CSP name] + [B-text] + [B-certopt option] + [B-nameopt option] =head1 DESCRIPTION *** write Bname as a Microsoft CSP name. *** 282,287 --- 285,317 =back + =head2 DISPLAY OPTIONS + + Note: Details of these options are defined + + =over 4 + + =item B-text + + prints out any certificate in text form as with Lx509(1). + + =item B-certopt option + + customise the output format used with B-text. The Boption argument can be + a single option or multiple options separated by commas. The B-certopt switch + may be also be used more than once to set multiple options. See the (see + Lx509(1) for details for the options. + + =item B-nameopt option + + option which determines how the subject or issuer names are displayed. The + Boption argument can be a single option or multiple options separated by + commas. Alternatively the B-nameopt switch may be used more than once to + set multiple options. See the BNAME OPTIONS section of Lx509(1) for more + information. + + =back + =head1 NOTES Although there are a large number of options most of them are very rarely *** file from the keys and certificates usin *** 359,363 =head1 SEE ALSO ! Lpkcs8(1)|pkcs8(1) --- 389,393 =head1 SEE ALSO ! Lpkcs8(1)|pkcs8(1)|x509(1) diff -r -p openssl-SNAP-20110119/doc/apps/x509.pod openssl-SNAP-20110119mod/doc/apps/x509.pod *** openssl-SNAP-20110119/doc/apps/x509.pod 2010-01-12 19:00:15.0 +0100 --- openssl-SNAP-20110119mod/doc/apps/x509.pod 2011-01-19 14:30:43.0 +0100 *** Bopenssl Bx509 *** 48,53 --- 48,54 [B-CAcreateserial] [B-CAserial filename] [B-text] + [B-certopt option] [B-C] [B-md2|-md5|-sha1|-mdc2] [B-clrext]