Re: some questions about openssl
On Fri June 3 2011, loody wrote: hi: 2011/4/20 Mike Mohr akih...@gmail.com: IMHO openssl is unsuitable for this purpose. Openssl is really good at what it does, don't get me wrong, but using it in a boot loader probably isn't the easiest/smartest idea. What you really want is a subset of PKCS#1 - that is, EMSA-PSS encoding and verification plus RSASP1/RSAVP1. I'm working on some code which happens to implement exactly this feature set using GMP, and it could trivially be ported to some smaller bigint library. I release all my code under GPL3+, and you're welcome to use it as such - but it sounds like you're working on some tivoized system, which is incompatible with GPL3. If your working on a boot loader for something like a media player device, you probably just want to use the SoC's built-in AES and SHA instructions directly. (another) Mike Mike I found a link as below: http://tree.celinuxforum.org/pipermail/celinux-dev/2006-August/001277.html I don't try it yet, and I'm quite curious whether it is possible for combining openssl with standalone program? Except license issue, openssl need a lot c lib help, right? Or it is possible if we only use RSA and SHA1 part of openssl? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: some questions about openssl
hi: 2011/4/20 Mike Mohr akih...@gmail.com: IMHO openssl is unsuitable for this purpose. Openssl is really good at what it does, don't get me wrong, but using it in a boot loader probably isn't the easiest/smartest idea. What you really want is a subset of PKCS#1 - that is, EMSA-PSS encoding and verification plus RSASP1/RSAVP1. I'm working on some code which happens to implement exactly this feature set using GMP, and it could trivially be ported to some smaller bigint library. I release all my code under GPL3+, and you're welcome to use it as such - but it sounds like you're working on some tivoized system, which is incompatible with GPL3. Mike I found a link as below: http://tree.celinuxforum.org/pipermail/celinux-dev/2006-August/001277.html I don't try it yet, and I'm quite curious whether it is possible for combining openssl with standalone program? Except license issue, openssl need a lot c lib help, right? Or it is possible if we only use RSA and SHA1 part of openssl? -- Regards, __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
some questions about openssl
hi all: My quesitons about openssl are below: 1. I want to take advantage of RSA and SHA in openssl for secure booting. Can they run as standalone program, that means they can run without libc support. 2. I want RSA and sha authentication run in DRAM instead of flash, such that the speed will be faster. Is that possible to fix the link address of openssl? -- Regards, miloody __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: some questions about openssl
IMHO openssl is unsuitable for this purpose. Openssl is really good at what it does, don't get me wrong, but using it in a boot loader probably isn't the easiest/smartest idea. What you really want is a subset of PKCS#1 - that is, EMSA-PSS encoding and verification plus RSASP1/RSAVP1. I'm working on some code which happens to implement exactly this feature set using GMP, and it could trivially be ported to some smaller bigint library. I release all my code under GPL3+, and you're welcome to use it as such - but it sounds like you're working on some tivoized system, which is incompatible with GPL3. Mike On Wed, Apr 20, 2011 at 12:39 AM, loody milo...@gmail.com wrote: hi all: My quesitons about openssl are below: 1. I want to take advantage of RSA and SHA in openssl for secure booting. Can they run as standalone program, that means they can run without libc support. 2. I want RSA and sha authentication run in DRAM instead of flash, such that the speed will be faster. Is that possible to fix the link address of openssl? -- Regards, miloody __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org