Re: Engine and static linking
Riaz, I did get a bad mac error when I was trying to use cipher with ubsec. I am in a very preliminary stage of integration with the ubsec library. I will let you know once my integration is complete. Thank you for your help. Regards, Prashant.Riaz Rahaman [EMAIL PROTECTED] wrote: Hi Prashanth,Do you get any problems with your engine, when connecting usings_client. I am getting bad record mac or sometimes I get encryption ordecryption failed, well this happens once in a while, I do getconnected but sometimes it starts failing with those errors. I used anssldump and this error comes during the changecipher.I did add some printf to all the function in my ENGINE for debuggingthe issue, to my surprise things were working pretty smoothly. Did youface any issues and whatz the best way debugging the problem...thingshave halted at my end, can't figure out the where the problem is?-RiazOn Tue, 22 Feb 2005 10:16:31 -0800 (PST), Prashant Kumar<[EMAIL PROTECTED]>wrote: Thank you all for your response. Finally, I took the path of defining a new DSO method "dso_meth_slfcn" which statically links [and this seems to work]. The function "slfcn_bind_func" statically converts the given string to corresponding "ubsec" function. Right now I am doing a string compare and returning the right function [I have attached herewith the prototype of my "slfcn_bind_func"]. My question is there anyway other way to convert a given string to the corresponding "C" function name ? I was hoping to generalize "sslfcn_bind_func". Thank you all for the great help. static DSO_FUNC_TYPE slfcn_bind_func(DSO *dso, const char *symname) { if((dso == NULL) || (symname == NULL)) { DSOerr(DSO_F_SLFCN_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); return(NULL); } if(!strcmp ("ubsec_bytes_to_bits", symname)) { return ((DSO_FUNC_TYPE)ubsec_bytes_to_bits); } else if (!strcmp ("ubsec_bits_to_bytes", symname)) { return ((DSO_FUNC_TYPE)ubsec_bits_to_bytes); } else if (!strcmp ("ubsec_open", symname)) { return ((DSO_FUNC_TYPE)ubsec_open); } else if (!strcmp ("ubsec_close", symname)) { return ((DSO_FUNC_TYPE)ubsec_close); } else if (!strcmp ("diffie_hellman_generate_ioctl", symname)) { return ((DSO_FUNC_TYPE)diffie_hellman_generate_ioctl); } else if (!strcmp ("diffie_hellman_agree_ioctl", symname)) { return ((DSO_FUNC_TYPE)diffie_hellman_agree_ioctl); } else if (!strcmp ("rsa_mod_exp_ioctl", symname)) { return ((DSO_FUNC_TYPE)rsa_mod_exp_ioctl); } else if (!strcmp ("rsa_mod_exp_crt_ioctl", symname)) { return ((DSO_FUNC_TYPE)rsa_mod_exp_crt_ioctl); } else if (!strcmp ("dsa_sign_ioctl", symname)) { return ((DSO_FUNC_TYPE)dsa_sign_ioctl); } else if (!strcmp ("dsa_verify_ioctl", symname)) { return ((DSO_FUNC_TYPE)dsa_verify_ioctl); } else if (!strcmp ("math_accelerate_ioctl", symname)) { return ((DSO_FUNC_TYPE)math_accelerate_ioctl); } else if (!strcmp ("rng_ioctl", symname)) { return ((DSO_FUNC_TYPE)rng_ioctl); } else if (!strcmp ("ubsec_max_key_len_ioctl", symname)) { return ((DSO_FUNC_TYPE)ubsec_max_key_len_ioctl); } else { return NULL; } } Ioannis Liverezas <[EMAIL PROTECTED]>wrote: I think you don't have to use dso at all. In my case, I don't use dso, but if I remember well, I have to use the parameter "-engine engine_name" when executing openssl. When using openssh, it works by default. You have to make some minor modifications in openssh though. My init is like: void ENGINE_load_iandes(void) { ENGINE *engine = ENGINE_new(); if (engine == NULL) return; if (!ENGINE_set_id(engine, "ia ndes") || !ENGINE_set_name(engine, "IANDES crypto device") || !ENGINE_set_ciphers(engine, iandes_engine_ciphers)) { ENGINE_free(engine); return; } ENGINE_add(engine); ENGINE_free(engine); ERR_clear_error(); } in crypto/engine/engine.h you have to add your engine loading function in the builtin engines: void ENGINE_load_iandes(void); __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term' -- Thank you,Best RegardsRiaz Ur Rahaman__OpenSSL Pro ject http://www.openssl.orgDevelopment Mailing List openssl-dev@openssl.orgAutomated List Manager [EMAIL PROTECTED] Do you Yahoo!? Yahoo! Sports - Sign up for Fantasy Baseball.
Re: Engine and static linking
Thank you all for your response. Finally, I took the path of defining a new DSO method "dso_meth_slfcn" which statically links [and this seems to work]. The function "slfcn_bind_func" statically converts the given string to corresponding "ubsec" function. Right now I am doing a string compare and returning the right function [I have attached herewith the prototype of my "slfcn_bind_func"]. My question is there anyway other way to convert a given string to the corresponding "C" function name ? I was hoping to generalize "sslfcn_bind_func". Thank you all for the great help. static DSO_FUNC_TYPE slfcn_bind_func(DSO *dso, const char *symname){ if((dso == NULL) || (symname == NULL)) { DSOerr(DSO_F_SLFCN_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); return(NULL); } if(!strcmp ("ubsec_bytes_to_bits", symname)) { return ((DSO_FUNC_TYPE)ubsec_bytes_to_bits); } else if (!strcmp ("ubsec_bits_to_bytes", symname)) { return ((DSO_FUNC_TYPE)ubsec_bits_to_bytes); } else if (!strcmp ("ubsec_open", symname)) { return ((DSO_FUNC_TYPE)ubsec_open); } else if (!strcmp ("ubsec_close", symname)) { return ((DSO_FUNC_TYPE)ubsec_close); } else if (!strcmp ("diffie_hellman_generate_ioctl", symname)) { return ((DSO_FUNC_TYPE)diffie_hellman_generate_ioctl); } else if (!strcmp ("diffie_hellman_agree_ioctl", symname)) { return ((DSO_FUNC_TYPE)diffie_hellman_agree_ioctl); } else if (!strcmp ("rsa_mod_exp_ioctl", symname)) { return ((DSO_FUNC_TYPE)rsa_mod_exp_ioctl); } else if (!strcmp ("rsa_mod_exp_crt_ioctl", symname)) { return ((DSO_FUNC_TYPE)rsa_mod_exp_crt_ioctl); } else if (!strcmp ("dsa_sign_ioctl", symname)) { return ((DSO_FUNC_TYPE)dsa_sign_ioctl); } else if (!strcmp ("dsa_verify_ioctl", symname)) { return ((DSO_FUNC_TYPE)dsa_verify_ioctl); } else if (!strcmp ("math_accelerate_ioctl", symname)) { return ((DSO_FUNC_TYPE)math_accelerate_ioctl); } else if (!strcmp ("rng_ioctl", symname)) { return ((DSO_FUNC_TYPE)rng_ioctl); } else if (!strcmp ("ubsec_max_key_len_ioctl", symname)) { return ((DSO_FUNC_TYPE)ubsec_max_key_len_ioctl); } else { return NULL; }} Ioannis Liverezas [EMAIL PROTECTED] wrote: I think you don't have to use dso at all. In my case, I don't use dso, but if I remember well, I have to use the parameter "-engine engine_name" when executing openssl. When using openssh, it works by default. You have to make some minor modifications in openssh though.My init is like:voidENGINE_load_iandes(void){ENGINE *engine = ENGINE_new();if (engine == NULL)return;if (!ENGINE_set_id(engine, "iandes") ||!ENGINE_set_name(engine, "IANDES crypto device") ||!ENGINE_set_ciphers(engine, iandes_engine_ciphers)) {ENGINE_free(engine);return;}ENGINE_add(engine);ENGINE_free(engine);ERR_clear_error();}in crypto/engine/engine.h you have to add your engine loading function in the builtin engines:void ENGINE_load_iandes(void);__OpenSSL Project http://www.openssl.orgDevelopment Mailing List openssl-dev@openssl.orgAutomated List Manager [EMAIL PROTECTED] Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term'
Re: Engine and static linking
Thank you all for your response. I tried including the the --static flag while compiling as well as directly calling the function ENGINE_load_ubsec. All these methods end up calling ubsec_init which inturn call DSO_load (and thus dlopen). I am trying to use the engine implementation for VXWORKS which does not have dlopen (or dynamic loading capability). I was thinking of modifying the ubsec_init and ubsec_finish to statically link to the ubsec functions instead of using dlopen and so on. Is that the only option I have or is there any other option ?. Thank you so much for your help. Regards, Prashant. --- Ioannis Liverezas [EMAIL PROTECTED] wrote: Yes it is possible to do it. You have to add the --static flag in the makefile of the root dir of the openssl release that you are compiling. This flag must be added both to CFLAGS for compiling and LDFLAGS for linking. For further use, if you continue integration eg. with openssh, you will also need ldconfig, libld and libnss in the system that will run the openssl that you have built. Then you 'll have to strip the final executable, to reduce its size. good luck! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less. http://info.mail.yahoo.com/mail_250 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Engine and static linking
On Mon, Feb 21, 2005, Prashant Kumar wrote: Thank you all for your response. I tried including the the --static flag while compiling as well as directly calling the function ENGINE_load_ubsec. All these methods end up calling ubsec_init which inturn call DSO_load (and thus dlopen). I am trying to use the engine implementation for VXWORKS which does not have dlopen (or dynamic loading capability). I was thinking of modifying the ubsec_init and ubsec_finish to statically link to the ubsec functions instead of using dlopen and so on. Is that the only option I have or is there any other option ?. You could write a DSO_METHOD which binds to static functions and returns appropriate function pointers. Looks like you can then set DEF_DSO_METHOD to have it picked up automatically. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Engine and static linking
Hi Prashanth, I had sent the below email to the OpenSSL-users group...anyway check it out and do let me know if there is anything else that you require...the ENGINE gets statically linked and is set as default...do read the ENGINE man page it has all the info... === I am using the hardware engine. I had sent a mail sometime back asking why the engine is not getting enabled by default. Well I did manage to get a solution. When using the engine from application point of view, you do require to set the default engine from the application code, but when your engine has to come up and be set as default, then you have to set your engine functions as default by using the API ENGINE_set_default_RSA(ENGINE *e) and the same goes for all the functions that are to be done using the hardware. This is mainly intended for stand alone applications. Also even before the openssl comes up, you have to call the ENGINE_load_builtin_engines which initializes the engine tables with the available engines and during this phase when you make a call to the bind_helper you have to set which engine is going to be your default implementation after binding the function pointers through the API ENGINE_set_default_RSA or what ever you need to set as default. The reason for calling the ENGINE_load_builtin_engines before your openssl comes up is, because, when you don't initialize your engine and set it as default, the openssl code takes the software implementation as default. So it is as safe implementation if you can do that in the start. Hope the above info helps. === Let me know if there is anything...there are quite a few people using the ENGINE for openssl or may be I should start mailing to the openssl-dev group. -Riaz On Mon, 21 Feb 2005 23:15:51 +0100, Dr. Stephen Henson [EMAIL PROTECTED] wrote: On Mon, Feb 21, 2005, Prashant Kumar wrote: Thank you all for your response. I tried including the the --static flag while compiling as well as directly calling the function ENGINE_load_ubsec. All these methods end up calling ubsec_init which inturn call DSO_load (and thus dlopen). I am trying to use the engine implementation for VXWORKS which does not have dlopen (or dynamic loading capability). I was thinking of modifying the ubsec_init and ubsec_finish to statically link to the ubsec functions instead of using dlopen and so on. Is that the only option I have or is there any other option ?. You could write a DSO_METHOD which binds to static functions and returns appropriate function pointers. Looks like you can then set DEF_DSO_METHOD to have it picked up automatically. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] -- Thank you, Best Regards Riaz Ur Rahaman __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Engine and static linking
I think you don't have to use dso at all. In my case, I don't use dso, but if I remember well, I have to use the parameter -engine engine_name when executing openssl. When using openssh, it works by default. You have to make some minor modifications in openssh though. My init is like: void ENGINE_load_iandes(void) { ENGINE *engine = ENGINE_new(); if (engine == NULL) return; if (!ENGINE_set_id(engine, iandes) || !ENGINE_set_name(engine, IANDES crypto device) || !ENGINE_set_ciphers(engine, iandes_engine_ciphers)) { ENGINE_free(engine); return; } ENGINE_add(engine); ENGINE_free(engine); ERR_clear_error(); } in crypto/engine/engine.h you have to add your engine loading function in the builtin engines: void ENGINE_load_iandes(void); __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Engine and static linking
Yes it is possible to do it. You have to add the --static flag in the makefile of the root dir of the openssl release that you are compiling. This flag must be added both to CFLAGS for compiling and LDFLAGS for linking. For further use, if you continue integration eg. with openssh, you will also need ldconfig, libld and libnss in the system that will run the openssl that you have built. Then you 'll have to strip the final executable, to reduce its size. good luck! __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Engine and static linking
In message [EMAIL PROTECTED] on Fri, 18 Feb 2005 14:50:25 -0800 (PST), Prashant Kumar [EMAIL PROTECTED] said: pkix2005 Is it possible to use the engine implementation with pkix2005 statically linking the harware accelerator library with the pkix2005 openssl instead of dynamic linking. pkix2005 pkix2005 All the posts I have read so far suggest that I should have pkix2005 a .so and engine implementation will load it at run time. That's because that's the prefered way. If you look at the built-in engines, though, you will see that they have code for non-dynamic situations. In that case, the engine needs to define a loading function (ENGINE_load_foo()) which needs to be called instead of doing whatever you do to load the engine dynamically. I haven't done this for a few years, so I'm a bit rusty myself... Cheers, Richard - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up. -- C.S. Lewis __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Engine and static linking
Hello All, Is it possible to use the engine implementation with statically linking the harware accelerator library with the openssl instead of dynamic linking. All the posts I have read so far suggest that I should have a ".so" and engine implementation will load it at run time. Thank you so much for you help. Regards, Prashant.__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com