Riaz,
I did get a bad mac error when I was trying to use cipher with ubsec. I am in a very preliminary stage of integration with the ubsec library. I will let you know once my integration is complete.
Thank you for your help.
Regards,
Prashant.
Riaz Rahaman <[EMAIL PROTECTED]> wrote:
Riaz Rahaman <[EMAIL PROTECTED]> wrote:
Hi Prashanth,
Do you get any problems with your engine, when connecting using
s_client. I am getting bad record mac or sometimes I get encryption or
decryption failed, well this happens once in a while, I do get
connected but sometimes it starts failing with those errors. I used an
ssldump and this error comes during the changecipher.
I did add some printf to all the function in my ENGINE for debugging
the issue, to my surprise things were working pretty smoothly. Did you
face any issues and whatz the best way debugging the problem...things
have halted at my end, can't figure out the where the problem is?
-Riaz
On Tue, 22 Feb 2005 10:16:31 -0800 (PST), Prashant Kumar
<[EMAIL PROTECTED]>wrote:
> Thank you all for your response. Finally, I took the path of defining a new
> DSO method "dso_meth_slfcn" which statically links [and this seems to work].
> The function "slfcn_bind_func" statically converts the given string to
> corresponding "ubsec" function. Right now I am doing a string compare and
> returning the right function [I have attached herewith the prototype of my
> "slfcn_bind_func"]. My question is there anyway other way to convert a given
> string to the corresponding "C" function name ? I was hoping to generalize
> "sslfcn_bind_func".
>
> Thank you all for the great help.
>
> static DSO_FUNC_TYPE slfcn_bind_func(DSO *dso, const char *symname)
> {
> if((dso == NULL) || (symname == NULL))
> {
> DSOerr(DSO_F_SLFCN_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
> return(NULL);
> }
> if(!strcmp ("ubsec_bytes_to_bits", symname)) {
> return ((DSO_FUNC_TYPE)ubsec_bytes_to_bits);
> } else if (!strcmp ("ubsec_bits_to_bytes", symname)) {
> return ((DSO_FUNC_TYPE)ubsec_bits_to_bytes);
> } else if (!strcmp ("ubsec_open", symname)) {
> return ((DSO_FUNC_TYPE)ubsec_open);
> } else if (!strcmp ("ubsec_close", symname)) {
> return ((DSO_FUNC_TYPE)ubsec_close);
> } else if (!strcmp ("diffie_hellman_generate_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)diffie_hellman_generate_ioctl);
> } else if (!strcmp ("diffie_hellman_agree_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)diffie_hellman_agree_ioctl);
> } else if (!strcmp ("rsa_mod_exp_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)rsa_mod_exp_ioctl);
> } else if (!strcmp ("rsa_mod_exp_crt_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)rsa_mod_exp_crt_ioctl);
> } else if (!strcmp ("dsa_sign_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)dsa_sign_ioctl);
> } else if (!strcmp ("dsa_verify_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)dsa_verify_ioctl);
> } else if (!strcmp ("math_accelerate_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)math_accelerate_ioctl);
> } else if (!strcmp ("rng_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)rng_ioctl);
> } else if (!strcmp ("ubsec_max_key_len_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)ubsec_max_key_len_ioctl);
> } else {
> return NULL;
> }
> }
>
> Ioannis Liverezas <[EMAIL PROTECTED]>wrote:
>
> I think you don't have to use dso at all. In my case, I don't use dso,
> but if I remember well, I have to use the parameter "-engine
> engine_name" when executing openssl. When using openssh, it works by
> default. You have to make some minor modifications in openssh though.
> My init is like:
>
>
> void
> ENGINE_load_iandes(void)
> {
> ENGINE *engine = ENGINE_new();
>
> if (engine == NULL)
> return;
> if (!ENGINE_set_id(engine, "ia ndes") ||
> !ENGINE_set_name(engine, "IANDES crypto device") ||
> !ENGINE_set_ciphers(engine, iandes_engine_ciphers)) {
> ENGINE_free(engine);
> return;
> }
> ENGINE_add(engine);
> ENGINE_free(engine);
> ERR_clear_error();
> }
>
> in crypto/engine/engine.h you have to add your engine loading function
> in the builtin engines:
> void ENGINE_load_iandes(void);
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List openssl-dev@openssl.org
> Automated List Manager [EMAIL PROTECTED]
>
>
> ________________________________
> Do you Yahoo!?
> Yahoo! Search presents - Jib Jab's 'Second Term'
>
>
--
Thank you,
Best Regards
Riaz Ur Rahaman
______________________________________________________________________
OpenSSL Pro ject http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
Do you Yahoo!?
Yahoo! Sports - Sign up for Fantasy Baseball.
