DES/3DES in OpenSSL
Hello, I am trying to override the DES/3DES in OpenSSL. The API EVP_EncryptInit_ex() requires the name of the cipher. For DES, the closes I found (in crypto/objects) is "DES-CBC". I didn't find for 3DES - something like "3DES-CBC". The only match I see is "PBE-SHA1-3DES". Can someone please point me to the right text string for 3DES? Thanks. Best Regards, -Sitanshu
RE: RSA Sign and Verify overriding
Thank you! Steve. I just added the flag; however the call goes to rsa_sign.c. I have hooked following two methods to SSLeay. Could that be a problem for Sign and verify? int (*rsa_pub_dec)(int flen, unsigned char *from, unsigned char *to, RSA *rsa, int padding); int (*rsa_priv_enc)(int flen, unsigned char *from, unsigned char *to, RSA *rsa, int padding); Thanks, -Sitanshu -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Wednesday, November 26, 2008 10:54 PM To: openssl-dev@openssl.org Subject: Re: RSA Sign and Verify overriding On Wed, Nov 26, 2008, Nanavati, Sitanshu wrote: > Hello All, > > I am trying to override the RSA_sign() (with my_RSA_sign() ) and RSA_verify() > (with my_RSA_verify() ) methods thru an engine. From the app I'm invoking > RSA_sign(...) however the call still goes to OpenSSL method in rsa_sign.c. > Anything extra call required here? I am able to override RSA_encrypt and > RSA_decrypt though. I just added sign and verify to the RSA_method and was > expecting them to work. > > Any help would be appreciated. > You need to set the flag RSA_FLAG_SIGN_VER as well in the method structure. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
RSA Sign and Verify overriding
Hello All, I am trying to override the RSA_sign() (with my_RSA_sign() ) and RSA_verify() (with my_RSA_verify() ) methods thru an engine. From the app I'm invoking RSA_sign(...) however the call still goes to OpenSSL method in rsa_sign.c. Anything extra call required here? I am able to override RSA_encrypt and RSA_decrypt though. I just added sign and verify to the RSA_method and was expecting them to work. Any help would be appreciated. Thanks, -Sitanshu
RE: adding a new engine
Hello Jim, You can look at sample engines located under "src/openssl-0.9.8h/engines" e.g. e_atalla.c e_chil.c etc. You would get an idea about the framework and overriding the default methods. -Sitanshu -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Gibbons Sent: Sunday, November 23, 2008 4:45 AM To: openssl-dev@openssl.org Subject: adding a new engine Is there documentation and/or an example of this? If this is a question better suited for the users group, please let me know. Thanks for your help. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
DES/3DES override via engine
Hello, How do I override/support DES(3DES) in a crypto engine? I checked the in-built engines and none of them support. Also, there is no DES method declaration in engine.h file. Any help/pointers would be appreciated. Thanks, -Sitanshu
Overriding default RC4
Hi All, I have my own implementation for RC4. I have overridden it in an engine. I am using a simple C code to test. It initializes the cipher using EVP_ini*. However when I trace, the call doesn't land into my implementation. I have also overridden the AES. And it works perfectly ok. Any ideas/pointes? Thanks in advance. Best Regards, -Sitanshu
EVP_Cipher with Engine
Hi all, I am trying to override the AES with my own algorithm in an engine. I have made the necessary initialized the EVP_CIPHER structure with my functions. However, while testing, I see that the EVP_EncryptFinal_ex() (and EVP_DecryptFinal_ex() )is required. But there is no hook provided in EVP_CIPHER structure for xxxFinal_ex(). Can someone please provide me more details on this? Did I miss something? Thanks in advance. Best Regards, -Sitanshu
RE: Hashing/MessageDigest in Engine
Yair, Andy Thank you for answering the query. Andy, I was just thinking what you suggested as it would be costly affair to kick accelerator for single block. I see that in an engine there has to be a sequence init -> (one moremore) update -> final - > cleanup, at least once even if the block size is just right, correct? How do I make sure that for single block it doesn't go thru engine? Thanks again! -Sitanshu -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Polyakov Sent: Wednesday, September 10, 2008 3:47 AM To: openssl-dev@openssl.org Subject: Re: Hashing/MessageDigest in Engine > And the answer I have > is that the hashing normally is faster via soft lib than an > engine/hardware. Well, single block hashing is commonly faster in software, but hardware should beat it on multi-block operations. In other words one should aim for "synergetic" implementation engaging hardware only when it's advantageous. A. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Hashing/MessageDigest in Engine
Hi all, I am trying to understand how the hashing is supported via an engine. I had posted this question some time back though. And the answer I have is that the hashing normally is faster via soft lib than an engine/hardware. For knowledge sake, if one wishes to implement how open ssl supports it? Thanks in advance. Best Regards, -Sitanshu
Test app
Hi all, I am looking for some real world app or test app that could be used to run with OpenSSL and check crypto functionality. Please send me the pointers/URLs. Thanks in advance. -Sitanshu
Public private keys for RSA encryption methods
Hi, In RSA_public_encrypt/decrypt() there is no parameter as public key.How the public key is gotten/computed? And similarly for RSA_private_encrypt/decrypt the private key... Any help/pointer would be appreciated. Thanks, -Sitanshu __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
RSA_public_encrypt 4th parameter RSA
Hi, While calling the RSA_public_encrypt() method, 4th parameter is RSA.This boils down to a call to RSA_new(). If a new structure is to be created with required values, how the default handles should be retained? Basically I don't know how to deal with 4th - RSA parameter. Any help/pointer would be appreciated. Thanks, -Sitanshu __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Engine not getting registered
Hi, I just wrote a sample engine to understand the functionality which is part of built-in engines. To activate the engine I used the following sample code given at www.openssl.org/docs/crypto/engine.html ENGINE *e; const char *engine_id = "ACME"; ENGINE_load_builtin_engines(); e = ENGINE_by_id(engine_id); if(!e) { /* the engine isn't available */ printf("Engine not found.\n"); return; } if(!ENGINE_init(e)) { /* the engine couldn't initialise, release 'e' */ ENGINE_free(e); return; } if(!ENGINE_set_default_RSA(e)) /* This should only happen when 'e' can't initialise, but the previous * statement suggests it did. */ abort(); ENGINE_set_default_DSA(e); ENGINE_set_default_ciphers(e); /* Release the functional reference from ENGINE_init() */ ENGINE_finish(e); /* Release the structural reference from ENGINE_by_id() */ ENGINE_free(e); However, when I try the above code, I hit the line "Engine not found." Any ideas/areas specifically I should look for? Thanks, -Sitanshu __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
engine static library linking
Hi, I am not sure this is true or not but, should the libraries to be linked with engine has to be shared(.so) libs? How the to do static linking (.a file)? Thanks, -Sitanshu
RSA, DSA and DH Method structures in Engine
Hi all, While going thru various engines, I see that: - for RSA, the structure is always initialized for rsa_mode_exp and mod_exp_mont (6th and 7th entities in the RSA_NETHOD structure). - for DH, only mod_ep_dh (4th entity in the DH_METHOD structure) - for DSA, dsa_mod_exp and mod_exp_dsa(4th and 5th entities in the DSA_METHOD structure). Question: Why there are the other entities (encryption and decryption in particular) methods are not being initialized? Thanks. Best Regards, -Sitanshu
Engine development/details needed
Hi all, I need more details on Open SSL engine in terms of flow, essential APIs to be supported in my own engine if I need to write one. I looked at the OpenSSL engine source (e.g. e_cswit.c). I see lot of code for RSA, DSA, DH etc. but don't see any HASH related/relevant code. Why hashing is not part of engine? I will have some more question(s) as I explore more. Any help/pointer in this regard would be greatly appreciated. Thanks. Best Regards, -Sitanshu