--0-2015804517-1109339709=:87292
Content-Type: text/plain; charset=us-ascii

Riaz,

I did get a bad mac error when I was trying to use cipher with ubsec. I am in a very preliminary stage of integration with the ubsec library. I will let you know once my integration is complete.

Thank you for your help.

Regards,
Prashant.

Riaz Rahaman wrote:
Hi Prashanth,
Do you get any problems with your engine, when connecting using
s_client. I am getting bad record mac or sometimes I get encryption or
decryption failed, well this happens once in a while, I do get
connected but sometimes it starts failing with those errors. I used an
ssldump and this error comes during the changecipher.
I did add some printf to all the function in my ENGINE for debugging
the issue, to my surprise things were working pretty smoothly. Did you
face any issues and whatz the best way debugging the problem...things
have halted at my end, can't figure out the where the problem is?
-Riaz


On Tue, 22 Feb 2005 10:16:31 -0800 (PST), Prashant Kumar

wrote:
> Thank you all for your response. Finally, I took the path of defining a new
> DSO method "dso_meth_slfcn" which statically links [and this seems to work].
> The function "slfcn_bind_func" statically converts the given string to
> corresponding "ubsec" function. Right now I am doing a string compare and
> returning the right function [I have attached herewith the prototype of my
> "slfcn_bind_func"]. My question is there anyway other way to convert a given
> string to the corresponding "C" function name ? I was hoping to generalize
> "sslfcn_bind_func".
>
> Thank you all for the great help.
>
> static DSO_FUNC_TYPE slfcn_bind_func(DSO *dso, const char *symname)
> {
> if((dso == NULL) || (symname == NULL))
> {
> DSOerr(DSO_F_SLFCN_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
> return(NULL);
> }
> if(!strcmp ("ubsec_bytes_to_bits", symname)) {
> return ((DSO_FUNC_TYPE)ubsec_bytes_to_bits);
> } else if (!strcmp ("ubsec_bits_to_bytes", symname)) {
> return ((DSO_FUNC_TYPE)ubsec_bits_to_bytes);
> } else if (!strcmp ("ubsec_open", symname)) {
> return ((DSO_FUNC_TYPE)ubsec_open);
> } else if (!strcmp ("ubsec_close", symname)) {
> return ((DSO_FUNC_TYPE)ubsec_close);
> } else if (!strcmp ("diffie_hellman_generate_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)diffie_hellman_generate_ioctl);
> } else if (!strcmp ("diffie_hellman_agree_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)diffie_hellman_agree_ioctl);
> } else if (!strcmp ("rsa_mod_exp_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)rsa_mod_exp_ioctl);
> } else if (!strcmp ("rsa_mod_exp_crt_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)rsa_mod_exp_crt_ioctl);
> } else if (!strcmp ("dsa_sign_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)dsa_sign_ioctl);
> } else if (!strcmp ("dsa_verify_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)dsa_verify_ioctl);
> } else if (!strcmp ("math_accelerate_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)math_accelerate_ioctl);
> } else if (!strcmp ("rng_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)rng_ioctl);
> } else if (!strcmp ("ubsec_max_key_len_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)ubsec_max_key_len_ioctl);
> } else {
> return NULL;
> }
> }
>
> Ioannis Liverezas wrote:
>
> I think you don't have to use dso at all. In my case, I don't use dso,
> but if I remember well, I have to use the parameter "-engine
> engine_name" when executing openssl. When using openssh, it works by
> default. You have to make some minor modifications in openssh though.
> My init is like:
>
>
> void
> ENGINE_load_iandes(void)
> {
> ENGINE *engine = ENGINE_new();
>
> if (engine == NULL)
> return;
> if (!ENGINE_set_id(engine, "iandes") ||
> !ENGINE_set_name(engine, "IANDES crypto device") ||
> !ENGINE_set_ciphers(engine, iandes_engine_ciphers)) {
> ENGINE_free(engine);
> return;
> }
> ENGINE_add(engine);
> ENGINE_free(engine);
> ERR_clear_error();
> }
>
> in crypto/engine/engine.h you have to add your engine loading function
> in the builtin engines:
> void ENGINE_load_iandes(void);
>
> __________________________________________________ ____________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List openssl-dev@openssl.org
> Automated List Manager majordomo@openssl.org
>
>
> ________________________________
> Do you Yahoo!?
> Yahoo! Search presents - Jib Jab's 'Second Term'
>
>



--
Thank you,
Best Regards
Riaz Ur Rahaman
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org


---------------------------------
Do you Yahoo!?
Yahoo! Sports - Sign up for Fantasy Baseball.
--0-2015804517-1109339709=:87292
Content-Type: text/html; charset=us-ascii

Riaz,

 

I did get a bad mac error when I was trying to use cipher with ubsec. I am in a very preliminary stage of integration with the ubsec library. I will let you know once my integration is complete.

 

Thank you for your help.

 

Regards,

Prashant.

Riaz Rahaman <riazfarnaz@gmail.com> wrote:

Hi Prashanth,
Do you get any problems with your engine, when connecting using
s_client. I am getting bad record mac or sometimes I get encryption or
decryption failed, well this happens once in a while, I do get
connected but sometimes it starts failing with those errors. I used an
ssldump and this error comes during the changecipher.
I did add some printf to all the function in my ENGINE for debugging
the issue, to my surprise things were working pretty smoothly. Did you
face any issues and whatz the best way debugging the problem...things
have halted at my end, can't figure out the where the problem is?
-Riaz


On Tue, 22 Feb 2005 10:16:31 -0800 (PST), Prashant Kumar
wrote:
> Thank you all for your response. Finally, I took the path of defining a new
> DSO method "dso_meth_slfcn" which statically links
[and
this seems to work].
> The function "slfcn_bind_func" statically converts the given string to
> corresponding "ubsec" function. Right now I am doing a string compare and
> returning the right function [I have attached herewith the prototype of my
> "slfcn_bind_func"]. My question is there anyway other way to convert a given
> string to the corresponding "C" function name ? I was hoping to generalize
> "sslfcn_bind_func".
>
> Thank you all for the great help.
>
> static DSO_FUNC_TYPE slfcn_bind_func(DSO *dso, const char *symname)
> {
> if((dso == NULL) || (symname == NULL))
> {
> DSOerr(DSO_F_SLFCN_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
> return(NULL);
> }
> if(!strcmp ("ubsec_bytes_to_bits", symname)) {
> return ((DSO_FUNC_TYPE)ubsec_bytes_to_bits);
> } else if (!strcmp ("ubsec_bits_to_bytes", symname)) {
> return
((DSO_FUNC_TYPE)ubsec_bits_to_bytes);
> } else if (!strcmp ("ubsec_open", symname)) {
> return ((DSO_FUNC_TYPE)ubsec_open);
> } else if (!strcmp ("ubsec_close", symname)) {
> return ((DSO_FUNC_TYPE)ubsec_close);
> } else if (!strcmp ("diffie_hellman_generate_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)diffie_hellman_generate_ioctl);
> } else if (!strcmp ("diffie_hellman_agree_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)diffie_hellman_agree_ioctl);
> } else if (!strcmp ("rsa_mod_exp_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)rsa_mod_exp_ioctl);
> } else if (!strcmp ("rsa_mod_exp_crt_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)rsa_mod_exp_crt_ioctl);
> } else if (!strcmp ("dsa_sign_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)dsa_sign_ioctl);
> } else if (!strcmp ("dsa_verify_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)dsa_verify_ioctl);
> } else if (!strcmp
("math_accelerate_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)math_accelerate_ioctl);
> } else if (!strcmp ("rng_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)rng_ioctl);
> } else if (!strcmp ("ubsec_max_key_len_ioctl", symname)) {
> return ((DSO_FUNC_TYPE)ubsec_max_key_len_ioctl);
> } else {
> return NULL;
> }
> }
>
> Ioannis Liverezas wrote:
>
> I think you don't have to use dso at all. In my case, I don't use dso,
> but if I remember well, I have to use the parameter "-engine
> engine_name" when executing openssl. When using openssh, it works by
> default. You have to make some minor modifications in openssh though.
> My init is like:
>
>
> void
> ENGINE_load_iandes(void)
> {
> ENGINE *engine = ENGINE_new();
>
> if (engine == NULL)
> return;
> if (!ENGINE_set_id(engine, "ia
ndes")
||
> !ENGINE_set_name(engine, "IANDES crypto device") ||
> !ENGINE_set_ciphers(engine, iandes_engine_ciphers)) {
> ENGINE_free(engine);
> return;
> }
> ENGINE_add(engine);
> ENGINE_free(engine);
> ERR_clear_error();
> }
>
> in crypto/engine/engine.h you have to add your engine loading function
> in the builtin engines:
> void ENGINE_load_iandes(void);
>
> __________________________________________________ ____________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List openssl-dev@openssl.org
> Automated List Manager majordomo@openssl.org
>
>
> ________________________________
> Do you Yahoo!?
> Yahoo! Search presents - Jib Jab's 'Second Term'
>
>


--
Thank you,
Best Regards
Riaz Ur Rahaman
__________________________________________________ ____________________
OpenSSL Pro
ject
http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org



Do you Yahoo!?

Yahoo! Sports -
Sign up
for Fantasy Baseball.
--0-2015804517-1109339709=:87292--
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org