In message <[EMAIL PROTECTED]> on Tue, 08 Oct 2002 10:45:49 +0200 (CEST), Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> said:
levitte> In message <[EMAIL PROTECTED]> on Mon, 07 Oct 2002 18:13:22 +0200, Michael Voucko <[EMAIL PROTECTED]> said: levitte> levitte> voucko> Without knowing which one is supported by the engine, I'm levitte> voucko> pretty sure that the Sun board is a Rainbow CryptoSwift. levitte> levitte> It's possible that it's a revamped CSwift card, I can't tell from the levitte> manual I just acquired. However, it's very much reengineered. levitte> There's no libswift.so in sight, and the calls to the libraries that levitte> come with the card are very different. levitte> levitte> I'll see what I can scare up. Well, here's what I have so far: Looking at the libcrypto.a Sun delivers as part of the package, I can see that they did it very properly. Using nm, this is what I found: hw_kcl.o: 0000000000000010 T ENGINE_kcl 0000000000003a20 T hw_des_key_schedule 0000000000003a9c T hw_des_ede3_cbc_encrypt 0000000000003e24 T hw_des_ncbc_encrypt U RSA_PKCS1_SSLeay U DSA_OpenSSL U DH_OpenSSL U crypto_init U crypto_fini U ERR_put_error U CRYPTO_lock U crypto_key_fini U nvlist_alloc U nvlist_add_uint32 U nvlist_add_byte_array U crypto_key_init U crypto_encrypt U bn_expand2 U BN_CTX_new U BN_init U BN_CTX_get U BN_copy U BN_mod U BN_sub U BN_add U BN_mul U BN_clear_free U BN_CTX_free U crypto_verify U crypto_sign U BN_new U BN_num_bits U BN_bin2bn U DSA_SIG_new U BN_free U BN_ucmp U BN_mod_mul U perror U nvlist_free U strerror U fprintf U crypto_decrypt U memcpy U crypto_seed U crypto_random U _GLOBAL_OFFSET_TABLE_ U __iob All those symbols crypto_* and nvlist_* are defined in libcryptography (comes with the software for the card) and libnvpair (standard Solaris library, I believe, or at least available in /usr/lib). The crypto_ symbols are nothing we know about. And so far, I haven't been able to get hold of a any information (no docs, no header files) on how to use them. It may be meant to be that way, and we may be out of luck. Now, this being their compile of OpenSSL 0.9.6e [engine] (according to the openssl binary that comes with the card), the way they made it makes perfect sense. I can't say there was any other way to do it. I'm a little amused by the way the snuck in DES support, BTW :-). With OpenSSL 0.9.7, Sun will hopefully build a dynamic engine and simply deliver that, to be used with whatever compilation of OpenSSL there is. That would be the smart thing for them to do, as it enhances flexibility. With 0.9.8 (farther in the future), the support for dynamic engines will increase even more (there's development going on right now). -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
