Re: Geode on-chip AES 128-bit crypto accelerations but OpenSSL doesn't use it
Hi, Since we are on the subject of hardware enhanced cryptography, does the HiFn chips used in the Soekris devices, have support in openssl?. Regards Nige Kyle Hamilton wrote: OpenSSL uses the operating system to get entropy. If AMD wants Linux to support its on-chip random number generator, it needs to write a driver that replaces /dev/random and /dev/urandom. In addition, Intel has been playing nice and getting its code in the openssl distribution, as a set of patches that were integrated not too long ago. Nobody has submitted such a patch for the Geode to my knowledge (I'm not god of the request tracker, but most mails sent to r...@openssl.org are forwarded to the -dev list; I've not seen any patches come in). (i.e.: Intel is doing strategic positioning that AMD is not.) -Kyle H On Sep 27, 2009, at 11:05 AM, Jelle de Jong wrote: Hello everybody, The AMD Geode LX800 CPU has an on-chip AES 128-bit crypto accelerations block and a true random number generator, but OpenSSL is not using it. Please see the below link for test reports and openssl outputs http://debian.pastebin.com/faeff2a3 Is there anybody that know what is going on here? Thanks in advance, Jelle __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
The need for SNI ssl apache vhosts,
Hi, I thought i would throw this one out there to see where sni is as far as usable ( or not ) ... At the company we have an online store and we need to replicate it for different locales/languages. After reading some information on the net it seems that the RFC spec is good but the implementation ( at the time of the writing was so so ).. Since the need for me has arisen to require it, is there a status page / better upto date information available? my openssl version is: OpenSSL 0.9.8g 19 Oct 2007 The server is running FedoraCore 10. Regards thanks in advance. Nigel Sollars __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: The need for SNI ssl apache vhosts,
Martin Schütte wrote: Nigel Sollars wrote: Since the need for me has arisen to require it, is there a status page / better upto date information available? The Wikipedia page seems to be well maintained: http://en.wikipedia.org/wiki/Server_Name_Indication Great thanks, I use SNI with VHosts myself on a shared server. But support on the client side is still limited -- most importantly IE on Windows XP does Not even 8? the wiki says 0.9.8f supports SNI but it is not compiled in by default, since I am using what came with FedoraCore 10 ( 0.9.8g ) is there a way to see if I am good there?, checked online ( openssl docs ) but again came up empty. I do have to upgrade my version of apache, good thing to do anyway since I am 2 revisions behind. Thanks again Nigel not support SNI. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OpenSSL C example Base64 Decode,
HI all, I have a working example of Encoding base64 using the BIO methods but decrypting a string is being somewhat problematic. The code in the man page for decoding does not work either as the stdin new_fp does not hand off / stop listening for input. The openssl version is 0.9.8i If anyone could supply a working example I would appreciate it, Regards Nigel __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ErrorCode 06065064
Hi, After looking at other examples, decided to go back to basic tried a simple approach at taking a string argv and passing that to the enc/dec methods, Seems i have the same errorcode as before. I have provided the testfile any help with this one would be very much appreciated. Regards Nigel Sollars wrote: Hi all, After looking at many examples and reading the OpenSSL book i purchased, I was wondering what the usual culprits are for the errorcode 06065064. By the looks of it, it could be a bad password / key or perhaps a wrong sized outbuf. Any more information would be highly appreciated, Thanks in advance Nigel Sollars __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org /* * file test1.c * * simple round robin test to take 2 inputs, a key a string to encrypt * Encrypt the string then decrypt priinting out status as we go. * * Use the supplied Makefile to build * */ #include stdio.h #include stdlib.h #include string.h #include openssl/evp.h #include openssl/rand.h #define input_buf_size 1024 #define output_buf_size 1032 int main(int argc, char *argv[]) { if (argc !=2) { printf(Usage: test1 stringtoencrypt\n); exit(1); } char *string; int encoutlen, decoutlen, enctotallen, dectotallen; unsigned char *iv[8]; unsigned char *password[16]; unsigned char enc_outbuf[output_buf_size]; char enc_inbuf[input_buf_size]; unsigned char dec_outbuf[input_buf_size]; char dec_inbuf[output_buf_size]; EVP_CIPHER_CTX ectx; EVP_CIPHER_CTX dctx; /* * Begin the encode - decode * * Get our inputs and the random IV * */ string = argv[1]; RAND_bytes(iv, 8); RAND_bytes(password, 16); printf(Entering Encryption Stage:\n\n); printf(String to encrypt: %s\n\n, string); EVP_CIPHER_CTX_init(ectx); EVP_EncryptInit(ectx, EVP_bf_cbc(), password, iv); bzero (enc_inbuf, input_buf_size); if(!EVP_EncryptUpdate(ectx, enc_outbuf, encoutlen, string, strlen(string))) { printf(Error whilst EncryptUpdate\n); return 0; } if(!EVP_EncryptFinal(ectx, enc_outbuf + encoutlen, enctotallen)) { printf(Error Whilst EncryptFinal\n); return 0; } encoutlen += enctotallen; printf(Encryption Successful\n\n); printf(Entering Decryption Stage\n\n); EVP_CIPHER_CTX_init(dctx); EVP_DecryptInit(dctx, EVP_bf_cbc(), password, iv); bzero (dec_inbuf, output_buf_size); bzero (dec_outbuf, input_buf_size); if (!(EVP_DecryptUpdate(dctx, dec_outbuf, decoutlen, enc_outbuf, output_buf_size))) { printf(Error Whilst DecryptUpdate\n); return 0; } if (!(EVP_DecryptFinal(dctx, dec_outbuf + decoutlen, dectotallen))) { printf(Error Whilst DecryptFinal\n); ERR_print_errors_fp(stdout); return 0; } decoutlen += dectotallen; printf(Decryption Successful\n\n); printf(Decrypted String is: %s\n, dec_outbuf); return 0; }
Re: ErrorCode 06065064
Thank you very much, Regards Nigel Dr. Stephen Henson wrote: Comments inline: On Wed, Sep 02, 2009, Nigel Sollars wrote: Hi, After looking at other examples, decided to go back to basic tried a simple approach at taking a string argv and passing that to the enc/dec methods, Seems i have the same errorcode as before. I have provided the testfile any help with this one would be very much appreciated. unsigned char *iv[8]; unsigned char *password[16]; Definitions of iv, password are wrong. Get rid of the '*'. string = argv[1]; RAND_bytes(iv, 8); RAND_bytes(password, 16); printf(Entering Encryption Stage:\n\n); printf(String to encrypt: %s\n\n, string); EVP_CIPHER_CTX_init(ectx); EVP_EncryptInit(ectx, EVP_bf_cbc(), password, iv); bzero (enc_inbuf, input_buf_size); if(!EVP_EncryptUpdate(ectx, enc_outbuf, encoutlen, string, strlen(string))) { printf(Error whilst EncryptUpdate\n); return 0; } if(!EVP_EncryptFinal(ectx, enc_outbuf + encoutlen, enctotallen)) { printf(Error Whilst EncryptFinal\n); return 0; } encoutlen += enctotallen; OK, you've got the total length of the encrypted data as encoutlen at this point. printf(Encryption Successful\n\n); printf(Entering Decryption Stage\n\n); EVP_CIPHER_CTX_init(dctx); EVP_DecryptInit(dctx, EVP_bf_cbc(), password, iv); bzero (dec_inbuf, output_buf_size); bzero (dec_outbuf, input_buf_size); if (!(EVP_DecryptUpdate(dctx, dec_outbuf, decoutlen, enc_outbuf, output_buf_size))) { printf(Error Whilst DecryptUpdate\n); return 0; } But above you are passing the length as output_buf_size. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
ErrorCode 06065064
Hi all, After looking at many examples and reading the OpenSSL book i purchased, I was wondering what the usual culprits are for the errorcode 06065064. By the looks of it, it could be a bad password / key or perhaps a wrong sized outbuf. Any more information would be highly appreciated, Thanks in advance Nigel Sollars __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org