Re: SSL question
On Mon, Aug 20, 2001 at 02:02:46PM -0700, [EMAIL PROTECTED] wrote: I have OpenSSLinstalled, but when I use my site with https://www.mydomain.com.? I will pop out a message saying that: The security certificate was issued by a company you have not chosen to trust.? View the certificate to determine whether you want to trust the certifying authority.? (Please also see attached image for this error) First, in future don't send any attache to list... Second, you have installed certificate signed by unknown CA - unknown for your browser - when you will install any commercial certificate, i mean signed by commercial CA like Thawte or Verisign or any other - this pop-up never pop ;-) -- Greets, Mariusz __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
W2K wizard
Hi, I've been trying to create a certificate for a Windows 2000 server with IIS5 so I would be able to use IMAPS. Does anyone have some info about how to do this? I've managed to sign the keyrequest file that the IIS5 wizard creates, but I get this error The Pending certificate request for this response file was not found. This request may be canceled. You cannot install selected response certificate using this wizard. when trying to feed the certificate back to the wizard. //Robert --- Frontyard Communications AB Tel: +46 8 56844100http://www.frontyard.com ISDN: +46 8 4488012 Fax: +46 8 56844101 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Strange bug in connecting to server
Hi,
I'm trying to create an library for transfering special info between
an client and a webserver. But I have run into some strange problems.
I can connect to all kinds of webservers but one is allways failing.
I've debugged with returning the sslstate within the program, giving me:
Before connect
Before ssl connect
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:error in SSLv3 read server hello A
SSL connect failed
Out
If I run the openssl program using the s_client option I can get
it to work... What am i doing wrong ???
Source code:
testssl.c :
This is just for testing
#include stdio.h
int main (int argc, char **argv)
{
char ticket[10];
int t=0;
char call[] = GET /\n\n;
char host[] = www.paynet.no;
int port = 443;
memset(ticket,0,10);
sendSSL(call, strlen(call), ticket, 10, host, port);
printf(Out %s\n, ticket);
}
sslclient.c :
Here all the work is done
/*
* An SSL simple client
*
* This is a simple client. The client will try to open a socket
* on a specified port. This socket is hereafter read until
*
*/
#include stdio.h
#include stdlib.h
#ifdef WINNT
#include winsock2.h
#else
#include netdb.h
#include sys/socket.h
#include arpa/inet.h
#endif
// #include sys/types.h
#include ssl.h
#include sslclient.h
#define PROTOCOL tcp
#define MESSAGE_EXTEND 2048
static char sslclient_error_[4096];
static char *skeyphrase;
int verify_callback(int, X509_STORE_CTX*);
void apps_ssl_info_callback(SSL *, int, int);
/**
* Callback for getting key
*/
int returnKey(keybuf, maxlength, verify)
char *keybuf;
int maxlength;
int verify;
{
if(maxlengthstrlen(skeyphrase)) {
memcpy(keybuf,skeyphrase,strlen(skeyphrase));
return strlen(skeyphrase);
}
else
return -1;
}
/* Verify if passphrase works for keyfile */
int verifyKey(char* keyfile, char* passphrase)
{
SSL_METHOD *meth=NULL;
SSL_CTX *ctx=NULL;
int t=0;
skeyphrase = passphrase;
SSLeay_add_ssl_algorithms();
if((meth=SSLv3_client_method())
(ctx=SSL_CTX_new(meth)))
{
SSL_CTX_set_default_passwd_cb(ctx,*returnKey);
t = SSL_CTX_use_RSAPrivateKey_file(ctx, keyfile, SSL_FILETYPE_PEM);
if (ctx) SSL_CTX_free(ctx);
}
return (t0);
}
/**
* Send a ssl message
*
* This involves to open a port to the host set by setPGWPort and
* setPGWHostName. The data to be sendt should be stored in 'buf' of
* and the length of buf is passed to the function in 'length'.
*
* The return from the PGW is put into a buffer structure.
*
* It is the responsibillity of the caller to free both the buffer structure
* and the buffer within (the buf element)
*
*/
int sendSSL(sbuf,slength,mbuf,mlength,hostname,port)
char *sbuf,*mbuf;
int slength,mlength;
char *hostname;
int port;
{
/* --- VARIABLE DECLARATION --- */
int t,tt,size;
int fd,c_ret;
struct protoent *pe;
struct hostent *he;
struct sockaddr_in sin;
char *tmp;
// Method for the correct ssl version
SSL_METHOD *meth=NULL;
// create an SSL structure
SSL *con = NULL;
SSL_CTX *ctx=NULL;
X509*server_cert;
char*str;
int r;
/* --- CODE START --- */
#ifdef WINNT
struct WSAData wsa_state;
int wsa_init_done=0,err;
memset(wsa_state,0,sizeof(wsa_state));
if (WSAStartup(0x0101,wsa_state)!=0)
{
err=WSAGetLastError();
return(0);
}
#endif
// -- Establish plain socket connection
pe = getprotobyname(PROTOCOL);
// Open a new socket
fd = socket(AF_INET,SOCK_STREAM,pe-p_proto);
if(fd==-1) {
sprintf(sslclient_error_,
Could not create new socket);
goto error;
}
// Get the PGWHostName
if(hostname == NULL) {
sprintf(sslclient_error_,PGWHostName not set);
goto error;
}
he = gethostbyname(hostname);
if(he == NULL || he-h_addr == NULL) {
sprintf(sslclient_error_,
Could not gethostbyname for host:%s,hostname);
goto error;
}
sin.sin_family = AF_INET;
sin.sin_port = htons(port);
memcpy((void *)sin.sin_addr, (void *)he-h_addr, he-h_length);
#ifdef DEBUG
printf(Before connect\n);
#endif
c_ret = connect(fd,(struct sockaddr *)sin, sizeof(sin));
if(c_ret==-1){
sprintf(sslclient_error_,
Could not connect to port %d,port);
goto error;
}
// -- Establish ssl on top of the socket
// Add algorithms
//OpenSSL_add_ssl_algorithms();
SSLeay_add_ssl_algorithms();
// Set the method to SSLv3
meth=SSLv3_client_method();
// Create a new context for communication
ctx=SSL_CTX_new(meth);
Build failure
Hi all Today (Aussie time) I attempted to build/install OpenSSL on a system which I administer (Compaq Alphaserver 2100, Tru64 Unix 5.0A), but met with failure as described below. Initial configuration ok. Compile of sha_dgst ok (as per suggestion in FAQ file) Latter part of build failed seemingly without producing an error message, thus: NETSCAPE_SPKI_print CONF_load_bio EVP_rc2_64_cbc PKCS7_sign PKCS7_verify PKCS7_get0_signers PKCS7_encrypt PKCS7_decrypt SMIME_write_PKCS7 SMIME_read_PKCS7 *** Exit 1 Stop. *** Exit 1 Stop. Since I do not have any programming qualifications I have no idea what this means or where to look for possible errors, and hence would appreciate any assistance that this group may be able to provide. Tanx muchly. Marchelm Bömers begin:vcard n:Bomers ;Marchelm tel;fax:BR51226719 or 99026719BRBR tel;work:BR(03) 51226963nbspnbspnbsp- LocalBR(03) 99026963nbspnbspnbsp- NationalBR+61 3 99026963 - InternationalBRBR0408390813nbspnbspnbspnbspnbspnbsp - MobileBRBR x-mozilla-html:FALSE org:Client Services - Gippsland Campus;BRA HREF=http://www.its.monash.edu.auIMG SRC=http://www.monash.edu.au/assets/monash_logo.gif BORDER=0/ABRBR adr:;;BRNorthways Rd., ChurchillBRVictoria 3842BRAUSTRALIA version:2.1 title:Technology Services Coordinator x-mozilla-cpt:;-24016 fn:Marchelm Bömers end:vcard
good step in certificate request creation ?
Hello, could someone help me in resolving the following problem ? I create a new certificate request with X509_REQ_new() I give it the key with X509_REQ_set_pubkey(req,pkey) I set the version X509_REQ_set_version(req,0L) I use X509_NAME_add_entry_by_txt(.) to add entries and then I sign it X509_REQ_sign(req,pkey,digest). Is there the right way to do ? Because I can't read the request with the method PEM_read_bio_X509_REQ(in,NULL,0,NULL) More if I create a certificate with openssl command line I can read this certificate but openssl can't read a certificate create as above. What's the problem here ? Thx. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Netscape 6 Client Hello
Draelos, Timothy J wrote: I have imported a Personal certificate that I created with openssl. It appears to work (i.e., says Import successful), but the certificate never shows up in the Personal certificates list. I can import into the Intermediate CA and Trusted Root CA certificate stores and see them in the list, but not the Personal certificate store. Sounds like you're importing a certificate, and not a PCS#12 (certificate + private key). Without the private key, it will never be considered a personnal certificate. Is there a way to make Netscape 6 issue a TLS-compliant Client Hello handshake message? I have Disabled SSLv2 and SSLv3 and Enabled TLS in Netscape Personal Security Manager -- Advanced -- Options, but it still begins the SSL handshake with an SSLv2/3-style Client Hello structure. Maybe someone can answer to that, but that's more a question for the newsgroup netscape.public.mozilla.crypto. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Strange bug in connecting to server
Hi sslclient.h missing.. don't u mind sending that file. Best regards, sujith __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
No Subject
Hi We own a website www.fexin.com .We have purchased SSL certificate from Verisign and installed it on our web server. This certificate has been expired in july 2001. Can we now use OpenSSL to create a SSL Certificate and then install it on web server ? We have downloaded openssl-0.9.6b.tar and openssl-engine-0.9.6b.tar from www.openssl.org. Please tell us how we caninstallit and use it. Regards Qadeer Ahmed
Re: private key
Fiel Cabral wrote: I'm writing a program that uses openssl to read the private key from a ASN1.DER encoded file. The openssl API outputs the following: 17752:error:0D080071::lib(13) :func(128) :reason(113):a_int.c:191: 17752:error:0D09D082::lib(13) :func(157) :reason(130):d2i_r_pr.c:124: I'm using the load_key() function from openssl/apps/x509.c but I got this error. I'm sure that my file is valid. Can anyone give me some hints? Depends on the format of the private key. You might need to use a different function or be unable to use it at all if its an undocumented proprietary format (Oracle webserver is one example that). See what: openssl asn1parse -inform DER -in key.der produces. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Microsoft IIS backup key format
Simple question. Does anyone know what format the key backup file from a MS IIS webserver is? If yes...anyone know of a tool to parse/create such a file? The binary backup file contains both the private key and the belonging certificate, but it is not PKCS#12. My guess is, that the key probably is the obscure MS PVK format and the certificate is another MS specific format. Thanks, Kim Hellan KMD / KMD-CA http://www.kmd-ca.dk Mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Microsoft IIS backup key format
Hellan,Kim KHE wrote: Simple question. Does anyone know what format the key backup file from a MS IIS webserver is? If yes...anyone know of a tool to parse/create such a file? The binary backup file contains both the private key and the belonging certificate, but it is not PKCS#12. My guess is, that the key probably is the obscure MS PVK format and the certificate is another MS specific format. The exported stuff is NET format with some extra rubbish in there. Check out the 'rsa' manual page for some hints on extracting the private key. I think its possible to import two files into IIS as well, one NET, the other a certificate. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: REPOST: Read from uninitialized memory
On Mon, Aug 20, 2001 at 12:33:58PM -0700, Patrick Li wrote: I am trying to investigate some random failure of the SSL client program that I wrote in openssl. I ran it under PURIFY and it pointed out that my program has performed uninitialized memory leak in HASH_UPDATE function (details stated below) and in asn1_Finish() function. I don't have PURIFY. I don't see random failures. And I cannot see anything wrong with the sequence shown. That of course does not mean anything, there may be something odd that needs to be tracked down, but I doubt that anybody can help you without more information. (It may also be a false alarm. I don't know.) Can you at least supply a call trace, such that one can see, from which functions the offending sequence is called? Please remember my first statement: I don't have (and never met) PURIFY, so I don't know which capabilities you can use. I did all the properly initialization, SSL_library_init(), SSL_load_error_strings() already. Is there any other initialization functions that I need to call? Since my SSL client program is multithreaded, I also defined the mutex locking and thread id function. Doesn't look bad at the first glance... Sorry, no better help, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SV: Microsoft IIS backup key format
Hellan,Kim KHE wrote: Does anyone know what format the key backup file from a MS IIS webserver is? The exported stuff is NET format with some extra rubbish in there. Check out the 'rsa' manual page for some hints on extracting the private key. I think its possible to import two files into IIS as well, one NET, the other a certificate. Steve. Yes, you're right. It is possible to import separate key/cert. It is only the export than only supports the '.key' format. You state in the 'rsa' manual pages that you consider implementing an option to handle '.key' files without having to manually edit them. Is this still considered in future OpenSSL releases or has it been dropped? Thanks, Kim Hellan __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Install trouble [bsock_c, EADDRINUSE]
Hi, I'm having trouble installing Openssl on a intel pentium with Suse Linux 7.1 (for 386). I've got a nasty error: b_sock.c:599: `EADDRINUSE' undeclared (first use in this function) I know a bit of programming, but not enough to declare this on my own. Is something inherently wrong with my distribution and/or OpenSSL? Do I need to add some development tools or libraries? I've tried to install openssl version 0.9.6b. Any help is appreciated, Thanx, Björn Szwierczinski .tmp Informationssysteme Oldenburg Oracle Certified Solution Partner Tel: +49-441-983983 Fax: +49-441-9839878
Re: Please reconfigure majordomo to not set Reply-To (was: Failedto clean virus file Emanuel.exe)
On Tue, 21 Aug 2001, Lance Paine wrote: I'm in agreement, there is a reason that most mailers have a Reply-All or Reply-Group function after all. Don't munge Reply-To! Well, if it's *replacing* Reply-to: on incoming mail, that's definitely broken. However it is perfectly reasonable for a list reflector to *add* this header, and I appreciate the service. Besides, I'm getting a nice list of virus-scanner companies that don't know how to write proper autoresponders. :-/ -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] Make a good day. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: openssl-python for openssl-0.9.6b
On Fri, Aug 17, 2001 at 06:33:50PM -0400, John Aldrich wrote: Anyone know where I can get a version of openssl-python that's compatible with the above version of openssl? To upgrade KDE to version 2.2 I have to upgrade openssl, but I can't do that because there isn't an equivalent version of openssl-python. To get around this requirement I've removed the offending roadblock, but it would be NICE to get this dependency fixed. The KDE add-ons directory is missing the m2crypto package. If your local mirror doesn't have it, a prepackaged copy can be found at ftp://ftp.redhat.com/pub/linux/redhat/rawhide/i386/RedHat/RPMS/m2crypto-0.05_snap4-1.i386.rpm Cheers, Nalin __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Microsoft IIS backup key format
I was just playing with this yesterday... I generated a CSR for thawte and imported the cert and verified it all worked in IIS5 and then export everything for use with Apache-mod-ssl 1.3.20. I was able to run the exported private key file through the pkcs12 util in openssl and then edit the file in vi to seperate out the encrypted private key just use the -in and -out params to the pkcs12 util Later, dj Hellan,Kim KHE wrote: Simple question. Does anyone know what format the key backup file from a MS IIS webserver is? If yes...anyone know of a tool to parse/create such a file? The binary backup file contains both the private key and the belonging certificate, but it is not PKCS#12. My guess is, that the key probably is the obscure MS PVK format and the certificate is another MS specific format. Thanks, Kim Hellan KMD / KMD-CA http://www.kmd-ca.dk Mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- Derek Browne[EMAIL PROTECTED] Director of RD - Security Yo Inc. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Creating PEM's
I work for a small company and we need to have the ability to generate pem's for ourselves and our customers we have no problem using Thawte or any other CA but all I seem to be able to generate using IIS is .cer files not .pem files . If anyone knows how to create .pem files in microsoft's OS that would be sooo cool. Barring that some instruction for a relative newbie on how I go about this in any fashion would be most appreciated. I need a .pem with an RSA key it seems as that is the default type of certificate that Stunnel uses and that is what we are using as our wrapper function for SSL. thanks for your time Neal
Re: SV: Microsoft IIS backup key format
Hellan,Kim KHE wrote: You state in the 'rsa' manual pages that you consider implementing an option to handle '.key' files without having to manually edit them. Is this still considered in future OpenSSL releases or has it been dropped? Yes it should be implemented in a future version of OpenSSL. For now you have to manually edit the .key file. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SSL_CTX 's app_verify_callback .... what for is this..??
Hi, I have a doubt about SSL_CTX 's app_verify_callback member variable. What for is this ? It seems that it this is set by using SSL_CTX_set_cert_verify_callback(SSL_CTX* ctx, int(*cb)(), char* arg), then cb() get called instead of X509_verify_cert(). Aslo what it looks that the int(*cb)() does not have any passed parameters, then how is it going to work. Any one has any ideas about it. Thanks Aslam __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: read X509 certificate from DER format file using d2i_X509
dirk laurijssen wrote:
Hi,
Altough mentioned in the faq http://www.openssl.org/support/faq.html#PROG3 , I can't
seem to get the DER-certificate loaded appropriately into the X509-struct.
[stuff deleted]
int
validate_ssl (int ok, char *ip, char *protocol, char *subject,
char *issuer, unsigned char *cert, int length, int depth,
char **message)
{
X509 *new_cert = d2i_X509(NULL, cert, sizeof(cert));
version = X509_get_version(new_cert);
}
sizeof(cert) since cert is of type (char *) will just give you the
size of a pointer (typically 4) what you want is the size of the buffer
pointed to by cert which might be 'length' from the prototype...
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL on itanium
Nice observations. The alpha is gone now? When did DEC discontinue it? Lastly in the measurement what does um stand for? Thanks --- Bryan-TheBS-Smith [EMAIL PROTECTED] wrote: Diarmuid Oneill wrote: When I download and build OpenSSL (which works fine!) and run the openssl speed rsa1024 tests, I get around 68 rsa signings/sec. When I run this on a 4 CPU (700Mhz) P3 machine I get around 103 private rsa signings/sec. I understand that the test is running on 1 cpu only but that's the case for both machines. It looks like most of the functions are integer. Itanium is slower, MHz for MHz, than just about any x86 Pro+ processor at integer (even using optimized code). Only at floating point does Itanium do about 2x a P3, MHz for MHz (and the P4 is slower than the P3, MHz for MHz, unless you use lossy/interpolated SSE instructions). -- TheBS P.S. It's sad to see a 3-year old design at 0.35um, the Alpha 264 667MHz/4MB, can toast the 0.13um Itanium 733MHz/4MB at floating point. Too bad Alpha is gone now. -- Bryan TheBS Smith mailto:[EMAIL PROTECTED] chat:thebs413 Engineer AbsoluteValue Systems, Inc. http://www.linux-wlan.org PresidentSmithConcepts, Inc. http://www.SmithConcepts.com __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: OpenSSL on itanium
You know that DEC's been discontinued (bought by Compaq)? I read that Compaq is selling (sold?) the Alpha to Intel right now. um = micrometer (millionth of a meter) which is the track width of the microprocessor. I thought 0.15um was state of the art, but it seems that it's now 0.13um. 0.35um is older technology. Regards, Steven -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of chirs charter Sent: Wednesday, 22 August 2001 9:44 AM To: [EMAIL PROTECTED] Subject: Re: OpenSSL on itanium Nice observations. The alpha is gone now? When did DEC discontinue it? Lastly in the measurement what does um stand for? Thanks --- Bryan-TheBS-Smith [EMAIL PROTECTED] wrote: Diarmuid Oneill wrote: When I download and build OpenSSL (which works fine!) and run the openssl speed rsa1024 tests, I get around 68 rsa signings/sec. When I run this on a 4 CPU (700Mhz) P3 machine I get around 103 private rsa signings/sec. I understand that the test is running on 1 cpu only but that's the case for both machines. It looks like most of the functions are integer. Itanium is slower, MHz for MHz, than just about any x86 Pro+ processor at integer (even using optimized code). Only at floating point does Itanium do about 2x a P3, MHz for MHz (and the P4 is slower than the P3, MHz for MHz, unless you use lossy/interpolated SSE instructions). -- TheBS P.S. It's sad to see a 3-year old design at 0.35um, the Alpha 264 667MHz/4MB, can toast the 0.13um Itanium 733MHz/4MB at floating point. Too bad Alpha is gone now. -- Bryan TheBS Smith mailto:[EMAIL PROTECTED] chat:thebs413 Engineer AbsoluteValue Systems, Inc. http://www.linux-wlan.org PresidentSmithConcepts, Inc. http://www.SmithConcepts.com __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[Off-topic] Re: Alpha history -- WAS: OpenSSL on itanium
[ I guess we're getting off-topic here. I'll make one more go of it for informational purposes (I have a EE and worked at an IC design firm for 2 years), but let's take it _off-list_ after this. Please reply off-list. ] chirs charter wrote: Nice observations. The alpha is gone now? Basically. This was the chronology (with extra nuggets for completeness which goes a long way to explain things): '90-91: - Digital and IBM release several MIPS R2000/3000-based workstations - Chip vendors consider unifying around the MIPS RISC processor - First Sun bails out (sticks with SPARC RISC approach) - IBM-Moto start talking (becomes PowerPC) - Digital leaves to start RISC-anal 64-bit processor VAX replacement - Digital beings talking to ARM about licensing their microcontroller IP '91-92: - Intel takes an interest in Digital's new truly 64-bit Alpha project which is ultra-liberal approach to RISC design - Digital beings developing the StrongARM microcontroller '92-93: - Intel drops Alpha interest, decides to stick with current GTL+/P6 development (which became the Pentium Pro) - Alpha releases first EV5 (64-bit wide, 66MHz), 64-bit processor, the Alpha 21064, a chip that has only 32-bit and 64-bit instructions -- not even a 8 or 16-bit load/store operation (again, _very_liberally_RISC_)! - NT/Alpha released for x86, Alpha MIPS, PowerPC '93-95: - Other vendors release their 64-bit processors - Intel releases GTL+ bus, 32-bit Pentium Pro - Digital follows up with Alpha EV6 (upto 128-bit wide, 66-100MHz) 21164 (which finally adds 8 and 16-bit load/store operations) at 333MHz while many other chips are barely passing 100MHz -- EV6 also introduces a 16-node, point-to-point bus architecture - Samsung becomes first Alpha licensee and starts fabricating their own Alpha chips - Microsoft NT 3.1 released with x86, Alpha, MIPS and PowerPC support. First Linux port to Alpha released. '95-96: - Digital begins development of Alpha EV7 (upto 128-bit wide, 166/333MHz DDR/effective reduced EMF) FSB, as well as the same 16-node, point-to-point bus archicture - AMD licenses EV7 bus for forthcoming K7 processor - Digital adds AV instructions to new, low-cost 21164PC (21164 w/o the L2 cache) to match MMX (a whole _5_ instructions, that's it!) - Digital also releases FX!32 which is both an emulator and binary, run-time translator for running/translating NT/Intel programs to NT/Alpha (and wins numerous awards) - Microsoft cancels NT/MIPS and NT/PowerPC ports leaving only NT/Alpha - Truly 64-bit Linux/Alpha released as GNU/GCC/GLibC are made completely 64-bit capable, SPARC, MIPS and other processors follow as Linux 1.3 (2.0 beta) is developed as a cross-platform OS. '96: - Digital throws lawsuit on Intel for violation of Alpha patents - Claims Intel misused private, but unlicensed information, disclosed during Alpha collaboration of 91-92 - Alpha reaches 500MHz while all other chips are sub-200MHz, SPECfp95 is 3x most other chips of the time, and bests everyone in SPECint95 as well - Digital also sells of networking division (15 of 18 top selling 10/100 NICs are Digital 21140-series Tulip based, infamous Tulip fragmentation results and continues through today ;-) - Intel beings IA-64 EPIC/Predication design. - StrongARM starts appearing in embedded boards and designs at 133MHz, blows away most other microcontrollers in performance '97: - Digital and Intel settle out-of-court -- Intel buys Digital fabs and licenses both the Alpha and, more importantly (but not well covered by the media) StrongARM (as an i960 replacement) - Samsung and Intel become sole Alpha producers - Alpha Processor, Inc. (API) formed to continue development and oversee support, as well as continue Digital IC interests (like PCI/AGP bridge chips and other interconnect chips) - Intel Pentium II released - Digital releases FX!32 equivalent (cannot remember name) for Linux/Intel to Linux/Alpha binary emluation/translation '98: - Intel Pentium II gains clock speed - Alpha 164 processors still stuck at 500MHz (for over 2 years!) - Alpha 264 delayed until late 98 - Despite Intel's promise of lower fab cost in producting the Alpha, prices don't shrink - Most Alpha chips are still fabbed at 0.35-0.5um while other chips shrink to 0.25um sizes - Digital releases 64-bit version of NT/Alpha 4.0, never publicly made available by Microsoft - AMD begins x86-64 project with first product codename Sledgehammer. - API beings EV8/364 design which is a 100M transistor Alpha with both run-time optimization and IA-64-like EPIC compiler-optimization (whereas the IA-64 only has later) '99: - Digital sells to Compaq, largely for the MCSE staff (to become largest professional support provider), but also gains Alpha - Compaq promises to support Tru64 and VMS for at least another 4.5 years - NT/Alpha port killed - Max exodus of Digital/API design engineers to AMD - Max exodus of Digital/NT developers to Microsoft - Initial non-FC-PGA Pentium III appears '00: - AMD K7
