Re: web site with many openssl examples

[Peter Sylvester]

On 06/30/2011 07:29 PM, derleader mail wrote:

 Hi,
I'm looking for complete examples of implementing OpenSSL code - server and client. Can you 
give a link?


Best wishes
Peter

the source code of s_client  and s_server
or  ssl_use.c of curl for a client part or mod_ssl of apache for a server
or the source code for the tests in openssl that use bio pairs
or ...


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: EVP functions VS AES_cbc_encrypt

[Dave Thompson]

>   From: owner-openssl-us...@openssl.org On Behalf Of Sreekanth
Pothanis
>   Sent: Wednesday, 29 June, 2011 12:43

>   We have been using the aes_cbc functions to encrypt and decrypt 
> (with OpenSSL 0.9.8) . But recently I tried using the EVP functions 
> (with OpenSSL 1.0.0d) instead  to encrypt and decrypt with an aes_128 
> bit cipher and found that there is a huge improvement in the time taken 
> to encrypt and decrypt. So, my 1st question is how different are these 
> two and why is there a sizable difference.

Unless you use an ENGINE in EVP, there should be no detectable 
difference between EVP and lowlevel routines *on the same build*. 
EVP with a software cipher just calls the selected lowlevel routines.

Between versions, including 0.9.8 (which?) and 1.0.0d, there might be 
differences, possibly depending on platform and build options.

Even within a version, there might be a difference depending on build 
options. Usually the most important option is whether assembler is 
enabled. Compiler, and compiler options, may make a difference.

If you built these versions yourself, or got them from someone 
who told you the build process, you should know the options.
Otherwise if you have a commandline program using or matching 
your library, 'openssl version -a' will say everything recorded, or 
call SSLeay_version with appropriate values and print the results.

>   I tried these initially on linux with libssl-dev and since then 
> I have been trying it on windows. I previously just used 
>   Aes_cbc.c
>   Aes_x86core.c and a few headers on windows. However, I have not 
> been able to achieve something similar with the EVP functions. So, 
> is there a simpler way to just include a few c files and their 
> headers and achieve aes encryption/decryption.

You can certainly call the (official) lowlevel functions directly 
by #include'ing aes.h, or des.h or sha1.h etc. as applicable.

But crypto/aes/aes_x86core.c isn't in the Makefile, and thus 
isn't used by EVP OR the official lowlevel interface normally, 
and hasn't ever been as far as I can easily check.

I didn't go through in detail, but it looks like it provides 
the same signatures as aes_core.c, so you might be able to 
just put it as a replacement. But I'd not be confident it's 
correct without careful testing, and I'd be quite surprised 
if it is faster than the assembler code.


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Why does memory BIO use "internal copy operation" after reading?

[Vladimir Belov]

In the documentation(http://www.openssl.org/docs/crypto/BIO_s_mem.html) I 
have read that:
"Every read from a read write memory BIO will remove the data just read with 
an internal copy operation..."



Why does memory BIO use "internal copy operation" after reading? Why it does 
not use a ring buffer and only changes the pointers after read operation? It 
will be more faster.


And is it applicable to all BIO's types or only to Memory BIO?
For example, BIO_new_bio_pair. It creates two BIOs type of BIO_s_bio(). Is 
BIO_s_bio() similar to BIO_s_mem() in that sense that it uses "internal copy 
operation" after read or no?


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RFC 5746

[Ritesh Rekhi]

Hi ,

I need little help in implementing RFC 5746 on server, as per RFC it is not 
very clear on how to tell clients that Server doesn't support renegotiation.

If anybody knows a way to tell clients that server doesn't support 
renegotiation , please let me know.

Thanks
Ritesh Rekhi

EVP functions VS AES_cbc_encrypt

[Sreekanth Pothanis]

Hello all,

We have been using the aes_cbc functions to encrypt and decrypt (with OpenSSL 
0.9.8) . But recently I tried using the EVP functions (with OpenSSL 1.0.0d) 
instead  to encrypt and decrypt with an aes_128 bit cipher and found that there 
is a huge improvement in the time taken to encrypt and decrypt. So, my 1st 
question is how different are these two and why is there a sizable difference.

I tried these initially on linux with libssl-dev and since then I have been 
trying it on windows. I previously just used
Aes_cbc.c
Aes_x86core.c and a few headers on windows. However, I have not been able to 
achieve something similar with the EVP functions. So, is there a simpler way to 
just include a few c files and their headers and achieve aes 
encryption/decryption.


Thank you,
Sreekanth
This email has been inspected by NextLabs' Outlook Policy Enforcer to ensure 
compliance

- 
STATEMENT OF CONFIDENTIALITY
 
The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain confidential or privileged information. No representation is made on 
its accuracy or completeness of the information contained in this electronic 
message. Certain assumptions may have been made in the preparation of this 
material as at this date, and are subject to change without notice. If you are 
not the intended recipient, you are hereby notified that any dissemination, 
distribution or copying of this e-mail and any attachment(s) is strictly 
prohibited. Please reply to the sender at NextLabs Inc and destroy all copies 
of this message and any attachments from your system. 
==

Updating code using ASN1_HEADER

[Kenneth Porter]

I need to update an old piece of code written for 0.9.7 that uses the 
obsolete ASN1_HEADER struct as part of importing a Netscape certificate so 
that it can link against the latest openssl libraries. I'm not at all 
familiar with openssl usage so I'm not sure what I need to do here. I've 
been able to change the rest of the library usage to deal with changes to 
the API but this one stumps me. (I'm generally good at this sort of reverse 
engineering but SSL is sufficiently arcane that it would take me awhile to 
understand the intent of this code and what the updated equivalent should 
be.)


The source can be viewed here, at line 642:


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

stunnel 4.38 released

[Michal Trojnara]

Dear Users,

I have just released version 4.38 of stunnel.

The ChangeLog entry:

Version 4.38, 2011.06.28, urgency: MEDIUM:
* New features
  - Server-side SNI implemented (RFC 3546 section 3.1) with a new
service-level option "nsi".
  - "socket" option also accepts "yes" and "no" for flags.
  - Nagle's algorithm is now disabled by default for improved  
interactivity.

* Bugfixes
  - A compilation fix was added for OpenSSL version < 1.0.0.
  - Signal pipe set to non-blocking mode.  This bug caused hangs of  
stunnel

features based on signals, e.g. local mode, FORK threading, or
configuration file reload on Unix.  Win32 platform was not  
affected.


Home page: http://www.stunnel.org/
Download: ftp://ftp.stunnel.org/stunnel/

SHA-256 hash for stunnel-4.38.tar.gz:
aa49012195fde4dc3e4bed2bb25283cb40a6e0ad8295a47e730652f611e2268c

Best regards,
Mike

PGP.sig
Description: This is a digitally signed message part

Re: web site with many openssl examples

[Sushil Singh]

>
> Hi
>


Any body having experience it enable CRL checking in existing OpenSSL
client. I need to check the CRL for revoked certificate before attempting
SSL_connect to server.

Your help in this regard is really appreciated..

Thanks in advance.


Br;Sushil

web site with many openssl examples

[derleader mail]

 
Hi,



 I'm looking for complete examples of implementing OpenSSL code - server and 
client. Can you give a link?

Best wishes
Peter

RE: Convert perl file to asm fie

[Jeremy Farrell]

Try taking a step back and explaining what you are actually trying to do 
overall, instead of asking a particular question which sounds very strange. Are 
you just trying to build the OpenSSL libraries for ARM perhaps? In that case 
your question would have been better phrased as "how do I build the OpenSSL 
libraries for an ARM device", for example.



From: ty hawk

 Sorry for I have done.
 I found these files on website. I paste these links

I have compile completely openssl on windows, found it used 
aes-586.pl 
and
 it had been converted aes-586.asm in compiler
process
Now I need use it device, so I used 
aes-arm4v.pl
replace for aes-586.pl






Best Wishes

Hawkes
2011/06/30




2011/6/30 Tim Watts mailto:t...@dionic.net>>
On 30/06/11 10:53, ty hawk wrote:
Hi Tim

I have compile completely openssl on windows, found it used 
aes-586.pl
 and it had been converted aes-586.asm in compiler
process
Now I need use it device, so I used aes-armv4.pl 

replace for aes-586.pl .





Best Wishes!

Hawkes

2011/06/30


2011/6/30 Tim Watts mailto:t...@dionic.net> 
>>


   On 30/06/11 09:43, ty hawk wrote:

   Hi  :
  I want to use openssl on device that used arm.
  How could I convert aes-armv4.pl
    


   to aes-armv4.asm?
  Could you you help me?



Yes - on one condition - please listen and STOP trying to paste "links" to 
files into email messages I can't see any of those files to know what 
you're problem actually is about...

Re: Convert perl file to asm fie

[Tim Watts]

On 30/06/11 11:46, Andreas Müller wrote:

On 06/30/2011 11:53 AM, ty hawk wrote:

I have compile completely openssl on windows, found it used aes-586.pl
 and it had been converted aes-586.asm in compiler
process
Now I need use it device, so I used aes-armv4.pl 
replace for aes-586.pl .

Why don't you just run the file through perl? aes-armv4.pl is a Perl
script that generates the assembler code for the AES implementation.
The script is very easy (read it!), it essentially replaces symbolic
register names (perl variables) by correct ARM register names.

Best regards

Andreas Müller



ah-ha - all becomes clear now...

--
Tim Watts
Personal Blog: http://www.dionic.net/tim/
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Convert perl file to asm fie

[ty hawk]

Hi

 Sorry for I have done.
 I found these files on website. I paste these links

I have compile completely openssl on windows, found it used aes-586.pl <
http://www.opensource.apple.com/source/OpenSSL098/OpenSSL098-35/src/crypto/aes/asm/aes-586.pl>and
it had been converted aes-586.asm in compiler
process
Now I need use it device, so I used aes-arm4v.pl<
http://www.opensource.apple.com/source/OpenSSL098/OpenSSL098-32/src/crypto/aes/asm/aes-armv4.pl
>
replace for aes-586.pl






Best Wishes

Hawkes
2011/06/30




2011/6/30 Tim Watts 

> On 30/06/11 10:53, ty hawk wrote:
>
>> Hi Tim
>>
>> I have compile completely openssl on windows, found it used aes-586.pl
>>  and it had been converted aes-586.asm in compiler
>> process
>> Now I need use it device, so I used aes-armv4.pl 
>> replace for aes-586.pl .
>>
>>
>>
>>
>>
>> Best Wishes!
>>
>> Hawkes
>>
>> 2011/06/30
>>
>>
>> 2011/6/30 Tim Watts mailto:t...@dionic.net>>
>>
>>
>>On 30/06/11 09:43, ty hawk wrote:
>>
>>Hi  :
>>   I want to use openssl on device that used arm.
>>   How could I convert aes-armv4.pl
>> 
>>
>>
>>to aes-armv4.asm?
>>   Could you you help me?
>>
>>
>>
> Yes - on one condition - please listen and STOP trying to paste "links" to
> files into email messages I can't see any of those files to know what
> you're problem actually is about...
>
>
> --
> Tim Watts
> Personal Blog: http://www.dionic.net/tim/
> __**__**__
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
>

Re: Convert perl file to asm fie

[Andreas Müller]

On 06/30/2011 11:53 AM, ty hawk wrote:

I have compile completely openssl on windows, found it used aes-586.pl
 and it had been converted aes-586.asm in compiler
process
Now I need use it device, so I used aes-armv4.pl 
replace for aes-586.pl .

Why don't you just run the file through perl?  aes-armv4.pl is a Perl
script that generates the assembler code for the AES implementation.
The script is very easy (read it!), it essentially replaces symbolic
register names (perl variables) by correct ARM register names.

Best regards

Andreas Müller

--
Prof. Dr. Andreas Mueller
andreas.muel...@othello.ch
Bubental 53, 8852 Altendorf
Voice: +41 55 4621481  Fax/Data: +41 55 4621482
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Convert perl file to asm fie

[Tim Watts]

On 30/06/11 10:53, ty hawk wrote:

Hi Tim

I have compile completely openssl on windows, found it used aes-586.pl
 and it had been converted aes-586.asm in compiler
process
Now I need use it device, so I used aes-armv4.pl 
replace for aes-586.pl .




Best Wishes!

Hawkes

2011/06/30


2011/6/30 Tim Watts mailto:t...@dionic.net>>

On 30/06/11 09:43, ty hawk wrote:

Hi  :
   I want to use openssl on device that used arm.
   How could I convert aes-armv4.pl
 

to aes-armv4.asm?
   Could you you help me?




Yes - on one condition - please listen and STOP trying to paste "links" 
to files into email messages I can't see any of those files to know 
what you're problem actually is about...


--
Tim Watts
Personal Blog: http://www.dionic.net/tim/
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Convert perl file to asm fie

[Tim Watts]

On 30/06/11 09:43, ty hawk wrote:

Hi  :
   I want to use openssl on device that used arm.
   How could I convert aes-armv4.pl 
to aes-armv4.asm?
   Could you you help me?


  Hawkes
  2011/06/30


Two problems:

One - this is a mailing list - we cannot see your file. You need to 
include it if not too long, or put it on a website and post a link.


Secondly, you are not going to want to attempt to compile a perl script 
to arm assembler for an embedded device. Perl is only designed to 
compile to perl bytecode - attempts to go down further essentially mean 
that the entire perl bytecode interpreter and all supporting modules 
will have to be included in your exe image and the process is, well, yuk.


What you probably want to do is to implement the perl algorithm in C, 
linked against libopenssl and compile that, targeting ARM.


Unless your embedded device is powerful enough to run the ARM compiled 
version of perl (or microperl) in which case just use your script.


Cheers,

Tim

--
Tim Watts
Personal Blog: http://www.dionic.net/tim/
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Getting started to create PKCS7 message with PKCS11 provider

[James Berry]

Hi:



I need to sign a challenge string using the private key present on a smartcard. 
 The smartcard has a PKCS11-compliant library and I have been able to open the 
card etc with the PKCS11 driver.



Now I would like to sign a message in PKCS7 format to be sent elsewhere for 
verification. That verification is going to happen on a server running .net 
using the System.Cryptography.Pkcs.SignedCms class.



Whilst I can find reference on the net to openssl being able to create PKCS7 
signed messages, and also plug in a PKCS11 provider I can't find any good 
example code for either, and being a beginner at openssl I don't really know 
where to start.  Do I need to use the open-sc PKCS11 engine?



Can someone point me to some good examples that I can follow, or outline what 
I'll need to do to put together what I would imagine is quite a simple process 
"when you know how" :-)



Best wishes

James


James Berry
Chief Technical Officer

Advanced Health & Care
Unit 4 Eurogate Business Park, Ashford, Kent TN24 8SB
m: +44 (0) 7768 021031 t: +44 (0) 1233 722700 f: +44 (0) 1233 722701
www.advancedcomputersoftware.com/ahc



Advanced Health and Care Limited part of Advanced Computer Software Group. 
Registered in England at Munro House, Portsmouth Road, Cobham, Surrey, KT11 
1TF. Registration number 02939302
This message (and any associated files) is intended only for the use of the 
stated recipient and may contain information that is confidential, subject to 
copyright or constitutes a trade secret. If you are not the intended recipient 
you are hereby notified that any dissemination, copying or distribution of this 
message, or files associated with this message, is strictly prohibited. If you 
have received this message in error or are not the intended recipient please 
notify us immediately by replying to the message or calling 01233 722700 and 
deleting it from your computer. Any views or opinions presented are solely 
those of the author and do not necessarily represent those of the company.
We advise that in keeping with good computing practice the recipient of this 
email should ensure that it is virus free. We do not accept responsibility for 
any virus that may be transferred by way of this email.
Email may be susceptible to data corruption, interception and unauthorised 
amendment, and we do not accept liability for any such corruption, interception 
or amendment or any consequences thereof.

Convert perl file to asm fie

[ty hawk]

Hi  :
  I want to use openssl on device that used arm.
  How could I convert aes-armv4.pl to aes-armv4.asm?
  Could you you help me?


 Hawkes
 2011/06/30