Re: Geode on-chip AES 128-bit crypto accelerations but OpenSSL doesn't use it

2009-09-29 Thread Nigel Sollars 

Hi,

Since we are on the subject of hardware enhanced cryptography, does the 
HiFn chips used in the Soekris devices, have support in openssl?.


Regards
Nige

Kyle Hamilton wrote:
OpenSSL uses the operating system to get entropy.  If AMD wants Linux 
to support its on-chip random number generator, it needs to write a 
driver that replaces /dev/random and /dev/urandom.


In addition, Intel has been playing nice and getting its code in the 
openssl distribution, as a set of patches that were integrated not too 
long ago.  Nobody has submitted such a patch for the Geode to my 
knowledge (I'm not god of the request tracker, but most mails sent to 
r...@openssl.org are forwarded to the -dev list; I've not seen any 
patches come in).  (i.e.: Intel is doing strategic positioning that 
AMD is not.)


-Kyle H

On Sep 27, 2009, at 11:05 AM, Jelle de Jong wrote:


Hello everybody,

The AMD Geode LX800 CPU has an on-chip AES 128-bit crypto 
accelerations block and a true random number generator, but OpenSSL 
is not using it.


Please see the below link for test reports and openssl outputs
http://debian.pastebin.com/faeff2a3

Is there anybody that know what is going on here?

Thanks in advance,

Jelle
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org




__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

The need for SNI ssl apache vhosts,

2009-09-14 Thread Nigel Sollars 

Hi,

I thought i would throw this one out there to see where sni is as far as 
usable ( or not ) ...


At the company we have an online store and we need to replicate it for 
different locales/languages.  After reading some information on the net 
it seems that the RFC spec is good but the implementation ( at the time 
of the writing was so so )..


Since the need for me has arisen to require it, is there a status page / 
better upto date information available?


my openssl version is:
OpenSSL 0.9.8g 19 Oct 2007

The server is running FedoraCore 10.

Regards  thanks in advance.

Nigel Sollars


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: The need for SNI ssl apache vhosts,

2009-09-14 Thread Nigel Sollars 

Martin Schütte wrote:

Nigel Sollars wrote:
  

Since the need for me has arisen to require it, is there a status page /
better upto date information available?



The Wikipedia page seems to be well maintained:
http://en.wikipedia.org/wiki/Server_Name_Indication

  


Great thanks,


I use SNI with VHosts myself on a shared server. But support on the
client side is still limited -- most importantly IE on Windows XP does
  

Not even 8?

the wiki says 0.9.8f supports SNI but it is not compiled in by default,  
since I am using what came with FedoraCore 10 ( 0.9.8g ) is there a way 
to see if I am good there?,  checked online ( openssl docs ) but again 
came up empty.


I do have to upgrade my version of apache, good thing to do anyway since 
I am 2 revisions behind.


Thanks again

Nigel



not support SNI.

  


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

OpenSSL C example Base64 Decode,

2009-09-04 Thread Nigel Sollars 

HI all,

I have a working example of Encoding base64 using the BIO methods but 
decrypting a string is being somewhat problematic.  The code in the man 
page for decoding does not work either as the stdin new_fp does not hand 
off / stop listening for input.


The openssl version is 0.9.8i

If anyone could supply a working example I would appreciate it,

Regards
Nigel
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: ErrorCode 06065064

2009-09-02 Thread Nigel Sollars 

Hi,

After looking at other examples, decided to go back to basic tried a 
simple approach at taking a string argv and passing that to the enc/dec 
methods,  Seems i have the same errorcode as before.  I have provided 
the testfile any help with this one would be very much appreciated.


Regards

Nigel Sollars wrote:

Hi all,

After looking at many examples and reading the OpenSSL book i 
purchased, I was wondering what the usual culprits are for the 
errorcode 06065064.  By the looks of it, it could be a bad password / 
key or perhaps a wrong sized outbuf.



Any more information would be highly appreciated,

Thanks in advance
Nigel Sollars
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org



/*
 *  file test1.c
 *
 *  simple round robin test to take 2 inputs, a key  a string to encrypt
 *  Encrypt the string then decrypt priinting out status as we go.
 *
 *  Use the supplied Makefile to build
 *
 */

#include stdio.h
#include stdlib.h
#include string.h
#include openssl/evp.h
#include openssl/rand.h

#define input_buf_size 1024
#define output_buf_size 1032

int main(int argc, char *argv[])
{

if (argc !=2)
{
printf(Usage: test1 stringtoencrypt\n);
exit(1);
}

char *string;

int encoutlen, decoutlen, enctotallen, dectotallen;

unsigned char *iv[8];
unsigned char  *password[16];
unsigned char enc_outbuf[output_buf_size];
char enc_inbuf[input_buf_size];
unsigned char dec_outbuf[input_buf_size];
char dec_inbuf[output_buf_size];
EVP_CIPHER_CTX ectx;
EVP_CIPHER_CTX dctx;

/*
 * Begin the encode - decode
 *
 * Get our inputs and the random IV
 *
 */

string = argv[1];

RAND_bytes(iv, 8);
RAND_bytes(password, 16);

printf(Entering Encryption Stage:\n\n);
printf(String to encrypt: %s\n\n, string);

EVP_CIPHER_CTX_init(ectx);


EVP_EncryptInit(ectx, EVP_bf_cbc(), password, iv);

bzero (enc_inbuf, input_buf_size);

if(!EVP_EncryptUpdate(ectx, enc_outbuf, encoutlen, string, 
strlen(string)))
{
printf(Error whilst EncryptUpdate\n);
return 0;
}

if(!EVP_EncryptFinal(ectx, enc_outbuf + encoutlen, enctotallen))
{
printf(Error Whilst EncryptFinal\n);
return 0;
}

encoutlen += enctotallen;

printf(Encryption Successful\n\n);
printf(Entering Decryption Stage\n\n);

EVP_CIPHER_CTX_init(dctx);
EVP_DecryptInit(dctx, EVP_bf_cbc(), password, iv);

bzero (dec_inbuf, output_buf_size);
bzero (dec_outbuf, input_buf_size);

if (!(EVP_DecryptUpdate(dctx, dec_outbuf, decoutlen, enc_outbuf, 
output_buf_size)))
{
printf(Error Whilst DecryptUpdate\n);
return 0;
}

if (!(EVP_DecryptFinal(dctx, dec_outbuf + decoutlen, dectotallen)))
{
printf(Error Whilst DecryptFinal\n);
ERR_print_errors_fp(stdout);
return 0;
}

decoutlen += dectotallen;

printf(Decryption Successful\n\n);

printf(Decrypted String is: %s\n, dec_outbuf);

return 0;

}

Re: ErrorCode 06065064

2009-09-02 Thread Nigel Sollars 

Thank you very much,

Regards
Nigel


Dr. Stephen Henson wrote:

Comments inline:

On Wed, Sep 02, 2009, Nigel Sollars wrote:

  

Hi,

After looking at other examples, decided to go back to basic tried a simple 
approach at taking a string argv and passing that to the enc/dec methods,  
Seems i have the same errorcode as before.  I have provided the testfile 
any help with this one would be very much appreciated.






  

unsigned char *iv[8];
unsigned char  *password[16];



Definitions of iv, password are wrong. Get rid of the '*'.

  

string = argv[1];

RAND_bytes(iv, 8);
RAND_bytes(password, 16);

printf(Entering Encryption Stage:\n\n);
printf(String to encrypt: %s\n\n, string);

EVP_CIPHER_CTX_init(ectx);


EVP_EncryptInit(ectx, EVP_bf_cbc(), password, iv);

bzero (enc_inbuf, input_buf_size);

if(!EVP_EncryptUpdate(ectx, enc_outbuf, encoutlen, string, 
strlen(string)))
{
printf(Error whilst EncryptUpdate\n);
return 0;
}

if(!EVP_EncryptFinal(ectx, enc_outbuf + encoutlen, enctotallen))
{
printf(Error Whilst EncryptFinal\n);
return 0;
}

encoutlen += enctotallen;




OK, you've got the total length of the encrypted data as encoutlen at this
point.

  

printf(Encryption Successful\n\n);
printf(Entering Decryption Stage\n\n);

EVP_CIPHER_CTX_init(dctx);
EVP_DecryptInit(dctx, EVP_bf_cbc(), password, iv);

bzero (dec_inbuf, output_buf_size);
bzero (dec_outbuf, input_buf_size);

if (!(EVP_DecryptUpdate(dctx, dec_outbuf, decoutlen, enc_outbuf, 
output_buf_size)))
{
printf(Error Whilst DecryptUpdate\n);
return 0;
}




But above you are passing the length as output_buf_size.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

  


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

ErrorCode 06065064

2009-08-31 Thread Nigel Sollars 

Hi all,

After looking at many examples and reading the OpenSSL book i purchased, 
I was wondering what the usual culprits are for the errorcode 06065064.  
By the looks of it, it could be a bad password / key or perhaps a wrong 
sized outbuf.



Any more information would be highly appreciated,

Thanks in advance
Nigel Sollars
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org