Hi,
Can somebody tell me why CTR mode for AES algorithm has not implemented
completely in OpenSSL?
I saw the source code of OpenSSL and found that it is in partial implementation
stage from many past releases of OpenSSL.
Even though I have implemented the remaining interface for it, I am in
Philip A. Prindeville wrote:
Stephen Henson via RT wrote:
[philipp_s...@redfish-solutions.com - Mon Jan 26 12:04:34 2009]:
The OCF code has been ported to Linux:
http://sourceforge.net/project/showfiles.php?group_id=133575
it would be very nice if this were supported in openssl
Stephen Henson via RT wrote:
[philipp_s...@redfish-solutions.com - Mon Mar 09 18:21:52 2009]:
Stephen Henson via RT wrote:
There have been some concerns expressed in the mailing list about
how
portable this is to the many version of 'make' it has to work with.
Steve.
The '@' command for
When cross compiling for embedded targets gcc is unlikely to be
the best choice of compiler for making decisions. Only use gcc if CC
is not provided.
---
config |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/config b/config
index 31986f5..ac244b8 100755
--- a/config
Allow the build environment to override settings such as MACHINE etc
so that cross compilation for embedded systems is much easier.
---
Makefile.shared |8
config |8
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/Makefile.shared
Add support for building within the uClinux-dist cross-compile
framework for embedded systems (with and without MMU).
---
Configure |4
config|6 ++
2 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/Configure b/Configure
index 11c507a..5376ed3 100755
---
When cross compiling for embedded targets gcc is unlikely to be
the best choice of compiler for making decisions. Only use gcc if CC
is not provided.
---
config |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/config b/config
index 31986f5..ac244b8 100755
--- a/config
[sean.cunning...@mandiant.com - Tue Jun 30 02:22:28 2009]:
Currently OpenSSL always uses the values in client hello and server
hello to negotiate compression even for a resumed session. So provided
the client includes the compression method from the original method in
client hello (as
On Tue, Jun 30, 2009 at 12:56:38PM +1000, David McCullough wrote:
Change the speed test to only test sizes up to 4096. Most cryptodev
HW drivers fail with 8192 sized requests. 4K seems like a reasonable
limit to test up to.
No. This is a bug in whatever cryptodev HW drivers you are
[philipp_s...@redfish-solutions.com - Mon Jan 26 12:04:23 2009]:
The target:
fips_standalone_sha1$(EXE_EXT): sha/fips_standalone_sha1.c
$(CC) $(CFLAGS) -DFIPSCANISTER_O -o $@
sha/fips_standalone_sha1.c $(FIPSLIBDIR)fipscanister.o
is built, but the extension is dropped when it's
dtls1_read_bytes() uses dtls1_get_record() to get a record from the
wire. There's an agreement between those two functions that says that
ssl-s3-rrec.length contains the length of the record just read. If
ssl-s3-rrec.length equals 0 then there's no record in the buffer.
dtls1_get_record()
If makedepend fails (for example, if it isn't in the path), then domd
should fail so the build can stop on the error.
Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html
--
David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815
McAfee - SnapGear
When cross compiling for embedded targets gcc is unlikely to be
the best choice of compiler for making decisions. Only use gcc if CC
is not provided.
Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html
--
David McCullough, david_mccullo...@securecomputing.com,
Some combinations of algorithm removal cause compilation errors.
Fix this case for SHA/SHA1.
Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html
--
David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815
McAfee - SnapGear http://www.snapgear.com
Some support for OCSP was not ifdef'd and prevents its exclusion from
openssl via the config options.
Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html
--
David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815
McAfee - SnapGear
Do not run off the end of the RSA params arrays freeing values
or we will crash (or worse, corrupt the heap).
Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html
--
David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815
McAfee - SnapGear
Allow the build environment to override settings such as MACHINE etc
so that cross compilation for embedded systems is much easier.
Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html
--
David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815
McAfee
words was unused (compiler warning) remove it.
b was uninited memory causing us to generate bogus numbers to pass into
cryptodev.
Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html
--
David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815
McAfee -
Change the speed test to only test sizes up to 4096. Most cryptodev
HW drivers fail with 8192 sized requests. 4K seems like a reasonable
limit to test up to.
Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html
--
David McCullough,
Add support for building within the uClinux-dist cross-compile
framework for embedded systems (with and without MMU).
Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html
--
David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815
McAfee - SnapGear
Needed to include all the headers in the links target to get openssl
cross compiling nicely within the uClinux-dist.
Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html
--
David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815
McAfee - SnapGear
Add --with-cryptodev option to config so that an OS like linux may enable
cryptodev support if it has been ported (ie., ocf-linux).
Add --with-cryptodev-digests to optionally include hash support via
cryptodev (disabled by default as it is usually too slow to be useful).
Add a working cryptodev
Add support for calculating the CPU usage while doing crypto.
This is useful for showing the gains through HW acceleration
other than just speed. It is best used with the '-elapsed' option
to get real-world values.
Currently only linux supports cpu calculations, but it should be easy
to add
Cleanup some compile time warnings/magic numbers.
Overview : http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html
--
David McCullough, david_mccullo...@securecomputing.com, Ph:+61 734352815
McAfee - SnapGear http://www.snapgear.comhttp://www.uCdot.org
diff
Hi there,
there are 2 points:
1 you have possibly heard already, as I discovered it from
https://www.wagner.pp.ru/~vitus/articles/openssl-mingw.html
is that to cross-compile for Mingw you need to comment the invocation of
is_msys() in Configure as it won't return the correct value
2 is that the
David McCullough wrote:
Jivin Kyle Hamilton lays it down ...
Please mail these each as attachments to r...@openssl.org. This will
ensure that each gets entered into a trackable state, and also ensures
that the formatting for the patch files stays consistent.
No problems, I wasn't
[philipp_s...@redfish-solutions.com - Mon Jan 26 12:04:23 2009]:
The target:
fips_standalone_sha1$(EXE_EXT): sha/fips_standalone_sha1.c
$(CC) $(CFLAGS) -DFIPSCANISTER_O -o $@
sha/fips_standalone_sha1.c $(FIPSLIBDIR)fipscanister.o
is built, but the extension is dropped when it's
Stephen Henson via RT wrote:
[philipp_s...@redfish-solutions.com wrote:
The target:
fips_standalone_sha1$(EXE_EXT): sha/fips_standalone_sha1.c
$(CC) $(CFLAGS) -DFIPSCANISTER_O -o $@
sha/fips_standalone_sha1.c $(FIPSLIBDIR)fipscanister.o
is built, but the extension is
Stephen Henson via RT wrote:
[philipp_s...@redfish-solutions.com wrote:
The target:
fips_standalone_sha1$(EXE_EXT): sha/fips_standalone_sha1.c
$(CC) $(CFLAGS) -DFIPSCANISTER_O -o $@
sha/fips_standalone_sha1.c $(FIPSLIBDIR)fipscanister.o
is built, but the extension is
David McCullough proposed the following patch to
crypto/engine/eng_cryptodev.c:
(extracted from a larger change set):
@@ -428,7 +428,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const
unsigned char *key,
if ((state-d_fd = get_dev_crypto()) 0)
return (0);
-
[david_mccullo...@securecomputing.com - Tue Jun 30 13:54:34 2009]:
Some support for OCSP was not ifdef'd and prevents its exclusion from
openssl via the config options.
Overview :
http://www.mail-archive.com/openssl-dev@openssl.org/msg26096.html
Note progs.h is auto generated by
[david_mccullo...@securecomputing.com - Tue Jun 30 13:55:14 2009]:
Add --with-cryptodev option to config so that an OS like linux may enable
cryptodev support if it has been ported (ie., ocf-linux).
Add --with-cryptodev-digests to optionally include hash support via
cryptodev (disabled
Can you find a way to reproduce this behaviour with s_client/s_server or
does it only happen with external session caches?
I took a look at s_server. It uses openssl's default session cache, which does
not flatten the session objects with i2d_SSL_SESSION/d2i_SSL_SESSION. The
default cache
Green, Paul wrote:
Stephen Henson via RT wrote:
[philipp_s...@redfish-solutions.com wrote:
The target:
fips_standalone_sha1$(EXE_EXT): sha/fips_standalone_sha1.c
$(CC) $(CFLAGS) -DFIPSCANISTER_O -o $@
sha/fips_standalone_sha1.c $(FIPSLIBDIR)fipscanister.o
is built, but the
On Mon, 29 Jun 2009, Philip A. Prindeville wrote:
Stephen Henson via RT wrote:
It's not the @ command which might be non-portable IMHO but the
expansion of $(Q) into @.
I guess I still don't understand the issue. On the platforms that don't
support this, it could be left undefined
On Tue, 30 Jun 2009, David McCullough wrote:
Cleanup some compile time warnings/magic numbers.
---
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index 186eb36..1e5d3a3 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -70,9
On Mon, 29 Jun 2009, Philip A. Prindeville wrote:
Stephen Henson via RT wrote:
It's not the @ command which might be non-portable IMHO but the
expansion of $(Q) into @.
I guess I still don't understand the issue. On the platforms that don't
support this, it could be left undefined
Tim Rice via RT wrote:
On Mon, 29 Jun 2009, Philip A. Prindeville wrote:
Stephen Henson via RT wrote:
It's not the @ command which might be non-portable IMHO but the
expansion of $(Q) into @.
I guess I still don't understand the issue. On the platforms that don't
support this, it could
Hi,
I am testing the following simple program which uses openssl to encrypt and
decrypt a file:
http://tldp.org/LDP/LG/issue87/misc/vinayak/sym_funcs.c.txt
Once compiled I do:
./blowfish input_file.txt output_enc.txt output_dec.txt
I use the options:
1. G for generating a key
2. E
Green, Paul wrote:
Stephen Henson via RT wrote:
[philipp_s...@redfish-solutions.com wrote:
The target:
fips_standalone_sha1$(EXE_EXT): sha/fips_standalone_sha1.c
$(CC) $(CFLAGS) -DFIPSCANISTER_O -o $@
sha/fips_standalone_sha1.c $(FIPSLIBDIR)fipscanister.o
is built, but the
Tim Rice via RT wrote:
On Mon, 29 Jun 2009, Philip A. Prindeville wrote:
Stephen Henson via RT wrote:
It's not the @ command which might be non-portable IMHO but the
expansion of $(Q) into @.
I guess I still don't understand the issue. On the platforms that don't
support this, it could
On Tue, 30 Jun 2009, Philip Prindeville via RT wrote:
Tim Rice via RT wrote:
On Mon, 29 Jun 2009, Philip A. Prindeville wrote:
Stephen Henson via RT wrote:
It's not the @ command which might be non-portable IMHO but the
expansion of $(Q) into @.
I guess I still don't understand the
I think there might be some distracting issues here. I tried this sample
makefile on some non-GNU makes, and at least one I found was unhappy with
two different elements of the sample, neither of which was $(Q)echo.
A current non-GNU version of make on Solaris handled the provided sample
Jivin Thor Lancelot Simon lays it down ...
On Tue, Jun 30, 2009 at 12:56:38PM +1000, David McCullough wrote:
Change the speed test to only test sizes up to 4096. Most cryptodev
HW drivers fail with 8192 sized requests. 4K seems like a reasonable
limit to test up to.
No. This is a
Jivin Tim Rice lays it down ...
On Tue, 30 Jun 2009, David McCullough wrote:
Cleanup some compile time warnings/magic numbers.
---
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index 186eb36..1e5d3a3 100644
--- a/crypto/engine/eng_cryptodev.c
+++
[sean.cunning...@mandiant.com - Tue Jun 30 17:06:26 2009]:
Can you find a way to reproduce this behaviour with s_client/s_server
or
does it only happen with external session caches?
I took a look at s_server. It uses openssl's default session cache,
which does not flatten the
On Wed, 1 Jul 2009, David McCullough wrote:
Jivin Tim Rice lays it down ...
On Tue, 30 Jun 2009, David McCullough wrote:
Cleanup some compile time warnings/magic numbers.
---
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index
Jivin Stephen Henson via RT lays it down ...
[david_mccullo...@securecomputing.com - Tue Jun 30 13:54:34 2009]:
Some support for OCSP was not ifdef'd and prevents its exclusion from
openssl via the config options.
Overview :
Jivin Stephen Henson via RT lays it down ...
[david_mccullo...@securecomputing.com - Tue Jun 30 13:54:34 2009]:
Some support for OCSP was not ifdef'd and prevents its exclusion from
openssl via the config options.
Overview :
Jivin Green, Paul lays it down ...
David McCullough proposed the following patch to
crypto/engine/eng_cryptodev.c:
(extracted from a larger change set):
@@ -428,7 +428,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const
unsigned char *key,
if ((state-d_fd = get_dev_crypto()) 0)
Jivin Stephen Henson via RT lays it down ...
[david_mccullo...@securecomputing.com - Tue Jun 30 13:55:14 2009]:
Add --with-cryptodev option to config so that an OS like linux may enable
cryptodev support if it has been ported (ie., ocf-linux).
Add --with-cryptodev-digests to
Jivin Stephen Henson via RT lays it down ...
[david_mccullo...@securecomputing.com - Tue Jun 30 13:55:14 2009]:
Add --with-cryptodev option to config so that an OS like linux may enable
cryptodev support if it has been ported (ie., ocf-linux).
Add --with-cryptodev-digests to
52 matches
Mail list logo