On Tuesday 31 March 2009 23:16:10 Shasi Thati wrote:
> Hi,
>
> I have a question regarding the openssl speed command. When I use this
> command to test the crypto offload engine performance what is the
> right command to use?
>
> Is it
>
> openssl speed -evp aes-128-cbc -engine xx -elapsed
>
>
> Is it
> openssl speed -evp aes-128-cbc -engine xx -elapsed
> or
> openssl speed -evp aes-128-cbc -engine xx
It depends what you want to measure.
> I have seen examples with both of them on the internet and I get
> different results with each of them. What exactly does "elapsed"
> opt
Hi,
I have a question regarding the openssl speed command. When I use this
command to test the crypto offload engine performance what is the right
command to use?
Is it
openssl speed -evp aes-128-cbc -engine xx -elapsed
or
openssl speed -evp aes-128-cbc -engine xx
I have seen example
> OK, but from the source, I discovered that SSL_read is blocking until it
> receives a complete record. So, if I want to be awaken with select I
> must either:
Combining 'select' with blocking operations almost never works right. This is
the most difficult conceivable situation and you should
On Tue, Mar 31, 2009 at 2:18 PM, Dirk Reske wrote:
> Yes, we know about the security issues with the extended private data.
> But this is no commercial project, but a case study at our university.
>
> Dirk
Alright.
(If any university in the US tried to do anything like this they'd be
up on ethic
SSL_read will not return anything until it has received and verified a
full record. It will do its own buffering, and all you have to do is
respond to it. (If you're in a proxy/relay environment, it's possible
that the kernel will not have received the next packet to go into the
buffer, so you'll
Kyle Hamilton schrieb:
> On Tue, Mar 31, 2009 at 1:56 PM, Dirk Reske wrote:
>
>> Second,
>> it's just plain bad PKI to put attributes in Identity Certificates.
>>
>>
>>
>> What do you mean with this?
>>
>
> Placing additional attributes in the Identity Certificates makes those
> attributes
Patrick Patterson schrieb:
Hi Dirk:
Dirk Reske wrote:
Patrick Patterson schrieb:
Second,
it's just plain bad PKI to put attributes in Identity Certificates.
What do you mean with this?
Well, to quot
On Tue, Mar 31, 2009 at 1:56 PM, Dirk Reske wrote:
>
>
> Second,
> it's just plain bad PKI to put attributes in Identity Certificates.
>
>
>
> What do you mean with this?
Placing additional attributes in the Identity Certificates makes those
attributes available to everyone who can read them, and
Hi Dirk:
Dirk Reske wrote:
> Patrick Patterson schrieb:
>>>
>> Second,
>> it's just plain bad PKI to put attributes in Identity Certificates.
>>
>>
> What do you mean with this?
>
Well, to quote IETF RFC3281 (which has to do with Attribute Certificates):
"Some people constantly confuse P
Patrick Patterson schrieb:
Hi Dirk:
Dirk Reske wrote:
li...@kaiser.cx schrieb:
Hi,
On Tue, Mar 31, 2009 at 05:29:15PM +0200, Dirk Reske wrote:
We need to put some extra informations (simple strings) into the
certificates (e.g. year of bir
Hi Dirk:
Dirk Reske wrote:
> li...@kaiser.cx schrieb:
>> Hi,
>>
>> On Tue, Mar 31, 2009 at 05:29:15PM +0200, Dirk Reske wrote:
>>
>>
>>> We need to put some extra informations (simple strings) into the
>>> certificates (e.g. year of birth, ...).
>>> I have looked around the internet, but don't
li...@kaiser.cx writes:
> Hi,
>
> On Tue, Mar 31, 2009 at 05:29:15PM +0200, Dirk Reske wrote:
>
>> We need to put some extra informations (simple strings) into the
>> certificates (e.g. year of birth, ...).
>> I have looked around the internet, but don't really find any usefull stuff.
>
> define a
On Tue, Mar 31, 2009, Bene? Vladimr wrote:
> Hi,
>
> there is mentioned command option "-md" on official documentation -
> http://www.openssl.org/docs/apps/smime.html#
> """
> SYNOPSIS
> openssl smime ... [-md digest] ...
> ...
> COMMAND OPTIONS
> ...
> -md digest
> digest algorithm to u
I like it:
* make a read for data length = read buffer length (some kbytes) and
then loop on SSL_pending and SSL_read to get the rest of the
record, until SSL_pending returns 0. In that case, after the first
SSL_read has returned something select is useless.
BTW, does anybody
li...@kaiser.cx schrieb:
> Hi,
>
> On Tue, Mar 31, 2009 at 05:29:15PM +0200, Dirk Reske wrote:
>
>
>> We need to put some extra informations (simple strings) into the
>> certificates (e.g. year of birth, ...).
>> I have looked around the internet, but don't really find any usefull stuff.
>>
On Tue, 2009-03-31 at 08:50 -0700, Beneš Vladimír wrote:
> Hi,
>
> there is mentioned command option "-md" on official documentation -
> http://www.openssl.org/docs/apps/smime.html#
> """
> SYNOPSIS
> openssl smime ... [-md digest] ...
> ...
> COMMAND OPTIONS
> ...
> -md digest
> digest a
Hi,
On Tue, Mar 31, 2009 at 05:29:15PM +0200, Dirk Reske wrote:
> We need to put some extra informations (simple strings) into the
> certificates (e.g. year of birth, ...).
> I have looked around the internet, but don't really find any usefull stuff.
define a private extension. See RFC3280, sect
I'm trying to compile OpenSSL 0.9.8k on Win32 with MinGW installed. I
ran ms/mingw32.bat, and it seems to work well for a while, compiling
lots of source files, until I get:
if exist out\libcrypto.a del out\libcrypto.a
/usr/bin/sh: -c: line 1: syntax error: unexpected end of file
mingw32-make: ***
Hi,
there is mentioned command option "-md" on official documentation -
http://www.openssl.org/docs/apps/smime.html#
"""
SYNOPSIS
openssl smime ... [-md digest] ...
...
COMMAND OPTIONS
...
-md digest
digest algorithm to use when signing or resigning. If not present then the
default diges
A private X509v3 extension, perhaps?
-Original Message-
From: owner-openssl-us...@openssl.org on behalf of Dirk Reske
Sent: Tue 3/31/2009 8:29 AM
To: openssl-users@openssl.org
Subject: Add extra informations to certs
Hello,
We need to put some extra informations (simple strings) into t
Hello,
We need to put some extra informations (simple strings) into the
certificates (e.g. year of birth, ...).
I have looked around the internet, but don't really find any usefull stuff.
So, do you have some links or hints where to start?
How to read out this extra informations?
Thanks from ger
just as an update for anyone who may find it useful.
looking further, it turns out that the illegal instruction was LFS, the
underlying PPC processor did not have FPU so had
to turn on CONFIG_MATH_EMULATION for fpu emulation.
- basit
On Fri, Mar 27, 2009 at 4:39 PM, ABDUL BASIT wrote:
> Hi Fol
Hello Kyle,
Thank you for these explanations. Things are becoming clearer.
An important point about the application is : it's a relay (gateway). So
it doesn't have only to take care of the SSL side, but also of the
relayed application (private) side.
It's a non-blocking environment, so I am q
This is where you use your Magical Administrator Powers and download
the http://www.microsoft.com/whdc/devtools/debugging/default.mspx
Debugging Tools for Windows. These will provide you a LOT more
information, including the nature of the fault.
However, I would also suggest running a malware sca
Hi,
As you guessed correctly, this information is my business contact info, and
it's public.
On the other hand, being a moderated OpenSSL list I don't know how this
email finished in a thread. In all other occasions this never went
published, so maybe something changed in the posting rules. I sup
OK, I got your point, I'll ask what they meant by "the same results" then.
You're saying that I'm not competent for this task. As I said before, I'm a
student, and I'm doing this project to get my master degree. Everything
security related is still very new to me, especially because it's in C++,
It's a Pentium D(x86 Family 15 Model 4 Stepping 7 GenuineIntel ~2791 MHz)
system. We get the crash at libeay32.dll with following description
"Faulting application apache.exe, version 1.0.0.1, faulting module
libeay32.dll, version 0.9.8.10, fault address 0x0002d3e4"
Other than this, I do not g
You can remove the SSE2 codepath from OpenSSL-FIPS even for systems
which support SSE2.
What is the specific error you're getting with your second system, if any?
-Kyle H
On Mon, Mar 30, 2009 at 2:35 AM, Uma G. Nayak wrote:
> Kyle, I am not sure what you are referring to when you say, 'applicat
Could it be that the addresses are conflicting.. But I don't see any error
messages to that effect.
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Kyle Hamilton
Sent: Monday, March 30, 2009 1:09 PM
To: openssl-users@openssl.
30 matches
Mail list logo
