Re: How to add my own crypto with openssl libs
You can hook your engine to the crypto library to do the enc/dec. But I don't think you can completely avoid the libcrypto.so. Someone please correct me if I am wrong. On 14 February 2014 16:40, Indtiny S indt...@gmail.com wrote: Hi, I have written a my code for AES_CCM ciper suite. I want to use the openssl libray mainly *libssl.so* to do the handshake and part of the record layer part . Because I want to run this on the embedded target(my target has very less memory) I dont want to put the libcrypto.so provide by openssl. Instead of using crypto by ssl library for any Record layer calls , I just want to use my crypto functions do the encryption and decryption . Can somebody suggest how to do this with openssl ? Rgds Indra
Re: Forcing an application to use SHA512
Hi, Just a more specific question. I am trying to locate a CipherSuite that could use SHA512. But I dont see any such suites. Currently I am using AES128-SHA but I wanted to use AES128-SHA512 going forward. Does that mean that SHA512 has not been made part of TLS CipherSuites? On 4 February 2014 13:01, Gnanasekar R gnanasekar@gmail.com wrote: Hi, I am trying to write a cli-ser app and in that I want to force SHA512 to be used. I am always seeing SHA1 being used. Is there a way to force that in the application? Thanks in advance!
Forcing an application to use SHA512
Hi, I am trying to write a cli-ser app and in that I want to force SHA512 to be used. I am always seeing SHA1 being used. Is there a way to force that in the application? Thanks in advance!
Support for SHA-512/224 and SHA-512/256
Hi, I would like to know if OpenSSL has support for SHA-512/224 and SHA-512/256. I see init functions for SHA-256 and SHA-224. But could not find one for the 512/t. Is it not supported? Thanks, Gnanasekar
Re: Support for SHA-512/224 and SHA-512/256
Hi!, Yes, this is SHA-512. I am interested in the 512/t variants for which the IVs and the final digests length differs. I don't see any parameters to mention that. So wondering if support for 512/224 and 512/256 is available. Regards, Gnanasekar On 4 October 2013 13:19, Fredrik Jansson fredrik.jansson...@gmail.comwrote: Hi! Note, this is OpenSSL 1.0.1c. sha.h: int SHA512_Init(SHA512_CTX *c); evp.h: const EVP_MD *EVP_sha512(void); Best regards, Fredrik On Fri, Oct 4, 2013 at 9:44 AM, Gnanasekar R gnanasekar@gmail.comwrote: Hi, I would like to know if OpenSSL has support for SHA-512/224 and SHA-512/256. I see init functions for SHA-256 and SHA-224. But could not find one for the 512/t. Is it not supported? Thanks, Gnanasekar
Re: cryptodev engine in openssl not working
Did you build OpenSSL libs by enabling the appropriate flags - HAVE_CRYPTODEV etc ? In files crypto/engine/eng_all.c , ENGINE_load_cryptodev will be under few defines. Make sure your platform have those defines. Regards, Gnananasekar On 11 September 2013 14:34, Anees K A anees...@mistralsolutions.com wrote: Hi, When I try the following command $ openssl speed aes -engine crytodev *invalid engine cryptodev* 3078063752:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:187:filename(/lib/engines/libcryptodev.so): /lib/engines/libcryptodev.so: cannot open shared object file: No such file or directory If I look in the source, I can see eng_cryptodev.c file under crypto/engine folder. Why is this not working? I am using the following git - git://git.openssl.org/openssl.git $ openssl engine (dynamic) Dynamic engine loading support Regards anees k A
Assigning pre-defined bufs to OpenSSL lib bufs for AES calculation
Hi, I would like to know if it is possible to assign pre-defines bufs(addresses) to OpenSSL which it can use to store plaintext/cipher text during AES computation.
Re: Assigning pre-defined bufs to OpenSSL lib bufs for AES calculation
Yes, basically I am trying to see if I can make OpenSSL use certain 'pre-defined' bufs that will be mmap'ed to a known location in the memory. So that in the HW cryptolib I can make use of DMA to supply data to the crypto engine and read back to the same physical address. That way it will be faster and I can free up the processor. So before trying to do that myself I thought of checking if this has already been thought of and if there is a way to already do it. Any suggestions on how[complex] much of code change would that be? On 21 May 2013 17:18, Salz, Rich rs...@akamai.com wrote: **Ø **I would like to know if it is possible to assign pre-defines bufs(addresses) to OpenSSL which it can use to store plaintext/cipher text during AES computation. ** ** ** ** You mean force all AES encryptions during a TLS session to use fixed buffers? No, that is not possible without code changes. ** ** /r$ ** ** -- Principal Security Engineer Akamai Technology Cambridge, MA ** ** ** **
AES using cryptodev driver
Hi, Has anyone tried using cryptodev driver and seen it to be better than AES computation in OpenSSL libs. I instrumented the time using evp_test app and see that AES computation using cryptodev is ~1.6ms slower compared to running the app without cryptodev driver, in my system. So I would like to know if that is how it is or am I missing something?
Crypto engine EVP_CIPHER structure - cleanup
Hi, I have a crypto engine to perform AES encryption/decryption. I have initialized the EVP_CIPHER structure with the needed function pointers. I get called in init where I do some bookkeeping(could be assigning a context id). When this context is over I would like to remove any bookkeeping I would have done. I thought the 'cleanup' function would get called and I can do the necessary cleanups there. But this is not getting called though the context is over. Is there something that I am missing. I am using version 0.9.8