[openssl-users] Query regarding AESNI-SHA "stitched" implementations.
hello I have an query regarding AESNI-SHA1 "stitched" implementations. In the stitched implement such as aesni_128_cbc_hmac_sha1_cipher, i saw the code compute MAC on cleartext then encrypt, I thought this mode is used for SSL and SSH. Is there any stitched implement support for Encrypt then Authenticate (EtA) mode, which encrypt the cleartext, then compute the MAC on the ciphertext? Thanks & Regards Kane -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] how to get digest for stitched AES-HMAC-SHA
Hi guys, I try to use build-in cipher suite EVP_aes_128_cbc_hmac_sha1 to get the benefit of function stitch. There some some questions : 1) Case this cipher stitch AESNI and HAMC-SHA1 in one go, how to get the hamc digest? 2) In some case, like ESP package ,the Encryption and Auth start from different offset of same buffer, is there any APIs to specify the offset between Auth and Encryption for stitched cipher? - IPv4 |orig IP hdr | ESP | | ESP | ESP| |(any options) | Hdr | TCP Data | Trailer |Auth| - |<- encrypted ->| |<-- authenticated > | Thanks in advance for any advice! BR Kane Software developer, Ericsson -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl-users Digest, Vol 28, Issue 21
Hi guys, I want to use "multiblock" introduced from 1.0.2 to improve performance of ipsec packet process, which use aes_cbc_hmac_sha as main algorithm. I have try openssl speed test with ‘-mb’ and I observe that the test code use big buffer size from 8192 to 131072, that show dramatic performance improvement My questions are: 1) Can i get so much improvement when use multiblock on single stream with small data ,like date with size 512 or 1024 bytes. 2) How to use the multiblock APIs? From speed.c , I saw some APIs call like EVP_CIPHER_CTX_ctrl() with type EVP_CTRL_TLS1_1_MULTIBLOCK_AAD and EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT, is there any document regarding these? Many thanks in advance for any advice here! Thanks, kane Software developer, Ericsson -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
RE: How can I enable aes-ni in openssl on Linux
As I know ,aesni is support after openssl 1.0.1? it is not an engine, and no kernel module need. It will be enable automatically when you use evp api. BR Kane -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of John Sent: Friday, December 06, 2013 7:32 AM To: openssl-users@openssl.org Subject: How can I enable aes-ni in openssl on Linux I recently became aware of aes-ni and found the linked articles. My CPU supports this, but it seems (assuming the advice in the linked pages is accurate) that openssl does not have it enabled. What am I missing? I am running Arch Linux x86_64 and an using the repo provided package for openssl. % openssl engine (rsax) RSAX engine support (rdrand) Intel RDRAND engine (dynamic) Dynamic engine loading support Links: http://www.thinkwiki.org/wiki/AES_NI http://datacenteroverlords.com/2011/09/07/aes-ni-pimp-your-aes __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Does openssl include intel AES-NI-GCM?
Hi all I'm reading a paper from intel that mention an AES-NI-GCM implementation within the Linux kernel cryptographic framework using the new instructions(PCLMULQDQ and AES-NI). As I know ,aes-ni is already include in 1.0.1, So How does the AES-NI-GCM? The paper is here http://www.intel.com/content/dam/www/public/us/en/documents/white-papers/aes-ipsec-performance-linux-paper.pdf Regards, Kane __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org