Does openssl include intel AES-NI-GCM?

Hi all I'm reading a paper from intel that mention an AES-NI-GCM implementation within the Linux kernel cryptographic framework using the new instructions(PCLMULQDQ and AES-NI). As I know ,aes-ni is already include in 1.0.1, So How does the AES-NI-GCM? The paper is here

RE: x509 certificate conforming to RFC 3739

Hi Walter, I hope this helps. Steve id-pda-dateOfBirth = 1.3.6.1.5.5.7.9.1 [ subjectDirAttrib_sec ] 1.3.6.1.5.5.7.9.1 = SEQUENCE:dateOfBirth_sec #id-pda-dateOfBirth [ dateOfBirth_sec ] id-pda-dateOfBirth.name= OID:id-pda-dateOfBirth id-pda-dateOfBirth.value =

Re: openssl_private_encrypt crashes browser after 10 seconds

I had the same problem with you, I've done the same thing with you to resolve the problem. but after I mentioned how my apache server can not run. is there any other way to solve this problem? -- View this message in context:

Re: check certificate chain in a pem file

Hi Jakob ... My doubt is like this . I have a .pem file say : chain.pem chain.pem == server certificate- intermediate CA certificate - self signed root certificate . Now i am writing the code in C using opensl Api's to verify this (chain.pem) chain . filename == chain.pem

Re: Need help with Windows and FIPS enabled OpenSSL libs

I wondered about that. I saw several mentions about that. -- View this message in context: http://openssl.6102.n7.nabble.com/Need-help-with-Windows-and-FIPS-enabled-OpenSSL-libs-tp43956p43975.html Sent from the OpenSSL - User mailing list archive at Nabble.com.

Re: Need help with Windows and FIPS enabled OpenSSL libs

Does the same apply to DLLs? I'm planning on using OpenSSL+Fips in a DLL that gets loaded either by other DLLs or directly from an application as a support DLL (the App won't be known, as we're doing DLL to be used by other vendors). -- View this message in context:

Syntax in extension section of openssl.cnf

Hello, I have the following: --- name = ASN1:SEQUENCE:section [ section ] value.1 = XXX:text --- what is possible to have instead of XXX? Thanks, Walter smime.p7s Description: S/MIME Cryptographic Signature

Re: [openssl-users] Syntax in extension section of openssl.cnf

man asn1parse man ASN1_generate_nconf That should give you some bootstrap information. -- Erwann ABALEA - tridécatabulophobie: peur d'être treize à table Le 28/02/2013 11:16, Walter H. a écrit : Hello, I have the following: --- name = ASN1:SEQUENCE:section [ section ] value.1 =

Re: Need help with Windows and FIPS enabled OpenSSL libs

On Wed, Feb 27, 2013, Glenn Smith wrote: Does the same apply to DLLs? I'm planning on using OpenSSL+Fips in a DLL that gets loaded either by other DLLs or directly from an application as a support DLL (the App won't be known, as we're doing DLL to be used by other vendors). Since you

how to disable

BH Hi All, I'm trying to pass a pci scan, I'm on Ubuntu 12.04 lts server and Nginx. I've tried everything I know and did a lot of research... apparently seems that need to disable a setting in OpenSSL which I can't find how to do. This is the result of the scan: SSL/TLS Protocol Initialization

Re: [openssl-users] Syntax in extension section of openssl.cnf

Thanks, Walter On 28.02.2013 12:03, Erwann Abalea wrote: man asn1parse man ASN1_generate_nconf That should give you some bootstrap information. -- Erwann ABALEA - tridécatabulophobie: peur d'être treize à table Le 28/02/2013 11:16, Walter H. a écrit : Hello, I have the following: ---

Re: aesni usage in C

On Thu, Feb 28, 2013, John-Alan Simmons wrote: I am trying to implement aes encryption via openssl using C, and cant figure out how to use the aesni hardware acceleration. I have already confirmed my processor can use, any help would be great. If you use the EVP interface AES-NI is

TLS ClientHello v3.3 not supported by all servers

They just reset the connection upon the reception of the message. This is a new behavior from version 1.0.1-e 1.0.1-d was which sending ClientHello v3.2 are fine. How to reproduce: openssl s_client -connect aur.archlinux.org:443 CONFIDENTIALITY : This e-mail

TLS ClientHello v3.3 not supported by all servers

They just reset the connection upon the reception of the message. This is a new behavior from version 1.0.1-e 1.0.1-d was which sending ClientHello v3.2 are fine. How to reproduce: openssl s_client -connect aur.archlinux.org:443 CONFIDENTIALITY : This e-mail

ongoing fingerprint does not match issues

Comparing printed debug values that I put into the incore script, it looks like our compileris putting the signature somewhere between FIPS_rodata_start and FIPS_rodata_end resulting in thefingerprint does not match segment aliasing error. I can get around this by removing the -fPIC option

Re: TLS ClientHello v3.3 not supported by all servers

Olivier, The command line you provided just worked fine in my box, in which a fresh openssl-1.0.1e installed. On Fri, Mar 1, 2013 at 7:31 AM, LANGLOIS Olivier PIS -EXT olivier.pis.langl...@transport.alstom.com wrote: They just reset the connection upon the reception of the message. This is

Identifying length of decrypted data.

Hi, I am using the AES_cbc_encrypt() API to perform symmetric decryption. But in one of the scenarios I see the data encrypted is of 16bytes but just 1byte is useful and 15bytes is for padding. Is there some way I can know the actual encrypted data length? I came across some pointers like

Re: Identifying length of decrypted data.

On 3/1/2013 7:24 AM, Tayade, Nilesh wrote: Hi, I am using the AES_cbc_encrypt() API to perform symmetric decryption. But in one of the scenarios I see the data encrypted is of 16bytes but just 1byte is useful and 15bytes is for padding. Is there some way I can know the actual encrypted data