AES_wrap_key()/AES_unwrap_key() and in-place operation?

2008-09-28 Thread Alfred Arnold
Hi everybody, I'm using OpenSSL 0.9.8i in an embedded project and I have a question related to the (relatively new?) functions to perform AES key wrapping resp. unwrapping. Are these functions meant to be used for in-place operation, i.e. the source and destination buffers are the same? Looking

TLSv1 encrypted session using cipher AES256-SHA (256 bits)

2008-09-28 Thread Kimmo Tuhkala
How to test speed in commandline openssl with this cipher TLSv1 encrypted session using cipher AES256-SHA (256 bits) or TLSv1 encrypted session using cipher AES128-SHA (128 bits) I use via epia ex15000G and i would like to know how does above ciphers use hardware via padlock engine. Is there any

Re: TLSv1 encrypted session using cipher AES256-SHA (256 bits)

2008-09-28 Thread Michael S. Zick
On Sun September 28 2008, Kimmo Tuhkala wrote: How to test speed in commandline openssl with this cipher TLSv1 encrypted session using cipher AES256-SHA (256 bits) or TLSv1 encrypted session using cipher AES128-SHA (128 bits) I use via epia ex15000G and i would like to know how does above

openssl with 1 sec enddate

2008-09-28 Thread Ryan Penn
Is there a way to sign a certificate so that the enddate is 1 second away( I want to work with an expired certificate)? This is just for testing purposes. The least amount of time I'm able to create is 1 day. I could have just changed the date of the machine, but I don't have root access to the

RE: AES_wrap_key()/AES_unwrap_key() and in-place operation?

2008-09-28 Thread Bill Colvin
With the AES Key Wrap algorithm, the wrapped key is 8 bytes longer than the original plaintext key. By default a checkword of A6A6A6A6A6A6A6A6 is pre-pended to the original plaintext key. In the OpenSSL code, this is referred to as the IV. The Checkword plus plaintext key is then subjected to

Re: DTLS clue requested: epoch numbers

2008-09-28 Thread David Woodhouse
On Fri, 2008-09-26 at 13:46 -0700, David Woodhouse wrote: At the worst, I should be able to reverse-engineer the library I have. The first failure seems to have been a discrepancy in epoch numbers. Comparing behaviour of their library and 0.9.8e, I find that theirs is adding '00 01 00 00 00 00

Re: DTLS clue requested: epoch numbers

2008-09-28 Thread David Woodhouse
On Sun, 2008-09-28 at 18:56 +0100, David Woodhouse wrote: On Fri, 2008-09-26 at 13:46 -0700, David Woodhouse wrote: At the worst, I should be able to reverse-engineer the library I have. The first failure seems to have been a discrepancy in epoch numbers. And the others are due to patches