topic Re: A71CH OpenSSL Engine compatibility with OPEN SSL 1.1 API in Secure Authentication

A71CH OpenSSL Engine compatibility with OPEN SSL 1.1 API

r_marx — Wed, 19 Jun 2019 11:08:29 GMT

Hello,

we use an A71CH with an iMX6 UL and want to use OpenSSL 1.1.1 (current LTS Version) as the current supported version 1.0.2 (former LTS) for which the support ends this year.

Is there an OpenSSL Engine available that is newer than >A71CH_01.06.00< which (as far as I understand) only supports Open SSL API for 1.0.*

Regards

Roland Marx

Re: A71CH OpenSSL Engine compatibility with OPEN SSL 1.1 API

Kan_Li — Tue, 25 Jun 2019 03:01:49 GMT

Hello Roland Marx,

The next A71CH hostlib will be updated to openSSL 1.1.1, so please follow this product as below to get the notification when the new version of hostlib is available.

Hope that helps,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Re: A71CH OpenSSL Engine compatibility with OPEN SSL 1.1 API

r_marx — Tue, 25 Jun 2019 07:04:54 GMT

Hello KanLi,

thank you for your quick response.

Is there an estimate about when NXP will release the new hostlib?

For project planning reasons this is very critical to know (even if it might still take some time).

Regards,

Roland

Re: A71CH OpenSSL Engine compatibility with OPEN SSL 1.1 API

Kan_Li — Wed, 26 Jun 2019 03:07:05 GMT

Hello Roland,

I am not quite sure about the release time, but should be updated before the LTS support ends for Version 1.0.2. You may firstly develop based on the current version then update it to the new version smoothly.

Re: A71CH OpenSSL Engine compatibility with OPEN SSL 1.1 API

r_marx — Mon, 15 Jul 2019 11:48:08 GMT

Hello Kan,

complex systems are in general not as smoothly upgradable as just the integration test would be as many applications also rely on a proper configured OpenSSL version, so a lot of testing and integration effort is to be conducted before deployment.

--> The OpenSSL Engine a critical and essential part to be able to use your products in secure end customer products

I would extremely prefer that NXP releases the new version by the end of July 2019.

Otherwise OpenSSL security fixes might not reach your customers devices in time!

An ETA for the release would be very helpful for our planning.

Regards

Roland

Re: A71CH OpenSSL Engine compatibility with OPEN SSL 1.1 API

Kan_Li — Thu, 18 Jul 2019 07:33:12 GMT

The hostlib for SE050 has been updated with openssl 1.1.0, and it also has A71CH support, please kindly refer to https://www.nxp.com/webapp/Download?colCode=se050_mw_v02.10.00 for details.

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Re: A71CH OpenSSL Engine compatibility with OPEN SSL 1.1 API

hiroakiosawa — Thu, 31 Oct 2019 04:48:56 GMT

Hello Kan.

I also develop software with A71CH.

> The hostlib for SE050 has been updated with openssl 1.1.0, and it also has A71CH support,

This SE050 software package docs described that A71CH as LIMITED SUPPORT.

I worry about how "limited" that and never update A71CH Host Software Package below for the latest OpenSSL.

A71CH | Plug and Trust for IoT | NXP

Do you have any plan to update for the A71CH Host Software Package?

Regards,

Hiroaki

Re: A71CH OpenSSL Engine compatibility with OPEN SSL 1.1 API

r_marx — Fri, 01 Nov 2019 09:47:30 GMT

We also don't find the hostlib is documented in the direction of usage of A71CH!

Re: A71CH OpenSSL Engine compatibility with OPEN SSL 1.1 API

mfr64 — Sat, 14 Dec 2019 17:32:48 GMT

Hi Roland,

I managed to get rid of the incompatibility complaints of OpenSSL 1.1.0l version on my Raspberry (raspbian stretch) and it looks like OpenSSL now works, I tried the openssl_rnd.py script to get random numbers out of the A71CH.

This is a short list of some important things to pay attention on:

- I used SE050-PLUG-TRUST-MW.ZIP version v02.12.00 (refer to the version_info.txt) for my A71CH.

- Adopt the file ./simw-top/hostlib/hostLib/platform/rsp/i2c_a7.c to the right device (not always /dev/i2c-1)

- Pay attention on simw-top/doc/building/rpi3.html and ./simw-top/doc/scripts/cmake_options.html

- Have this versions installed with "apt install ...": cmake cmake-curses-gui cmake-qt-gui libssl-dev (I had no cmake-gui package, only cmake-qt-gui)

- openssl and libssl-dev are version 1.1.01-l (this has to be ensured BEFORE building with cmake, in case of doubt delete the whole build directory ./simw-top_build)

- When you do the step "cmake-gui ." ensure all is default, except this options: Applet=A71CH and SMCOM=SCI2C. Click on configure and generate before leaving the gui and the "cmake --build ." step.

- After build: next steps are "sudo make install" and "sudo ldconfig /usr/local/lib".

- Both works for me: ./simw-top_build/raspbian_native_se050_t1oi2c/bin/A71CHConfigTool and the Python script ./simw-top/sss/plugin/openssl/scripts/openssl_rnd.py

I did not test all scripts, but that is the status that I reached right now.

Best regards,

Markus Feuser

Re: A71CH OpenSSL Engine compatibility with OPEN SSL 1.1 API

leonheld — Tue, 24 Aug 2021 19:50:15 GMT

Any updates on this? It's been almost two years since OpenSSL 1.0 was deprecated. Will the A71CH host lib ever get updates?