A71CH OpenSSL Engine compatibility with OPEN SSL 1.1 API

cancel
Showing results for 
Search instead for 
Did you mean: 

A71CH OpenSSL Engine compatibility with OPEN SSL 1.1 API

697 Views
Contributor II

Hello,

we use an A71CH with an iMX6 UL and want to use OpenSSL 1.1.1 (current LTS Version) as the current supported version 1.0.2 (former LTS) for which the support ends this year.

Is there an OpenSSL Engine available that is newer than >A71CH_01.06.00< which (as far as I understand) only supports Open SSL API for 1.0.*

Regards

Roland Marx

Labels (1)
Tags (2)
8 Replies

14 Views
NXP TechSupport
NXP TechSupport

Hello Roland Marx,

The next A71CH hostlib will be updated to openSSL 1.1.1, so please follow this product as below to get the notification when the new version of hostlib is available.

pastedImage_1.png

Hope that helps,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos

14 Views
Contributor II

Hello KanLi,

thank you for your quick response.

Is there an estimate about when NXP will release the new hostlib?

For project planning reasons this is very critical to know (even if it might still take some time).

Regards,

Roland

0 Kudos

14 Views
NXP TechSupport
NXP TechSupport

Hello Roland,

I am not quite sure about the release time, but should be updated before the LTS support ends for Version 1.0.2. You may firstly develop based on the current version then update it to the new version smoothly.

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos

14 Views
Contributor II

Hello Kan,

complex systems are in general not as smoothly upgradable as just the integration test would be as many applications also rely on a proper configured OpenSSL version, so a lot of testing and integration effort is to be conducted before deployment.

--> The OpenSSL Engine a critical and essential part to be able to use your products in secure end customer products

I would extremely prefer that NXP releases the new version by the end of July 2019.

Otherwise OpenSSL security fixes might not reach your customers devices in time!

 

An ETA for the release would be very helpful for our planning.

 

Regards

Roland

0 Kudos

14 Views
NXP TechSupport
NXP TechSupport

The hostlib for SE050 has been updated with openssl 1.1.0, and it also has A71CH support, please kindly refer to https://www.nxp.com/webapp/Download?colCode=se050_mw_v02.10.00  for details.

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos

14 Views
Contributor I

Hello Kan.

I also develop software with A71CH.  

> The hostlib for SE050 has been updated with openssl 1.1.0, and it also has A71CH support,

This SE050 software package docs described that A71CH as LIMITED SUPPORT.

I worry about how "limited" that and never update A71CH Host Software Package below for the latest OpenSSL.

A71CH | Plug and Trust for IoT | NXP 

Do you have any plan to update for the A71CH Host Software Package?

Regards,

Hiroaki

14 Views
Contributor II

We also don't find the hostlib is documented in the direction of usage of A71CH!

0 Kudos

14 Views
Contributor I

Hi Roland,

I managed to get rid of the incompatibility complaints of OpenSSL 1.1.0l version on my Raspberry (raspbian stretch) and it looks like OpenSSL now works, I tried the openssl_rnd.py script to get random numbers out of the A71CH.

This is a short list of some important things to pay attention on:

 - I used SE050-PLUG-TRUST-MW.ZIP version v02.12.00 (refer to the version_info.txt) for my A71CH.

 - Adopt the file ./simw-top/hostlib/hostLib/platform/rsp/i2c_a7.c to the right device (not always /dev/i2c-1)

 - Pay attention on simw-top/doc/building/rpi3.html and ./simw-top/doc/scripts/cmake_options.html

 - Have this versions installed with "apt install ...": cmake cmake-curses-gui cmake-qt-gui libssl-dev (I had no cmake-gui package, only cmake-qt-gui)

 - openssl and libssl-dev are version 1.1.01-l   (this has to be ensured BEFORE building with cmake, in case of doubt delete the whole build directory ./simw-top_build)

 - When you do the step "cmake-gui ." ensure all is default, except this options: Applet=A71CH and SMCOM=SCI2C. Click on configure and generate before leaving the gui and the "cmake --build ." step.

 - After build: next steps are "sudo make install" and "sudo ldconfig /usr/local/lib".

 - Both works for me: ./simw-top_build/raspbian_native_se050_t1oi2c/bin/A71CHConfigTool and the Python script ./simw-top/sss/plugin/openssl/scripts/openssl_rnd.py

I did not test all scripts, but that is the status that I reached right now.

Best regards,

Markus Feuser

0 Kudos