5/31/2021
28

Contents

Jan 12, 2015  Hi, Weve got an HTML5 slot machine engine and a few casino games if any Bitcoin casino operators are looking for more content. Our front end slot machine engine means we can have new games up and running very quickly, just provide us the graphics. Games resize.

Introduction

This document describes how to identify and resolve a problem with IPSec operations that might be observed on the Cisco Aggregation Services Router (ASR) 1006 or ASR 1013 platforms. This can occur when there is only one embedded services processor (ESP) installed and it is seated in slot F1.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on the Cisco 1000 Series ASR 1006 or the Cisco ASR 1013.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

No crypto engine slot 0 not working

Background Information

The Cisco 1000 Series ASR portfolio includes two models (ASR 1006 and ASR 1013). Each model features redundant route processors (RP) and ESPs. In general, a single ESP is installed in the Cisco ASR 1006 and Cisco ASR 1013 in either slot F0 or F1, with no restrictions. The same premise applies to RP slots.

The slot numbering is described in the Cisco ASR 1006 and Cisco ASR 1013 installation guides.

Problem

The crypto engine fails to initialize after a device power-cycle. When ESP is seated in slot F1 and there is no running ESP in slot F0. The problem is seen on the following products:

Hardware:

  • Dual-ESP Cisco ASR 1000 models: ASR1006 or ASR1013.

Software:

  • For Cisco IOS® XE Release 3.7.xS train: Version 3.7.3S or earlier; 3.7.4S and later is not affected.
  • For later Cisco IOS XE trains: Version 3.9.1S or earlier; 3.9.2S and later is not affected.

Symptoms of the problem include:

  • The logs display this error message:
  • Output from the show crypto eli and show crypto ace slot <number> status commands indicates that the crypto engine is inactive:

This problem might occur in these scenarios:

  • A single ESP is inserted into slot F1 and there is no ESP in slot F0. The router has been power-cycled.
  • There are two ESPs, but due to an issue, the ESP in F0 failed and left a single ESP in F1. The router has been power-cycled.

Enter the show platform command in order to verify the availability of the ESP.

Example:

Solution

The problem is due to Cisco bug ID CSCue45131, 'sVTI tunnel I/F does not come up after router reboot.'
The bug is fixed in Cisco IOS XE Releases 3.7.4S and 3.9.2S.

EngineCrypto


The problem does not exist in the Cisco IOS XE Release 3.10.0S train.

The best solution is to make sure that the currently functioning ESP is installed in slot F0. If that solution is not possible, other workarounds that can be applied remotely are:

  • Reload the ESP: # hw module slot F1 reload

or

  • Reload the router

Configuration:

Most of the configuration of the library can be done in lib/openssl/eccx08_engine.h or via defines during build

The exception to this is in eccx08_platform.c where key slots are defaulted

If the ATCA_OPENSSL_ENGINE_STATIC_CONFIG define is set to 1 then device and signer certificate definitions willhave to be linked into the library at build.

e.g. see the line in the makefile: #LIBATECCSSL_OBJECTS += cert_def_1_signer.c cert_def_2_signer.c

Makfile:

The makefile included in this archive is fairly basic and is not what one would consider appropriate for a packageso there is likely some manual configuration that would be needed at this stage

To build the library:

make libateccssl

No Crypto Engine Slot 0 Not Found

To run the test program:

make test

To extract certificates (if the engine is added to the openssl.cnf file):

openssl engine ateccx08 -t -post GET_DEVICE_CERT:./device.deropenssl engine ateccx08 -t -post GET_SIGNER_CERT:./signer.der

Otherwise you'll have to use an interactive openssl session (see openssl engine -h and engine -vvv for details)

openssl

OpenSSL> engine dynamic -pre SO_PATH:/ -pre LIST_ADD:1 -pre ID:ateccx08 -pre LOADOpenSSL> engine ateccx08 -t -post GET_DEVICE_CERT:./device.derOpenSSL> engine ateccx08 -t -post GET_SIGNER_CERT:./signer.der

No Crypto Engine Slot 0 Not Turn

Then to verify the certs:

openssl x509 -in device.der -inform der -text -nooutopenssl x509 -in signer.der -inform der -text -noout

To set up your openssl.cnf file

No Crypto Engine Slot 0 Not 1

Find which openssl.cnf file your instance is using you can:

openssl version -a grep OPENSSLDIROPENSSLDIR: '/usr/lib/ssl'

will tell you the base location where openssl is looking for the openssl.cnf file. It may be a symbolic link to another location

ls -l /usr/lib/ssllrwxrwxrwx 1 root root 14 Apr 24 15:22 certs -> /etc/ssl/certslrwxrwxrwx 1 root root 20 Jan 31 05:53 openssl.cnf -> /etc/ssl/openssl.cnf

To set up the openssl.cnf to use the engine:

openssl_conf = openssl_init

No Crypto Engine Slot 0 Not Working

[ openssl_init ]engines = engine_section

No Crypto Engine Slot 000

[ engine_section ]ateccx08 = ateccx08_config

How US No Deposit Bonus Codes WorkYou may come across USA casino no deposit bonuses that require special bonus codes to unlock them. If you can’t find it, just contact the casino support and a friendly consultant should assist you. No deposit bonus code for vegas casino io.

[ ateccx08_config ]engine_id = ateccx08

No Crypto Engine Slot 0 Not Running

dynamic_path = device_key_slot = 0init = 0

Crypto Slots Free Spins

To use the engine in an application you can reference the openssl tests (test/openssl/test_engine.c) but the basic principle is thatif the openssl.cnf file is configured correctly all an application really needs to do is add a call to OPENSSL_config if it is not alreadydoing so and then to decide what functionality that the application wants and register it.