Re: [openssl-users] Interoperating with a legacy client.

2017-02-07 Thread Tim Kirby
On 2/6/2017 2:55 AM, Matt Caswell wrote: This does look like the client is misbehaving for some reason. It's not behaviour I can reproduce with a 1.0.1j version of s_client. The second ClientHello should have a TLS1.2 record version, not have the SCSV ciphersuite, but instead have a

[openssl-users] Why is the signing-time signed attribute added unconditionally in CMS signatures?

2017-02-07 Thread Stephan Mühlstrasser
Hi, I'm wondering why OpenSSL adds the signing-time signed attribute unconditionally to a CMS signedData object. See function CMS_SignerInfo_sign() in source file cms_sd.c: if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) { if (!cms_add1_signingTime(si, NULL))

Re: [openssl-users] Interoperating with a legacy client.

2017-02-07 Thread Matt Caswell
On 07/02/17 09:46, Tim Kirby wrote: > On 2/6/2017 2:55 AM, Matt Caswell wrote: >> This does look like the client is misbehaving for some reason. It's not >> behaviour I can reproduce with a 1.0.1j version of s_client. >> >> The second ClientHello should have a TLS1.2 record version, not have the

Re: [openssl-users] BN_MUL_MONT for ARM64 v8

2017-02-07 Thread Andy Polyakov
> Is big number montogomery multiplication as optimized as it can be for > ARM64 as compared to X86-64 from the latest openssl github ? > We are not seeing vmull ( or pmull/pmull2) instructions in > armv8-mont.pl . > >On an ARM cortex-A72 (1GHz) and E5-2620

Re: [openssl-users] BN_MUL_MONT for ARM64 v8

2017-02-07 Thread Vijay Chander
Thanks Andy. A72 is running 1GHz compared to x86 at 2.1Ghz. So that should hopefully get down to -1:5. There is no L3 cache on the A72 eval board and performance counters do show 9x more DRAM accesses for ARM compared to x86. Will check out Mongoose and Kyro. Do you know of any good hardware

Re: [openssl-users] FW: problem with missing STDINT.H file

2017-02-07 Thread Michael Wojcik
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Andy Polyakov > Sent: Tuesday, February 07, 2017 10:49 > > # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) > || \ > > defined(__osf__) || defined(__sgi) || defined(__hpux) || \ > >

[openssl-users] Doubt regarding process of invalid [D]TLS record

2017-02-07 Thread Raja ashok
Hi All, In dtls1_get_record(), we are calling ssl3_read_n to get 13 bytes of DTLS record header from socket and then based on the length in record header, we again call ssl3_read_n to get record payload from socket. Here we are handling invalid record, like length less 13 bytes or invalid

Re: [openssl-users] FW: problem with missing STDINT.H file

2017-02-07 Thread Andy Polyakov
>> The attached text file is a snippet from attempting to install >> openssl-1.1.0c on a Solaris 8 machine. As can be seen, failed when >> could not be found. > > Do you have inttypes.h instead? > > As Jeff pointed out in another email this is for uint32_t and similar > types. These get

Re: [openssl-users] FW: problem with missing STDINT.H file

2017-02-07 Thread Jakob Bohm
On 07/02/2017 17:03, Michael Wojcik wrote: From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Andy Polyakov Sent: Tuesday, February 07, 2017 10:49 # elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ defined(__osf__) || defined(__sgi) ||

Re: [openssl-users] FW: problem with missing STDINT.H file

2017-02-07 Thread Michael Wojcik
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Jakob Bohm > Sent: Tuesday, February 07, 2017 13:37 > To: openssl-users@openssl.org > Subject: Re: [openssl-users] FW: problem with missing STDINT.H file > > Using parenthesis with the defined and sizeof operators is

Re: [openssl-users] FW: problem with missing STDINT.H file

2017-02-07 Thread Salz, Rich via openssl-users
> It's cargo-cult programming, most often by people who can't be bothered to > learn the language they're using. There are also sometimes portability issues, vendors get things wrong. But at any rate, for this project, OpenSSL style says parens after sizeof and says nothing at all about

Re: [openssl-users] BN_MUL_MONT for ARM64 v8

2017-02-07 Thread Vijay Chander
Andy, 1:2.5 is pretty in my opinion for ARM ! We will check out Mongoose. Hmm - will try to get to the bottom of those cache misses (at a lower priority). Thanks, -vijay On Tue, Feb 7, 2017 at 11:07 AM, Andy Polyakov wrote: > > A72 is running 1GHz compared to

Re: [openssl-users] BN_MUL_MONT for ARM64 v8

2017-02-07 Thread Vijay Chander
Mike, Tried with GMP. Same result for A72. Thanks, Vijay On Tue, Feb 7, 2017 at 3:31 PM, Mike Mohr wrote: > Have you considered using GMP as a big integer backed for openssl? It has > support for several arm variants using handwritten assembly code and the >

Re: [openssl-users] BN_MUL_MONT for ARM64 v8

2017-02-07 Thread Vijay Chander
Yes. Already took Andy's word from his previous replies for precisely this reason. GMP exercise was easy enough to get it out of the way. Thanks, Vijay On Feb 7, 2017 4:46 PM, "Jakob Bohm" wrote: > OpenSSL also has a lot of handwritten assembly language for ARM, > x86

Re: [openssl-users] BN_MUL_MONT for ARM64 v8

2017-02-07 Thread Mike Mohr
Have you considered using GMP as a big integer backed for openssl? It has support for several arm variants using handwritten assembly code and the developers go to great lengths to find optimize runtime on all supported platforms. On Feb 7, 2017 2:26 PM, "Vijay Chander"

Re: [openssl-users] BN_MUL_MONT for ARM64 v8

2017-02-07 Thread Jakob Bohm
OpenSSL also has a lot of handwritten assembly language for ARM, x86 etc. Most of it written by Andy Polyakov. His response about what can and cannot be done on various ARM CPU models is most probably a result of this work. Also, OpenSSL has a more permissive license than the GMP, so using GMP

Re: [openssl-users] BN_MUL_MONT for ARM64 v8

2017-02-07 Thread Salz, Rich via openssl-users
> Have you considered using GMP as a big integer backed for openssl?  It has > support for several arm variants using handwritten assembly code and the > developers go to great lengths to find optimize runtime on all supported > platforms. It might be interesting if we could figure out how to

Re: [openssl-users] BN_MUL_MONT for ARM64 v8

2017-02-07 Thread Mike Mohr
Licensing issues are indeed thorny. Why can't openssl perform a dynamic link? The soversion should handle any ABI issues introduced in later versions of GMP. Are you cross compiling GMP for your use on a target device? If so, you'll need to ensure that the MPN_PATH is set appropriately. If you

Re: [openssl-users] How to disable the DTLS stuff in openssl 1.0.2k

2017-02-07 Thread Matt Caswell
On 06/02/17 09:58, Devang Kubavat wrote: > Hi, > I am trying to configure the OpenSSL 1.0.2k for windows. > Can anyone help me How to disable the DTLS? I guess this email got stuck somewhere because I only just got this. See my answer to this on your stackoverflow question:

Re: [openssl-users] BN_MUL_MONT for ARM64 v8

2017-02-07 Thread Andy Polyakov
> A72 is running 1GHz compared to x86 at 2.1Ghz. So that should hopefully > get down to -1:5. And Mongoose will take you to ~1:2.5 (scaled to same frequency that is). Which I'd say is a fair result. Well, still could have been a bit better, but it's not unreasonable given ISA differences. Keep in