RE: Speed of calculating (a exp x) modulo n ?
Use the bignum library that's part of openssl. check bn.h there are plenty of modulo-exponentation functions, i count 5. -lee -Original Message- From: Krzysztof Szkudlarek [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 04, 2003 7:44 AM To: '[EMAIL PROTECTED]' Subject: Speed of calculating (a exp x) modulo n ? Hello to everybody! Could anybody point me to some information about speed of various cryptographic function? How fast are crypto function implemented in OpenSSL. I have recently implemented my own simple function calculating value of a^x%n. If all three values (a,x and n) are 1024 bits long, then computing result on PC with Athlon XP+ 1600 (under Win 2000) takes about 3 seconds (while for 128 bits, it takes about 0.01 second). I know that real applications (like ssh f.e.) which relays on openssl, do it much faster even on slower machines. So, either my code worth nothing, or there are used shorter values and/or any tricks. I want to know which is the case, and if my code is so slow, how could I use crypto function from openssl library? I don't want to open regular SSL session, but just to be able computing value of a^x%n. (any sample code, would be very appreciated :-), but I can't find on the net any suitable documentation and samples. Thanks in advance for any answer. P.S. I'm sory for my bad english. Krzysztof Szkudlarek mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: CPU usage and SMIME?
Ahhh, The CU usage is *always* going to go to 100 percent, no matter how low the priority is. The real question should have been when I sign or encrypt, the operation adversly affects other important processes because the s/e operation is consuming needed cpu cycles, what can I do about this. Assuming this *is* a good paraphase of the problem, then setting the thread priority is the correct solution, noting that CPU will still always be at 100 percent, but other processes will be unaffected.. must be picky monday ;) -lee -Original Message- From: Ken Hirsch [mailto:[EMAIL PROTECTED]] Sent: Monday, July 29, 2002 8:31 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: CPU usage and SMIME? Maya wrote: I use Openssl 0.9.6c on Windows 2000. I use SMIME functions available and created my ATL COM which has 2 main functions :Encode and Decode. When I Sign or Encrypt messages with size about 3MB , the CPU usage goes up to 100%. Is it possible something to be done about this? Even if it will slow the process a little bit? You could lower the priority of the thread that's doing the function with SetThreadPriority(). Ken __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: SSL Client problems
As I understand it, fork() creates processes with separate memory spaces. While file descriptors can be shared between those processes, SSL data structures cannot, so you cannot directly use one process to SSL_write and another to SSL_read. Using threads instead of processes would not have this problem. If you use threads, you need to create thread locks for SSL to use (see CRYPTO_set_locking_callback). There are ways to transfer SSL object instances between processes, I've seen them mentioned on this list previously. Finally, and with absolutely no idea of what you are trying to accomplish but going on the description in your email... Why don't you have just one process to handle both sending and receiving on the SSL socket? Use non-blocking sockets and select() to handle both directions? Now Why you were still seeing this problem with only one process and shared memory is a bit of a mystery regards, -lee -Original Message- From: Mestl, Robert R. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 23, 2002 11:01 AM To: [EMAIL PROTECTED] Subject: RE: SSL Client problems Did anyone have a chance to read up on my problem? Thanks - - - - - - - - - - - - - - - - - Robert R. Mestl -Original Message- From: Mestl, Robert R. Sent: Wednesday, July 17, 2002 1:29 PM To: [EMAIL PROTECTED] Subject:SSL Client problems Hello, I have a question or two about some problems we are having with the client program. Let me explain the setup of my program. This is a program used as a host-interface between our company and another company, and is written to be a-synchronous. The main (parent) process sets up a single socket connection with SSL protocol, initializes shared memory functionality, then forks off 2 child processes to handle sending and receiving messages, respectively, one function to each child. The parent process monitors the pings between both hosts, child 1 sends messages to the server process, and child 2 receives responses from the server process. All instances have access to the shared memory, which maintains the ping status, message data, and message return addresses. The parent must authenticate the connection with the server process. It sends a hello message. Child 2 receives the response to the hello message, calculates a challenge response, and sends it back to the server process. Then, when child 2 goes to read from the socket, it says there is nothing on the socket, though select() said there was. SSL_read() returns 0, and SSL_get_error() returns 1, or SSL_ERROR_SSL. We are stumped as to why to problem is occurring... I setup a simple single instance client process, sequentially sending the required messaging pattern for authentication, and all worked. When I use my regular program, first only with shared memory and no fork()s, then no shared memory and forks, ... nothing worked... still received the same error... What could be impeding the SSL_read() to return the response data I need...? Any help would be greatly appreciated... also, a document, besides the test client with the source/libraries, would be helpful in explaining the required order of initializing an SSL socket would be awesome... Thank You * Robert R. Mestl Systems Host-Interface Programmer/Analyst west Corporation - Interactive Division Podium: (800)232-1800 or (402)573-1000 Ask For Extension: 206x7444 Dial-in Direct: (402)573-2331 Email: [EMAIL PROTECTED] This electronic message transmission, including any attachments, contains information from West Corporation which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic transmission in error, please notify the sender immediately by a reply to sender only message and destroy all electronic and hard copies of the communication, including attachments. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: REMOVE
NO! You are NOT allowed to leave You HAVE to stay. (sorry to the list members for the noise, but I couldna help maself) -Original Message-From: Sidney Fortes [mailto:[EMAIL PROTECTED]]Sent: Tuesday, June 04, 2002 2:30 PMTo: [EMAIL PROTECTED]Subject: REMOVE REMOVE
RE: SSL_read()
How do you know there are 200 bytes in the buffer? Are you calling ioctl with FIONREAD to get the number of bytes in the socket? If so, then that value is the ciphertext count, including padding, SSL headers, MACs and other stuff. It is not what's available to read from the SSL_read function. -lee -Original Message- From: Chris Plant [mailto:[EMAIL PROTECTED]] Sent: Friday, May 24, 2002 1:59 PM To: [EMAIL PROTECTED] Subject: Re: SSL_read() On Sun, 2002-05-19 at 13:23, Lutz Jaenicke wrote: On Sun, May 19, 2002 at 10:11:20AM +0100, Chris Plant wrote: I have established a connection (using SSL_accept), and sent and received data over it, before the connection is dropped and the server reports the error (using ERR_get_error_string): SSL_read: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number (336130315) Please try to use ssldump (http://www.rtfm.com/ssldump) to help in analyzing your problem. I guess, that the client initiates a renegotiation and does not use the same version (SSLv2/SSLv3/TLSv1) that was chosen in the initial handshake. ssldump should show you, whether really a new handshake takes place. No, this is a different problem, I know there is 200 bytes in the buffer, but when I ask for the first 60, the other 140 disappear, is this due to the encryption ? Chris Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: unpadded triple DES
It's gross, and I do it, but just call EVP_ENCRYPT for both encrypt and decrypt operations. Don't bother with the EVP_FINAL at all. You can't call EVP_DECRYPT because it always holds on to one block in case it needs to interpret the data for padding purposes. EVP_ENCRYPT, on the other hand, will always write out the complete block (assuming you give an even blocksize as input). Works, got around a big problem for me, hope they don't change the behaviour in the future. -lee -Original Message-From: Bob McGrew [mailto:[EMAIL PROTECTED]]Sent: Monday, May 13, 2002 4:33 AMTo: [EMAIL PROTECTED]Subject: unpadded triple DESIn my application (a variant on onion routing) I know that my data comes in 16-byte blocks, so there's no need for padding. Since I'm repeatedly encrypting data, it's very difficult to use PKCS padding, as that increases the length of the data at each encryption.How can I turn off padding? The online docs say that EVP_CIPHER_CTX_set_padding() should work, but as far as I can tell, that function is not in the current distribution (0.9.6d). Am I (and my compiler) missing the definition somewhere? Is there another way to do desede3_cbc unpadded with EVP?Thanks,Bob (650) 497-9018 - Complaints that disinterestedness is a myth, along with "objectivity", usually come from academics seeking to justify their own ideological biases. Denis Dutton
RE:
Does anyone know of a good, complete implementation of the verify callback? The CB that's passed to the SSL_CTX_set_verify() function. The versions I've looked at, in the openssl source tree, don't seem all that complete. My callback is experiencing the error, X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, and I've not seen any methods that will help me in evaluating if this self-signed cert is valid. It *should* be the same self-signed root as I set up using SSL_CTX_add_extra_chain_cert(), but I assume that since the callback is being called with this error, it is up to me to somehow validate the certificate in question? How does one go about doing that? Thanks in advance, -lee __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
What chars are valid in a CN
Stupid question but I can't seem to find a reference anywhere (or I'm not looking right) What characters are valid in a CN (common name, and is a CN most/less/the same restrictions as a DN?), obviously alphnum and some punctuation, but which ones? Anyone have a pointer to where this is specified? TIA, -lee dilkie __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Compiling Error for Openssl on NT
except that is *should* be added to the install.w32 doc where everything else to do with the win32 install is described. -Original Message- From: Ruby Cruiser [mailto:[EMAIL PROTECTED]] Sent: Friday, October 19, 2001 3:23 PM To: [EMAIL PROTECTED] Subject: RE: Compiling Error for Openssl on NT Hi Zuosheng Hu , Your problem is explained in FAQ. http://www.openssl.org/support/faq.html You have to run VCVARS32.BAT (of MS VC++) before doing nmake step. - Ruby --- Dilkie, Lee [EMAIL PROTECTED] wrote: did you do a vcvars32 to set the command line environment up, like the document doesn't state? And why would someone from Entrust be using open source crypto? -lee dilkie (former entrust programmer) -Original Message- From: Zuosheng Hu [mailto:[EMAIL PROTECTED]] Sent: Friday, October 19, 2001 9:35 AM To: '[EMAIL PROTECTED]' Subject: Compiling Error for Openssl on NT Dear Sir: I am using openssl toolkit , version 0.9.6b. According to the instruction, I did the following steps: perl Configure VC-WIN32 (okay); ms\do_ms (okay); nmake -f ms\ntdll.mak, (error occurs. the error message is: cl /Fotmp32dll\cryptlib.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 / Fdout32dll /GD -D_WINDLL -D_DLL -c .\crypto\cryptlib.c 'cl' is not recognized as an internal or external command, operable program or batch file. NMAKE : fatal error U1077: 'cl' : return code '0x1' Stop. I can not figure out what problem there is in it. I would be very grateful if you could give me a help! I am looking forward to hearing your reply earlier. Sincerely Yours, Zuosheng Hu __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: 2 certs with same name
why don't you just give the same cert to both of them? After all, they have the same name... -Original Message- From: Lukasz Jazgar [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 03, 2001 11:36 AM To: [EMAIL PROTECTED] Subject: 2 certs with same name MindTerm wrote: Hi DS, CA have a database to keep check the ceriticates which she issued. She can't create a new ceriticate with the name already existing in database. M.T. Hi, Another question. How to create 2 certificates with the same name? I need them for 2 web servers running on one computer with only one DNS name. Any advice? Thanks, Lukasz Jazgar __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: SSL renegotiation and SSL_bio (more data)
sounds like you are using the wrong IV but the correct key. -Original Message- From: Andy Schneider [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 20, 2001 11:54 AM To: [EMAIL PROTECTED] Subject: RE: SSL renegotiation and SSL_bio (more data) I was using DES-CBC3-SHA1 for the testing. I tested it with DES-CBS and it is only the 1st 8 bytes of the decrypted message that are in variance. The rest of the bytes match those in the plain text sent by the server. I guess that rules out new key material. Andy S. -Original Message- From: Eric Rescorla Sent: Thu 9/20/2001 4:09 PM To: [EMAIL PROTECTED] Cc: Subject: Re: SSL renegotiation and SSL_bio (more data) Andy Schneider [EMAIL PROTECTED] writes: With further instrumentation I can see what happens. The server sends the server hello encrypted. The client gets the correct data but when it decrypts it the plain text is different from the plain text of the server hello message and hence the MAC is wrong. The only reason I can think of is that somehow the key material has changed. I compiled with -DTLS_DEBUG but key material doesn't seem to be updated at the point the server hello is sent (which it shouldn't). Anyone got any ideas? I'm still working on this. However, a question occurs: What algorithm are you using? Try using DES-CBC and see if it's only the first block that's damaged or if it's the entire message. This will tell us whether it's some sort of sequencing error or totally different keying material. -Ekr __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
names, IPs, server certs
Hi, I have a bit of a problem. My server is not always at the same IP address (and there are no DNS services available). And it has two IP addresses. I'd really like to have both IP addresses in the certificate, can this be done by adding an additional common_name to the openssl.cnf, ie. 0.commonName = an IP address 1.commonName = another IP address Would this work? This would take care of the cases where my server's ip addresses are left to their defaults. Question, is there any way to generate a certificate that IE will not do the check of the name against the IP address so I can avoid that error message(the server certificate and location do not match). Thanks in advance -lee __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SSL for telnet
I've been trying to find telnet-ssl client and server code. Does anybody know of any current implementations? The few I've run across are all built on old SSLeay. If someone could throw me a few url's I'd be grateful... Thanks, -lee __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: OpenSSL in an embedded environment
I have (possibly) a similar problem. But just for the sake of completeness, is anyone aware of a port to VxWorks? If I could hook up with the poor sod that's been through this before that would probably save my hair at least. -lee __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Embedded SSL and randomness
It is critical to get the initial seed with as much entropy as possible and because you are the OS vendor I don't believe you can do it yourself. I think it's up to the end users to provide the seed. In the case of small embedded systems, it's a design issue, to provide the required level of security it may be necessary for the manufacturer to provide an initial random number in NV storage to each device. If the manufacture wants to provide rng h/w, all the better for a seed. -another lee -Original Message- From: Vadim Fedukovich [mailto:[EMAIL PROTECTED]] Sent: Friday, May 04, 2001 10:55 AM To: [EMAIL PROTECTED] Subject: Re: Embedded SSL and randomness Lee, unpredictable random numbers required for ssl client to set pre-master secret, client key exchange message, rsa mode. One can run a reverse solution with SSL client on a web server. Unfortunately this breaks HTTPS. However, you still have a secure solution and a CA in business :) would this fit your environment? gather initial entropy step? please be cautious and think twice before actually going this route. -vf On Fri, 4 May 2001, Lee Webber wrote: At 04:10 PM 5/4/01 +0300, Andreas Bäck wrote: The core question is what [it] takes to port it to an embeded system. FWIW: my number one worry about porting SSL to an embedded system is where I get my entropy. Because my company sells embedded OS's to end developers, I need a general solution if possible. So where does the randomness come from on startup? No users, no mouse or keyboard input, no unpredictable thread activity... I can get a little randomness from clock skew, if I'm willing to wait forever to gather it. I can get some more from arrival of network packets -- except that by the time network packets start arriving I'd better already be seeded. That leaves two possibilities, external sources (including unused sound cards) and the Intel 81x chipset. Both of these have the drawback that no one solution is always available. Finally, I can start the system out insecure, have it train up to sufficient entropy, and then store the entropy for future use. The above is all I've been able to find on the Internet. Have I missed anything? ** This email, and any files transmitted with it, are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please advise [EMAIL PROTECTED] ** __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: SCG, DSA
1. I'm wondering if it's possible to make a digital cert that supports/uses SCG (Server Gated Cryptography), and if so, how? [Lee]I think you have to be a big company, like MS or Netscape, and negotate a special deal with the NSA. 4. Finally, I notice a problem with OpenSSL 0.9.6a; that is, when trying to generate an RSAcert, I get the following: C:\openssl genrsa -des3 -rand File1;File2;File3;File4;File5 2048 Rob.key Loading 'screen' into random state - done5510111 semi-random bytes loadedGenerating RSA private key, 2048 bit long modulus..+++...+++unable to write 'random state'e is 65537 (0x10001) ...apparently, the "unable to write 'random state'" can't be a GOOD thing... *sigh* [Lee]I get the same thing too, but only if I specify the "-rand File"option. Goes away if I leave it out. Course my random numbers are probably not so good :(
RE: SCG, DSA
Greg, As your link states, you need to have a CA cert signed by a root SGC CA and as I recall, both MS and NS have to control access to such entities quite closely (ie. you need to be a big company or at least you have to be big enough to not be able to run away from the gov). The history of SGC involves MS and NS negotations with the US gov (read, NSA) to allow 128 bit encryption support in browsers offshore when the situation warrented (ie. banking transactions). The gov relented and allowed NS and MS to ship 128 bit crypto with their browsers as long as it could only be use in authorized applications, hence the delevopment of the SGC extension in certificates. Because the SGC extension root certs were compilied into the browsers, one can not simply create your own CA with the extension, it won't work. You can either get a SGC CA cert from one of the two vendors (assuming you meet the critera and pay the dough) or I suppose you could ask the gov to let you have a root SGC CA. SGC is more or less a moot point these days, unless your clients can't upgrade to the strong crypto browsers. OK, so it's probably not that moot :) -lee -Original Message- From: Greg Stark [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 25, 2001 3:56 PM To: [EMAIL PROTECTED] Subject: Re: SCG, DSA 1. I'm wondering if it's possible to make a digital cert that supports/uses SCG (Server Gated Cryptography), and if so, how? [Lee] I think you have to be a big company, like MS or Netscape, and negotate a special deal with the NSA. I don't think so. Better yet, search for SGC (not SCG) in the archives, for one example see (http://www.mail-archive.com/openssl-users@openssl.org/msg13731.html), and look at the doc/openssl.txt. However, there is probably *no* reason for anyone to create an SGC cert anymore. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: SCG, DSA
3. When I use the .cnf file, putting in my own data... it doesn't seem to work. Of note is the DATE -- even if I stick in, say, 3650 days, the cert still defaults to a years expiry. Why don't my changes to the cnf file work -- is there some sort of trick or something I'm missing?? [Lee]I used the -days option on the cmd line. ie: openssl req -x509 -new -key ca.key -config openssl.cnf -days 1 ca.crt It fails if the days value is too large (like 100 years!).