[openssl.org #563] RE : Problem Self signing certificate
Hie I was trying to sign my own certificates after setting up Openssl on Linux 7.0. I download the latest tar.gz file and I installed everything without a problem. The problem arose when I tried ti self sign my certificates I have attched a text file of the error reported. My you please assist to solve this problem. I was able to view it using Wordpad on my windows P.C. Thanking you very much for you assistence. regards Gibson __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
zlib Compression
Hi Looking at the zlib hooks within crypto/comp/c_zlib.c, I see that the actual compression performed is dependant upon the inbound data being more than 128 bytes. You then stick a 0x01 at the beginning to indicate that compression was used, or put a 0x00 in there to indicate that it was not. Is this a (future) requirement of the TLS specification? I want to make use of the compression via OpenSSL to allow for different methods to be stipulated, but I need it to be interoperable with other applications. Am I going to have to implement a new COMP_METHOD ? TIA - Dave. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #555] RSA blinding MT patch
Bodo Moeller via RT wrote: Tom Wu via RT [EMAIL PROTECTED]: I just tried benchmarking the snapshot code against my earlier patch on an 8-way P3-700 server (Win2K AS). My patch gets ~100 RSA sign/s (1024-bit) with a single thread and peaks at ~790 RSA sign/s with 8 threads. The 0402 snapshot also starts at ~100 RSA sign/s with 1 thread and peaks at ~650 RSA sign/s with 8 threads. Thanks for the timings. One thing to take into account when interpreting these is that some additional random blinding should be added to your patch; maybe once in ten or hundred RSA operations, so the timing difference would not really change a lot. A more important aspect is that you are comparing just the case that multiple threads do share an RSA structure. A different scenario is that you have multiple threads with *individual* RSA structures -- then the snapshot version will be very fast while the version with locking will be unnecessarily slowed down because the locks are global. This is why we are trying to avoid excessive locking. We should try our best to quantify the cost of locking to weigh it against the cost of local blinding. If we are concerned about contention leading to a loss of parallelism on multi-processor systems, I would suggest that my patch places only a small amount of code (the blinding update squarings) inside a critical section, which results in very little contention, since the window of time for an RSA private op is still dominated by the CRT modexp. If we go by the benchmark numbers from our 8-way box, assuming the snapshot version gets perfect parallelism from multiple threads with individual RSA structs, that still makes its maximum theoretical performance 8 * 100 = 800 RSA sign/s, while the version with locking got about 790 sign/s. So far, it looks like locking is costing at most about 1% (10/800) in performance for both single and multithreaded cases, as opposed to 0% (single) and 18% (150/800) (multi) for local blinding. Perhaps there are other benchmarks we could run to get a more comprehensive picture? Tom -- Tom Wu Chief Security Architect Arcot Systems (408) 969-6124 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Montgomery modular exponentiation in OpenSSL.
Hi all, I come back with some more questions regarding modular exponentation as it is implemented in OpenSSL. - about BN_MONT_CTX_set in bn_mont.c: The idea here is basically to fill in the montgomery context with the right initial values, specially we need to compute Ni such that R.R^-1 - N.Ni = 1. Actually, it's implemented quite 'directly' requiring calculation of a modular inverse and a modular division. Wouldn't it be better to use the Binary Extended GCD Algorithm to retrieve Ni (and R^-1) ? [1, paragraph 14.4.3] - about BN_mod_exp_mont in bn_exp.c: * Am I right that what is being implemented here exactly in modular exponentiation using a sliding window technique over Montgomery modular multiplication ? [2, paragraph 2.5.2] * I understand basically the beginning of the algorithm (up until lign 414), but then honestly I'm quite lost. What are we trying to store in the various val[i] ? various powers of a ? * would somebody have the reference of the exact algorithm that is being used here ? For instance, in [2,paragraph 3.8.1] I have the algorithm of Montgomery exponentiation using the binary method, but not using sliding windows (which is what is being used here -- to my understanding). * what's the use for a BN_mod_exp_mont and a BN_mod_exp_mont_word function ? Many thanks Axelle. [1] Handbook of Applied Cryptography - Menezes, van Oorschot, Vanstone [2] High Speed RSA Implementation, Koc - (http://islab.oregonstate.edu/publications.html) __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SSE2 inner loop for bn_mul_add_words
for kicks i decided to see if it really was possible to get RSA speedups using the SSE2 PMULUDQ and PADDQ instructions ... and i'm seeing a 30%+ 1024-bit sign/s improvement on the p4 systems i've measured on. but i'm too lazy to try to understand the perl asm generation crud, and don't want to figure out how/if you folks would prefer to switch between routines optimized for specific platforms. so what i present here is a total hack patch against a .s file. do with as you please :) note that i use %mm registers rather than %xmm registers because this code is completely dominated by the carry-propagation, which is a series of 64-bit adds followed by shift-right 32 ... and if you attempt to do this with 128-bit registers you waste a lot of slots mucking about packing and shuffling and such. even still, this is SSE2-only code because the PMULUDQ and PADDQ instructions don't exist in MMX/SSE. (which means the only released processors it will run on are p4 and banias^Wpentium-m... it shows similar improvements on unreleased processors i can't talk about :) if you look closely i'm doing only 32-bit loads and stores ... the implicit zero-extension on the 32-bit load beats out any sort of creative attempt to do 64-bit loads and shuffle the halves around. it's unlikely that this technique can speed up the simple add/sub routines -- unless there are situations where multiple add/sub could be done in parallel... in the MMX hardware you can effectively parallelize non-dependent carry propagation -- something you can't do in the ALUs due to the conflict on EFLAGS.CF. this code probably still has slack which could be improved on... such as moving the emms somewhere much higher in the call stack... it's required before any fp code is run. and rearranging the loop so that it overlaps multiplication better with the carry chain propagation. -dean p.s. i'm not on the mailing list, so please CC me in any reply. --- openssl-0.9.7a/crypto/bn/asm/bn86-elf.s 2003-03-23 21:29:16.0 -0800 +++ openssl-0.9.7a/crypto/bn/asm/bn86-elf.s.dg2 2003-03-23 21:18:05.0 -0800 @@ -26,94 +26,76 @@ movl32(%esp), %ebp pushl %ecx jz .L000maw_finish -.L001maw_loop: - movl%ecx, (%esp) - movl(%ebx), %eax - mull%ebp - addl%esi, %eax - movl(%edi), %esi - adcl$0, %edx - addl%esi, %eax - adcl$0, %edx - movl%eax, (%edi) - movl%edx, %esi + movd %ebp,%mm0 + pxor %mm1,%mm1 /* mm1 = carry in */ - movl4(%ebx),%eax - mull%ebp - addl%esi, %eax - movl4(%edi),%esi - adcl$0, %edx - addl%esi, %eax - adcl$0, %edx - movl%eax, 4(%edi) - movl%edx, %esi - - movl8(%ebx),%eax - mull%ebp - addl%esi, %eax - movl8(%edi),%esi - adcl$0, %edx - addl%esi, %eax - adcl$0, %edx - movl%eax, 8(%edi) - movl%edx, %esi - - movl12(%ebx), %eax - mull%ebp - addl%esi, %eax - movl12(%edi), %esi - adcl$0, %edx - addl%esi, %eax - adcl$0, %edx - movl%eax, 12(%edi) - movl%edx, %esi - - movl16(%ebx), %eax - mull%ebp - addl%esi, %eax - movl16(%edi), %esi - adcl$0, %edx - addl%esi, %eax - adcl$0, %edx - movl%eax, 16(%edi) - movl%edx, %esi - - movl20(%ebx), %eax - mull%ebp - addl%esi, %eax - movl20(%edi), %esi - adcl$0, %edx - addl%esi, %eax - adcl$0, %edx - movl%eax, 20(%edi) - movl%edx, %esi - - movl24(%ebx), %eax - mull%ebp - addl%esi, %eax - movl24(%edi), %esi - adcl$0, %edx - addl%esi, %eax - adcl$0, %edx - movl%eax, 24(%edi) - movl%edx, %esi - - movl28(%ebx), %eax - mull%ebp - addl%esi, %eax - movl28(%edi), %esi - adcl$0, %edx - addl%esi, %eax - adcl$0, %edx - movl%eax, 28(%edi) - movl%edx, %esi +.L001maw_loop: + movd (%edi),%mm3/* mm3 = C[0]
renewal = same key,same subject and new serial ???
dear all, i serach some information and summarize by myself is renewal = same key,same subject and new serial . but i test renewal cerificate with signed document by old cert. it's not work i mean can't replace renewal cert to old cert completely. ex, iencrypt with old cert but can't decrypt with renew cert. and i gen new cert which same key,same subject and same serial ,test with old cert result it's completely replacement i mean , iencrypt with old certand can decrypt with new cert (same serial). this is my problem i think renewal = same key,same subject and new serial and completely replacement but completely replacement requrie same serial really, renewal ceritificate is same/new serial ?? renewal should completely replacement??? thank ** Message from InterScan E-Mail VirusWall NT ** ** No virus found in attached file noname.htm * End of message ***
Re: [openssl-dev] [openssl.org #551] [Fwd: Bug#186487: openssl:'openssl ca' allows serial 00 which breaks the signed certificate]
On Thu, 27 Mar 2003, Richard Levitte via RT wrote: Something to note, however, is that the CA certificate usually has serial number 0, at least when creating it with OpenSSL the way it's usually described. Therefore, there may be problems verifying, since the serial number 0 will be in two cerificates, and certificates are sometimes accessed as issuer+serial (to get the exact certificate) instead of subject. In the case where the CA cert and one of the issued certs have the same serial number, issuer+serial will lead to both of them, which in this case is an error. However, that's a user error rather than an OpenSSL one, since CA certs can, technically have any serial number, just as any other certificate... It's not a user error, it's a CA error, since the serial numbers of all the certificates signed by a CA *must* be unique under this CA. This includes also the CA itself, when it's a self-signed CA. -- Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5 - If you never try anything new, you'll miss out on many of life's great disappointments. Demotivators, 2002 calendar __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RSA structure
I have a question about RSA key structure. I have to convert an rsa key format implemented by FreeS/WAN (a package for implementation of IPSec standards in Linux) to openssl format. I have read the documentation about RSA key structure and his BIGNUM fields (n as modulus, e as public exponent, d as private exponent...and so on) in openssl web site, but I have noticed by my Kdbg debbugger that when I load a RSA public key from a file in pem format the modulus is loaded in e field and the public exponent in the d field. Is it possilble? Thanks in advance. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OpenSSL 0.9.7b-dev: no Configure mingw shared
Hi, trying to build shared OpenSSL libraries for Win32 using MinGW within the MSYS environment does not work, unfortunately. As of 0.9.7b, it should be possible to use the standard Unix build way like ./Configure mingw shared But, this gives the following warning: You gave the option 'shared'. Normally, that would give you shared libraries. Unfortunately, the OpenSSL configuration doesn't include shared library support for this platform yet, so it will pretend you gave the option 'no-shared'. If you can inform the developpers ([EMAIL PROTECTED]) how to support shared libraries on this platform, they will at least look at it and try their best (but please first make sure you have tried with a current version of OpenSSL). But, it is possible to build the two .dll files using the pre-0.9.7b way to build for Win32 using MinGW (ms\mingw32). Therefore, I would like to ask if this is a known problem. Best, rob. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RSA structure
I have a question about RSA key structure. I have to convert an rsa key format implemented by FreeS/WAN (a package for implementation of IPSec standards in Linux) to openssl format. I have read the documentation about RSA key structure and his BIGNUM fields (n as modulus, e as public exponent, d as private exponent...and so on) in openssl web site, but I have noticed by my Kdbg debbugger that when I load a RSA public key from a file in pem format the modulus is loaded in e field and the public exponent in the d field. Is it possilble? Thanks in advance. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Commercial OpenSSL support
Hello OpenSSL users, has anyone experience with companies providing commercial support for OpenSSL. One of our customers wants to have commercial support for OpenSSL so there is the question which firm/company might be choosen. Any suggestions on comany names and/or experience reports are welcome. Thanks in advance. Regards, Elmar Keck -- +++ GMX - Mail, Messaging more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage! __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
