AES_cbc_encrypt - core dump in decryption.

Hi, I am facing a core dump in AES_cbc_encrypt() while decrypting the data with OpenSSL 1.0.1e library. I made sure, the encrypted data length is multiple of AES_BLOCK_SIZE (16bytes) and also there is sufficient amount of buffer available for decryption. The encrypted buffer pointer is also

RE: Deadlock in openssl1.0.1e.

-Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl- us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Wednesday, January 15, 2014 1:56 AM To: openssl-users@openssl.org Subject: Re: Deadlock in openssl1.0.1e. On Tue, Jan 14, 2014, Tayade, Nilesh

RE: Deadlock in openssl1.0.1e.

-Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl- us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Wednesday, January 15, 2014 6:30 PM To: openssl-users@openssl.org Subject: Re: Deadlock in openssl1.0.1e. On Wed, Jan 15, 2014, Tayade, Nilesh

Re: Deadlock in openssl1.0.1e.

Yes. The issue is fairly reproducible and takes not more than 10-15mins to occur. -- Thanks, Nilesh Sent via CanvasHD Dr. Stephen Henson st...@openssl.org wrote: On Wed, Jan 15, 2014, Tayade, Nilesh wrote: Thanks. I have already captured the lock details in an array. Please see below

RE: Deadlock in openssl1.0.1e.

. and what are all the other threads doing? some other thread must already own this lock and is waiting on something else. -lee On 2014-01-10 13:11, Tayade, Nilesh wrote: Hi, I am facing a deadlock issue on openssl1.0.1e. Please see the stack below. Could anyone please advise

Deadlock in openssl1.0.1e.

Hi, I am facing a deadlock issue on openssl1.0.1e. Please see the stack below. Could anyone please advise if this is a known bug? Is there any workaround/fix? FIPS is disabled on my system. (gdb) bt full #0  __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:136 No

Measuring the performance of AES-256-CBC decryption.

Hi, We are using openssl-1.0.1e version and also AESNI is enabled in BIOS. I am trying to measure the AES-256-CBC algorithm performance for decryption of 256bytes buffer size. But I am not getting the numbers matching with the 'openssl speed' tool. I saw it uses AESNI if we call the EVP* API,

Extra bytes before the decrypted data.

Hi, On performing the AES128 decryption, I see the decrypted data is preceded by a block of 16bytes. E.g. Below, 0x48 to 0x5a is the extra 16bytes block. And the actual 'GET' request starts from 0x47 onwards. 48 3f c4 99 fa f0 75 0e 51 b8 3b 58 aa 1f 4a 5a 47 45 54 20 2f 20 48 54 54 50 2f 31

RE: [openssl-users] Extra bytes before the decrypted data.

-Original Message- From: Erwann Abalea [mailto:erwann.aba...@keynectis.com] Sent: Friday, March 08, 2013 9:44 PM To: openssl-users@openssl.org Cc: Tayade, Nilesh Subject: Re: [openssl-users] Extra bytes before the decrypted data. It's probably the IV. Yes, it can be IV. But I am

Identifying length of decrypted data.

Hi, I am using the AES_cbc_encrypt() API to perform symmetric decryption. But in one of the scenarios I see the data encrypted is of 16bytes but just 1byte is useful and 15bytes is for padding. Is there some way I can know the actual encrypted data length? I came across some pointers like

RE: RSA_private_decrypt function takes longer time.

, Tayade, Nilesh wrote: Hi, I am using the RSA_private_decrypt() function in one of the custom applications, where we expect the premaster to get decrypted faster. [...] The explanation is simple: The cost of an RSA operation depends on the number of bits in the exponent used (private

RE: RSA_private_decrypt function takes longer time.

-Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl- us...@openssl.org] On Behalf Of Jakob Bohm Sent: Thursday, January 10, 2013 6:56 PM To: openssl-users@openssl.org Subject: Re: RSA_private_decrypt function takes longer time. [...] Coming back to this.

RE: RSA_private_decrypt function takes longer time.

-Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl- us...@openssl.org] On Behalf Of Jeffrey Walton Sent: Thursday, January 10, 2013 7:54 PM To: openssl-users@openssl.org Subject: Re: RSA_private_decrypt function takes longer time. [...] So I feel like

Hardware solution for asymmetric decryption.

Hi, The RSA_private_decrypt() function is proved to be costlier on my system. I will try for some hardware cards (PCI or over the network), which will help me perform asymmetric decryption in case of Premaster-decryption. I am looking at information on Thales nShield, SafeNet Luna devices.

RE: RSA_private_decrypt function takes longer time.

, Tayade, Nilesh wrote: Hi, I am using the RSA_private_decrypt() function in one of the custom applications, where we expect the premaster to get decrypted faster. [...] The explanation is simple: The cost of an RSA operation depends on the number of bits in the exponent used (private

About the OpenSSL benchmark statistics.

Hi, I am evaluating the performance of my application which handles the SSL/TLS connections (handshakes) and performs app data decryption. Do we have any statistics which I could use as a benchmark? Specifically - The max. number of new SSL connections per second which could be handled. --

RSA_private_decrypt function takes longer time.

Hi, I am using the RSA_private_decrypt() function in one of the custom applications, where we expect the premaster to get decrypted faster. I tried looking at the time consumed by RSA_private_decrypt and loops involved in pseudo-random function to compute key. It is seen that

RE: RSA_private_decrypt function takes longer time.

-Original Message- From: Florian Weimer [mailto:fwei...@redhat.com] Sent: Friday, December 21, 2012 5:58 PM To: openssl-users@openssl.org Cc: Tayade, Nilesh Subject: Re: RSA_private_decrypt function takes longer time. On 12/21/2012 01:13 PM, Tayade, Nilesh wrote: I am using

Question related to TLS1.2 key computation function - PRF.

Hi, As per RFC5246 - the TLS1.2 uses SHA256, SHA384 MAC. I would appreciate any pointers on how the PRF is implemented for TLS1.2. E.g. For TLS1.0, TLS1.1 - the HMAC-SHA1 is implemented as below. And SHA-1 uses 20bytes at a time. How many bytes SHA256 uses at a time? // First initialize the

About the encrypted premaster length.

Hi, The 'Client Key Exchange' packet carries the encrypted premaster. I am working on utility for decrypting the data and supported cipher suites are RC4_128_MD5 and RC4_128_SHA. I observed that the encrypted premaster length varies in the 'Client key exchange' packet. Sometimes it is

RE: About the encrypted premaster length.

...@openssl.org On Behalf Of Tayade, Nilesh Sent: Wednesday, 22 August, 2012 16:13 [...] Only for RSA key-exchange (which is the most commonly used). For DH* and ECDH* suites ClientKeyExchange is quite different. (Not to mention Kerberos or PreShared.) [...] If I am correct, the length depends upon

OpenSSL in multithreaded environment.

Hi, I am using OpenSSL-1.0.0g in a multithreaded environment. Each thread comes up with its own decryption context (which has own decrypted premaster, the random values and rsa pointer). And I am sure NO two threads touch each other's decryption context. But I see some issue (program crash)

Query related to RSAPrivateKey_dup function.

Hi, Could someone please confirm if RSAPrivateKey_dup() function allocates a new rsa structure instance while duplicating the existing one? This is just to ensure I free the pointer if it this function allocates it. -- Thanks, Nilesh

RE: Padding check failed and program crash with SIGABRT.

at 6:12 PM, Tayade, Nilesh nilesh.tay...@netscout.com wrote: Hi, [...] I see that the error it is trying to give is related to Padding check failure. 1. How to decide the padding? By default I keep it to RSA_PKCS1_PADDING always in RSA_private_decrypt(). 2. Is there no graceful way

OpenSSL 1.0.0g-fips download link.

Hi, Could someone please point me to the link where I can download OpenSSL-1.0.0g-fips? On http://www.openssl.org/source/, I see only OpenSSL-1.0.0g. To get '-fips' do I need to apply any patch? -- Thanks, Nilesh __ OpenSSL

RE: OpenSSL 1.0.0g-fips download link.

-Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl- us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Sunday, July 29, 2012 12:02 AM To: openssl-users@openssl.org Subject: Re: OpenSSL 1.0.0g-fips download link. On Sat, Jul 28, 2012, Tayade

Core dump in RSA_check_key

Hi, I am seeing a core dump in RSA_check_key() function. The backtrace is as below. I am unable to understand what is causing the issue. The core dump is intermittent (not always reproduced). Could someone please provide any pointers if I am missing any check? -- Thanks, Nilesh P.S. The code

RE: About RC4 decryption.

-Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl- us...@openssl.org] On Behalf Of re.est Sent: Tuesday, November 01, 2011 7:52 PM To: openssl-users@openssl.org Subject: Re: About RC4 decryption. On 11/01/2011 06:48 PM, nilesh wrote: [...] What exact

RE: Regarding cipher suites in SSLv3.

From: owner-openssl-us...@openssl.org [mailto:owner-openssl- us...@openssl.org] On Behalf Of Richard Könning Sent: Wednesday, October 12, 2011 7:20 PM To: openssl-users@openssl.org Subject: Re: Regarding cipher suites in SSLv3. Am 12.10.2011 15:29, schrieb nilesh: Hi, I am writing

RE: Link error

-Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl- us...@openssl.org] On Behalf Of Gyanendra Kumar Sent: Monday, October 10, 2011 7:35 AM To: openssl-users@openssl.org Subject: Link error Hi: I am compiling an example program and I get the following