Building mod_ssl and Apache 1.3.37 fail on x86_64cpuid.o relocation error

[Gianluca Magalotti]

I'm trying to build apache 1.3.37 with ssl support on a Ubuntu 6.1 
running on a AMD Turion 64.

I've downloaded  the following packages:
Apache 1.3.37 sources (apache_1.3.37.tar.gz from httpd.apache.org)
Mod SSL 2.8.28 (mod_ssl-2.8.28-1.3.37.tar.gz from www.modssl.org)
Open SSL 0.9.8e (openssl-0.9.8e.tar.gz from www.openssl.org)
I've built openssl as described into the INSTALL file provided with 
mod_ssl distribution, using gcc-4.0:

./config no-idea -fPIC no-threads --prefix=/path/to/local/openssl
make
make test
make install
Then I've patched Apache by using (into the mod_ssl directory):
./Configure --with-apache=/path/to/local/apache

then I've switched to the apache tree and configured it as follows:

MM_BASE=/path/to/mm/ \
SSL_BASE=/path/to/local/openssl \
./configure \
  --prefix=/path/to/local/apache \
  --enable-module=most \
  --enable-shared=max \
  --disable-module=auth_dbm \
  --disable-module=cern_meta \
  --disable-module=log_agent \
  --disable-module=log_referer \
  --disable-module=usertrack
make

I received the ld error while linking libssl.so saying that libcrypto.a 
(module x86_64cpuid.o) cannot be relocated, compile with -fPIC (but is 
what I've done).
I've also tried using gcc-3.3 as well as using -fpic instead of -fPIC 
while building openssl.
I've tried to use the DSO version of libcrypto/libssl and compilation 
coes well but when starting apache it stops due to unresolved symbols 
(SSL_).
I found nothing appropriate on the Internet, because all solutions are 
"rebuild openssl with -fPIC (but is what I'm doing).


Can someone help me?
Thanks in Advance
Gianluca
--
*Gianluca Magalotti*   View Gianluca Magalotti's profile on LinkedIn 


Ph: +393489326722
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: ca setup problem

[Erik Leunissen]

Thanks for tracking this down in the source.



The default configfile probably contains "ca_default" there, have you 
replaced this with "My_CA"?


Yes I did indeed.

 From what I read in
http://www.openssl.org/docs/apps/ca.html the value should remain 
"ca_default" in your configfile unless you have a better idea...




Right. I replaced the name_opt entry and now it works.



Hope it helps,


It did absolutely.

Greetings,

Erik Leunissen.



Ted
;)



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Openssl 0.9.9 release

[Bhat, Jayalakshmi Manjunath]

Hi All,

I was looking for EAP-FAST support in openssl library. In the mail list
I found a patch. Patch was distributed for openssl-0.9.8.
And I also found some mails stating EAP-FAST support will be added in
openssl-0.9.9.I have few queries now.

I. Will EAP-FAST support will be added in openssl-0.9.9? 
II.When openssl-0.9.9 likely to be realsed.
II.We are using openssl-0.9.8a version now. Can I use the patch for this
library?
III.Is it legal to use this patch for the openssl library used in the
commercial products?

Any help is appreciated.

Regards,
Jaya.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

TLS extension support

[Bhat, Jayalakshmi Manjunath]

Hi All,

Can any one tell me when "SessionTicket TLS Extension" support will be
included in openssl library?

Thanks in advance.

Regards,
Jaya.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Openssl 0.9.9 release

[Kyle Hamilton]

This belongs on openssl-users, not openssl-dev.

I. I don't have the precise information, but I think it likely will  
be if it was a project committer who stated it will be.

II. Your guess is as good as mine.
III.  If it applies, compiles, and functions then there shouldn't be  
a problem.  It is always recommended that you use the latest version  
though (0.9.8a had a critical security vulnerability in its handling  
of RSA key lengths, if I remember correctly).
IV. Does the patch itself have any license text associated?  If not,  
custom has been to assume that it can be used under the same license  
as the library that it is applied to; you would have to ask the  
originator of the patch for absolute certainty, but if it is included  
in the distribution that distribution version will be distributed  
under the same license as the current version in the absence of any  
statement to the contrary.


I am not a lawyer, I am not a project team member, I cannot give  
legal advice, if you need legal advice talk to an attorney.  These  
statements are my own and are not endorsed by the OpenSSL project  
team, I do not claim to speak for anyone else at all.  (and I have to  
include this particular disclaimer line because you specifically used  
the word 'legal' in your final question.)


-Kyle H

On Mar 2, 2007, at 2:43 AM, Bhat, Jayalakshmi Manjunath wrote:


Hi All,

I was looking for EAP-FAST support in openssl library. In the mail  
list

I found a patch. Patch was distributed for openssl-0.9.8.
And I also found some mails stating EAP-FAST support will be added in
openssl-0.9.9.I have few queries now.

I. Will EAP-FAST support will be added in openssl-0.9.9?
II.When openssl-0.9.9 likely to be realsed.
II.We are using openssl-0.9.8a version now. Can I use the patch for  
this

library?
III.Is it legal to use this patch for the openssl library used in the
commercial products?

Any help is appreciated.

Regards,
Jaya.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Question about Diffie-Hellma

[Dinh, Thao V CIV NSWCDD, K72]

 
I  have a cipher suit :
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

What is It meant "TLS_DHE_RSA"  Combine between RSA with
Diffie-Hellman ?? RSA is key transport. DH is key agreement. How do they
use together ?? Please help.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Xiaoyu Ruan
Sent: Thursday, March 01, 2007 15:30
To: openssl-users@openssl.org
Subject: RE: Question about Diffie-Hellma

Here is how DH works:

1.  server determines p, q, sends p and q to client.
2.  server selects a random number priv_key_s, computes pub_key_s =
q^priv_key_s mod p, sends pub_key_s to client.
3.  client selects a random number priv_key_c, computes pub_key_c =
q^priv_key_c mod p, sends pub_key_c to client.
4.  server computes shared_secret = pub_key_c^priv_key_s mod p.
5.  client computes shared_secret = pub_key_s^priv_key_c mod p.

 

Now server and client both have the same shared_secret, which is used in
the symmetric cryptography like AES, DES, etc.

 

Notice that DH itself is not an encryption scheme. DH is used for
establishing a symmetric key between two parties.

 

-Xiaoyu

 



From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dinh, Thao V CIV
NSWCDD, K72
Sent: Thursday, March 01, 2007 3:13 PM
To: openssl-users@openssl.org
Subject: Question about Diffie-Hellma

 

Hi All 

I have a hard time to understand Diffie-Hellia Key agreement. This is a
DH structure 

Typedef structure dh_st
{ 
   BEGIUM *p; 
   BEGIUM *q; 
   BEGIUM *pub_key; 
   BEGIUM *priv_key;
} 

According to Openssl Book " p and q, each pair chooses a random large
integer priv_key member. A value for pub_key member is computed form the
pub_key member and shared with peer. ...Using the value of priv_key and
the peer's pub_key, each peer can independendly compute the shared
secrete.

Questions: 
1) each peer can independently compute the shared secrete  What is
meant ?? Client has one shared key, Server has different shared key???

 

2) How do Server decrypt the message encrypt by client ?? 

Pleas help. 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Question about Diffie-Hellma

[Victor Duchovni]

On Fri, Mar 02, 2007 at 09:24:27AM -0600, Dinh, Thao V CIV NSWCDD, K72 wrote:

>  
> I  have a cipher suit :
> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
> 
> What is It meant "TLS_DHE_RSA"  Combine between RSA with

$ openssl ciphers -v kEDH+aRSA+3DES+SHA
EDH-RSA-DES-CBC3-SHASSLv3 Kx=DH   Au=RSA  Enc=3DES(168) Mac=SHA1

- Ephemeral Diffie-Hellman key exchange (signed with server's
public key).

- RSA authentication via (at least) a server certificate with an RSA
public key.

- Triple-DES CBC content encryption

- SHA1 Digest for Messsage integrity.

> Diffie-Hellman ?? RSA is key transport. DH is key agreement. How do they
> use together ?? Please help.
> 

There are books and RFCs that answer this question.

-- 
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Question about Diffie-Hellma

[badra]

Dinh, Thao V CIV NSWCDD, K72 a écrit :
 
I  have a cipher suit :

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

What is It meant "TLS_DHE_RSA"  Combine between RSA with
Diffie-Hellman ?? RSA is key transport. DH is key agreement. How do they
use together ?? Please help.
  
When we use Ephemeral DH, we need to use a (RSA or DSS) certificate. So 
the DHE is for key establishment, and RSA signature is to authenticate 
the DHE key to avoid man in the middle attack.

Best regards,
Badra

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Xiaoyu Ruan
Sent: Thursday, March 01, 2007 15:30
To: openssl-users@openssl.org
Subject: RE: Question about Diffie-Hellma

Here is how DH works:

1.  server determines p, q, sends p and q to client.
2.  server selects a random number priv_key_s, computes pub_key_s =
q^priv_key_s mod p, sends pub_key_s to client.
3.  client selects a random number priv_key_c, computes pub_key_c =
q^priv_key_c mod p, sends pub_key_c to client.
4.  server computes shared_secret = pub_key_c^priv_key_s mod p.
5.  client computes shared_secret = pub_key_s^priv_key_c mod p.

 


Now server and client both have the same shared_secret, which is used in
the symmetric cryptography like AES, DES, etc.

 


Notice that DH itself is not an encryption scheme. DH is used for
establishing a symmetric key between two parties.

 


-Xiaoyu

 




From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dinh, Thao V CIV
NSWCDD, K72
Sent: Thursday, March 01, 2007 3:13 PM
To: openssl-users@openssl.org
Subject: Question about Diffie-Hellma

 

Hi All 


I have a hard time to understand Diffie-Hellia Key agreement. This is a
DH structure 


Typedef structure dh_st
{ 
   BEGIUM *p; 
   BEGIUM *q; 
   BEGIUM *pub_key; 
   BEGIUM *priv_key;
} 


According to Openssl Book " p and q, each pair chooses a random large
integer priv_key member. A value for pub_key member is computed form the
pub_key member and shared with peer. ...Using the value of priv_key and
the peer's pub_key, each peer can independendly compute the shared
secrete.

Questions: 
1) each peer can independently compute the shared secrete  What is

meant ?? Client has one shared key, Server has different shared key???

 

2) How do Server decrypt the message encrypt by client ?? 

Pleas help. 


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

  



--
Mohamad Badra
CNRS - LIMOS Laboratory


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Question about Diffie-Hellma

[Marek Marcola]

Hello,
> > I  have a cipher suit :
> > TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
> >
> > What is It meant "TLS_DHE_RSA"  Combine between RSA with
> > Diffie-Hellman ?? RSA is key transport. DH is key agreement. How do they
> > use together ?? Please help.
> >   
> When we use Ephemeral DH, we need to use a (RSA or DSS) certificate. So 
> the DHE is for key establishment, and RSA signature is to authenticate 
> the DHE key to avoid man in the middle attack.
Yes, and is calculated as (with some simplification):
DH_parameters = p, g, Y
data = client_hello + server_hello + DH_parameters
sign = RSA_sign(MD5(data)+SHA1(data)), for RSA
sign = DSA_sign(SHA1(data)), for DSA

Best regards,
-- 
Marek Marcola <[EMAIL PROTECTED]>

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Some wird OpenSSL perfomance slowdown

[Sergey S. Levin]

Hello Darryl,

Thank you for  a reply.

From glancing at your code it looks like your bulk data transfer is 
something like 300 lots of nBioBlockSize, and I presume nBioBlockSize is 
<= 10k, so thats only 3Mb of data.
The nBioBlockSize is 4096 Bytes. The transfer is 300 * buf_size where the 
buf_suze if 1 MB. So I'm transferring 300 MB. The problem is that the 
network speed is 100 Mbps, but the transfer speed of the code provided just 
40-60 Mbps on my computer and 4.8 Mbps on customer's. I understand that 
OpenSSL is a great lib. I just want to find out where I'm wrong in the code, 
because I had developed a big app and experiencing the speed problems.


I dont see any timing code in the middle to separate the timings for the 
SSL cryptographic setup phase from the application data transfer phase. I 
think you are doing a piggybacked connection setup so your first 
application data write is performing the SSL connection setup implicitly.
Yes, you are right. The overall app have no any additional code. Here is the 
link for the transfer speed graph picture:

http://www.bw-team.com/openssl.PNG

I dont see any timing code in the middle to separate the timings for the 
SSL cryptographic setup phase from the application data transfer phase. I 
think you are doing a piggybacked connection setup so your first 
application data write is performing the SSL connection setup implicitly.

Does this mean that the OpenSSL lib each BIO_write makes the handshake?

Thank you again,
Serge Levin 


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Some wird OpenSSL perfomance slowdown

[Rick Jones]

SW crypto aint cheap.  It can consume lots of CPU cycles.  If the system 
was nearly CPU saturated with a "plain" transfer, then the overhead of 
the crypto can very definitely take the throughput down considerably.


rick jones
one of these days I need to make an SSL version of netperf :)
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Some wird OpenSSL perfomance slowdown

[Sergey S. Levin]

Hello Rick,

SW crypto aint cheap.  It can consume lots of CPU cycles.  If the system 
was nearly CPU saturated with a "plain" transfer, then the overhead of 
the crypto can very definitely take the throughput down considerably.



1. If i use FileZilla and SSL connection - it works on 100% of speed.
2. The processor load is just 5% so, this should not be the crypto problem.

Thank you,
Serge
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Some wird OpenSSL perfomance slowdown

[Richard Koenning]

Sergey S. Levin wrote:

I dont see any timing code in the middle to separate the timings for 
the SSL cryptographic setup phase from the application data transfer 
phase. I think you are doing a piggybacked connection setup so your 
first application data write is performing the SSL connection setup 
implicitly.


Does this mean that the OpenSSL lib each BIO_write makes the handshake?


No. But which cpu types/frequencies are involved on both sides of the 
connection and which cipher suite do you use?

Ciao,
Richard
--
Dr. Richard W. Könning
Fujitsu Siemens Computers GmbH
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Some wird OpenSSL perfomance slowdown

[Sergey S. Levin]

Hello Richard,

But which cpu types/frequencies are involved on both sides of the 
connection and which cipher suite do you use?

Server - Celeron 2GHz, Cient - Intel PIV 2GHz.
As to the second question - I'm not changing the defaul values in the 
sources code. I had taken the saccept.c and sconnect.c as the base.

1. Which command changes it?
2. Which cipher suite should I use to increase the perfomance?

Thanks,
Serge

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Some wird OpenSSL perfomance slowdown

[Victor Duchovni]

On Fri, Mar 02, 2007 at 07:47:29PM +0200, Sergey S. Levin wrote:

> Hello Richard,
> 
> >But which cpu types/frequencies are involved on both sides of the 
> >connection and which cipher suite do you use?
>
> Server - Celeron 2GHz, Cient - Intel PIV 2GHz.
> As to the second question - I'm not changing the defaul values in the 
> sources code. I had taken the saccept.c and sconnect.c as the base.
> 1. Which command changes it?
> 2. Which cipher suite should I use to increase the perfomance?

All the available cipher-suites should be able to give reasonable
performance. Use:

openssl speed aes-256-cbc aes-128-cbc des-ede3 rc4

to estimate the expected throughput. On a 1.0GHz G4 laptop (not very fast
by today's standards) I get (0.9.8d):

---
The 'numbers' are in 1000s of bytes per second processed.
type  16 bytes 64 bytes256 bytes   1024 bytes   8192 bytes
rc4 115558.17k   136281.31k   141916.65k   142890.26k   141116.23k
aes-128 cbc  46802.45k51413.37k52360.24k52556.33k52390.01k
aes-256 cbc  38766.81k41876.09k42495.54k42638.51k42541.89k
des ede3 10826.44k11154.70k11244.89k11266.88k11256.52k
---

Even 3DES at ~11MB/s will still fill an 100Mbps ethernet link. Is the
client to server application protocol streaming or RPC-like half-duplex
lock-step send/ack/repeat? AES-128 is a good choice, RC4 is faster, but
should be avoided for security reasons. On a more "competitive" Opteron:

---
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes256 bytes   1024 bytes   8192 bytes
rc4 352435.01k   364963.95k   412739.58k   425921.54k   430820.01k
aes-128 cbc  61725.30k   107617.51k   137287.34k   148495.02k   149626.88k
aes-256 cbc  52085.21k84101.80k   101958.40k   107398.14k   108276.39k
des ede3 17907.50k17924.14k18002.94k17805.65k17995.09k
---

So here AES-128 and AES-256 can in principle reach ~1Gbps. If your problem
is protocol latency (rather than CPU for encryption), switching ciphers won't
help.

-- 
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Some wird OpenSSL perfomance slowdown

[Richard Koenning]

Sergey S. Levin wrote:

But which cpu types/frequencies are involved on both sides of the 
connection and which cipher suite do you use?


Server - Celeron 2GHz, Cient - Intel PIV 2GHz.
As to the second question - I'm not changing the defaul values in the 
sources code. I had taken the saccept.c and sconnect.c as the base.

1. Which command changes it?
2. Which cipher suite should I use to increase the perfomance?


As Vi(c|k)tor already said, with the above mentioned CPUs there should be no 
speed problem created by the symmetric encryption.
Something else what strikes me: Is the BIO_ctrl(out, BIO_CTRL_FLUSH, 0, NULL) 
call really necessary? Maybe the flushing has a negative influence on the LAN 
performance?

Ciao,
Richard
--
Dr. Richard W. Könning
Fujitsu Siemens Computers GmbH
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Public key validation for ECDSA

[Nils Larsch]

Xiaoyu Ruan wrote:

Hi dear fellows,

 

I would like to know if there is any function(s) in OpenSSL that handles 
public key validation for ECDSA.


Given a point (public key) and a curve, I would like to test if this 
point is a valid public key for this curve.


have a look at EC_KEY_check_key() in crypto/ec/ec_key.c

Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Public key validation for ECDSA

[Xiaoyu Ruan]

Thanks. Refer to the sample test given in PKV.txt in
http://csrc.nist.gov/cryptval/dss/ecdsatestvectors.zip.
I tried EC_KEY_check_key() against six NIST recommended EC curves P-192
P-224 K-163 K-233 B-163 B-233. For curves P-192 P-224 B-163 B-233 the
function gives correct results. However, for B-163 and B-233, some
invalid public keys are wrongly evaluated to true. Those invalid public
keys are exactly the ones marked "(2 - Added PT of order 2)". Is that a
bug of implementation of EC_KEY_check_key()? Any ideas will be greatly
appreciated. Thanks.

-Xiaoyu

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nils Larsch
Sent: Friday, March 02, 2007 2:24 PM
To: openssl-users@openssl.org
Subject: Re: Public key validation for ECDSA

Xiaoyu Ruan wrote:
> Hi dear fellows,
> 
>  
> 
> I would like to know if there is any function(s) in OpenSSL that
handles 
> public key validation for ECDSA.
> 
> Given a point (public key) and a curve, I would like to test if this 
> point is a valid public key for this curve.

have a look at EC_KEY_check_key() in crypto/ec/ec_key.c

Cheers,
Nils
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

RE: Some wird OpenSSL perfomance slowdown

[David Schwartz]

> cout << "Set BIO block size (ex: 4096): ";
> cin >> nBioBlockSize;

What value are you using for nBioBlockSize?

> else
> {
> BIO_ctrl(out, BIO_CTRL_FLUSH, 0, NULL);
> }

Why is this here?

DS


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Some wird OpenSSL perfomance slowdown

[Darryl Miles]

Sergey S. Levin wrote:

1. If i use FileZilla and SSL connection - it works on 100% of speed.


I dont know what FileZilla is, but which SSL implementations is used and 
what key exchange protocol and what symmetric cipher did it choose ?





2. The processor load is just 5% so, this should not be the crypto problem.


Hey you are only transfering 30Mb, increase this to something that make 
the test take 10 minutes or more then come back to tell us what the 
processor load is at each end.


This might also be a good test to highlight if the problem is with the 
application and not something more fundamental with the TCPIP and 
Ethernet layers.  If you can't get your app to give you 100% load on at 
least one end then maybe you need to get tcpdump out.  If you can then 
it highlights which end is having a performance problem at application 
level.




Maybe the others are right in questioning:
 BIO_ctrl(out, BIO_CTRL_FLUSH, 0, NULL)

The next BIO_write() will automatically flush the preceeding application 
data.


If you want to flush do one at the end of the for(;;) loop, as I cant 
see any code to call SSL_shutdown(ssl) I would not even be sure the last 
plaintext bytes actually reached the other end before the application 
terminated, I'd recommend you insert after the for(;;) loop:


BIO_ctrl(out, BIO_CTRL_FLUSH, 0, NULL);
SSL_shutdown(ssl);
SSL_shutdown(ssl);

The two SSL_shutdown() cause the shutdown notify to be emitted to the 
far end and the 2nd one will enforce a flush and wait.




> http://www.bw-team.com/openssl.PNG

I have taken a look at your graph but I still go with my suggestions to 
provide a table of timing information as requested before.


Also as others have suggested find out which cipher is being used and 
run the benchmarks on the systems at each end: openssl speed aes-256-cbc 
aes-128-cbc des-ede3 rc4


The API calls to dump this out are documented "man SSL_get_cipher" but 
you need to call these anytime after the 1st BIO_write() call is made in 
the app, this would be the point in time after the initial handshake has 
completed.



> Does this mean that the OpenSSL lib each BIO_write makes the handshake?

No, but at setup the initial handshake is mandatory and its a 5 way 
affair, the cost in time is at least "2 * round-trip-time" plus the CPU 
wall clock costs for computing PKC in the key exchange.  It is the key 
exchange that can be slow (especially under my original guess that you 
were only transfering 3Mb of application data, in that hypothetical 
scenario I would expect PKC cost to be higher than bulk encryption cost 
for 3Mb of data).



But to be clear about your performance claims:

You are claiming other SSL client implementations are faster, and if I 
understand correctly you are using the same SSL server implementation to 
test against on exactly the same hardware setup both ends to compare 
(i.e. nothing was changed on the client side except the client 
applicaiton being used) ?



Darryl

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: Public key validation for ECDSA

[Victor Duchovni]

On Fri, Mar 02, 2007 at 05:56:24PM -0500, Xiaoyu Ruan wrote:

> Thanks. Refer to the sample test given in PKV.txt in
> http://csrc.nist.gov/cryptval/dss/ecdsatestvectors.zip.
> I tried EC_KEY_check_key() against six NIST recommended EC curves P-192
> P-224 K-163 K-233 B-163 B-233. For curves P-192 P-224 B-163 B-233 the
> function gives correct results. However, for B-163 and B-233, some
> invalid public keys are wrongly evaluated to true. Those invalid public
> keys are exactly the ones marked "(2 - Added PT of order 2)". Is that a
> bug of implementation of EC_KEY_check_key()? Any ideas will be greatly
> appreciated. Thanks.

Are you able to share the code and input files that you used to run
the tests?

-- 
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]