FIPS certification document for OpenSsl

[Prashant Kumar]

Hello All,

Where can I find the documentation for OpenSsl FIPS certification ?

Any help is appreciated.

Regards,
Prashant.

Re: Crypto engine asynchronously

[Prashant Kumar]

Hello Group,I am using Broadcom (ubsec) based hardware accelerator on a Vxworks 5.x platform. I see that my CPU usage is just 40 % when I hit the max number of TLS connection. I have a queue between the TCP stack and the application where I am running the TLS. I am running TLS using the memory bios. What I see is that the queue between the TCP stack and my TLS application is getting full because the TLS application is not picking the packets from the queue fast enough eventhough it is running at a higher priority. My preliminary thinking was that because I am using a blocking call to the Hardware accelerator, my TLS application is wasting a lot of time waiting for the operation to complete and not keeping up with the TCP since my TLS application is just using 40% of the CPU.My question is even if I get my Broadcom to run asynchronously, how can i make openssl engine to behave asynchronous as I understand
 from the code that the operation is very synchronous.Thank you again for all the help.Regards,  Prashant.Girish Venkatachalam [EMAIL PROTECTED] wrote:  --- Prashant Kumar <[EMAIL PROTECTED]>wrote: Hello Group,  Is there anyway I could use the crypto hardware engine asynchronously with OpenSsl. Looking at the code it doesn't look like.  The reason I am asking this is, in our deployment, I see that the CPU on which I am running OpenSsl is loaded just 40% and I still hit the maximum number of TLS sessions i could process. My assumption is that it could be because we are using synchronous call with the hardware accelerator and are blocked waiting for
 the hardware engine to do its works (that is decryption/encryption of each packet). Did you try "opessl speed -engine rsa "?Do your results correspond to the documentation givenwith your hardware device?Try to isolate the problem first. How do you say youare hitting the maximum number of TLS sessions? Itcould mean various things like network, your card, CPUanything. More details on what crypto you are accelerating couldhelp. regards,Girish Any help is appreciated.  Thanks, Prashant.   - Do you Yahoo!? Everyone is raving about the all-new Yahoo! MailBeta.__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
 __OpenSSL Project http://www.openssl.orgDevelopment Mailing List openssl-dev@openssl.orgAutomated List Manager [EMAIL PROTECTED] 
		Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.  Great rates starting at 1¢/min.

Crypto engine asynchronously

[Prashant Kumar]

Hello Group,Is there anyway I could use the crypto hardware engine asynchronously with OpenSsl. Looking at the code it doesn't look like.The reason I am asking this is, in our deployment, I see that the CPU on which I am running OpenSsl is loaded just 40% and I still hit the maximum number of TLS sessions i could process. My assumption is that it could be because we are using synchronous call with the hardware accelerator and are blocked waiting for the hardware engine to do its works (that is decryption/encryption of each packet).Any help is appreciated.Thanks,  Prashant. 
		Do you Yahoo!? Everyone is raving about the  all-new Yahoo! Mail Beta.

TLS and DOS attacks

[Prashant Kumar]

Hello Group,

Is there any work done to protect the TLS server implementation against the flood of Client hello's? I read about client puzzle somewhere.

Any help is appreciated.

Regards,
Prashant Kumar.__Do You Yahoo!?Tired of spam?  Yahoo! Mail has the best spam protection around http://mail.yahoo.com 

What version of PKCS#1 does openssl support

[Prashant Kumar]

Hello Group,

What version of PKCS#1 does openssl support. Is it PKCS#1 v2.1?

Thanks,
Prashant Kumar.
		Discover Yahoo! 
Use Yahoo! to plan a weekend, have fun online & more. Check it out!

Re: What version of PKCS#1 does openssl support

[Prashant Kumar]

Dr. Stephen/Jack,

Thank you so much for your answers.

Regards,
Prashant."Dr. Stephen Henson" [EMAIL PROTECTED] wrote:
On Fri, Jun 03, 2005, Prashant Kumar wrote: Hello Group,  What version of PKCS#1 does openssl support. Is it PKCS#1 v2.1? PKCS#1 v2.1 defines a number of schemes and structures. The PKCS#1 v1.5 compatible schemes in PKCS#1 v2.1 have been supported since theSSLeay days.OAEP has been added more recently but for SHA1 only.PSS has been added in the last week but it isn't fully integrated into theAPI: meaning the pad checking and generating functions need to be calledmanually. Full integration will need an extension to the basic RSA API and/orthe EVP_MD sign/verify interface.That covers all the main schemes of PKCS#1 v2.1 but with the qualificationsabove.Not all of the structures in PKCS#1 v2.1 are currently supported though: onlythe PCKCS#1 v1.5 versions.Steve.--
 Dr
 Stephen N. Henson. Email, S/MIME and PGP keys: see homepageOpenSSL project core developer and freelance consultant.Funding needed! Details on homepage.Homepage: http://www.drh-consultancy.demon.co.uk__OpenSSL Project http://www.openssl.orgDevelopment Mailing List openssl-dev@openssl.orgAutomated List Manager [EMAIL PROTECTED]__Do You Yahoo!?Tired of spam?  Yahoo! Mail has the best spam protection around http://mail.yahoo.com 

Re: Regard SSL per session memory usage..

[Prashant Kumar]

Roger,

What I have found is that OpenSsl allocates s3-rbuf and s3-wbuf as soon as the SSL session is created, however uses these buffers as scratch buffer while doing handshake, or doing any other SSL opertion. Once the operation is done, those buffers could be safely freed since then do not hold any state information. Before these operations begin, you got to allocate them and then free it as soon as the operation is done. I allocate there buffers from my shared buffer pool thus by significantly reducing the per session memory usage.

My SSL implementation makes use of memory bio's (but you could use the same approach with any BIO for that matter). You could detect the completion of handshake through the SSL function "SS_is_init_finished" and find whether there is any data to flush using the function BIO_pending.

Hopefully this is helpful.

Regards,
Prashant.

"Roger V. Beathard" [EMAIL PROTECTED] wrote:
Do you have examples of how you reduce memory consumption to 10-12k per connection?Thanks,Roger V. Beathard
		Yahoo! Mail Mobile 
Take Yahoo! Mail with you! Check email on your mobile phone.

Re: DTLS OpenSsl9.7g, assertion with mutual auth.

[Prashant Kumar]

Hello Nagendra,

This patch fixes the problem. Thank you so much for giving the fix so fast :). 

Also, note that to compile the directory "bio" [file bss_dgram.c], I had to add following line in "e_os.h":

#define socklen_t int

This is added under the "VXWORKS" compile options (I have attached herewith the file). If you can make this a part of your DTLS openssl delivery, that will be great.

I will let you know if I find anything else.

Thanks,
Prashant.nagendra modadugu [EMAIL PROTECTED] wrote:
I was able to replicate the bug and have attached an incremental patch--mutual auth should work now. Let me knowhow it goes. Thanks,nagendra* Prashant Kumar <[EMAIL PROTECTED]>[2005-05-09 14:03:21 -0700]: Hello Nagendra,  I tried your DTLS patch with Openssl9.7g on a vxworks platform. Everything works except mutual certificate authentication. When I enable mutual certificate authentication, DTLS fails with the following assertion:  d1_both.c(1054): OpenSSL internal error, assertion failed: s-d1-w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH == s-init_num  I tried the same thing on a Linux platform and got the same error.  Here is the debug info for the lengths: s-init_num = 19 w_msg_hdr.msg_len = 393  Thank you so much for your
 help.  Regards, Prashant.   Prashant Kumar <[EMAIL PROTECTED]>wrote:Hello Nagendra,  I had one question on the timer management and retransmission. I see that there is a new BIO type in the file bss_dgram.c. My question is if the application does not use the dgram BIO type and use the memory BIO instead, does the application has to take the responsibility of timer management and retransmission ?  Thanks you, Prashant Kumar.  nagendra modadugu <[EMAIL PROTECTED]>wrote:  Datagram TLS (DTLS) source is now part of the OpenSSL repository (CVS main branch). Also, I have seperately released patches against openssl-0.9.7g.  This is the link to the main DTLS page (including links to further information about the protocol, and patches):  http://crypto.stanford.edu/~nagendra/projects/dtls/ 
 ; I am
 in the process of putting together an FAQ, so any questions/comments you may have will be much appreciated. Thanks,  nagendra  __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]  __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around  http://mail.yahoo.c om - Yahoo! Mail Stay connected, organized, and protected. Take the tour--- openssl-0.9.7g/ssl/d1_srvr.c 2005-05-10 00:32:27.0 -0700+++ openssl-0.9.7g-bugfixing/ssl/d1_srvr.c 2005-05-10 00:27:21.0 -0700@@ -1018,6 +1018,7 @@STACK_OF(X509_NAME) *sk=NULL;X509_NAME *name;BUF
 _MEM
 *buf;+ unsigned int msg_len;if (s-state == SSL3_ST_SW_CERT_REQ_A){@@ -1094,7 +1095,10 @@s-init_num += 4;#endif- /* XDTLS: set message header ? */+ msg_len = s-init_num - DTLS1_HM_HEADER_LENGTH;+ dtls1_set_message_header(s, s-init_buf-data, + SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);+/* buffer the message to handle re-xmits */dtls1_buffer_message(s, 0);
		Yahoo! Mail 
Stay connected, organized, and protected. Take the tour/* e_os.h */
/* Copyright (C) 1995-1998 Eric Young ([EMAIL PROTECTED])
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young ([EMAIL PROTECTED]).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson ([EMAIL PROTECTED]).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *notice, this list of conditions and the following disclaimer in the
 *documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *must display t

DTLS OpenSsl9.7g, assertion with mutual auth.

[Prashant Kumar]

Hello Nagendra,

I tried your DTLS patch with Openssl9.7g on a vxworks platform. Everything works except mutual certificate authentication. When I enable mutual certificate authentication, DTLS fails with the following assertion:

d1_both.c(1054): OpenSSL internal error, assertion failed: s-d1-w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH == s-init_num

I tried the same thing on a Linux platform and got the same error.

Here is the debug info for the lengths:
s-init_num = 19
w_msg_hdr.msg_len = 393

Thank you so much for your help.

Regards,
Prashant.Prashant Kumar [EMAIL PROTECTED] wrote:

Hello Nagendra,

I had one question on the timer management and retransmission. I see that there is a new BIO type in the file bss_dgram.c. My question is if the application does not use the dgram BIO type and use the memory BIO instead, does the application has to take the responsibility of timer management and retransmission ?

Thanks you,
Prashant Kumar.nagendra modadugu [EMAIL PROTECTED] wrote:
Datagram TLS (DTLS) source is now part of the OpenSSLrepository (CVS main branch). Also, I have seperately releasedpatches against openssl-0.9.7g.This is the link to the main DTLS page (including linksto further information about the protocol, and patches):http://crypto.stanford.edu/~nagendra/projects/dtls/I am in the process of putting together an FAQ, so anyquestions/comments you may have will be much appreciated.Thanks,nagendra__OpenSSL Project http://www.openssl.orgDevelopment Mailing List openssl-dev@openssl.orgAutomated List Manager [EMAIL PROTECTED]
__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.c om 
		Yahoo! Mail 
Stay connected, organized, and protected. Take the tour

Re: SSL per session memory usage

[Prashant Kumar]

Hello Goetz,

Thank you for your input. I tested re-negotiation and it works fine with this change since while doing re-negotiate the OpenSsl returns SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE in which case I will not free the buffer until the handshake is done.

Regards,
Prashant.Goetz Babin-Ebell [EMAIL PROTECTED] wrote:
Prashant Kumar wrote: Hello Group,Hello Prashant, The workaround of freeing s3-rbuf and s3-wbuf after the handshake is  complete and after SSL_read, SSL_write, SSL_shutdown and so on returns  success really seems to work. I have tested it running openssl as a SSL  client and as a server. Taking a closer look at the code it looks like  these buffers just act as a scratch buffers. With this change I could  reduce the memory usage per SSL session significantly.  I just want to make sure that this does not cause any other problem. Any  advice from OpenSSL Guru's is really appreciated.I am not a OpenSSL Guru but I think you shouldtest a Renogiation after You freed the buffers and see what happens...ByeGoetz-- DMCA: The greed of the few outweighs th
 e
 freedom of the many
		Yahoo! Mail Mobile 
Take Yahoo! Mail with you! Check email on your mobile phone.

RE: SSL per session memory usage

[Prashant Kumar]

Hello Group,

The workaround of freeing s3-rbuf and s3-wbuf after the handshake is complete and after SSL_read, SSL_write, SSL_shutdownand so on returns success really seems to work. I have tested it running openssl as a SSL client and as aserver. Taking a closer look at the code it looks like these buffers just act as a scratch buffers. With this change I could reduce the memory usage per SSL session significantly.

I just want to make sure that this does not cause any other problem. Any advice from OpenSSL Guru's is really appreciated.

Thanks you,
Prashant.Prashant Kumar [EMAIL PROTECTED] wrote:

Hello Steve,

Thank you for your help. I will look at section 3.2 of the RFC. As a workaround for this memory usage limitatioin, I free the "s3-rbuf" and "s3-wbuf" once the handshake is done. I allocate "s3-rbuf" and "s3-wbuf" during SSL_read, SSL_write, SSL_shutdown and so on. Once these calls return success (and not ssl_want_read and ssl_want_write), I free these buffers. My implementation uses memory BIOs. I see that with this workaround, to maintain SSL states, OpenSsl uses 7 to 12K per session.

Do you see any problem with this approach ?

Thank you for your help.

Regards,
Prashant.JSec [EMAIL PROTECTED] wrote:
Hi Prashant,I don't know if you've taken a look at MatrixSSL - it's designed forsecurity on embedded devices, but it can work well for small per-sessionmemory usage scenarios as well. The internal memory usage is approximately4KB per connection and 12KB during SSL/TLS handshake and certificate parsing(depending on the size of a certificate). SSL record data can be 16KB max, but the spec allows for expansion due toheaders, compression and padding so you'll see the actual maximum buffersize in OpenSSL at 18698. MatrixSSL is based on encode/decode APIs that letyou handle the record memory more optimally. Typically you can keep the SSLstate (with a full record) at about 22KB per session, with a high water markslightly higher than 20KB * number_of_connections. This size is basicallyguaranteed because you can define a single me
  mory
 block per connection, or asingle large block that holds all TLS sessions (this also helps with bufferoverflows and memory leaks). In practice, most records won't be a full 18K,and most sessions won't be actively processing records, so your memory usagewill be less.Within the TLS protocol itself, there are also extensions defined that allowyou to negotiate down to a smaller SSL record size, although there areperformance trade-offs to this solution. See section 3.2 ofhttp://www.faqs.org/rfcs/rfc3546.htmlStevehttp://www.matrixssl.org Open Source Embedded SSLDisclaimer: I work on the MatrixSSL team!From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Prashant KumarSent: Tuesday, May 03, 2005 8:40 AMTo: openssl-dev@openssl.orgSubject: SSL per session memory usageHello All,I was doing some scalin
  g
 testing to find out how much memory does OpenSsluse per TLS session. I see that OpenSsl pre-allocates around 34821 bytes for"rbuf" and 18698 bytes for "wbuf" in "ssl3_setup_buffers" to match with thepacket size defined in the RFC. Did anyone try modifying openssl toallocate buffers on need basis from an pre-allocated pool and then releaseit once the data is encrypted/decrypted.I have around 0.7G of memory and I am trying to bring up 40,000 SIP/TLSsessions. With the above allocation I won't go to far. Any help/idea isappreciated.Thank you all.Regards,Prashant.__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __OpenSSL Project http://www.openssl.orgDevelopment Mailing List
 openssl-dev@openssl.orgAutomated List Manager [EMAIL PROTECTED]
__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __Do You Yahoo!?Tired of spam?  Yahoo! Mail has the best spam protection around http://mail.yahoo.com 

SSL per session memory usage

[Prashant Kumar]

Hello All,

I was doing some scaling testing to find out how much memory does OpenSsl use per TLS session. I see that OpenSsl pre-allocates around 34821 bytes for "rbuf" and 18698 bytes for "wbuf" in "ssl3_setup_buffers" to match with the packet size defined in the RFC. Did anyone try modifying openssl to allocate buffers on need basis from an pre-allocated pool and then release it once the data is encrypted/decrypted.

I have around 0.7G of memory and I am trying to bring up 40,000 SIP/TLS sessions. With the above allocation I won't go to far. Any help/idea is appreciated.

Thank you all.

Regards,
Prashant.
__Do You Yahoo!?Tired of spam?  Yahoo! Mail has the best spam protection around http://mail.yahoo.com 

RE: SSL per session memory usage

[Prashant Kumar]

Hello Steve,

Thank you for your help. I will look at section 3.2 of the RFC. As a workaround for this memory usage limitatioin, I free the "s3-rbuf" and "s3-wbuf" once the handshake is done. I allocate "s3-rbuf" and "s3-wbuf" during SSL_read, SSL_write, SSL_shutdown and so on. Once these calls return success (and not ssl_want_read and ssl_want_write), I free these buffers. My implementation uses memory BIOs. I see that with this workaround, to maintain SSL states, OpenSsl uses 7 to 12K per session.

Do you see any problem with this approach ?

Thank you for your help.

Regards,
Prashant.JSec [EMAIL PROTECTED] wrote:
Hi Prashant,I don't know if you've taken a look at MatrixSSL - it's designed forsecurity on embedded devices, but it can work well for small per-sessionmemory usage scenarios as well. The internal memory usage is approximately4KB per connection and 12KB during SSL/TLS handshake and certificate parsing(depending on the size of a certificate). SSL record data can be 16KB max, but the spec allows for expansion due toheaders, compression and padding so you'll see the actual maximum buffersize in OpenSSL at 18698. MatrixSSL is based on encode/decode APIs that letyou handle the record memory more optimally. Typically you can keep the SSLstate (with a full record) at about 22KB per session, with a high water markslightly higher than 20KB * number_of_connections. This size is basicallyguaranteed because you can define a single me
 mory
 block per connection, or asingle large block that holds all TLS sessions (this also helps with bufferoverflows and memory leaks). In practice, most records won't be a full 18K,and most sessions won't be actively processing records, so your memory usagewill be less.Within the TLS protocol itself, there are also extensions defined that allowyou to negotiate down to a smaller SSL record size, although there areperformance trade-offs to this solution. See section 3.2 ofhttp://www.faqs.org/rfcs/rfc3546.htmlStevehttp://www.matrixssl.org Open Source Embedded SSLDisclaimer: I work on the MatrixSSL team!From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Prashant KumarSent: Tuesday, May 03, 2005 8:40 AMTo: openssl-dev@openssl.orgSubject: SSL per session memory usageHello All,I was doing some scalin
 g
 testing to find out how much memory does OpenSsluse per TLS session. I see that OpenSsl pre-allocates around 34821 bytes for"rbuf" and 18698 bytes for "wbuf" in "ssl3_setup_buffers" to match with thepacket size defined in the RFC. Did anyone try modifying openssl toallocate buffers on need basis from an pre-allocated pool and then releaseit once the data is encrypted/decrypted.I have around 0.7G of memory and I am trying to bring up 40,000 SIP/TLSsessions. With the above allocation I won't go to far. Any help/idea isappreciated.Thank you all.Regards,Prashant.__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __OpenSSL Project http://www.openssl.orgDevelopment Mailing List
 openssl-dev@openssl.orgAutomated List Manager [EMAIL PROTECTED]__Do You Yahoo!?Tired of spam?  Yahoo! Mail has the best spam protection around http://mail.yahoo.com 

Re: Datagram TLS source

[Prashant Kumar]

Nagendra,

I looked at DtlsTransport.cxx. I think that answers my questions.

Thanks you.
Prashant.nagendra modadugu [EMAIL PROTECTED] wrote:
* Prashant Kumar <[EMAIL PROTECTED]>[2005-04-28 06:11:38 -0700]: I had one question on the timer management and retransmission. I see that there is a new BIO type in the file bss_dgram.c. My question is if the application does not use the dgram BIO type and use the memory BIO instead, does the application has to take the responsibility of timer management and retransmission ?If you are using a memory BIO for doing I/O, then you are also usingDTLS in non-blocking mode -- in this case, the application is responsible for managing timeouts. When a timer expires, the application callsSSL_read() / SSL_write(), and the DTLS layer will take care of retransmitting.You may want to look at resiprocate/sip/resiprocate/DtlsTransport.cxxfor an implementation of something very similar to the scenario youdescribe.On a high level, reSIPr
 ocate
 does the following:1) many DTLS sessions use the same file descriptor fornetwork I/O.2) after data is read from the network, data ispassed to the appropriate DTLS session (based on remote IP address  port number) through a mem BIO.nagendra__OpenSSL Project http://www.openssl.orgDevelopment Mailing List openssl-dev@openssl.orgAutomated List Manager [EMAIL PROTECTED]__Do You Yahoo!?Tired of spam?  Yahoo! Mail has the best spam protection around http://mail.yahoo.com 

Re: Datagram TLS source

[Prashant Kumar]

Hello Nagendra,

I had one question on the timer management and retransmission. I see that there is a new BIO type in the file bss_dgram.c. My question is if the application does not use the dgram BIO type and use the memory BIO instead, does the application has to take the responsibility of timer management and retransmission ?

Thanks you,
Prashant Kumar.nagendra modadugu [EMAIL PROTECTED] wrote:
Datagram TLS (DTLS) source is now part of the OpenSSLrepository (CVS main branch). Also, I have seperately releasedpatches against openssl-0.9.7g.This is the link to the main DTLS page (including linksto further information about the protocol, and patches):http://crypto.stanford.edu/~nagendra/projects/dtls/I am in the process of putting together an FAQ, so anyquestions/comments you may have will be much appreciated.Thanks,nagendra__OpenSSL Project http://www.openssl.orgDevelopment Mailing List openssl-dev@openssl.orgAutomated List Manager [EMAIL PROTECTED]__Do You Yahoo!?Tired of spam?  Yahoo! Mail has the best spam protection around http://mail.yahoo.c
 om 

RE: AES+OpenSsl+ubsec hardware accelerator

[Prashant Kumar]

Frederic,

Thank you so much your help. I found that the problem was with the Broadcom library. They were overwriting the first 8 bytes of the key with the last 8 bytes of IV!. So now I have AES128_SHA and AES256_SHA working with UBSEC.

Regards,
Prashant.Frédéric Donnat [EMAIL PROTECTED] wrote:
Hi Prashant,With added AES to our ENGINE without any problem for now.We have made tests with AES256-SHA, an AES128-SHA ciphers under openssl 0.9.7d and 0.9.7e.We have not tested the new release for now...Did your ENGINE was working fine in the older release?Regards,FredPS: the most part of the time a "fatal bad_record_mac" error was due to an invalid symmetric computation (IV settings or things like that) in our ENGINE-Original Message-From: [EMAIL PROTECTED] on behalf of Prashant KumarSent: Wed 4/20/2005 7:58 PMTo: openssl-dev@openssl.orgCc: Subject: AES+OpenSsl+ubsec hardware acceleratorHello All,I am using OpenSsl9.7e version. I have added code to do RC4, DES, 3DES and AES with ubsec engine (BCM5823). All the ciphers work fine except for AES ciphers. I see that op
 enssl
 gives me "fatal bad_record_mac" when I use AES. I verified with an example code that ubsec engine does the encrypt/decrypt using AES right. Is there any known problem in the OpenSsl AES implementation (I was using the ciphers AES128-SHA and AES256-SHA).Thank you all for your help.Regards,Prashant.-Do you Yahoo!?Yahoo! Small Business - Try our new resources site! __OpenSSL Project http://www.openssl.orgDevelopment Mailing List openssl-dev@openssl.orgAutomated List Manager [EMAIL PROTECTED]__Do You Yahoo!?Tired of spam?  Yahoo! Mail has the best spam protection around http://mail.yahoo.com 

AES+OpenSsl+ubsec hardware accelerator

[Prashant Kumar]

Hello All,

I am using OpenSsl9.7e version. I have added code to do RC4, DES, 3DES and AES with ubsec engine (BCM5823). All the ciphers work fine except for AES ciphers. I see that openssl gives me "fatal bad_record_mac" when I use AES. I verified with an example code that ubsec engine does the encrypt/decrypt using AES right. Is there any known problem in the OpenSsl AES implementation (I was using the ciphers AES128-SHA and AES256-SHA).

Thank you all for your help.

Regards,
Prashant.
		Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site! 

OpenSsl and DTLS

[Prashant Kumar]

Hello Group,

Does OpenSsl has plans to support DTLS ? Is there any good open source prototype implementation?

Regards,
Prashant kumar.
		Celebrate Yahoo!'s 10th Birthday!  
Yahoo! Netrospective: 100 Moments of the Web 

RE: ubsec hw accelerator and DMA Error

[Prashant Kumar]

Frederic,

Thank you for your input. I was wondering how did you guys fix the problem in the driver if it is not freeing up the memory fast enough? If the information is propriatary, never mind.

Thank you again for your help.
Regards,
Prashant.
Frédéric Donnat [EMAIL PROTECTED] wrote:
Hi,You can also use openssl s_server tool to test your engine. ;)regardsFred-Original Message-From: [EMAIL PROTECTED] on behalf of Prashant KumarSent: Tue 3/1/2005 11:05 PMTo: openssl-dev@openssl.orgCc: Subject: RE: ubsec hw accelerator and DMA ErrorFrederic,I am not even stressing the driver. I have written a small SSL server program for testing my hardware accelerator and I see this problem.There may be some problem with the driver, let me dig more into it.Thank you so much for your help. I will update you with my progress :).Regards,Prashant.Frédéric Donnat <[EMAIL PROTECTED]>wrote:Hi,I have no knowledge of VXWorks platform, but we encoutered the same problem when coding a linux driver for BCM chip.We encouter this on slo
 w
 machine, with slow PCI and around 128 Mb of RAM, when stressing the driver.In fact the driver create all kernel structure and allocate memory faster than it can free it, producing this DMA error.Do you have this ERROR when stressing the driver?Hope it could help.Fred-Original Message-From: [EMAIL PROTECTED] on behalf of Prashant KumarSent: Tue 3/1/2005 9:43 PMTo: openssl-users@openssl.org; openssl-dev@openssl.orgCc: Subject: ubsec hw accelerator and DMA ErrorHello All,I am trying to use ubsec hw accelerator with openssl and I get a DMA Error from the UBSEC when I try to run the function "ubsec_mod_exp". Any idea ? I am running this on a VXWORKS platform.Any help is appreciated.Thank you,Prashant._ Do you Yahoo!?Yahoo! Mail - Find what you need with new enhanced search. Learn more.  ATTACHMENT part 2
 application/ms-tnef name=winmail.dat__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __OpenSSL Project http://www.openssl.orgDevelopment Mailing List openssl-dev@openssl.orgAutomated List Manager [EMAIL PROTECTED]
		Celebrate Yahoo!'s 10th Birthday!  
Yahoo! Netrospective: 100 Moments of the Web 

ubsec hw accelerator and DMA Error

[Prashant Kumar]

Hello All,

I am trying to use ubsec hw accelerator with openssl and I get a DMA Error from the UBSEC when I try to run the function "ubsec_mod_exp". Any idea ? I am running this on a VXWORKS platform.

Any help is appreciated.

Thank you,
Prashant.


		Do you Yahoo!? 
Yahoo! Mail - Find what you need with new enhanced search. Learn more.

RE: ubsec hw accelerator and DMA Error

[Prashant Kumar]

Frederic,

I am not even stressing the driver. I have written a small SSL server program for testing my hardware accelerator and I see this problem.

There may be some problem with the driver, let me dig more into it.

Thank you so much for your help. I will update you with my progress :).

Regards,
Prashant.Frédéric Donnat [EMAIL PROTECTED] wrote:
Hi,I have no knowledge of VXWorks platform, but we encoutered the same problem when coding a linux driver for BCM chip.We encouter this on slow machine, with slow PCI and around 128 Mb of RAM, when stressing the driver.In fact the driver create all kernel structure and allocate memory faster than it can free it, producing this DMA error.Do you have this ERROR when stressing the driver?Hope it could help.Fred-Original Message-From: [EMAIL PROTECTED] on behalf of Prashant KumarSent: Tue 3/1/2005 9:43 PMTo: openssl-users@openssl.org; openssl-dev@openssl.orgCc: Subject: ubsec hw accelerator and DMA ErrorHello All,I am trying to use ubsec hw accelerator with openssl and I get a DMA Error from the UBSEC when I try to run the function "ubsec_mod_exp". Any idea ? I am running this o
 n a
 VXWORKS platform.Any help is appreciated.Thank you,Prashant._ Do you Yahoo!?Yahoo! Mail - Find what you need with new enhanced search. Learn more.  ATTACHMENT part 2 application/ms-tnef name=winmail.dat__Do You Yahoo!?Tired of spam?  Yahoo! Mail has the best spam protection around http://mail.yahoo.com 

Re: Engine and static linking

[Prashant Kumar]

Riaz,

I did get a bad mac error when I was trying to use cipher with ubsec. I am in a very preliminary stage of integration with the ubsec library. I will let you know once my integration is complete.

Thank you for your help.

Regards,
Prashant.Riaz Rahaman [EMAIL PROTECTED] wrote:
Hi Prashanth,Do you get any problems with your engine, when connecting usings_client. I am getting bad record mac or sometimes I get encryption ordecryption failed, well this happens once in a while, I do getconnected but sometimes it starts failing with those errors. I used anssldump and this error comes during the changecipher.I did add some printf to all the function in my ENGINE for debuggingthe issue, to my surprise things were working pretty smoothly. Did youface any issues and whatz the best way debugging the problem...thingshave halted at my end, can't figure out the where the problem is?-RiazOn Tue, 22 Feb 2005 10:16:31 -0800 (PST), Prashant Kumar<[EMAIL PROTECTED]>wrote: Thank you all for your response. Finally, I took the path of defining a new DSO method "dso_meth_slfcn" which statically links
  [and
 this seems to work]. The function "slfcn_bind_func" statically converts the given string to corresponding "ubsec" function. Right now I am doing a string compare and returning the right function [I have attached herewith the prototype of my "slfcn_bind_func"]. My question is there anyway other way to convert a given string to the corresponding "C" function name ? I was hoping to generalize "sslfcn_bind_func".   Thank you all for the great help.   static DSO_FUNC_TYPE slfcn_bind_func(DSO *dso, const char *symname) {  if((dso == NULL) || (symname == NULL)) { DSOerr(DSO_F_SLFCN_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); return(NULL); }  if(!strcmp ("ubsec_bytes_to_bits", symname)) { return ((DSO_FUNC_TYPE)ubsec_bytes_to_bits); } else if (!strcmp ("ubsec_bits_to_bytes", symname)) { return
 ((DSO_FUNC_TYPE)ubsec_bits_to_bytes); } else if (!strcmp ("ubsec_open", symname)) { return ((DSO_FUNC_TYPE)ubsec_open); } else if (!strcmp ("ubsec_close", symname)) { return ((DSO_FUNC_TYPE)ubsec_close); } else if (!strcmp ("diffie_hellman_generate_ioctl", symname)) { return ((DSO_FUNC_TYPE)diffie_hellman_generate_ioctl); } else if (!strcmp ("diffie_hellman_agree_ioctl", symname)) { return ((DSO_FUNC_TYPE)diffie_hellman_agree_ioctl); } else if (!strcmp ("rsa_mod_exp_ioctl", symname)) { return ((DSO_FUNC_TYPE)rsa_mod_exp_ioctl); } else if (!strcmp ("rsa_mod_exp_crt_ioctl", symname)) { return ((DSO_FUNC_TYPE)rsa_mod_exp_crt_ioctl); } else if (!strcmp ("dsa_sign_ioctl", symname)) { return ((DSO_FUNC_TYPE)dsa_sign_ioctl); } else if (!strcmp ("dsa_verify_ioctl", symname)) { return ((DSO_FUNC_TYPE)dsa_verify_ioctl); } else if (!strcmp
 ("math_accelerate_ioctl", symname)) { return ((DSO_FUNC_TYPE)math_accelerate_ioctl); } else if (!strcmp ("rng_ioctl", symname)) { return ((DSO_FUNC_TYPE)rng_ioctl); } else if (!strcmp ("ubsec_max_key_len_ioctl", symname)) { return ((DSO_FUNC_TYPE)ubsec_max_key_len_ioctl); } else { return NULL; } }   Ioannis Liverezas <[EMAIL PROTECTED]>wrote:  I think you don't have to use dso at all. In my case, I don't use dso,  but if I remember well, I have to use the parameter "-engine  engine_name" when executing openssl. When using openssh, it works by  default. You have to make some minor modifications in openssh though. My init is like:   void ENGINE_load_iandes(void) { ENGINE *engine = ENGINE_new();  if (engine == NULL) return; if (!ENGINE_set_id(engine, "ia
 ndes")
 || !ENGINE_set_name(engine, "IANDES crypto device") || !ENGINE_set_ciphers(engine, iandes_engine_ciphers)) { ENGINE_free(engine); return; } ENGINE_add(engine); ENGINE_free(engine); ERR_clear_error(); }  in crypto/engine/engine.h you have to add your engine loading function  in the builtin engines: void ENGINE_load_iandes(void);  __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]    Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term'   -- Thank you,Best RegardsRiaz Ur Rahaman__OpenSSL Pro
 ject
 http://www.openssl.orgDevelopment Mailing List openssl-dev@openssl.orgAutomated List Manager [EMAIL PROTECTED]
		Do you Yahoo!? 
Yahoo! Sports -  
Sign up for Fantasy Baseball.

Re: Engine and static linking

[Prashant Kumar]

Thank you all for your response. Finally, I took the path of defining a new DSO method "dso_meth_slfcn" which statically links [and this seems to work]. The function "slfcn_bind_func" statically converts the given string to corresponding "ubsec" function. Right now I am doing a string compare and returning the right function [I have attached herewith the prototype of my "slfcn_bind_func"]. My question is there anyway other way to convert a given string to the corresponding "C" function name ? I was hoping to generalize "sslfcn_bind_func". 

Thank you all for the great help.

static DSO_FUNC_TYPE slfcn_bind_func(DSO *dso, const char *symname){
 if((dso == NULL) || (symname == NULL)) { DSOerr(DSO_F_SLFCN_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); return(NULL); }
 if(!strcmp ("ubsec_bytes_to_bits", symname)) { return ((DSO_FUNC_TYPE)ubsec_bytes_to_bits); } else if (!strcmp ("ubsec_bits_to_bytes", symname)) { return ((DSO_FUNC_TYPE)ubsec_bits_to_bytes); } else if (!strcmp ("ubsec_open", symname)) { return ((DSO_FUNC_TYPE)ubsec_open); } else if (!strcmp ("ubsec_close", symname)) { return ((DSO_FUNC_TYPE)ubsec_close); } else if (!strcmp ("diffie_hellman_generate_ioctl", symname)) { return ((DSO_FUNC_TYPE)diffie_hellman_generate_ioctl); } else if (!strcmp ("diffie_hellman_agree_ioctl", symname)) { return ((DSO_FUNC_TYPE)diffie_hellman_agree_ioctl); } else if (!strcmp ("rsa_mod_exp_ioctl", symname)) { return ((DSO_FUNC_TYPE)rsa_mod_exp_ioctl); } else if (!strcmp ("rsa_mod_exp_crt_ioctl", symname))
 { return ((DSO_FUNC_TYPE)rsa_mod_exp_crt_ioctl); } else if (!strcmp ("dsa_sign_ioctl", symname)) { return ((DSO_FUNC_TYPE)dsa_sign_ioctl); } else if (!strcmp ("dsa_verify_ioctl", symname)) { return ((DSO_FUNC_TYPE)dsa_verify_ioctl); } else if (!strcmp ("math_accelerate_ioctl", symname)) { return ((DSO_FUNC_TYPE)math_accelerate_ioctl); } else if (!strcmp ("rng_ioctl", symname)) { return ((DSO_FUNC_TYPE)rng_ioctl); } else if (!strcmp ("ubsec_max_key_len_ioctl", symname)) { return ((DSO_FUNC_TYPE)ubsec_max_key_len_ioctl); } else { return NULL; }}
Ioannis Liverezas [EMAIL PROTECTED] wrote:
I think you don't have to use dso at all. In my case, I don't use dso, but if I remember well, I have to use the parameter "-engine engine_name" when executing openssl. When using openssh, it works by default. You have to make some minor modifications in openssh though.My init is like:voidENGINE_load_iandes(void){ENGINE *engine = ENGINE_new();if (engine == NULL)return;if (!ENGINE_set_id(engine, "iandes") ||!ENGINE_set_name(engine, "IANDES crypto device") ||!ENGINE_set_ciphers(engine, iandes_engine_ciphers)) {ENGINE_free(engine);return;}ENGINE_add(engine);ENGINE_free(engine);ERR_clear_error();}in crypto/engine/engine.h you have to add your engine loading function in the builtin engines:void
 ENGINE_load_iandes(void);__OpenSSL Project http://www.openssl.orgDevelopment Mailing List openssl-dev@openssl.orgAutomated List Manager [EMAIL PROTECTED]
		Do you Yahoo!? 
Yahoo! Search presents - Jib Jab's 'Second Term'

engine[ubsec] and ciphers

[Prashant Kumar]

Hello All,

I see that "hw_ubsec.c" has support for key generation. However, it does not use ubsec for DES/3DES/AES ciphers. Did anyone try using Broadcom ubsec with OpenSsl for this purpose? Is there any example code in the public domain for this support ?

Thank you.
Prashant.
		Do you Yahoo!? 
Yahoo! Search presents - Jib Jab's 'Second Term'

Re: Engine and static linking

[Prashant Kumar]

Thank you all for your response. I tried including the
the --static flag while compiling as well as
directly calling the function ENGINE_load_ubsec. All
these methods end up calling ubsec_init which inturn
call DSO_load (and thus dlopen).

I am trying to use the engine implementation for
VXWORKS which does not have dlopen (or dynamic loading
capability).

I was thinking of modifying the ubsec_init and
ubsec_finish to statically link to the ubsec
functions instead of using dlopen and so on. Is that
the only option I have or is there any other option ?.

Thank you so much for your help.

Regards,
Prashant.



--- Ioannis Liverezas [EMAIL PROTECTED]
wrote:

 Yes it is possible to do it. You have to add the
 --static flag in the makefile 
 of the root dir of the openssl release that you are
 compiling. This flag must 
 be added both to CFLAGS for compiling and LDFLAGS 
 for linking. For further 
 use, if you continue integration eg. with openssh,
 you will also need 
 ldconfig, libld and libnss in the system that will
 run the openssl that you 
 have built.
 Then you 'll have to strip the final executable, to
 reduce its size.
 good luck!

__
 OpenSSL Project
 http://www.openssl.org
 Development Mailing List  
 openssl-dev@openssl.org
 Automated List Manager  
 [EMAIL PROTECTED]
 




__ 
Do you Yahoo!? 
Yahoo! Mail - 250MB free storage. Do more. Manage less. 
http://info.mail.yahoo.com/mail_250
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Engine and static linking

[Prashant Kumar]

Hello All,

Is it possible to use the engine implementation with statically linking the harware accelerator library with the openssl instead of dynamic linking.

All the posts I have read so far suggest that I should have a ".so" and engine implementation will load it at run time.

Thank you so much for you help.

Regards,
Prashant.__Do You Yahoo!?Tired of spam?  Yahoo! Mail has the best spam protection around http://mail.yahoo.com 

Re: Socket layer and OpenSsl

[Prashant Kumar]

Hello All,

Thank you all for your response. I am not able to download postfix-2.2-20040829-vanilla from the website http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/. Is there any other location from where I can dowload this source. I want to see how BIO_PAIR is used in pfixtls.c.

Thank you all for your help.

Regards,
Prashant.
Lutz Jaenicke [EMAIL PROTECTED] wrote:
On Tue, Jan 18, 2005 at 06:45:11AM -0800, Prashant Kumar wrote: Hello Group,  In the project I am working on, we are trying to use OpenSsl in the non blocking mode. However, we want to avoid using the BSD select call and also may have to modify the read/send, write/receive calls. Basically, we want to modify the socket library to achieve our scaling requirements. Did anyone try to use openssl in such an environment ?. Is there any example ?Have a look into the BIO-pair method. Example is in the Postfix/TLS code,available from my homepage (patch) or from latest Postfix non-productivesnapshots.Best regards,Lutz-- Lutz Jaenicke [EMAIL PROTECTED]http://www.aet.TU-Cottbus.DE/personen/jaenicke/BTU Cottbus, Allgemeine ElektrotechnikUniversitaetsplatz 3-4, D-03044
 Cottbus__OpenSSL Project http://www.openssl.orgDevelopment Mailing List openssl-dev@openssl.orgAutomated List Manager [EMAIL PROTECTED]
		Do you Yahoo!? 
Yahoo! Search presents - Jib Jab's 'Second Term'

Re: Socket layer and OpenSsl

[Prashant Kumar]

Thank you all, I am all set.

- Prashant.Prashant Kumar [EMAIL PROTECTED] wrote:

Hello All,

Thank you all for your response. I am not able to download postfix-2.2-20040829-vanilla from the website http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/. Is there any other location from where I can dowload this source. I want to see how BIO_PAIR is used in pfixtls.c.

Thank you all for your help.

Regards,
Prashant.
Lutz Jaenicke [EMAIL PROTECTED] wrote:
On Tue, Jan 18, 2005 at 06:45:11AM -0800, Prashant Kumar wrote: Hello Group,  In the project I am working on, we are trying to use OpenSsl in the non blocking mode. However, we want to avoid using the BSD select call and also may have to modify the read/send, write/receive calls. Basically, we want to modify the socket library to achieve our scaling requirements. Did anyone try to use openssl in such an environment ?. Is there any example ?Have a look into the BIO-pair method. Example is in the Postfix/TLS code,available from my homepage (patch) or from latest Postfix non-productivesnapshots.Best regards,Lutz-- Lutz Jaenicke [EMAIL PROTECTED]http://www.aet.TU-Cottbus.DE/personen/jaenicke/BTU Cottbus, Allgemeine ElektrotechnikUniversitaetsplatz 3-4, D-03044
 Cottbus__OpenSSL Project http://www.openssl.orgDevelopment Mailing List openssl-dev@openssl.orgAutomated List Manager [EMAIL PROTECTED]


Do you Yahoo!?Yahoo! Search presents - Jib Jab's 'Second Term'
		Do you Yahoo!? 
Yahoo! Search presents - Jib Jab's 'Second Term'

Socket layer and OpenSsl

[Prashant Kumar]

Hello Group,

In the project I am working on, we are trying to use OpenSsl in the non blocking mode. However, we want to avoid using the BSD select call and also may have to modify the read/send, write/receive calls. Basically, we want to modify the socket library to achieve our scaling requirements. Did anyone try to use openssl in such an environment?. Is there any example ?

Thank you for your help.

Regards,
Prashant Kumar.__Do You Yahoo!?Tired of spam?  Yahoo! Mail has the best spam protection around http://mail.yahoo.com 

RE: is there any ssl opensource implemented using cdsa available?

[Prashant Kumar]

I saw a paper on Intel or IBM website where they have
explained few facts about integrating OpenSsl in CDSA.
Also I think some effort is in progress.

-Original Message-
From: raju [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 20, 2001 7:06 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: is there any ssl opensource implemented using cdsa available?



 Hi all,
is there any  ssl opensource implemented using cdsa available?

thanks in advance
 Rajulu Ponnada


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]