Building multithreaded openssl-0.9.7b on aix 5.1 with gcc 3.1
Hi, I want to build the libs on AIX 5.1 using gcc 3.1, and I intend to use it in multithreaded applications. The config script has no default multithreading settings for AIX, so this is how I configured OpenSSL: ./Configure aix43-gcc threads lots of no-cipher flags... -D_REENTRANT 'make depend' and 'make' ran smoothly, and now I wonder if the library is thread safe. Questions: 1. How can I check that the libraries are really thread safe? 2. What symptoms should a non-thread-safe library show, if the application uses only encryption, hash and random (actually also base64 and ASN.1 encoding now and then)? Thanks. Tal Mozes Security Research Team Leader Cyber-Ark Software Ltd. +972-8-920 7776 (ext. 224) www.cyber-ark.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Elliptic key length
Didn't get an answer the last time I asked this so I thoght i'd try one time more :-) When I create an elleiptic curve key using the command lline ´openssl ecparam -genkey -name ´curve´´ I get a relatively small key file. But if I try to generate a key using the function EC_KEY_generate_key and write it to a file using PEM_write_PKCS8PrivateKey, the file is more than twice as large. Is there any way to make it smaller? Also is an openssl public key encryption scheme for elliptic curves planned in a future version? Henrik N. Rask __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Elliptic key length
Henrik Nordal Rask wrote: Didn't get an answer the last time I asked this so I thoght i'd try one time more :-) When I create an elleiptic curve key using the command lline ´openssl ecparam -genkey -name ´curve´´ I get a relatively small key file. But if I try to generate a key using the function EC_KEY_generate_key and write it to a file using PEM_write_PKCS8PrivateKey, the file is more than twice as large. Is there any way to make it smaller? Different key formats: the 'openssl ecparam -genkey ...' generates a SEC1 private key, and PEM_write_PKCS8PrivateKey creates (surprise) a PKCS#8 key (Note: the current OpenSSL EC PKCS#8 format is incorrect, I'm currently testing a patch to fix it, so please don't use the current PKCS#8 format). Also is an openssl public key encryption scheme for elliptic curves planned in a future version? Don't know (as far as I know it's currently not planned, but that can be changed). Nils __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Certificate Overhead
Hi all, We're trying to compile some data on the amount of overhead that certs add to packets when authenticating to an ldap directory, as well as general network statistics, cpu usage, performance impact of certs, etc, does anyone have any material on this? Any help is greatly appreciated, thanks very much. Regards, Mike Bauer _ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Test vectors for OpenSSL ECC imp
I have been asked to verify the ECC as I have used from Openssl using some well know test vectors. Does anyone know where I can get some ECC test vectors that I could use? I've looked and really have not come up with anything. Looking for ones doing ECDH and MQV. I'm assuming that these test vectors would supply the private/pulic keys to use and what the group key would be after the calculations. Thanks, Frank __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
From BSAFE to Openssl
Hi, I try to migrate my app from BSAFE to Openssl. But found RC2 to be incompatible in the following sense: I created two encryptString functions, one using BSAFE Crypto-C and the other using Openssl EVP_Cipher routines. I pass them both the same passphrase and salt. I set the effective key length to be 80 bits for both. I use EVP_Bytestokey for generating the key and iv in Openssl. Theoretically, the encrypted output for the same texts should be the same for both but they are not!! what gives? Thanks for the help. Steve __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: From BSAFE to Openssl
In message [EMAIL PROTECTED] on Wed, 18 Jun 2003 14:39:43 -0400, Lu, Steve [EMAIL PROTECTED] said: SLu Hi, SLu SLu I try to migrate my app from BSAFE to Openssl. SLu But found RC2 to be incompatible in the following sense: SLu SLu I created two encryptString functions, one using BSAFE Crypto-C SLu and the other using Openssl EVP_Cipher routines. SLu I pass them both the same passphrase and salt. SLu I set the effective key length to be 80 bits for both. SLu I use EVP_Bytestokey for generating the key and iv in Openssl. SLu SLu Theoretically, the encrypted output for the same texts should SLu be the same for both but they are not!! Can you tell us what differs? Is it the last few bytes? I'm not an expert, and I haven't dived into the RC2 code, but I'm willing to try if I have exact information to go from. openssl-dev is not the right list for this kind of question. -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]