the format of speed about sha1
hi all: I am quite curious about the format of openssl speed of digest. Take sha1 for example, below are the results on my machine: The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes sha1 1194.73k 4306.66k12037.87k22205.05k29099.29k if I remember correctly, the input vector of SHA1 is fixed and the unit of input is 512 bits, what is the type above used for? if I have a data which size is 4MB, the speed of sha1 adopted from above should be 4*1024*1024/1194000 = 3.51 second, right? appreciate your help, miloody __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Combining MD5 and SHA-1 to reduce collision probability
Thank you all for your valuable answers. On 22/04/2011 00:33, Dave Thompson wrote: *Accidental* (birthday) collision is about 264 for MD5 and about 280 for SHA-1. SHA-256 should be much stronger, would this be sufficient for your needs? Or SHA-512? That's simpler and probably at least as good as a hybrid. It's still not an absolute guarantee, though. To be honest, I've no particular need, I was just auditing someone else realization... -- Luc Perthuis, Team Leader, Backup and Restore Technologies luc.perth...@atempo.com T +33 (0)2 97 68 40 26 | M +33 (0)6 89 16 96 37 http://www.atempo.com Atempo | Data Management, Simplified. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Open ssl FIS Mode
Hi Team, We are using OpenSSL-Win32 (OpenSSL 1.0.0d) We downloaded openssl-fips-1.2.2.tar.gz . My application for which we are using OpenSSL needs to run in OpenSSL Fips mode. What is the procedure ? How do I call contents of openssl-fips-1.2.2.tar.gz from OpenSSL 1.0.0d and make my application compatible and assure it's using OpenSSL FIPS ? Please help us. Regards, Varma.
[PATCH] conversion to EBCDIC
Hi, I am working on a MAINFRAME. The encoding page is EBCDIC and not ASCII, so i have to do some conversion to support openssl on a mainframe. I am not familiar to use this method to open patch so it may be confusing. Here is one patch like you ask with the diff tools : diff -r crypto/x509/x509_vfy.c openssl-work/x509_vfy.c 8c8 * --- * 15c15 * --- * 22c22 * --- * 37c37 * 4. If you include any Windows specific code (or a derivative thereof) from --- * 4. If you include any Windows specific code (or a derivative thereof) from 40c40 * --- --- * 52c52 * --- * 256c256 if ((ok = 0) !! X509_cmp(x, xtmp)) --- if ((ok = 0) !! X509_cmp(x, xtmp)) 266c266 else --- else 1108c1108 * will be duplicated by the parent, but this will rarely be used in --- * will be duplicated by the parent, but this will rarely be used in 1307c1307 ok = get_crl_sk(ctx, crl, dcrl, --- ok = get_crl_sk(ctx, crl, dcrl, 1455c1455 1455c1455 * a certificate was revoked. This has since been changed since --- * a certificate was revoked. This has since been changed since 1681a1682,1684 £ifdef CHARSET_EBCDIC char v_eÝ14~,*v; £endif 1682a1686 1688a1693,1698 £ifdef CHARSET_EBCDIC ascii2ebcdic(v_e, str, i 14 ? i : 14); v = v_eÝ0~; memcpy(str,v,i); £endif 1704c1714 é --- é 1738a1749,1754 £ifdef CHARSET_EBCDIC £ifdef CHARSET_EBCDIC ascii2ebcdic(v_e, buff2, atm.length 14 ? atm.length : 14); v = v_eÝ0~; memcpy(buff2,v,atm.length); £endif Regards = Ce message et toutes les pieces jointes (ci-apres le message) sont confidentiels et susceptibles de contenir des informations couvertes par le secret professionnel. Ce message est etabli a l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee interdite. Tout message electronique est susceptible d'alteration. La SOCIETE GENERALE et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme falsifie. = This message and any attachments (the message) are confidential, intended solely for the addressees, and may contain legally privileged information. Any unauthorised use or dissemination is prohibited. E-mails are susceptible to alteration. Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified. =
Re: [PATCH] conversion to EBCDIC
You might find this useful: http://cprogramminglanguage.net/ascii-ebcdic-conversion-functions.aspx Eric At 07:08 AM 4/22/2011, you wrote: Hi, I am working on a MAINFRAME. The encoding page is EBCDIC and not ASCII, so i have to do some conversion to support openssl on a mainframe. I am not familiar to use this method to open patch so it may be confusing. Here is one patch like you ask with the diff tools : diff -r crypto/x509/x509_vfy.c openssl-work/x509_vfy.c 8c8 * --- * 15c15 * --- * 22c22 * --- * 37c37 * 4. If you include any Windows specific code (or a derivative thereof) from --- * 4. If you include any Windows specific code (or a derivative thereof) from 40c40 * --- --- * 52c52 * --- * 256c256 if ((ok = 0) !! X509_cmp(x, xtmp)) --- if ((ok = 0) !! X509_cmp(x, xtmp)) 266c266 else --- else 1108c1108 * will be duplicated by the parent, but this will rarely be used in --- * will be duplicated by the parent, but this will rarely be used in 1307c1307 ok = get_crl_sk(ctx, crl, dcrl, --- ok = get_crl_sk(ctx, crl, dcrl, 1455c1455 1455c1455 * a certificate was revoked. This has since been changed since --- * a certificate was revoked. This has since been changed since 1681a1682,1684 £ifdef CHARSET_EBCDIC char v_eÝ14~,*v; £endif 1682a1686 1688a1693,1698 £ifdef CHARSET_EBCDIC ascii2ebcdic(v_e, str, i 14 ? i : 14); v = v_eÝ0~; memcpy(str,v,i); £endif 1704c1714 é --- é 1738a1749,1754 £ifdef CHARSET_EBCDIC £ifdef CHARSET_EBCDIC ascii2ebcdic(v_e, buff2, atm.length 14 ? atm.length : 14); v = v_eÝ0~; memcpy(buff2,v,atm.length); £endif Regards = Ce message et toutes les pieces jointes (ci-apres le message) sont confidentiels et susceptibles de contenir des informations couvertes par le secret professionnel. Ce message est etabli a l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee interdite. Tout message electronique est susceptible d'alteration. La SOCIETE GENERALE et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme falsifie. = This message and any attachments (the message) are confidential, intended solely for the addressees, and may contain legally privileged information. Any unauthorised use or dissemination is prohibited. E-mails are susceptible to alteration. Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified. = Eric S. Eberhard (928) 567-3727 Voice (928) 567-6122 Fax (928) 301-7537 Cell Vertical Integrated Computer Systems, LLC Metropolis Support, LLC For Metropolis support and VICS MBA Supporthttp://www.vicsmba.com Pictures of Snake in Spring http://www.facebook.com/album.php?aid=115547id=1409661701l=1c375e1f49 Pictures of Camp Verde http://www.facebook.com/album.php?aid=12771id=1409661701l=fc0e0a2bcf Pictures of Land Cruiser in Sedona http://www.facebook.com/album.php?aid=50953id=1409661701 Pictures of Flagstaff area near our cabin http://www.facebook.com/album.php?aid=12750id=1409661701 Pictures of Cheryl in a Horse Show http://www.facebook.com/album.php?aid=32484id=1409661701 Pictures of the AZ Desert http://www.facebook.com/album.php?aid=58827id=1409661701 (You can see why we love this state :-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [PATCH] conversion to EBCDIC
post a unified patch Le vendredi 22 avril 2011 16:08, JOULIN Pierre-Pascal a écrit : Hi, I am working on a MAINFRAME. The encoding page is EBCDIC and not ASCII, so i have to do some conversion to support openssl on a mainframe. I am not familiar to use this method to open patch so it may be confusing. Here is one patch like you ask with the diff tools : diff -r crypto/x509/x509_vfy.c openssl-work/x509_vfy.c 8c8 * --- * 15c15 * --- * 22c22 * --- * 37c37 * 4. If you include any Windows specific code (or a derivative thereof) from --- * 4. If you include any Windows specific code (or a derivative thereof) from 40c40 * --- --- * 52c52 * --- * 256c256 if ((ok = 0) !! X509_cmp(x, xtmp)) --- if ((ok = 0) !! X509_cmp(x, xtmp)) 266c266 else --- else 1108c1108 * will be duplicated by the parent, but this will rarely be used in --- * will be duplicated by the parent, but this will rarely be used in 1307c1307 ok = get_crl_sk(ctx, crl, dcrl, --- ok = get_crl_sk(ctx, crl, dcrl, 1455c1455 1455c1455 * a certificate was revoked. This has since been changed since --- * a certificate was revoked. This has since been changed since 1681a1682,1684 £ifdef CHARSET_EBCDIC char v_eÝ14~,*v; £endif 1682a1686 1688a1693,1698 £ifdef CHARSET_EBCDIC ascii2ebcdic(v_e, str, i 14 ? i : 14); v = v_eÝ0~; memcpy(str,v,i); £endif 1704c1714 é --- é 1738a1749,1754 £ifdef CHARSET_EBCDIC £ifdef CHARSET_EBCDIC ascii2ebcdic(v_e, buff2, atm.length 14 ? atm.length : 14); v = v_eÝ0~; memcpy(buff2,v,atm.length); £endif Regards = Ce message et toutes les pieces jointes (ci-apres le message) sont confidentiels et susceptibles de contenir des informations couvertes par le secret professionnel. Ce message est etabli a l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee interdite. Tout message electronique est susceptible d'alteration. La SOCIETE GENERALE et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme falsifie. = This message and any attachments (the message) are confidential, intended solely for the addressees, and may contain legally privileged information. Any unauthorised use or dissemination is prohibited. E-mails are susceptible to alteration. Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified. = -- http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x092164A7 gpg --keyserver pgp.mit.edu --recv-key 092164A7 pgp0RpGlwK78h.pgp Description: PGP signature
Question regarding RFC standard used
Hi, I am wondering what RFC standard is implemented in Openssl version 0.9.8 for verification of certificates. In otherwords, what RFC standard(s) does X509_verify_cert() api implemented? Thanks, Prkj
RE: the format of speed about sha1
From: owner-openssl-us...@openssl.org On Behalf Of loody Sent: Friday, 22 April, 2011 08:56 hi all: I am quite curious about the format of openssl speed of digest. Take sha1 for example, below are the results on my machine: The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes sha1 1194.73k 4306.66k12037.87k 22205.05k29099.29k if I remember correctly, the input vector of SHA1 is fixed and the unit of input is 512 bits, Sort of. The internal compression block size is 512 bits, but the hash is defined to iterate over input of variable size (up to about 2^32) using Merkle-Damgard padding. (The standard hash is actually defined for input in bits, but the OpenSSL API only allows byte/octet granularity.) IV is *initialization* vector, and is indeed fixed. what is the type above used for? The 'speed' commandline utility can do all (or nearly all) supported algorithms, so in general you get one line for type=sha1, one for type=md5, one for type=des, etc. if I have a data which size is 4MB, the speed of sha1 adopted from above should be 4*1024*1024/1194000 = 3.51 second, right? For a single 4MB block of data, probably not. The 'speed' figures are for complete processing (Init to Finish) of blocks of the given size, and the init and finish (and EVP!) overhead is larger relative to the data for small data. Unless you do something silly like call Update for many small chunks of your data (in a loop) you should get overhead even less than for 8k. But on modern general-purpose systems lots of things can affect performance. The only way to be sure is to measure, in as realistic an environment as possible. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org