Threading model constraint?

2002-10-25 Thread Dick . Bridges 
I'm retrofitting an existing program to use [OpenSSL?] TLS between nodes.
Most of my info comes from reading Network Security with OpenSSL and
lurking on this list.  I don't have the time right now to grok the code,
hence this request.

Our app uses a leader-follower thread pattern (e.g., Pattern-Oriented
Software Architecture, Schmidt, et al) which means that any given
connection event will be serviced by selecting from a threadpool.  My
reading suggests that OpenSSL is built around a thread-per-connection
orientation.  On the other hand, I think I remember reading that OpenSSL
does not use thread local storage so I thought we should be able to work
around that since we can get to the BIO's underlying fd.  Then I read that
error state was maintained by thread id.  %-[

Can someone clarify this for me:  does OpenSSL depend upon
one-thread-per-connection or can it be used in the context of other
threading models?

TIA

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: anybody using EGADS?

2002-10-22 Thread Dick . Bridges 

Not exactly open source, but
http://www.intel.com/design/security/rng/rng-capi.htm Accessing the IntelĀ®
Random Number Generator through a CSP for Microsoft* CryptoAPI describes
how to access the Intel *hardware* RNG.  Might be of some use to you on
Windows platforms.  (I believe some *NIXs use the same hardware to populate
/dev/random when on Intel platforms.)



   
   
  Edward Chan  
   
  [EMAIL PROTECTED]  To:  [EMAIL PROTECTED]  
   
  Sent by: cc: 
   
  owner-openssl-users@ Subject: Re: anybody using EGADS?   
   
  openssl.org  
   
   
   
   
   
  10/22/2002 01:13 PM  
   
  Please respond to
   
  openssl-users
   
   
   
   
   




Hi Stephen,

Thanks for the reply.  You're absolutely right.  It
does appear that I am not blocked indefinitely...it
certainly does take a while to gather entropy.  I was
using nBytes = 1024.  Then I tried 512.  Still very
long time.

Any suggestions on what a number should be for
acceptable randomness?

Does anybody have any alternative suggestions?  Does
anybody know how Apache seeds the OpenSSL PRNG on
Windows?  I think Apache uses OpenSSL don't they?

Thanks,
Ed

--- Stephen G. Schoggen [EMAIL PROTECTED]
wrote:
 Ed,

 I tried EGADS on Windows (PIII 866) and found that
 it's time to
 'gather entropy' was noticeable beyond nBytes=4.  So
 if you use a
 relatively large nBytes, then it would appear to
 block.

 Steve


 Hi there,
 
 Is anybody using EGADS on Windows?  I'm having a
 problem using it.  I've downloaded the source and
 built everything.  The egads service is running.
 I've
 written a program that links with egads.dll.  I
 have a
 function that tries to see the OpenSSL PRNG :
 
 bool seedPRNG(int nBytes)
 {
   prngctx_t ctx;
   int nError;
 
   egads_init(ctx, 0, 0, nError);
   if (nError != 0)
   {
   DEBUG_TRACE1(_T(egads_init() failed : %d (Is
 egads
 service running???)), nError);
   return false;
   }
 
   char* pBuf = new char[nBytes + 1];
   egads_entropy(ctx, pBuf, nBytes, nError);
   bool bOK = (0 == nError);
   if (bOK)
   {
   RAND_seed(pBuf, nBytes);
   }
   delete [] pBuf;
 
   egads_destroy(ctx);
   return bOK;
 }
 
 However, I seem to be blocking inside (presumably
 as
 egads gathers entropy), but it seems like I never
 unblock.  Can anybody tell me what I'm doing wrong?
 
 Thanks,
 Ed
 
 __
 Do you Yahoo!?
 Y! Web Hosting - Let the expert host your web site
 http://webhosting.yahoo.com/

__
 OpenSSL Project
 http://www.openssl.org
 User Support Mailing List
 [EMAIL PROTECTED]
 Automated List Manager
 [EMAIL PROTECTED]


__
 OpenSSL Project
 http://www.openssl.org
 User Support Mailing List
 [EMAIL PROTECTED]
 Automated List Manager
[EMAIL PROTECTED]


__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]