AES_cbc_encrypt - core dump in decryption.

Hi, I am facing a core dump in AES_cbc_encrypt() while decrypting the data with OpenSSL 1.0.1e library. I made sure, the encrypted data length is multiple of AES_BLOCK_SIZE (16bytes) and also there is sufficient amount of buffer available for decryption. The encrypted buffer pointer is also vali

Re: Deadlock in openssl1.0.1e.

Yes. The issue is fairly reproducible and takes not more than 10-15mins to occur. -- Thanks, Nilesh Sent via CanvasHD "Dr. Stephen Henson" wrote: On Wed, Jan 15, 2014, Tayade, Nilesh wrote: > > Thanks. I have already captured the lock details in an array. Please see >

RE: Deadlock in openssl1.0.1e.

> -Original Message- > From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Dr. Stephen Henson > Sent: Wednesday, January 15, 2014 6:30 PM > To: openssl-users@openssl.org > Subject: Re: Deadlock in openssl1.0.1e. > > On W

RE: Deadlock in openssl1.0.1e.

> -Original Message- > From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Dr. Stephen Henson > Sent: Wednesday, January 15, 2014 1:56 AM > To: openssl-users@openssl.org > Subject: Re: Deadlock in openssl1.0.1e. > > On T

RE: Deadlock in openssl1.0.1e.

something else. -lee On 2014-01-10 13:11, Tayade, Nilesh wrote: Hi, I am facing a deadlock issue on openssl1.0.1e. Please see the stack below. Could anyone please advise if this is a known bug? Is there any workaround/fix? FIPS is disabled on my system. (gdb) bt full #0 __lll_lock_wait

Deadlock in openssl1.0.1e.

Hi, I am facing a deadlock issue on openssl1.0.1e. Please see the stack below. Could anyone please advise if this is a known bug? Is there any workaround/fix? FIPS is disabled on my system. (gdb) bt full #0  __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:136 No loc

Measuring the performance of AES-256-CBC decryption.

Hi, We are using openssl-1.0.1e version and also AESNI is enabled in BIOS. I am trying to measure the AES-256-CBC algorithm performance for decryption of 256bytes buffer size. But I am not getting the numbers matching with the 'openssl speed' tool. I saw it uses AESNI if we call the EVP* API, s

RE: [openssl-users] Extra bytes before the decrypted data.

> -Original Message- > From: Erwann Abalea [mailto:erwann.aba...@keynectis.com] > Sent: Friday, March 08, 2013 9:44 PM > To: openssl-users@openssl.org > Cc: Tayade, Nilesh > Subject: Re: [openssl-users] Extra bytes before the decrypted data. > > It's probab

Extra bytes before the decrypted data.

Hi, On performing the AES128 decryption, I see the decrypted data is preceded by a block of 16bytes. E.g. Below, 0x48 to 0x5a is the extra 16bytes block. And the actual 'GET' request starts from 0x47 onwards. 48 3f c4 99 fa f0 75 0e 51 b8 3b 58 aa 1f 4a 5a 47 45 54 20 2f 20 48 54 54 50 2f 31 2

Identifying length of decrypted data.

Hi, I am using the AES_cbc_encrypt() API to perform symmetric decryption. But in one of the scenarios I see the data encrypted is of 16bytes but just 1byte is useful and 15bytes is for padding. Is there some way I can know the actual encrypted data length? I came across some pointers like using

RE: RSA_private_decrypt function takes longer time.

> -Original Message- > From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Jeffrey Walton > Sent: Thursday, January 10, 2013 7:54 PM > To: openssl-users@openssl.org > Subject: Re: RSA_private_decrypt function takes longer time. > [...] > > So I f

RE: RSA_private_decrypt function takes longer time.

> -Original Message- > From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Jakob Bohm > Sent: Thursday, January 10, 2013 6:56 PM > To: openssl-users@openssl.org > Subject: Re: RSA_private_decrypt function takes longer time. [...] > > Coming back t

RE: RSA_private_decrypt function takes longer time.

> On 12/21/2012 1:13 PM, Tayade, Nilesh wrote: > > Hi, > > > > I am using the RSA_private_decrypt() function in one of the custom > applications, where we expect the premaster to get decrypted faster. [...] > The explanation is simple: > > The cost of an RSA ope

Hardware solution for asymmetric decryption.

Hi, The RSA_private_decrypt() function is proved to be costlier on my system. I will try for some hardware cards (PCI or over the network), which will help me perform asymmetric decryption in case of Premaster-decryption. I am looking at information on Thales nShield, SafeNet Luna devices. Could

About the OpenSSL benchmark statistics.

Hi, I am evaluating the performance of my application which handles the SSL/TLS connections (handshakes) and performs app data decryption. Do we have any statistics which I could use as a benchmark? Specifically - The max. number of new SSL connections per second which could be handled. -- Tha

RE: RSA_private_decrypt function takes longer time.

> On 12/21/2012 1:13 PM, Tayade, Nilesh wrote: > > Hi, > > > > I am using the RSA_private_decrypt() function in one of the custom > applications, where we expect the premaster to get decrypted faster. [...] > The explanation is simple: > > The cost of an RSA ope

RE: RSA_private_decrypt function takes longer time.

> -Original Message- > From: Florian Weimer [mailto:fwei...@redhat.com] > Sent: Friday, December 21, 2012 5:58 PM > To: openssl-users@openssl.org > Cc: Tayade, Nilesh > Subject: Re: RSA_private_decrypt function takes longer time. > > On 12/21/2012 01:13 PM, Tayade

RSA_private_decrypt function takes longer time.

Hi, I am using the RSA_private_decrypt() function in one of the custom applications, where we expect the premaster to get decrypted faster. I tried looking at the time consumed by RSA_private_decrypt and loops involved in pseudo-random function to compute key. It is seen that RSA_private_decrypt

Question related to TLS1.2 key computation function - PRF.

Hi, As per RFC5246 - the TLS1.2 uses SHA256, SHA384 MAC. I would appreciate any pointers on how the PRF is implemented for TLS1.2. E.g. For TLS1.0, TLS1.1 - the HMAC-SHA1 is implemented as below. And SHA-1 uses 20bytes at a time. How many bytes SHA256 uses at a time? // First initialize the inp

RE: About the encrypted premaster length.

> From: owner-openssl-us...@openssl.org On Behalf Of Tayade, Nilesh > > Sent: Wednesday, 22 August, 2012 16:13 > [...] > Only for RSA key-exchange (which is the most commonly used). > For DH* and ECDH* suites ClientKeyExchange is quite different. > (Not to mention Kerberos

About the encrypted premaster length.

Hi, The 'Client Key Exchange' packet carries the encrypted premaster. I am working on utility for decrypting the data and supported cipher suites are RC4_128_MD5 and RC4_128_SHA. I observed that the encrypted premaster length varies in the 'Client key exchange' packet. Sometimes it is 128bytes

OpenSSL in multithreaded environment.

Hi, I am using OpenSSL-1.0.0g in a multithreaded environment. Each thread comes up with its own decryption context (which has own decrypted premaster, the random values and rsa pointer). And I am sure NO two threads touch each other's decryption context. But I see some issue (program crash) wh

Query related to RSAPrivateKey_dup function.

Hi, Could someone please confirm if RSAPrivateKey_dup() function allocates a new rsa structure instance while duplicating the existing one? This is just to ensure I free the pointer if it this function allocates it. -- Thanks, Nilesh __

RE: Padding check failed and program crash with SIGABRT.

gt; > On Sat, Jul 28, 2012 at 6:12 PM, Tayade, Nilesh > wrote: > > Hi, [...] > > > > I see that the error it is trying to give is related to Padding check > failure. > > 1. How to decide the padding? By default I keep it to > RSA_PKCS1_PADDING always in RSA_p

RE: OpenSSL 1.0.0g-fips download link.

gt; On Sat, Jul 28, 2012, Tayade, Nilesh wrote: > > > Hi, > > > > Could someone please point me to the link where I can download > "OpenSSL-1.0.0g-fips"? > > On http://www.openssl.org/source/, I see only OpenSSL-1.0.0g. To get > '-fips' do I need to a

OpenSSL 1.0.0g-fips download link.

Hi, Could someone please point me to the link where I can download "OpenSSL-1.0.0g-fips"? On http://www.openssl.org/source/, I see only OpenSSL-1.0.0g. To get '-fips' do I need to apply any patch? -- Thanks, Nilesh __ OpenSSL P

Core dump in RSA_check_key

Hi, I am seeing a core dump in RSA_check_key() function. The backtrace is as below. I am unable to understand what is causing the issue. The core dump is intermittent (not always reproduced). Could someone please provide any pointers if I am missing any check? -- Thanks, Nilesh P.S. The code g

RE: About RC4 decryption.

> -Original Message- > From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of re.est > Sent: Tuesday, November 01, 2011 7:52 PM > To: openssl-users@openssl.org > Subject: Re: About RC4 decryption. > > On 11/01/2011 06:48 PM, nilesh wrote: [...] > > W

RE: Regarding cipher suites in SSLv3.

> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Richard Könning > Sent: Wednesday, October 12, 2011 7:20 PM > To: openssl-users@openssl.org > Subject: Re: Regarding cipher suites in SSLv3. > > Am 12.10.2011 15:29, schrieb nilesh: > > Hi, > > > > I a

RE: Link error

> -Original Message- > From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Gyanendra Kumar > Sent: Monday, October 10, 2011 7:35 AM > To: openssl-users@openssl.org > Subject: Link error > > Hi: > > I am compiling an example program and I get the