[openssl-users] Integrating New Cipher Suite
Schmicker, Robert
rschm2 at unh.newhaven.edu
Fri Apr 14 02:42:29 UTC 2017
Added a define in include/openssl/ssl.h:
# define SSL_TXT_MYCIPHER "MYCIPHER"
Integrated into ssl/s3_lib.c:
static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
SSL_kECDHE,
SSL_aECDSA,
SSL_MYCIPHER,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
64,
64,
},
>That's a pretty small number of bits. Do you really mean it to be only 64?
>
>Does you ciphersuite show up with cipher -s?
>
>It's possible it is being rejected because it has insufficient security. If
>the number of bits is really 64 you could try droppping the security level to
>0 to allow it.
>
>If that doesn't help enable trace support with enable-ssl-trace and then try
>the -trace command ot s_client/s_server and see if the new ciphersuites is
>sent in ClientHello
>
>Steve.
>--
>Dr Stephen N. Henson. OpenSSL project core developer.
>Commercial tech support now available see: http://www.openssl.org
After some debugging (exactly as mentioned above) it appears that the cipher suite does not show up in the ClientHello using the s_client/s_server. I modified the cipher for testing to use 512 bits instead of 64 so that it is ranked highest.
Error server side:
SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:1979
Error Client side:
SSL routines:ssl3_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_s3.c:1469:SSL alert number 80
Any idea why the cipher would appear under the list of supported tls1.2 ciphers, yet it does not appear under the ClientHello even if specified with the -cipher option?
Thank you for any leads!
Rob
On 4/12/17 8:06 AM, openssl-users-request at openssl.org<mailto:openssl-users-request at openssl.org> wrote:
Send openssl-users mailing list submissions to
openssl-users at openssl.org<mailto:openssl-users at openssl.org>
To subscribe or unsubscribe via the World Wide Web, visit
https://mta.openssl.org/mailman/listinfo/openssl-users
or, via email, send a message with subject or body 'help' to
openssl-users-request at openssl.org<mailto:openssl-users-request at openssl.org>
You can reach the person managing the list at
openssl-users-owner at openssl.org<mailto:openssl-users-owner at openssl.org>
When replying, please edit your Subject line so it is more specific
than "Re: Contents of openssl-users digest..."
Today's Topics:
1. Re: Integrating New Cipher Suite (Dr. Stephen Henson)
2. Re: RSA PKCS1 v2.1 - Multi-primes and RSASSA-PSS (Davy Souza)
3. Escaped Issuer/Subject (c.holper at ades.at<mailto:c.holper at ades.at>)
4. Multithreading: Global locks causing bottleneck in parallel
SSL_write calls (dipakgaigole)
----------------------------------------------------------------------
Message: 1
Date: Tue, 11 Apr 2017 18:54:09 +0000
From: "Dr. Stephen Henson" <steve at openssl.org><mailto:steve at openssl.org>
To: openssl-users at openssl.org<mailto:openssl-users at openssl.org>
Subject: Re: [openssl-users] Integrating New Cipher Suite
Message-ID: <20170411185409.GA23595 at openssl.org><mailto:20170411185409.GA23595 at openssl.org>
Content-Type: text/plain; charset=us-ascii
On Tue, Apr 11, 2017, Schmicker, Robert wrote:
Added a define in include/openssl/ssl.h:
# define SSL_TXT_MYCIPHER "MYCIPHER"
Integrated into ssl/s3_lib.c:
static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
SSL_kECDHE,
SSL_aECDSA,
SSL_MYCIPHER,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
64,
64,
},
That's a pretty small number of bits. Do you really mean it to be only 64?
Does you ciphersuite show up with cipher -s?
It's possible it is being rejected because it has insufficient security. If
the number of bits is really 64 you could try droppping the security level to
0 to allow it.
If that doesn't help enable trace support with enable-ssl-trace and then try
the -trace command ot s_client/s_server and see if the new ciphersuites is
sent in ClientHello
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
------------------------------
Message: 2
Date: Tue, 11 Apr 2017 12:50:29 +0000
From: Davy Souza <davy.souza at outlook.com><mailto:davy.souza at outlook.com>
To: "openssl-users at openssl.org"<mailto:openssl-users at openssl.org> <openssl-users at openssl.org><mailto:openssl-users at openssl.org>
Subject: Re: [openssl-users] RSA PKCS1 v2.1 - Multi-primes and
RSASSA-PSS
Message-ID:
<CP2P152MB179454491F9BCC350F89E1FB8A000 at CP2P152MB1794.LAMP152.PROD.OUTLOOK.COM><mailto:CP2P152MB179454491F9BCC350F89E1FB8A000 at CP2P152MB1794.LAMP152.PROD.OUTLOOK.COM>
Content-Type: text/plain; charset="iso-8859-1"
In what context do you want to use it? For example CMS, certificates, TLS,
general application code or via the command line?
It's a C++ embedded application for a POS. One requirement is to use PKCS#1 v2.1 for RSA functions.
Davy Alves de Souza
Computer Scientist
Federal University of S?o Carlos, Sorocaba / SP - Brazil
________________________________
De: openssl-users <openssl-users-bounces at openssl.org><mailto:openssl-users-bounces at openssl.org> em nome de Dr. Stephen Henson <steve at openssl.org><mailto:steve at openssl.org>
Enviado: segunda-feira, 10 de abril de 2017 10:46:26
Para: openssl-users at openssl.org<mailto:openssl-users at openssl.org>
Assunto: Re: [openssl-users] RSA PKCS1 v2.1 - Multi-primes and RSASSA-PSS
On Wed, Apr 05, 2017, Davy Souza wrote:
Hi,
I'm using RSA, but I need to know if OpenSSL RSA implements PKCS#1 v2.1. I have the following questions:
1) Does OpenSSL support multi-prime?
No.
2) Does OpenSSL support RSASSA-PSS?
Yes.
3) If so, how can I use it?
In what context do you want to use it? For example CMS, certificates, TLS,
general application code or via the command line?
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170411/7e8a5420/attachment-0001.html><http://mta.openssl.org/pipermail/openssl-users/attachments/20170411/7e8a5420/attachment-0001.html>
------------------------------
Message: 3
Date: Wed, 12 Apr 2017 06:47:25 +0200
From: "c.holper at ades.at"<mailto:c.holper at ades.at> <c.holper at ades.at><mailto:c.holper at ades.at>
To: openssl-users at openssl.org<mailto:openssl-users at openssl.org>
Subject: [openssl-users] Escaped Issuer/Subject
Message-ID: <614474ba-574f-1df9-134a-91fa8c3eac1f at ades.at><mailto:614474ba-574f-1df9-134a-91fa8c3eac1f at ades.at>
Content-Type: text/plain; charset=utf-8; format=flowed
I thought about escaping regarding DN itself (LDAP DN).
https://www.ietf.org/rfc/rfc4514.txt
https://www.ibm.com/support/knowledgecenter/en/ssw_i5_54/rzahy/rzahyunderdn.htm
https://msdn.microsoft.com/en-us/library/aa366101%28v=vs.85%29.aspx
Best regards
------------------------------
Message: 4
Date: 12 Apr 2017 10:54:28 -0000
From: "dipakgaigole" <dipakgaigole at rediffmail.com><mailto:dipakgaigole at rediffmail.com>
To: <openssl-users at openssl.org><mailto:openssl-users at openssl.org>
Subject: [openssl-users] Multithreading: Global locks causing
bottleneck in parallel SSL_write calls
Message-ID: <20170412105428.2021.qmail at f4mail-235-235.rediffmail.com><mailto:20170412105428.2021.qmail at f4mail-235-235.rediffmail.com>
Content-Type: text/plain; charset="utf-8"
Hi, I have a windows multi-threaded SSL server application which handles each client request in a new thread. The Server handles different types of requests. One of the request type is like “send file” where server thread has to read a file from local filesystem and send the content to the client.Server configurations: FIPS: Enabled SSL Protocol: TLSv1.2 Cipher: AES256-SHA It was observed that as the number of thread parallelism increases, the throughput decreases.To profile the server, I had recompiled the OpenSSL and FIPS source with debug symbol information. When run under a statistical profiler “verysleepy“ (http://www.codersnotes.com/sleepy) points out below stack (hotspot
) which was consuming most of the time.###################################WaitForSingleObjectEx KERNELBASE [unknown] 0 0x7fefd2610dcCRYPTO_lock LIBEAY64 c:\openssl_src\openssl-1.0.2f\crypto\cryptlib.c 597 0xfb0bb26FIPS_lock &nb
sp; LIBEAY64 c:\fips_src\openssl-fips-2.0.10\fips\utl\fips_lck.c 69 0xfceb291fips_drbg_bytes LIBEAY64 c:\fips_src\openssl-fips-2.0.10\fips\rand\fips_drbg_rand.c 86 0xfcfe868RAND_bytes &n
bsp; LIBEAY64 c:\openssl_src\openssl-1.0.2f\crypto\rand\rand_lib.c 159 0xfc0dbe5tls1_enc SSLEAY64 c:\openssl_src\openssl-1.0.2f\ssl\t1_enc.c 786 0x3b6675cdo_ssl3_write SSLEAY64 &
nbsp; c:\openssl_src\openssl-1.0.2f\ssl\s3_pkt.c 1042 0x3b4c336ssl3_write_bytes SSLEAY64 c:\openssl_src\openssl-1.0.2f\ssl\s3_pkt.c 830 0x3b4baddssl3_write SSLEAY64 c:\openssl_src\openssl-1.0.2f\ssl\s3_lib.c &
nbsp; 4404 0x3b4796cSSL_write SSLEAY64 c:\openssl_src\openssl-1.0.2f\ssl\ssl_lib.c 1047 0x3b7a3e4################################### To check if this behavior can be seen outside of our code, I wrote a standalone multi threaded SSL server which performs same task as “send file”. And profiling of the standalone server also point out at the similar stack. So I was able to reproduced this behavior in standalone program.File size used: 340 MB To find out how the bottleneck varies with increasing the parallel thread count
in standalone SSL server program, I analyzed one thread behavior with different parallelism and here are the results:######################“Parallel thread count” -> “% of time spend in waiting for global lock”1 -> 1 %2 -> 2 %5 -> 5 %10 -> 40 %15 -> 46 %20 -> 65 %25 -> 68 %30 -> 70 %###################### After digging into the FIPS code found that there is a global lock around the random number generation code which is causing the bottleneck when multiple threads want to perform SSL_write operation in parallel.Code snippet from fips/rand/fips_drbg_rand.c:######################/* Since we only have one global PRNG used at any time in OpenSSL use a global* variable to store context.*/static DRBG_CTX ossl_dctx;….….static int fips_drbg_bytes(unsigned char *out, int count) {
DRBG_CTX *dctx = &ossl_dctx; int rv = 0; unsigned char *adin = NULL; size_t adinlen = 0; CRYPTO_w_lock(CRYPTO_LOCK_RAND); …. …. CRYPTO_w_unlock(CRYPTO_LOCK_RAND);###################### As comment from fips_drbg_rand.c says, do we really need to have one global PRNG at any time in OpenSSL? Does any
one has any suggestion about how starvation (due to the global locks) of parallel SSL_write can be reduced? Any suggestions are welcome :) Thanks,Dipak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170412/70b473ef/attachment.html><http://mta.openssl.org/pipermail/openssl-users/attachments/20170412/70b473ef/attachment.html>
------------------------------
Subject: Digest Footer
_______________________________________________
openssl-users mailing list
openssl-users at openssl.org<mailto:openssl-users at openssl.org>
https://mta.openssl.org/mailman/listinfo/openssl-users
------------------------------
End of openssl-users Digest, Vol 29, Issue 13
*********************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170414/2822a804/attachment-0001.html>
More information about the openssl-users
mailing list