From simon+gnutls-dev at josefsson.org Fri Mar 1 00:16:01 2002 From: simon+gnutls-dev at josefsson.org (Simon Josefsson) Date: Fri Mar 1 00:16:01 2002 Subject: [gnutls-dev] Re: Feature request: standalone binary In-Reply-To: <20020228224114.GB9676@cs.washington.edu> (Neil Spring's message of "Thu, 28 Feb 2002 14:41:19 -0800") References: <20020228224114.GB9676@cs.washington.edu> Message-ID: Neil Spring writes: > On Thu, Feb 28, 2002 at 10:39:11PM +0100, Simon Josefsson wrote: >> The OpenSSL "openssl s_client" is useful for interactive use from the >> command line, it would be nice to have this functionality in GNUTLS as >> well. What do you think? > > how does that differ from gnutls/src/cli? By not being installed in $(prefix)/bin/. From nspring at cs.washington.edu Fri Mar 1 00:28:01 2002 From: nspring at cs.washington.edu (Neil Spring) Date: Fri Mar 1 00:28:01 2002 Subject: [gnutls-dev] Re: Feature request: standalone binary In-Reply-To: References: <20020228224114.GB9676@cs.washington.edu> Message-ID: <20020228232552.GA654@cs.washington.edu> On Fri, Mar 01, 2002 at 12:13:27AM +0100, Simon Josefsson wrote: > Neil Spring writes: > > On Thu, Feb 28, 2002 at 10:39:11PM +0100, Simon Josefsson wrote: > >> The OpenSSL "openssl s_client" is useful for interactive use from the > >> command line, it would be nice to have this functionality in GNUTLS as > >> well. What do you think? > > > > how does that differ from gnutls/src/cli? > > By not being installed in $(prefix)/bin/. Then I think including it is an excellent idea: it would save applications like wmbiff from including print_info (which can change somewhat often) to debug users' ssl connections. -neil From nmav at gnutls.org Fri Mar 1 08:56:01 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Fri Mar 1 08:56:01 2002 Subject: [gnutls-dev] Re: Feature request: standalone binary In-Reply-To: <20020228232552.GA654@cs.washington.edu> References: <20020228224114.GB9676@cs.washington.edu> <20020228232552.GA654@cs.washington.edu> Message-ID: <20020301075224.GB723@gnutls.org> On Thu, Feb 28, 2002 at 03:25:56PM -0800, Neil Spring wrote: > > > how does that differ from gnutls/src/cli? > > By not being installed in $(prefix)/bin/. > Then I think including it is an excellent idea: it would > save applications like wmbiff from including print_info > (which can change somewhat often) to debug users' ssl > connections. Any suggestions on the name to use? Does 'tls_cli' sound ok? > -neil -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org From nspring at cs.washington.edu Fri Mar 1 09:26:01 2002 From: nspring at cs.washington.edu (Neil Spring) Date: Fri Mar 1 09:26:01 2002 Subject: [gnutls-dev] Re: Feature request: standalone binary In-Reply-To: <20020301075224.GB723@gnutls.org> References: <20020228224114.GB9676@cs.washington.edu> <20020228232552.GA654@cs.washington.edu> <20020301075224.GB723@gnutls.org> Message-ID: <20020301082359.GA8437@cs.washington.edu> On Fri, Mar 01, 2002 at 09:52:24AM +0200, Nikos Mavroyanopoulos wrote: > On Thu, Feb 28, 2002 at 03:25:56PM -0800, Neil Spring wrote: > > > > > how does that differ from gnutls/src/cli? > > > By not being installed in $(prefix)/bin/. > > Then I think including it is an excellent idea: it would > > save applications like wmbiff from including print_info > > (which can change somewhat often) to debug users' ssl > > connections. > > Any suggestions on the name to use? Does 'tls_cli' sound > ok? Perhaps "gnutls_client" would be more specific? If that's too long, tls_cli seems fine. -neil From nmav at gnutls.org Fri Mar 1 21:55:01 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Fri Mar 1 21:55:01 2002 Subject: [gnutls-dev] Re: Feature request: standalone binary In-Reply-To: <20020301082359.GA8437@cs.washington.edu> References: <20020228224114.GB9676@cs.washington.edu> <20020228232552.GA654@cs.washington.edu> <20020301075224.GB723@gnutls.org> <20020301082359.GA8437@cs.washington.edu> Message-ID: <20020301205237.GA1542@gnutls.org> On Fri, Mar 01, 2002 at 12:24:09AM -0800, Neil Spring wrote: > > > Then I think including it is an excellent idea: it would > > > save applications like wmbiff from including print_info > > > (which can change somewhat often) to debug users' ssl > > > connections. > > Any suggestions on the name to use? Does 'tls_cli' sound > > ok? > Perhaps "gnutls_client" would be more specific? If that's > too long, tls_cli seems fine. This morning, among other things, I also commited this fix. The 'gnutls-cli, gnutls-serv, gnutls-srpcrypt and gnutls-cli-debug' are now being installed by default. > -neil -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org From jas at extundo.com Sat Mar 2 11:11:01 2002 From: jas at extundo.com (Simon Josefsson) Date: Sat Mar 2 11:11:01 2002 Subject: [gnutls-dev] Re: Feature request: standalone binary In-Reply-To: <20020301082359.GA8437@cs.washington.edu> Message-ID: On Fri, 1 Mar 2002, Neil Spring wrote: > On Fri, Mar 01, 2002 at 09:52:24AM +0200, Nikos Mavroyanopoulos wrote: > > On Thu, Feb 28, 2002 at 03:25:56PM -0800, Neil Spring wrote: > > > > > > > how does that differ from gnutls/src/cli? > > > > By not being installed in $(prefix)/bin/. > > > Then I think including it is an excellent idea: it would > > > save applications like wmbiff from including print_info > > > (which can change somewhat often) to debug users' ssl > > > connections. > > > > Any suggestions on the name to use? Does 'tls_cli' sound > > ok? > > Perhaps "gnutls_client" would be more specific? If that's > too long, tls_cli seems fine. Keeping within 8+3 might be a good idea. What about simply "gnutls"? It would be nice if the command line parameters changed as little as possible as well, so that it is possible to use it from scripts without first checking which version is installed. From nmav at gnutls.org Sun Mar 3 10:38:01 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sun Mar 3 10:38:01 2002 Subject: [gnutls-dev] gnutls 0.3.91 Message-ID: <20020303093446.GA17805@gnutls.org> A new prerelease (0.3.91) is now available. The news in this version are: - Added gnutls-cli-debug program - Corrections in session resumption - Rehandshake can now handle negotiation of different authentication type. - gnutls-cli, gnutls-serv, gnutls-srpcrypt and gnutls-cli-debug are now being installed. -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org From dalgoda at ix.netcom.com Mon Mar 11 10:13:01 2002 From: dalgoda at ix.netcom.com (Mike Castle) Date: Mon Mar 11 10:13:01 2002 Subject: [gnutls-dev] Build problem with gnutls-0.3.91 with no OPENCDK Message-ID: <20020310185843.GA29125@thune.mrc-home.com> No OPENCDK, get the following error linking: make[3]: Entering directory `/usr/src/gnutls/gnutls-0.3.91/src' /bin/sh ../libtool --mode=link i386-linux-gcc -g -O2 -O2 -pipe -o gnutls-serv serv-gaa.o serv.o common.o ../lib/libgnutls.la -L/usr/lib -lgcrypt -lz -lgdbm i386-linux-gcc -g -O2 -O2 -pipe -o .libs/gnutls-serv serv-gaa.o serv.o common.o ../lib/.libs/libgnutls.so -L/usr/lib /usr/lib/libgcrypt.so -ldl -lnsl -lz /usr/lib/libgdbm.so serv.o: In function `main': /usr/src/gnutls/gnutls-0.3.91/src/serv.c:364: undefined reference to `gnutls_certificate_set_openpgp_trustdb' Guess a stub is needed in lib/gnutls_openpgp.c? Cheers, mrc -- Mike Castle dalgoda at ix.netcom.com www.netcom.com/~dalgoda/ We are all of us living in the shadow of Manhattan. -- Watchmen fatal ("You are in a maze of twisty compiler features, all different"); -- gcc From timo at lcsweb.net Mon Mar 11 22:54:01 2002 From: timo at lcsweb.net (Timo Schulz) Date: Mon Mar 11 22:54:01 2002 Subject: [gnutls-dev] Build problem with gnutls-0.3.91 with no OPENCDK In-Reply-To: <20020310185843.GA29125@thune.mrc-home.com> References: <20020310185843.GA29125@thune.mrc-home.com> Message-ID: <20020311124346.GA703@daredevil.joesixpack.net> On Sun Mar 10 2002; 10:58, Mike Castle wrote: > /usr/src/gnutls/gnutls-0.3.91/src/serv.c:364: undefined reference to > `gnutls_certificate_set_openpgp_trustdb' > > > Guess a stub is needed in lib/gnutls_openpgp.c? Yes, you're right. I'll add this stub and commit it to the CVS, thanks. Timo From andrew at mcdonald.org.uk Sat Mar 16 22:39:01 2002 From: andrew at mcdonald.org.uk (Andrew McDonald) Date: Sat Mar 16 22:39:01 2002 Subject: [gnutls-dev] gaa Message-ID: <20020316213647.GD361@mcdonald.org.uk> The examples and tools in gnutls/src make use of the gaa tool. Could you add a note in one of the READMEs about this? I had a bit of trouble finding it. From a bit of searching, I guess it is the GPL Argument Analyser. None of the supposed homepages (e.g. http://gaa.netpedia.net/ or http://wwwetu.utc.fr/~maillejo) for it seem to be accessible. I eventually found a copy of it on tucows. Andrew -- Andrew McDonald E-mail: andrew at mcdonald.org.uk http://www.mcdonald.org.uk/andrew/ From nmav at gnutls.org Sun Mar 17 19:45:01 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sun Mar 17 19:45:01 2002 Subject: [gnutls-dev] gaa In-Reply-To: <20020316213647.GD361@mcdonald.org.uk> References: <20020316213647.GD361@mcdonald.org.uk> Message-ID: <20020317184239.GC11564@gnutls.org> On Sat, Mar 16, 2002 at 09:36:47PM +0000, Andrew McDonald wrote: > The examples and tools in gnutls/src make use of the gaa tool. Could > you add a note in one of the READMEs about this? Done. > I had a bit of trouble finding it. From a bit of searching, I guess it > is the GPL Argument Analyser. None of the supposed homepages (e.g. > http://gaa.netpedia.net/ or http://wwwetu.utc.fr/~maillejo) for it seem > to be accessible. I eventually found a copy of it on tucows. You may want to visit http://members.hellug.gr/gaa I've put a modified version (the old version works fine though) > Andrew > -- > Andrew McDonald > E-mail: andrew at mcdonald.org.uk > http://www.mcdonald.org.uk/andrew/ -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org From andrew at mcdonald.org.uk Sun Mar 17 21:41:01 2002 From: andrew at mcdonald.org.uk (Andrew McDonald) Date: Sun Mar 17 21:41:01 2002 Subject: [gnutls-dev] NO_CERTIFICATE_FOUND if CA list is empty (CVS) Message-ID: <20020317203923.GB13589@mcdonald.org.uk> In the CVS version of gnutls I get a GNUTLS_E_NO_CERTIFICATE_FOUND error if there are no CA certificates in the credentials list, e.g. when the certificate file set through gnutls_certificate_set_x509_trust_file is empty or does not exist. This is because of the tcas_size == 0 check in _gnutls_x509_verify_certificate. In 0.3.5 the tcas_size == 0 check in gnutls_verify_certificate caused it to return GNUTLS_CERT_NOT_TRUSTED. The 0.3.5 behaviour seems the correct one to me since the user may not have any CAs and just wants to check the fingerprint of each certificate by hand, especially in situations where the certificate is likely to be self-signed. Just getting rid of the tcas_size == 0 check at the start of _gnutls_x509_verify_certificate should be enough, since the later call to gnutls_verify_certificate2 will return/set GNUTLS_CERT_NOT_TRUSTED if !(tcas_size >= 1). This will also ensure that the EXPIRED and other flags are set as appropriate. One line patch attached. Andrew -- Andrew McDonald E-mail: andrew at mcdonald.org.uk http://www.mcdonald.org.uk/andrew/ -------------- next part -------------- --- x509_verify.c~ Sun Mar 17 20:35:30 2002 +++ x509_verify.c Sun Mar 17 20:36:21 2002 @@ -368,7 +368,7 @@ int i = 0, ret; CertificateStatus status=0; - if (tcas_size == 0 || clist_size == 0) { + if (clist_size == 0) { return GNUTLS_E_NO_CERTIFICATE_FOUND; } -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: From nmav at gnutls.org Sun Mar 17 22:52:02 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sun Mar 17 22:52:02 2002 Subject: [gnutls-dev] NO_CERTIFICATE_FOUND if CA list is empty (CVS) In-Reply-To: <20020317203923.GB13589@mcdonald.org.uk> References: <20020317203923.GB13589@mcdonald.org.uk> Message-ID: <20020317214916.GB19304@gnutls.org> On Sun, Mar 17, 2002 at 08:39:23PM +0000, Andrew McDonald wrote: > In the CVS version of gnutls I get a GNUTLS_E_NO_CERTIFICATE_FOUND > error if there are no CA certificates in the credentials list, e.g. > when the certificate file set through > gnutls_certificate_set_x509_trust_file is empty or does not exist. > The 0.3.5 behaviour seems the correct one to me since the user may not > have any CAs and just wants to check the fingerprint of each > certificate by hand, especially in situations where the certificate is > likely to be self-signed. You are right. I've commited the fix in the cvs. > Andrew > -- > Andrew McDonald > E-mail: andrew at mcdonald.org.uk > http://www.mcdonald.org.uk/andrew/ -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org From nmav at gnutls.org Sun Mar 17 23:04:01 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sun Mar 17 23:04:01 2002 Subject: [gnutls-dev] gaa In-Reply-To: <20020317184239.GC11564@gnutls.org> References: <20020316213647.GD361@mcdonald.org.uk> <20020317184239.GC11564@gnutls.org> Message-ID: <20020317220149.GA7295@gnutls.org> On Sun, Mar 17, 2002 at 08:42:39PM +0200, Nikos Mavroyanopoulos wrote: > > I had a bit of trouble finding it. From a bit of searching, I guess it > > is the GPL Argument Analyser. None of the supposed homepages (e.g. > > http://gaa.netpedia.net/ or http://wwwetu.utc.fr/~maillejo) for it seem > > to be accessible. I eventually found a copy of it on tucows. > You may want to visit http://members.hellug.gr/gaa > I've put a modified version (the old version works fine though) Sorry the exact URL is: http://members.hellug.gr/nmav/gaa -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org From nmav at gnutls.org Sat Mar 23 11:17:01 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sat Mar 23 11:17:01 2002 Subject: [gnutls-dev] gnutls 0.3.92 Message-ID: <20020323101351.GA1659@gnutls.org> gnutls 0.3.92 is out. The news since 0.3.91 are: - Updated documentation - Combined error codes of ASN.1 parser and gnutls - Removed GNUTLS_CERT_TRUSTED from the CertificateStatus enumeration - Added protection against CBC chosen plaintext attack (disabled by default) - Improved and optimized compression support -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org From nmav at gnutls.org Mon Mar 25 20:17:01 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Mon Mar 25 20:17:01 2002 Subject: [gnutls-dev] future optimizations Message-ID: <20020325191055.GA4949@gnutls.org> Although it's too soon for this, I've been doing some profiling tests with the current version of gnutls (server). As I was expecting it, the RSA (DHE_RSA is much slower[0]) calculation has a great percentence of the total server time (65%). Other than that I discovered that the _gnutls_supported_ciphersuites()[1] function took about 8% of the time. This is because the priority in gnutls is set per state, and it involves algorithms instead of TLS cipher suites. Unfortunately this cannot be optimized unless I change the way gnutls_*_priority work, thus I think it'd be better to postpone it for a future release (0.5.0 probably, but I haven't made my mind yet). Other possible optimizations might be using alloca() instead of malloc() in some functions, but I do not know how portable is it. In any case we seem to have about the 1/10 of the openssl speed[2] in the (server side) handshake procedure, thus we need a lot of work. [0]. There are optimizations though (such as precalculating the signature), which are easy to add, and will be added soon after 0.4.0. [1]. This one calls _gnutls_cipher_suite_count() and _gnutls_cipher_suite_is_ok() many times. [2]. This is only in single threaded servers, but I'm not sure if the server type was the same (gnutls was running in a non blocking server, openssl was used with the included s_server command). I attach the output of fcdump. FunctionCheck V3.0 by Y.Perret Total time spend in this processus is 583.099597 606 arc(s), 304 function(s) (304 shown, 0 hidden), 6 library(ies) total | local | total | local | # |function time | % | time | % | min | max | min | max | calls | name -------|-----|-------|-----|-------|-------|-------|-------|-------|-------- 583.07|100.0| 3.68| 0.6| 583.07| 583.07| 3.68| 3.68| 1| main 542.50| 93.0| 0.27| 0.0| 0.03| 0.31| 0.00| 0.00| 2562| gnutls_handshake 475.18| 81.5| 0.45| 0.1| 0.03| 0.28| 0.00| 0.00| 2562| gnutls_handshake_server 391.93| 67.2| 0.16| 0.0| 0.15| 0.22| 0.00| 0.00| 2561| _gnutls_recv_client_kx_message 386.49| 66.3| 0.26| 0.0| 0.15| 0.22| 0.00| 0.00| 2561| proc_rsa_client_kx 385.13| 66.0| 0.39| 0.1| 0.15| 0.22| 0.00| 0.00| 2561| _gnutls_pkcs1_rsa_decrypt 383.13| 65.7| 377.73| 64.8| 0.14| 0.22| 0.14| 0.22| 2561| _gnutls_pk_encrypt 72.68| 12.5| 0.59| 0.1| 0.00| 0.09| 0.00| 0.00| 7684| _gnutls_recv_handshake 66.08| 11.3| 0.20| 0.0| 0.02| 0.09| 0.00| 0.00| 2561| gnutls_handshake_common 53.33| 9.1| 0.07| 0.0| 0.01| 0.09| 0.00| 0.00| 2562| _gnutls_recv_hello 53.26| 9.1| 0.46| 0.1| 0.01| 0.09| 0.00| 0.00| 2562| _gnutls_read_client_hello 47.87| 8.2| 0.33| 0.1| 0.01| 0.09| 0.00| 0.00| 2561| _gnutls_server_select_suite 44.98| 7.7| 2.81| 0.5| 0.00| 0.07| 0.00| 0.00| 17922| gnutls_send_int 44.46| 7.6| 0.20| 0.0| 0.02| 0.08| 0.00| 0.00| 2561| _gnutls_recv_handshake_final 44.09| 7.6| 3.11| 0.5| 0.01| 0.08| 0.00| 0.02| 2561| _gnutls_supported_ciphersuites 37.75| 6.5| 18.35| 3.1| 0.01| 0.08| 0.00| 0.07| 2561| _gnutls_cipher_suite_count 26.13| 4.5| 0.89| 0.2| 0.00| 0.07| 0.00| 0.00| 10244| _gnutls_send_handshake 25.40| 4.4| 15.69| 2.7| 0.00| 0.04| 0.00| 0.04| 524957| gnutls_free 25.04| 4.3| 3.15| 0.5| 0.00| 0.07| 0.00| 0.00| 30731| gnutls_recv_int 22.77| 3.9| 0.47| 0.1| 0.00| 0.05| 0.00| 0.00| 5122| gnutls_ssl3_generate_random 22.45| 3.8| 7.04| 1.2| 0.00| 0.04| 0.00| 0.04| 92184| gnutls_hash_deinit 22.23| 3.8| 2.15| 0.4| 0.00| 0.04| 0.00| 0.00| 20488| ssl3_md5 21.96| 3.8| 0.30| 0.1| 0.00| 0.07| 0.00| 0.00| 10244| _gnutls_handshake_io_send_int 21.75| 3.7| 0.82| 0.1| 0.00| 0.02| 0.00| 0.00| 17922| _gnutls_io_write_buffered2 20.93| 3.6| 20.93| 3.6| 0.00| 0.02| 0.00| 0.02| 17922| _gnutls_io_write_buffered 20.38| 3.5| 0.41| 0.1| 0.01| 0.02| 0.00| 0.00| 2558| listener_free 19.41| 3.3| 19.41| 3.3| 0.00| 0.01| 0.00| 0.01|1311232| _gnutls_cipher_suite_is_ok 18.17| 3.1| 0.17| 0.0| 0.01| 0.07| 0.00| 0.00| 2561| _gnutls_send_handshake_final 17.95| 3.1| 0.64| 0.1| 0.01| 0.05| 0.00| 0.00| 2561| _gnutls_read_connection_state_init 17.50| 3.0| 1.02| 0.2| 0.00| 0.07| 0.00| 0.00| 17922| _gnutls_encrypt 15.96| 2.7| 3.71| 0.6| 0.00| 0.07| 0.00| 0.00| 17922| _gnutls_compressed2TLSCiphertext 15.74| 2.7| 0.58| 0.1| 0.00| 0.07| 0.00| 0.00| 23052| _gnutls_handshake_io_recv_int 15.67| 2.7| 0.20| 0.0| 0.01| 0.05| 0.00| 0.00| 2561| _gnutls_set_read_keys 15.40| 2.6| 0.36| 0.1| 0.00| 0.05| 0.00| 0.00| 5122| _gnutls_set_keys 14.62| 2.5| 0.40| 0.1| 0.00| 0.07| 0.00| 0.00| 7684| _gnutls_recv_handshake_header 14.56| 2.5| 0.24| 0.0| 0.01| 0.07| 0.00| 0.00| 2561| _gnutls_recv_finished 14.20| 2.4| 0.10| 0.0| 0.01| 0.01| 0.00| 0.00| 2558| gnutls_bye 14.10| 2.4| 0.10| 0.0| 0.00| 0.01| 0.00| 0.00| 2558| gnutls_alert_send 12.37| 2.1| 0.21| 0.0| 0.00| 0.07| 0.00| 0.00| 2561| _gnutls_send_finished 11.75| 2.0| 8.69| 1.5| 0.00| 0.06| 0.00| 0.06| 99870| gnutls_hash_init 11.19| 1.9| 0.49| 0.1| 0.00| 0.07| 0.00| 0.00| 12805| _gnutls_decrypt 11.13| 1.9| 1.92| 0.3| 0.00| 0.04| 0.00| 0.00| 20488| ssl3_sha 10.95| 1.9| 0.56| 0.1| 0.00| 0.06| 0.00| 0.00| 5122| _gnutls_ssl3_finished 10.77| 1.8| 1.64| 0.3| 0.00| 0.00| 0.00| 0.00| 12799| gnutls_mac_deinit_ssl3 10.53| 1.8| 2.53| 0.4| 0.00| 0.07| 0.00| 0.06| 12805| _gnutls_ciphertext2TLSCompressed 10.50| 1.8| 0.07| 0.0| 0.00| 0.04| 0.00| 0.00| 2561| _gnutls_send_empty_handshake 9.31| 1.6| 0.08| 0.0| 0.00| 0.01| 0.00| 0.00| 2561| _gnutls_connection_state_init 9.29| 1.6| 1.65| 0.3| 0.00| 0.06| 0.00| 0.00| 10244| gnutls_mac_deinit_ssl3_handshake 9.23| 1.6| 0.08| 0.0| 0.00| 0.01| 0.00| 0.00| 2561| _gnutls_generate_master 9.15| 1.6| 0.16| 0.0| 0.00| 0.01| 0.00| 0.00| 2561| generate_normal_master 7.61| 1.3| 0.17| 0.0| 0.00| 0.07| 0.00| 0.00| 5118| gnutls_record_recv 6.67| 1.1| 0.07| 0.0| 0.00| 0.07| 0.00| 0.00| 2561| _gnutls_send_hello 6.65| 1.1| 0.15| 0.0| 0.00| 0.07| 0.00| 0.03| 2559| gnutls_record_send 6.60| 1.1| 0.29| 0.0| 0.00| 0.07| 0.00| 0.00| 2561| _gnutls_send_server_hello 6.56| 1.1| 0.15| 0.0| 0.00| 0.01| 0.00| 0.00| 2561| _gnutls_send_server_certificate 6.47| 1.1| 6.47| 1.1| 0.00| 0.04| 0.00| 0.04| 507625| gnutls_malloc 5.78| 1.0| 1.45| 0.2| 0.00| 0.02| 0.00| 0.00| 2558| gnutls_deinit 5.61| 1.0| 5.61| 1.0| 0.00| 0.00| 0.00| 0.00| 263753| gnutls_hash 5.29| 0.9| 5.29| 0.9| 0.00| 0.02| 0.00| 0.02| 512151| _gnutls_free 4.87| 0.8| 4.87| 0.8| 0.00| 0.00| 0.00| 0.00| 507047| _gnutls_is_secure_memory 3.76| 0.6| 3.37| 0.6| 0.00| 0.04| 0.00| 0.03| 5123| _gnutls_get_random 3.74| 0.6| 1.22| 0.2| 0.00| 0.00| 0.00| 0.00| 30727| gnutls_mac_init_ssl3 3.11| 0.5| 1.22| 0.2| 0.00| 0.06| 0.00| 0.00| 28168| _gnutls_io_read_buffered 2.90| 0.5| 0.09| 0.0| 0.00| 0.00| 0.00| 0.00| 2561| _gnutls_send_change_cipher_spec 2.83| 0.5| 1.21| 0.2| 0.00| 0.00| 0.00| 0.00| 30731| _gnutls_check_buffers 2.73| 0.5| 0.66| 0.1| 0.00| 0.00| 0.00| 0.00| 2561| _gnutls_write_connection_state_init 2.58| 0.4| 0.46| 0.1| 0.00| 0.05| 0.00| 0.00| 2561| _gnutls_remove_unwanted_ciphersuites 2.29| 0.4| 0.12| 0.0| 0.00| 0.03| 0.00| 0.00| 2562| _gnutls_create_random 2.13| 0.4| 0.58| 0.1| 0.00| 0.00| 0.00| 0.00| 10244| _gnutls_handshake_hash_add_sent 2.07| 0.4| 1.41| 0.2| 0.00| 0.06| 0.00| 0.06| 53780| gnutls_realloc_fast 2.07| 0.4| 0.40| 0.1| 0.00| 0.00| 0.00| 0.00| 7684| _gnutls_handshake_hash_add_recvd 2.01| 0.3| 0.65| 0.1| 0.00| 0.00| 0.00| 0.00| 23025| gnutls_sfree_datum 1.99| 0.3| 0.92| 0.2| 0.00| 0.07| 0.00| 0.06| 2561| _gnutls_gen_extensions 1.99| 0.3| 1.06| 0.2| 0.00| 0.00| 0.00| 0.00| 20489| _gnutls_handshake_hash_pending 1.90| 0.3| 1.90| 0.3| 0.00| 0.00| 0.00| 0.00| 112672| gnutls_hash_get_algo_len 1.86| 0.3| 0.89| 0.2| 0.00| 0.02| 0.00| 0.02| 40953| _gnutls_mpi_release 1.75| 0.3| 0.25| 0.0| 0.00| 0.00| 0.00| 0.00| 2561| _gnutls_server_register_current_session 1.70| 0.3| 0.07| 0.0| 0.00| 0.04| 0.00| 0.00| 2561| _gnutls_generate_session_id 1.66| 0.3| 0.70| 0.1| 0.00| 0.00| 0.00| 0.00| 25612| _gnutls_record_buffer_get 1.55| 0.3| 0.72| 0.1| 0.00| 0.00| 0.00| 0.00| 20471| gnutls_secure_free 1.53| 0.3| 0.37| 0.1| 0.00| 0.00| 0.00| 0.00| 2563| initialize_state 1.50| 0.3| 0.17| 0.0| 0.00| 0.00| 0.00| 0.00| 2561| _gnutls_handshake_hash_buffers_clear 1.19| 0.2| 1.19| 0.2| 0.00| 0.07| 0.00| 0.07| 51196| gnutls_hmac 1.18| 0.2| 0.54| 0.1| 0.00| 0.00| 0.00| 0.00| 17927| gnutls_sset_datum 1.04| 0.2| 1.04| 0.2| 0.00| 0.00| 0.00| 0.00| 74258| gnutls_protocol_get_version 1.03| 0.2| 0.46| 0.1| 0.00| 0.04| 0.00| 0.04| 2561| _gnutls_cert_supported_kx 0.97| 0.2| 0.97| 0.2| 0.00| 0.00| 0.00| 0.00| 66586| _gnutls_cipher_suite_get_kx_algo 0.95| 0.2| 0.95| 0.2| 0.00| 0.00| 0.00| 0.00| 69147| _gnutls_cipher_suite_get_version 0.94| 0.2| 0.55| 0.1| 0.00| 0.00| 0.00| 0.00| 10244| gnutls_hash_copy 0.94| 0.2| 0.40| 0.1| 0.00| 0.00| 0.00| 0.00| 15368| _gnutls_handshake_buffer_put 0.93| 0.2| 0.62| 0.1| 0.00| 0.00| 0.00| 0.00| 25613| gnutls_datum_append 0.93| 0.2| 0.26| 0.0| 0.00| 0.00| 0.00| 0.00| 10244| _gnutls_record_check_type 0.87| 0.1| 0.07| 0.0| 0.00| 0.00| 0.00| 0.00| 2561| _gnutls_gen_cert_server_certificate 0.87| 0.1| 0.87| 0.1| 0.00| 0.00| 0.00| 0.00| 74251| _gnutls_malloc_ptr_size 0.85| 0.1| 0.10| 0.0| 0.00| 0.00| 0.00| 0.00| 2562| _gnutls_handshake_hash_init 0.83| 0.1| 0.49| 0.1| 0.00| 0.00| 0.00| 0.00| 12805| _gnutls_check_record_headers 0.80| 0.1| 0.19| 0.0| 0.00| 0.00| 0.00| 0.00| 2561| _gnutls_gen_x509_certificate 0.79| 0.1| 0.75| 0.1| 0.00| 0.00| 0.00| 0.00| 33288| _gnutls_read 0.73| 0.1| 0.29| 0.0| 0.00| 0.00| 0.00| 0.00| 2563| gnutls_init 0.73| 0.1| 0.50| 0.1| 0.00| 0.00| 0.00| 0.00| 20489| gnutls_secure_malloc 0.72| 0.1| 0.22| 0.0| 0.00| 0.00| 0.00| 0.00| 2561| _gnutls_session_pack 0.71| 0.1| 0.64| 0.1| 0.00| 0.00| 0.00| 0.00| 5122| gnutls_cipher_init 0.70| 0.1| 0.70| 0.1| 0.00| 0.00| 0.00| 0.00| 51210| _gnutls_version_get_major 0.69| 0.1| 0.69| 0.1| 0.00| 0.00| 0.00| 0.00| 51210| _gnutls_version_get_minor 0.69| 0.1| 0.41| 0.1| 0.00| 0.00| 0.00| 0.00| 10244| _gnutls_get_kx_cred 0.68| 0.1| 0.68| 0.1| 0.00| 0.00| 0.00| 0.00| 53782| _gnutls_record_buffer_get_size 0.67| 0.1| 0.67| 0.1| 0.00| 0.07| 0.00| 0.07| 43537| _gnutls_ext_func_send 0.67| 0.1| 0.27| 0.0| 0.00| 0.00| 0.00| 0.00| 10244| _gnutls_record_buffer_put 0.67| 0.1| 0.67| 0.1| 0.00| 0.00| 0.00| 0.00| 48659| _gnutls_kx_priority 0.64| 0.1| 0.64| 0.1| 0.00| 0.00| 0.00| 0.00| 43548| gnutls_realloc 0.63| 0.1| 0.42| 0.1| 0.00| 0.00| 0.00| 0.00| 15366| WRITEuint24 0.63| 0.1| 0.26| 0.0| 0.00| 0.00| 0.00| 0.00| 5116| gnutls_comp_deinit 0.61| 0.1| 0.41| 0.1| 0.00| 0.00| 0.00| 0.00| 20471| _gnutls_secure_ptr_size 0.59| 0.1| 0.59| 0.1| 0.00| 0.00| 0.00| 0.00| 46095| _gnutls_session_is_valid 0.57| 0.1| 0.57| 0.1| 0.00| 0.00| 0.00| 0.00| 40971| _gnutls_mac_get_digest_size 0.50| 0.1| 0.50| 0.1| 0.00| 0.06| 0.00| 0.06| 30727| CONVuint64 0.49| 0.1| 0.14| 0.0| 0.00| 0.00| 0.00| 0.00| 2561| _gnutls_server_select_comp_method 0.48| 0.1| 0.48| 0.1| 0.00| 0.00| 0.00| 0.00| 33286| _gnutls_cipher_is_block 0.46| 0.1| 0.31| 0.1| 0.00| 0.00| 0.00| 0.00| 12805| _gnutls_check_record_version 0.46| 0.1| 0.17| 0.0| 0.00| 0.00| 0.00| 0.00| 2561| _gnutls_session_size 0.46| 0.1| 0.25| 0.0| 0.00| 0.00| 0.00| 0.00| 2561| _gnutls_find_pk_algos_in_ciphersuites 0.43| 0.1| 0.43| 0.1| 0.00| 0.00| 0.00| 0.00| 30727| _gnutls_cipher_get_block_size 0.43| 0.1| 0.34| 0.1| 0.00| 0.00| 0.00| 0.00| 17922| _gnutls_create_empty_record 0.43| 0.1| 0.43| 0.1| 0.00| 0.00| 0.00| 0.00| 30732| _gnutls_map_kx_get_cred 0.42| 0.1| 0.42| 0.1| 0.00| 0.00| 0.00| 0.00| 30727| CONVuint16 0.42| 0.1| 0.25| 0.0| 0.00| 0.00| 0.00| 0.00| 5122| gnutls_auth_get_type 0.40| 0.1| 0.24| 0.0| 0.00| 0.00| 0.00| 0.00| 5122| _gnutls_set_kx 0.40| 0.1| 0.40| 0.1| 0.00| 0.00| 0.00| 0.00| 28166| uint64pp 0.39| 0.1| 0.15| 0.0| 0.00| 0.00| 0.00| 0.00| 5116| gnutls_cipher_deinit 0.38| 0.1| 0.38| 0.1| 0.00| 0.00| 0.00| 0.00| 17922| gnutls_cipher_encrypt [...] -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org From nmav at gnutls.org Tue Mar 26 10:16:01 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Tue Mar 26 10:16:01 2002 Subject: [gnutls-dev] future optimizations In-Reply-To: <20020325191055.GA4949@gnutls.org> References: <20020325191055.GA4949@gnutls.org> Message-ID: <20020326090920.GA17430@gnutls.org> On Mon, Mar 25, 2002 at 09:10:55PM +0200, Nikos Mavroyanopoulos wrote: > In any case we seem to have about the 1/10 of the openssl speed[2] > in the (server side) handshake procedure, thus we need a lot of work. This part is false. Due to my laziness I didn't replaced the default certificates openssl used, which were of RSA 512 bits. With RSA 1024 bits (the same certificates), gnutls is close to 0.6 (60%) of openssl speed. -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org From afh at syscall.de Thu Mar 28 09:22:02 2002 From: afh at syscall.de (alexis hildebrandt) Date: Thu Mar 28 09:22:02 2002 Subject: [gnutls-dev] typo in gnutls-0.3.92 Message-ID: <20020327145158.GA5036@kaori.syscall.net> hello gnutls dev-team, i was having trouble with mutt, gnutls and one of my imap-servers, so i decided to upgrade my mutt, libgcrypt and libgnutls. as i tried to compile gnutls i saw the following error messages: --- BEGIN MAKE OUTPUT --- gcc -DHAVE_CONFIG_H -I. -I. -I.. -g -O2 -O2 -fexpensive-optimizations -fomit-frame-pointer \ -pipe -c gnutls_compress_int.c -Wp,-MD,.deps/gnutls_compress_int.TPlo -fPIC -DPIC -o .libs/gnutls_compress_int.lo gnutls_compress_int.c: In function `gnutls_comp_deinit': gnutls_compress_int.c:88: warning: unreachable code at beginning of switch statement gnutls_compress_int.c:99: parse error before `int' gnutls_compress_int.c:142: warning: `return' with a value, in function returning void gnutls_compress_int.c:145: `compressed_size' undeclared (first use in this function) gnutls_compress_int.c:145: (Each undeclared identifier is reported only once gnutls_compress_int.c:145: for each function it appears in.) gnutls_compress_int.c:145: `max_comp_size' undeclared (first use in this function) gnutls_compress_int.c:146: `compressed' undeclared (first use in this function) gnutls_compress_int.c:147: warning: `return' with a value, in function returning void gnutls_compress_int.c:150: warning: `return' with a value, in function returning void make[2]: *** [gnutls_compress_int.lo] Error 1 make[2]: Leaving directory `/export/home/lxs/tmp/gnutls-0.3.92/lib' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/export/home/lxs/tmp/gnutls-0.3.92' make: *** [all] Error 2 --- END MAKE OUTPUT --- the problem was solved quickly and you may have already fixed it, but in case you haven't, i attached a tiny patch to this mail. btw my problems with mutt & gnutls were solved by the upgrade. pls cc to afh at syscall.de, since i'm not subscribed to any of the gnutls mailinglists, thanx. regards a. hildebrandt -- "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning." (Johannes Verelst) -------------- next part -------------- --- gnutls-0.3.92/lib/gnutls_compress_int.c Thu Mar 21 08:49:40 2002 +++ gnutls-0.3.92/lib/gnutls_compress_int.c Wed Mar 27 13:33:41 2002 @@ -75,8 +75,8 @@ int err; if (handle!=NULL) { - switch( handle->algo) { #ifdef HAVE_LIBZ + switch( handle->algo) { case GNUTLS_COMP_ZLIB: if (d) err = inflateEnd( handle->handle); From nmav at gnutls.org Thu Mar 28 10:49:01 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Thu Mar 28 10:49:01 2002 Subject: [gnutls-dev] typo in gnutls-0.3.92 In-Reply-To: <20020327145158.GA5036@kaori.syscall.net> References: <20020327145158.GA5036@kaori.syscall.net> Message-ID: <20020328094545.GC14658@gnutls.org> On Wed, Mar 27, 2002 at 03:51:58PM +0100, alexis hildebrandt wrote: > hello gnutls dev-team, > i was having trouble with mutt, gnutls and one of my imap-servers, so i > decided to upgrade my mutt, libgcrypt and libgnutls. as i tried to compile > gnutls i saw the following error messages: [...] > > the problem was solved quickly and you may have already fixed it, but in > case you haven't, i attached a tiny patch to this mail. > btw my problems with mutt & gnutls were solved by the upgrade. Thank you Alexis. I've just commited a fix for this in the cvs. > regards > a. hildebrandt -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org From nmav at gnutls.org Fri Mar 29 13:34:01 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Fri Mar 29 13:34:01 2002 Subject: [gnutls-dev] optimization issues Message-ID: <20020329123110.GA30666@gnutls.org> After two days of optimization in RSA and in the handshake procedure it seems gnutls' performance was dramatically increased. It is now comparable[0] to the speed of openssl[1]. The gnutls function graph, of a non blocking server is below. [0]. In the last test with the non blocking server, we were about 5% slower. [1]. The comparison against openssl, just because it is the only available free tls implementation (and it is really optimized). Total time spend in this processus is 352.675496 602 arc(s), 300 function(s) (300 shown, 0 hidden), 6 library(ies) total | local | total | local | # |function time | % | time | % | min | max | min | max | calls | name -------|-----|-------|-----|-------|-------|-------|-------|-------|-------- 156.80| 44.5| 139.44| 39.5| 0.05| 0.63| 0.05| 0.61| 2537| _gnutls_pk_decrypt 28.29| 8.0| 28.29| 8.0| 0.00| 0.18| 0.00| 0.18| 17750| _gnutls_io_write_buffered 37.45| 10.6| 21.67| 6.1| 0.00| 0.21| 0.00| 0.21| 618834| gnutls_free 14.32| 4.1| 10.84| 3.1| 0.00| 0.11| 0.00| 0.11| 98899| gnutls_hash_init 8.45| 2.4| 8.45| 2.4| 0.00| 0.09| 0.00| 0.09| 601737| gnutls_malloc 25.94| 7.4| 8.13| 2.3| 0.00| 0.10| 0.00| 0.10| 91284| gnutls_hash_deinit 7.31| 2.1| 7.31| 2.1| 0.00| 0.09| 0.00| 0.09| 606150| _gnutls_free 7.26| 2.1| 7.26| 2.1| 0.00| 0.10| 0.00| 0.10| 623931| _gnutls_is_secure_memory 6.63| 1.9| 6.63| 1.9| 0.00| 0.05| 0.00| 0.05| 261186| gnutls_hash 8.74| 2.5| 4.38| 1.2| 0.00| 0.12| 0.00| 0.12| 2537| _gnutls_supported_ciphersuites 4.79| 1.4| 4.34| 1.2| 0.00| 0.05| 0.00| 0.05| 5074| _gnutls_get_random 18.09| 5.1| 4.12| 1.2| 0.00| 0.10| 0.00| 0.02| 17750| _gnutls_compressed2TLSCiphertext 31.46| 8.9| 3.60| 1.0| 0.00| 0.10| 0.00| 0.08| 30422| gnutls_recv_int 3.52| 1.0| 3.44| 1.0| 0.00| 0.01| 0.00| 0.01| 32953| _gnutls_read 54.71| 15.5| 2.85| 0.8| 0.00| 0.18| 0.00| 0.02| 17750| gnutls_send_int 12.02| 3.4| 2.73| 0.8| 0.00| 0.05| 0.00| 0.05| 12681| _gnutls_ciphertext2TLSCompressed 26.09| 7.4| 2.63| 0.7| 0.00| 0.16| 0.00| 0.16| 20288| ssl3_md5 2.63| 0.7| 2.59| 0.7| 0.00| 0.05| 0.00| 0.05| 2537| _gnutls_retrieve_session 2.16| 0.6| 2.16| 0.6| 0.00| 0.02| 0.00| 0.02| 111572| gnutls_hash_get_algo_len 13.16| 3.7| 2.12| 0.6| 0.00| 0.10| 0.00| 0.02| 20288| ssl3_sha 10.75| 3.0| 1.92| 0.5| 0.00| 0.10| 0.00| 0.09| 10144| gnutls_mac_deinit_ssl3_handshake 4.19| 1.2| 1.91| 0.5| 0.00| 0.10| 0.00| 0.10| 50705| gnutls_secure_free 12.46| 3.5| 1.79| 0.5| 0.00| 0.10| 0.00| 0.02| 12674| gnutls_mac_deinit_ssl3 4.39| 1.2| 1.77| 0.5| 0.00| 0.05| 0.00| 0.04| 2537| _gnutls_server_restore_session 352.66|100.0| 1.65| 0.5| 352.66| 352.66| 1.65| 1.65| 1| main -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org