----- Original Message ----- From: "Fred Crable" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 07, 2003 4:12 PM Subject: RE: Estimating the packet overhead imposed by SSL.
> Far from trying to calculate the overhead, I would try finding the > lowest level function call to std::write or std::read and simply log the > bytes written/read :) A good starting point would be BIO_write > (crpyto/bio_lib.c) or SSL_write, then trace from there to find the write > system call. Same thing goes for read. It shouldn't be too hard to find > the std::read/write calls if you compile w/the -g flag. You could even > set a breakpoint in a simple program to try it (break write ;) Sorry, I don't have much knowledge of the SSL API's. So have to rely on the published Standards: According to http://www.ietf.org/rfc/rfc2246.txt, below is an example of calculating overhead: "Example: If the block length is 8 bytes, the content length (TLSCompressed.length) is 61 bytes, and the MAC length is 20 bytes, the length before padding is 82 bytes. Thus, the padding length modulo 8 must be equal to 6 in order to make the total length an even multiple of 8 bytes (the block length). The padding length can be 6, 14, 22, and so on, through 254. If the padding length were the minimum necessary, 6, the padding would be 6 bytes, each containing the value 6. Thus, the last 8 octets of the GenericBlockCipher before block encryption would be xx 06 06 06 06 06 06 06, where xx is the last octet of the MAC. " In the above example, I just replace the block length by 16 Bytes, and TLSCompressed.length is 144 Bytes (Input to SSL). Since I am using SHA1 as the MAC (20 bytes) + 1 Byte padding length, my length before padding is 165 bytes. To make it a multiple of 16 Bytes, i add either 11 Bytes or 27 Bytes or so on, thus giving a data of either 176, 192 and 208 Bytes. Add to this the protocol version (1Byte), Content Type (1B) and Length (2B). thus we can have either 180, 196 or 212 Bytes However, I observe, using a packet sniffer (ethereal), that the SSL layer produces an output of 202 bytes (in all my experiments) for input of 144 bytes. Am I missing some fields somewhere? Thanks for any hekp, Shashank > > Fred Crable > -----Original Message----- > From: Shashank Khanvilkar [mailto:[EMAIL PROTECTED] > Sent: Monday, July 07, 2003 12:05 PM > To: [EMAIL PROTECTED] > Subject: Estimating the packet overhead imposed by SSL. > > > Is there any way (or document) in which i can estimate the packet > overhead added by SSL. > Assume that i am sending 100 bytes of data (with no compression), using > some symmetric cipher (say aes-128-cbc). In this case, how many more > bytes of overhead will be introduced by the SSL layer (I guess the > record layer). > (I will appreciate if someone can provide a breakup). > > Will reading the SSLv3 spec help me in this (i tried to read it here > http://wp.netscape.com/eng/ssl3/draft302.txt > , but it seems that the draft has expired).. > Any help is appreciated. > Shashank > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
