Hello, [EMAIL PROTECTED] wrote on 06/25/2008 07:25:12 AM:
> Hi, > I am using EVP_DecryptUpdate() and EVP_DecryptFinal_ex() to decrypt a > SSL packet that I have captured. The cipher that I am using AES256 and > I can read the application data in cleartext as a result. The problem > comes if the application data size > 8, which I think has something to > do with me using a block cipher. I can't seem to decrypt the data > then. Anyways, after inspecting the packet dumps, I realized that > sometimes I get fragmented packets. > For Example, > 17 03 01 00 20 85 99 2a 94 4d 0e 56 2c 81 bc fc > 4d c9 32 aa 85 46 90 02 6d 4e b6 c6 da 4b d9 82 > e9 ab cf 77 e7 17 03 01 00 20 76 68 51 17 9e 86 > d4 20 6e 31 3e 7a 96 17 d5 cd c0 ba 5c cd ba 11 > 2b 18 b1 8d d8 3c 15 3d e9 c7 > This is actually two packets that are using the SSL application > protocol, each of size 0x20 (The second packet starts on line 3, 6th > byte onwards). While decrypting, should both these packets be merged > together and hence treated as a single packet of size 0x40 or should > packet be processed separately. Since, we are using a block cipher of > size 256 bits(32 bytes), will it even make a difference? This two packets should be decrypted separately. You should look at this packet from SSL point of view, not TCP point of view. It is not important that you have this data in one TCP packet. >From the other hand this data may come to you with 20 TCP packets too. Merging this two packets may work for decryption but will break MAC (message authentication code) because when MAC is calculated implied message number is used. When you merge this packet - one packet will be lost in this calculation. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
