Re: Difference in packet contents

2008-06-16 Thread jimmy bahuleyan
Vijay Kotari wrote: @DS Nicely put. So, if I was to try to decrypt/encrypt one of these messages, I would need the key and the iv and something else? Because if just the key and iv are sufficient to encrypt/decrypt the data, then how are the different encrypted messages generated for the same

Re: Difference in packet contents

2008-06-16 Thread Vijay Kotari
@DS Nicely put. So, if I was to try to decrypt/encrypt one of these messages, I would need the key and the iv and something else? Because if just the key and iv are sufficient to encrypt/decrypt the data, then how are the different encrypted messages generated for the same cleartext? On Tue, Jun

DTLS non-blocking mode support??

2008-06-16 Thread Yong Zhang
Hi, I have a program which is using DTLS blocking mode. And it works fine. But I need to change it to non-blocking mode to port it to my platform. Can openssl DTLS support this? I have tried to change the underlying sock to non-blocking mode. When the SSL_connect is called, I can see using ether

RE: openssl instead of xmlsec

2008-06-16 Thread David Schwartz
> Hi, > I've this command: > /usr/bin/xmlsec1 sign --privkey-pem DSAPrivateKey.pem > --pubkey-der DSAPublicKey.key --output out.xml.out in.xml > I'm not allowed to use xmlsec on my server, and i need to sign this xml > with only openssl. Is this possible? I'm not an expert on this by any mean

Dynamic Link Library.

2008-06-16 Thread Noesi, Manuel CIV (SPAWAR ITC)
Hi to all, In the install win32 of the openssl v. 0.9.8h GNU C (MinGW) part it reference to use the DLL instead the static libraries. Do you what file needs to be modified? Also, where you change the path of the Openssl.cnf ? Regards, Mr. Manuel B Noesi Space and Naval Warfare Systems Center, Ne

openssl instead of xmlsec

2008-06-16 Thread Roberto Basile
Hi, I've this command: /usr/bin/xmlsec1 sign --privkey-pem DSAPrivateKey.pem --pubkey-der DSAPublicKey.key --output out.xml.out in.xml I'm not allowed to use xmlsec on my server, and i need to sign this xml with only openssl. Is this possible? Bye

Re: subjectAltName cert generation confusion...

2008-06-16 Thread Ed W
Dr. Stephen Henson wrote: The CA.pl script is the recommended way to generate certificates and should make matters easier. You can use CA.pl to include subjectAltName. However you need a customised openssl.cnf file which you can point to using the OPENSSL_CONF environment variable or you could m

Re: subjectAltName cert generation confusion...

2008-06-16 Thread Ed W
I don't see how this is related to my question in the slightest? Ed W vinni rathore wrote: hi i m getting undefined symbol for my sample server program that is on linux. my program is using openssl apis. i have installed the openssl 0.9.8g version on the red hat machine everything got s

RE: Difference in packet contents

2008-06-16 Thread David Schwartz
> While observing some packet dump, I noticed that while sending > the same application data over twice, different packet dumps > were obtained in both cases. Good. > This was done in the same SSL session, so the connection keys > being used are all the same. Is this expected behavior or am I >

Re: [openssl-users] Re: Which datatype for passphrase?

2008-06-16 Thread Luc Perthuis
Steffen DETTMER wrote: (...) BTW, for passphrases to be entered by humans (without binary zeros inside) I think C-strings could be suited, the data type for some entry function could be `char *const passphrase' and for some function that uses it maybe `const char *const passphrase'. Is that right

Re: Please help: very urgent: Query on patented algorithms

2008-06-16 Thread Michael Sierchio
RC4 is owned (and trademarked) by RSA Security Inc, but they are no longer enforcing the patent, RC4 was never protected by patent, but by trade secret. When the details of the algorithm were published, Ron Rivest himself suggested calling the "alleged RC4" "ARCFOUR". It is indeed a tradema

Re: Linker errors on windows

2008-06-16 Thread Gerhard Gappmeier
I don't trust binary releases from third partys. You never know if there is a backdoor in it. Beside this I want to be able to update my dlls whenever there is a bugfix of OpenSSL. What we need is to fix that issues. Is it possible to deactivate the code parts that are referencing RC4? If not

Re: Please help: very urgent: Query on patented algorithms

2008-06-16 Thread Chris Clark
On 6/16/08, bagavathy raj <[EMAIL PROTECTED]> wrote: > Hi, > Is there any binary distribution where I can find SSL dlls without > patented algorithms like IDEA,MCD2,RC4,RC5 etc. I tried compiling > without them. I could exclude other algos but not RC4. Some linking > issues. So i need to know if th

Re: Linker errors on windows

2008-06-16 Thread bagavathy raj
I think we are sailing in the same boat. I hit into exactly the same problem.if you try compiling without disabling rc4. You will not get those linking errors. But if we want to exclude all patented algorithms, then we need to look for specific build releases without these algorithms. On 6/16/08,

Linker errors on windows

2008-06-16 Thread Gerhard Gappmeier
Hello I tried to deactivate patented algorithms that are mentioned in README, but I get unresolved externals linker errors. I'm building this way: set OPTS=no-asm perl Configure disable-idea disable-rc4 disable-rc5 disable-ntt disable-mdc2 VC-WIN32 perl util\mkfiles.pl >MINFO perl util\mk1mf.p

Re: Please help: very urgent: Query on patented algorithms

2008-06-16 Thread bagavathy raj
Hi, Is there any binary distribution where I can find SSL dlls without patented algorithms like IDEA,MCD2,RC4,RC5 etc. I tried compiling without them. I could exclude other algos but not RC4. Some linking issues. So i need to know if there is any ssl release without the patented algorithms. On 6/1

Re: Difference in packet contents

2008-06-16 Thread Kyle Hamilton
The only mode that should cause the same encrypted data to be sent twice in exactly the same manner is "ECB" -- Electronic Code Book. Because this has been recognized by cryptographers as being vulnerable to many different cryptographic analysis techniques, I am not aware of any SSL/TLS implementat

keyUsageSign bit in keyUsage extention

2008-06-16 Thread Ajay Gupta (akgupta)
Hi, I am using openssl and try to validate a self signed certificate where keyUsageSign bit in keyUsage extention is not set. Openssl is rejecting the certificate at TLS handshake time. I try to find does keyUsageSign bit in keyUsage extention, is required for a certificate to be used for signa

Re: Please help: very urgent: Query on patented algorithms

2008-06-16 Thread Mounir IDRASSI
Hi, Use the tool Dependency Walker (http://www.dependencywalker.com/) to look at the exported functions of libeay32.dll. If it exports RC5, you will see exported symbols starting with RC5. For MDC2, you'll find symbols starting with MDC2 and etc... Cheers, -- Mounir IDRASSI IDRIX http://www.idri

Re: [openssl-users] Re: Which datatype for passphrase?

2008-06-16 Thread Steffen DETTMER
* Konrad Kleine wrote on Fri, Jun 13, 2008 at 17:32 +0200: > One of our principles is to have only one exit point in > functions, so in this point we would agree with you. On the > other hand, it is also possible to do it without "goto"s. Yes, it is possible to `goto' without `gotos', sometimes th

Please help: very urgent: Query on patented algorithms

2008-06-16 Thread bagavathy raj
Hi, I have openssl dlls(i.e.libeay32.dll, ssleay32.dll). I need to know if these libaries are using any of the patented algorithms like IDEA, RC4, RC5,MDC2 etc. Can you please let me know if there is any way to find out this? Any help would be highly appreciated. Thanks in adavance, Bagavathy

Re: linking errors on linux........!

2008-06-16 Thread vinni rathore
Hi.. first of all thanx as I got success using -lssl option with my file but could you please give me the whole procedure that why the linking errors?? how to link with the Library it needed .. i think in linux it require Libcrypto.so and libssl.so.. please provide me the steps.. thnx in advance r

Fwd: Difference in packet contents

2008-06-16 Thread lakshmi prasanna
-- Forwarded message -- From: lakshmi prasanna <[EMAIL PROTECTED]> Date: Mon, Jun 16, 2008 at 6:06 PM Subject: Re: Difference in packet contents To: Vijay Kotari <[EMAIL PROTECTED]> Hi, You can find information on this page " http://developer.mozilla.org/en/docs/Introduction_to_S

Re: linking errors on linux........!

2008-06-16 Thread vinni rathore
Thnx for ur reply Mr. Vijay I have a question .. as there are two libraries in case of Windows : Libeay32.lib and SSLeay32.lib so the same libraries are for linux or something different in case of linux. Sorry for this basic question as i m very much new to Linux for openssl. Thnx and Regards, Vi

Re: UTF8 question

2008-06-16 Thread Dr. Stephen Henson
On Mon, Jun 16, 2008, Gerhard Gappmeier wrote: > Hi > > I can create certificates with UTF-8 Strings like this: > X509_NAME_add_entry_by_txt ( pName, "CN", MBSTRING_UTF8, ( unsigned char* ) > subject.commonName.toUtf8(), -1, -1, 0 ); > > But how can I read back entries in the same encoding? >

openvpn+openssl+gost

2008-06-16 Thread Alexey Eropkin
(sorry for my english) Hi all. I'd to try use openvpn+openssl+gost cipher, but I can't find any gost cipher in openssl (openssl ciphers) and openvpn (openvpn --show-ciphers). I dowloaded newest sources from cvs. -- Software is like sex, it is better when it's free

UTF8 question

2008-06-16 Thread Gerhard Gappmeier
Hi I can create certificates with UTF-8 Strings like this: X509_NAME_add_entry_by_txt ( pName, "CN", MBSTRING_UTF8, ( unsigned char* ) subject.commonName.toUtf8(), -1, -1, 0 ); But how can I read back entries in the same encoding? X509_NAME_get_text_by_NID does not return UTF-8 and I cannot fin

Re: Difference in packet contents

2008-06-16 Thread lakshmi prasanna
Hi, You mean you are using RSA for encryption??? Normally, this will not be the case. DHE-RSA is used for Key exchange and/or Authentication but nor for encryption. Just verify the Server Hello Message you received, it consists a string like DHE_RSA_WITH_. The "something" part indicates the Encryp

Re: Difference in packet contents

2008-06-16 Thread lakshmi prasanna
Hi, If you are using Stream Cipher or CBC mode block cipher, then the same application data will produce different encrypted data, since the two encryption (cipher) algorithms perform encryption using the previous block and current block (CBC mode block cipher) or previous stream data (Stream Ciph

Difference in packet contents

2008-06-16 Thread Vijay Kotari
Hi, While observing some packet dump, I noticed that while sending the same application data over twice, different packet dumps were obtained in both cases. This was done in the same SSL session, so the connection keys being used are all the same. Is this expected behavior or am I reading the pack

Re: linking errors on linux........!

2008-06-16 Thread Vijay Kotari
Hi, Based on what you have shared, I believe you didn't link the library files required. You should use the -lssl option for this. i.e. root #: gcc sample_file.c -lssl This is of course assuming that Openssl installed without any incident as you have said. Also, if this is the first time that yo

Re: linking errors on linux........!

2008-06-16 Thread karim Bendadda
Could you post the message given you by the compiler?? On Mon, Jun 16, 2008 at 9:51 AM, vinni rathore <[EMAIL PROTECTED]> wrote: > hi > i m getting undefined symbol for my sample server program that is on linux. > my program is using openssl apis. > i have installed the openssl 0.9.8g versio

linking errors on linux........!

2008-06-16 Thread vinni rathore
hi i m getting undefined symbol for my sample server program that is on linux. my program is using openssl apis. i have installed the openssl 0.9.8g version on the red hat machine everything got sucess but still getting the linking errors. steps that i followed: 1- config 2. make 3. make insta

Re: subjectAltName cert generation confusion...

2008-06-16 Thread vinni rathore
hi i m getting undefined symbol for my sample server program that is on linux. my program is using openssl apis. i have installed the openssl 0.9.8g version on the red hat machine everything got sucess but still getting the linking errors. steps that i followed: 1- config 2. make 3. make insta