OpenSSL Question, Elliptic Curve Cryptography (ECC) TLS
How do I verify the modulus of an openssl Elliptic Curve Cryptography (ECC) private key? If this were RSA, I would run: openssl x509 -noout -modulus -in certificateFileName.crt | openssl md5 openssl rsa -noout -modulus -in privateKeyFileName.key | openssl md5 openssl req -noout -modulus -in csrFileName.csr | openssl md5 But it's not RSA, so I don't know. I created my private key and CSR by running: openssl ecparam -genkey -text -name secp521r1 -out example-ecc.key openssl req -new -key example-ecc.key -sha256 -out example-ecc.csr
Re: OpenSSL Question, Elliptic Curve Cryptography (ECC) TLS
On Mon, Mar 31, 2014 at 01:15:47PM -0600, Landen Landens wrote: How do I verify the modulus of an openssl Elliptic Curve Cryptography (ECC) private key? Elliptic curve keys don't have a modulus, that's a property of RSA keys. If this were RSA, I would run: openssl x509 -noout -modulus -in certificateFileName.crt | openssl md5 openssl rsa -noout -modulus -in privateKeyFileName.key | openssl md5 openssl req -noout -modulus -in csrFileName.csr | openssl md5 Try: openssl x509 -noout -pubkey -in ... | openssl pkey -pubin -outform DER | openssl dgst -sha1 openssl pkey -pubout -outform DER -in ... | openssl dgst -sha1 openssl req -noout -pubkey -in ... | openssl pkey -pubin -outform DER | openssl dgst -sha1 This computes the digest of the DER form of the SubjectPublicKeyInfo (SPKI) of the certificate public key, actual public key and CSR for comparison. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
openssl question
I am trying to write an application that uses OpenSSL to decrypt a RSA encrypted secretkey using the privatekey in a smartcard. I am tring to use commandline to do this but I can't load the PKCS11 engine and do decryption on the same commandline. The PKCS11 engine unloads everytime OpenSSL exits. Anybody has a solution or workaround to this problem? Thanks. -- View this message in context: http://www.nabble.com/openssl-question-tp25447487p25447487.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
openssl question on Network Security with OpenSSL book example
Hello,
Took the client and server code from the Network
Security with OpenSSL chapter 5. Built the server and
client code non-secure. This part worked like a charm.
Having a problem building the secure version. I'm
using Windows VC++ and windows and attempting to use
the 5.5 client. I would like to know where the
client.pem file and the function provided
seed_prng appears to use a unix /dev/random what do
I use for windows?
I attempted to use the client.pem file that the
openssl-0.9.8e provides. It failed to load the
certificate. Is that a valid certificate to use?
Much appreciate any help in advance on this.
Thanks,
Garyc
SSL_CTX * setup_client_ctx(void)
{
SSL_CTX * ctx;
ctx = SSL_CTX_new(SSLv23_method());
if
(SSL_CTX_use_certificate_chain_file(ctx,CERTFILE) !=
1)
printf(Error loading certificate file!);
if
(SSL_CTX_use_PrivateKey_file(ctx,CERTFILE,SSL_FILETYPE_PEM)!=1)
printf(Error loading private key file!);
printf(Successful!);
return ctx;
}
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: openssl question on Network Security with OpenSSL book example
Hello,
Running Windows and built using VC++.
I have discovered that my SSL_CTX * is null
when attempting to call:
SSL_CTX * ctx = SSL_CTX_new(SSLv23_client_method());
why would this happen? Its a little confusing it
builds fine.
Thanks,
Garyc
SSL_CTX * ctx =
--- gary clark [EMAIL PROTECTED] wrote:
Hello,
Took the client and server code from the Network
Security with OpenSSL chapter 5. Built the server
and
client code non-secure. This part worked like a
charm.
Having a problem building the secure version. I'm
using Windows VC++ and windows and attempting to use
the 5.5 client. I would like to know where the
client.pem file and the function provided
seed_prng appears to use a unix /dev/random what
do
I use for windows?
I attempted to use the client.pem file that the
openssl-0.9.8e provides. It failed to load the
certificate. Is that a valid certificate to use?
Much appreciate any help in advance on this.
Thanks,
Garyc
SSL_CTX * setup_client_ctx(void)
{
SSL_CTX * ctx;
ctx = SSL_CTX_new(SSLv23_method());
if
(SSL_CTX_use_certificate_chain_file(ctx,CERTFILE) !=
1)
printf(Error loading certificate file!);
if
(SSL_CTX_use_PrivateKey_file(ctx,CERTFILE,SSL_FILETYPE_PEM)!=1)
printf(Error loading private key file!);
printf(Successful!);
return ctx;
}
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: openssl question on Network Security with OpenSSL book example
Hello,
After performing the following:
SSL_CTX * ctx = SSL_CTX_new(SSLv23_client_method());
Huh! Dumped the result of theh failure and errorcode.
The ctx value is:
ctx=0x0
OPENSSL_Uplink(100EA000,07): no OPENSSL_Applink
The above failure of ERR_print_errors_fp(stderr);
Could somebody be so kind to enlighten me on what I'm
doing wrong?
Thanks,
Garyc
--- gary clark [EMAIL PROTECTED] wrote:
Hello,
Running Windows and built using VC++.
I have discovered that my SSL_CTX * is null
when attempting to call:
SSL_CTX * ctx = SSL_CTX_new(SSLv23_client_method());
why would this happen? Its a little confusing it
builds fine.
Thanks,
Garyc
SSL_CTX * ctx =
--- gary clark [EMAIL PROTECTED] wrote:
Hello,
Took the client and server code from the Network
Security with OpenSSL chapter 5. Built the server
and
client code non-secure. This part worked like a
charm.
Having a problem building the secure version. I'm
using Windows VC++ and windows and attempting to
use
the 5.5 client. I would like to know where the
client.pem file and the function provided
seed_prng appears to use a unix /dev/random what
do
I use for windows?
I attempted to use the client.pem file that the
openssl-0.9.8e provides. It failed to load the
certificate. Is that a valid certificate to use?
Much appreciate any help in advance on this.
Thanks,
Garyc
SSL_CTX * setup_client_ctx(void)
{
SSL_CTX * ctx;
ctx = SSL_CTX_new(SSLv23_method());
if
(SSL_CTX_use_certificate_chain_file(ctx,CERTFILE)
!=
1)
printf(Error loading certificate file!);
if
(SSL_CTX_use_PrivateKey_file(ctx,CERTFILE,SSL_FILETYPE_PEM)!=1)
printf(Error loading private key file!);
printf(Successful!);
return ctx;
}
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: openssl question on Network Security with OpenSSL book example
Did you call SSL_library_init(),SSL_load_error_strings(), etc.?
gary clark [EMAIL PROTECTED] wrote: Hello,
After performing the following:
SSL_CTX * ctx = SSL_CTX_new(SSLv23_client_method());
Huh! Dumped the result of theh failure and errorcode.
The ctx value is:
ctx=0x0
OPENSSL_Uplink(100EA000,07): no OPENSSL_Applink
The above failure of ERR_print_errors_fp(stderr);
Could somebody be so kind to enlighten me on what I'm
doing wrong?
Thanks,
Garyc
--- gary clark wrote:
Hello,
Running Windows and built using VC++.
I have discovered that my SSL_CTX * is null
when attempting to call:
SSL_CTX * ctx = SSL_CTX_new(SSLv23_client_method());
why would this happen? Its a little confusing it
builds fine.
Thanks,
Garyc
SSL_CTX * ctx =
--- gary clark wrote:
Hello,
Took the client and server code from the Network
Security with OpenSSL chapter 5. Built the server
and
client code non-secure. This part worked like a
charm.
Having a problem building the secure version. I'm
using Windows VC++ and windows and attempting to
use
the 5.5 client. I would like to know where the
client.pem file and the function provided
seed_prng appears to use a unix /dev/random what
do
I use for windows?
I attempted to use the client.pem file that the
openssl-0.9.8e provides. It failed to load the
certificate. Is that a valid certificate to use?
Much appreciate any help in advance on this.
Thanks,
Garyc
SSL_CTX * setup_client_ctx(void)
{
SSL_CTX * ctx;
ctx = SSL_CTX_new(SSLv23_method());
if
(SSL_CTX_use_certificate_chain_file(ctx,CERTFILE)
!=
1)
printf(Error loading certificate file!);
if
(SSL_CTX_use_PrivateKey_file(ctx,CERTFILE,SSL_FILETYPE_PEM)!=1)
printf(Error loading private key file!);
printf(Successful!);
return ctx;
}
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
-
Bored stiff? Loosen up...
Download and play hundreds of games for free on Yahoo! Games.
Re: openssl question on Network Security with OpenSSL book example
Hello,
I managed to get past the problem of loading the
certificate:
I am now calling the below:
if
(SSL_CTX_use_PrivateKey_file(ctx,CERTFILE,SSL_FILETYPE_PEM)!=1)
{
ERR_print_errors_fp(stderr);
printf(Error loading private key file!);
}
I see the following error:
error:0906D06C:PEM routines:PEM_read_bio:no start
line.\crypto\pem\pem_lib.c647 Expecting: ANY PRIVATE
KEY
I must apologise for any inconvenience on this in
advance. I'm just learning to crawl at the moment.
Thanks,
Garyc
--- gary clark [EMAIL PROTECTED] wrote:
My Bad. I missed the SSL_library_init() call.
Sorry.
Thanks,
Garyc
--- david kine [EMAIL PROTECTED] wrote:
Did you call
SSL_library_init(),SSL_load_error_strings(),
etc.?
gary clark [EMAIL PROTECTED] wrote: Hello,
After performing the following:
SSL_CTX * ctx =
SSL_CTX_new(SSLv23_client_method());
Huh! Dumped the result of theh failure and
errorcode.
The ctx value is:
ctx=0x0
OPENSSL_Uplink(100EA000,07): no OPENSSL_Applink
The above failure of ERR_print_errors_fp(stderr);
Could somebody be so kind to enlighten me on what
I'm
doing wrong?
Thanks,
Garyc
--- gary clark wrote:
Hello,
Running Windows and built using VC++.
I have discovered that my SSL_CTX * is null
when attempting to call:
SSL_CTX * ctx =
SSL_CTX_new(SSLv23_client_method());
why would this happen? Its a little confusing it
builds fine.
Thanks,
Garyc
SSL_CTX * ctx =
--- gary clark wrote:
Hello,
Took the client and server code from the
Network
Security with OpenSSL chapter 5. Built the
server
and
client code non-secure. This part worked like
a
charm.
Having a problem building the secure version.
I'm
using Windows VC++ and windows and attempting
to
use
the 5.5 client. I would like to know where the
client.pem file and the function provided
seed_prng appears to use a unix /dev/random
what
do
I use for windows?
I attempted to use the client.pem file that
the
openssl-0.9.8e provides. It failed to load the
certificate. Is that a valid certificate to
use?
Much appreciate any help in advance on this.
Thanks,
Garyc
SSL_CTX * setup_client_ctx(void)
{
SSL_CTX * ctx;
ctx = SSL_CTX_new(SSLv23_method());
if
(SSL_CTX_use_certificate_chain_file(ctx,CERTFILE)
!=
1)
printf(Error loading certificate file!);
if
(SSL_CTX_use_PrivateKey_file(ctx,CERTFILE,SSL_FILETYPE_PEM)!=1)
printf(Error loading private key file!);
printf(Successful!);
return ctx;
}
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
-
Bored stiff? Loosen up...
Download and play hundreds of games for free on
Yahoo! Games.
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: openssl question on Network Security with OpenSSL book example
Hello,
I loaded the key file into the SSL_CTX and that
appeared to work i.e client.key. Is this correct?
I used the book and thought that CERTFILE,client.pem
was being used in the
function:SSL_CTX_use_PrivateKey_file.
if
(SSL_CTX_use_PrivateKey_file(ctx,CERTFILE,SSL_FILETYPE_PEM)!=1)
{
ERR_print_errors_fp(stderr);
printf(Error loading private key file!);
}
Thanks,
Garyc
--- gary clark [EMAIL PROTECTED] wrote:
Hello,
I managed to get past the problem of loading the
certificate:
I am now calling the below:
if
(SSL_CTX_use_PrivateKey_file( if
(SSL_CTX_use_PrivateKey_file(ctx,CERTFILE,SSL_FILETYPE_PEM)!=1)
{
ERR_print_errors_fp(stderr);
printf(Error loading private key file!);
}
I see the following error:
error:0906D06C:PEM routines:PEM_read_bio:no start
line.\crypto\pem\pem_lib.c647 Expecting: ANY
PRIVATE
KEY
I must apologise for any inconvenience on this in
advance. I'm just learning to crawl at the moment.
Thanks,
Garyc
--- gary clark [EMAIL PROTECTED] wrote:
My Bad. I missed the SSL_library_init() call.
Sorry.
Thanks,
Garyc
--- david kine [EMAIL PROTECTED] wrote:
Did you call
SSL_library_init(),SSL_load_error_strings(),
etc.?
gary clark [EMAIL PROTECTED] wrote:
Hello,
After performing the following:
SSL_CTX * ctx =
SSL_CTX_new(SSLv23_client_method());
Huh! Dumped the result of theh failure and
errorcode.
The ctx value is:
ctx=0x0
OPENSSL_Uplink(100EA000,07): no OPENSSL_Applink
The above failure of
ERR_print_errors_fp(stderr);
Could somebody be so kind to enlighten me on
what
I'm
doing wrong?
Thanks,
Garyc
--- gary clark wrote:
Hello,
Running Windows and built using VC++.
I have discovered that my SSL_CTX * is null
when attempting to call:
SSL_CTX * ctx =
SSL_CTX_new(SSLv23_client_method());
why would this happen? Its a little confusing
it
builds fine.
Thanks,
Garyc
SSL_CTX * ctx =
--- gary clark wrote:
Hello,
Took the client and server code from the
Network
Security with OpenSSL chapter 5. Built the
server
and
client code non-secure. This part worked
like
a
charm.
Having a problem building the secure
version.
I'm
using Windows VC++ and windows and
attempting
to
use
the 5.5 client. I would like to know where
the
client.pem file and the function provided
seed_prng appears to use a unix
/dev/random
what
do
I use for windows?
I attempted to use the client.pem file that
the
openssl-0.9.8e provides. It failed to load
the
certificate. Is that a valid certificate to
use?
Much appreciate any help in advance on this.
Thanks,
Garyc
SSL_CTX * setup_client_ctx(void)
{
SSL_CTX * ctx;
ctx = SSL_CTX_new(SSLv23_method());
if
(SSL_CTX_use_certificate_chain_file(ctx,CERTFILE)
!=
1)
printf(Error loading certificate file!);
if
(SSL_CTX_use_PrivateKey_file(ctx,CERTFILE,SSL_FILETYPE_PEM)!=1)
printf(Error loading private key file!);
printf(Successful!);
return ctx;
}
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
-
Bored stiff? Loosen up...
Download and play hundreds of games for free on
Yahoo! Games.
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
=== message truncated ===
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Basic OpenSSL Question
I am considering OpenSSL for a project and needed some quick info. Does the OpenSSL crypto library support AES? Which modes? From the on-line documentation on the website this does not appear to be the case (http://www.openssl.org/docs/crypto/crypto.html), but of course typing openssl ciphers returns results including various forms of AES. But I wasn't sure if this reflected support in the library itself when not used for SSL/TLS. If the OpenSSL crypto library does not support AES, any suggestions for similarly licensed libraries that do? Can anybody provider a pointer to example code, etc., on using the OpenSSL crypto library? good books on the subject? Regards, Richard M. Conlan __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Basic OpenSSL Question
This message (http://www.mail-archive.com/openssl-users@openssl.org/msg29864.html) at least suggests that CTR mode actually is supported? All I can really find are threads basically saying Yup, AES is in there but without any useful followup. =( ~RMC On 9/22/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I asked a similar question and got no answer. In fact, my question wasn't even posted. (Maybe I am doing something wrong.) Anyway, it appears that some modes are available, but the ones I am looking for, CTR, CWC, and GCM are not supported. Check out http://fp.gladman.plus.com for AES and the aforementioned cipher modes. Alan -Original Message- From: [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Fri, 22 Sep 2006 1:20 PM Subject: Basic OpenSSL Question I am considering OpenSSL for a project and needed some quick info. Does the OpenSSL crypto library support AES? Which modes? From the on-line documentation on the website this does not appear to be the case (http://www.openssl.org/docs/crypto/crypto.html), but of course typing openssl ciphers returns results including various forms of AES. But I wasn't sure if this reflected support in the library itself when not used for SSL/TLS. If the OpenSSL crypto library does not support AES, any suggestions for similarly licensed libraries that do? Can anybody provider a pointer to example code, etc., on using the OpenSSL crypto library? good books on the subject? Regards, Richard M. Conlan __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Basic OpenSSL Question
The underlying code includes the following modes: AES_ecb_encrypt AES_cbc_encrypt AES_cfb128_encrypt AES_cfb1_encrypt AES_cfb8_encrypt AES_ofb128_encrypt AES_ctr128_encrypt So CTR is in, but CWC and GCM are not. Steven Pauly Pitney Bowes GMS This email message may contain confidential, proprietary and/or privileged information. It is intended only for the use of the intended recipient(s). If you have received it in error, please immediately advise the sender by reply email and then delete this email message. Any disclosure, copying, distribution or use of the information contained in this email message to or by anyone other than the intended recipient is strictly prohibited. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to the views of the Company. Thank you. Richard Conlan [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 09/22/2006 02:15 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject Re: Basic OpenSSL Question This message (http://www.mail-archive.com/openssl-users@openssl.org/msg29864.html) at least suggests that CTR mode actually is supported? All I can really find are threads basically saying Yup, AES is in there but without any useful followup. =( ~RMC On 9/22/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I asked a similar question and got no answer. In fact, my question wasn't even posted. (Maybe I am doing something wrong.) Anyway, it appears that some modes are available, but the ones I am looking for, CTR, CWC, and GCM are not supported. Check out http://fp.gladman.plus.com for AES and the aforementioned cipher modes. Alan -Original Message- From: [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Fri, 22 Sep 2006 1:20 PM Subject: Basic OpenSSL Question I am considering OpenSSL for a project and needed some quick info. Does the OpenSSL crypto library support AES? Which modes? From the on-line documentation on the website this does not appear to be the case (http://www.openssl.org/docs/crypto/crypto.html), but of course typing openssl ciphers returns results including various forms of AES. But I wasn't sure if this reflected support in the library itself when not used for SSL/TLS. If the OpenSSL crypto library does not support AES, any suggestions for similarly licensed libraries that do? Can anybody provider a pointer to example code, etc., on using the OpenSSL crypto library? good books on the subject? Regards, Richard M. Conlan __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection. __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
OpenSSL question
Hi OpenSSL work for VPN and cryptography softwares? i need an answer Thank you! Adrian Chelar Home : [EMAIL PROTECTED] Office : [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL question
On Sat, Jul 02, 2005 at 03:48:16PM +0300, Adrian Chelar wrote: OpenSSL work for VPN and cryptography softwares? i need an answer The short answer is 42. The long is answer is that you need to ask a more concrete/detailed question. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: RE : Enveloped data structure created by openssl question
On Mon, Sep 22, 2003, BP wrote:
Well, sorry, the RFC fragment was uncomplete, so my understanding.
My only question is then :
What stands OCTET STRING (16 bits long) for, when cont[0] really
contains the encrypted bytes ?
SEQUENCE
OBJECT : pkcs7-data
SEQUENCE
OBJECT : aes-128-cbc
OCTET STRING
cont[0]
RFC 3369 says:
EncryptedContentInfo ::= SEQUENCE {
contentType ContentType,
contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }
EncryptedContent ::= OCTET STRING
The second SEQUENCE (containing aes-128-cbs and the OS) is the
contentEncryptionAlgorithm field. It obeys the standards for the
AlgorithmIdentifier for 128 bit AES in CBC mode. That is the OCTET STRING
(which should be 16 bytes not 16 bits) is the IV.
Steve.
--
Dr Stephen N. Henson.
Core developer of the OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED], PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: zlib double free bug and openssl question.
Reading the posting from Lutz Jaenicke saying that if OpenSSL is not specifically compiled with zlib then it won't have zlib compiled in, then can anyone explain if you don't compile OpenSSL with zlib why it still contains the string zlib many times within libcrypto.a? Thanks for any insight anyone can give into this. strings libcrypto.a Request error: class file/memory mismatch COMP_zlib ZLIB zlib compression c_zlib.o/ 997457715 6789 390 100644 2044 ` COMP_zlib c_zlib.c /dir1/subdir/openssl-0.9.6b/crypto/comp; /dir2/lang/SUNWspro/bin/../WS6/bin/cc -I.. -I../../include -KPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -DMD5_ASM -c c_zlib.c -W0,-xp c_zlib.c zlib_method COMP_zlib Thanks, Lenny Miceli __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
zlib double free bug and openssl question.
I've tried to search the archives/bug reports/faq's and didn't find any definitive answers on the zlib Double Free Bug CERT's Advisory CA-2002-07 issue. Does openssl v0.9.6b or above have this issue? I know if you do a stings on libcrypto.a you find zlib alot, so I assume somehow the zlib library is used in crypto/comp/c_zlib.c or somewhere. Thanks for any help you can give me. Please mail me directly since I'm not on this list. Thanks for your time and help, Lenny Miceli __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: zlib double free bug and openssl question.
On Mon, Jun 03, 2002 at 04:01:38PM -0400, Lenny Miceli wrote: I've tried to search the archives/bug reports/faq's and didn't find any definitive answers on the zlib Double Free Bug CERT's Advisory CA-2002-07 issue. Does openssl v0.9.6b or above have this issue? I know if you do a stings on libcrypto.a you find zlib alot, so I assume somehow the zlib library is used in crypto/comp/c_zlib.c or somewhere. Thanks for any help you can give me. If not explicitely selected, OpenSSL is not compiled with zlib-support. And even if it would be compiled in, it won't be used by default, unless an application enables it. I am not aware of any publicly available application using zlib functionality inside OpenSSL. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: zlib double free bug and openssl question.
Date sent: Tue, 4 Jun 2002 19:45:55 +0200 From: Lutz Jaenicke [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject:Re: zlib double free bug and openssl question. Organization: BTU Cottbus, Allgemeine Elektrotechnik Send reply to: [EMAIL PROTECTED] I know of several public applications that uses zlib with OpenSSL. Probably more that I don't know about. In general, anything that uses SSL enabled telnet can make use of the OpenSSL zlib feature. Ken On Mon, Jun 03, 2002 at 04:01:38PM -0400, Lenny Miceli wrote: I've tried to search the archives/bug reports/faq's and didn't find any definitive answers on the zlib Double Free Bug CERT's Advisory CA-2002-07 issue. Does openssl v0.9.6b or above have this issue? I know if you do a stings on libcrypto.a you find zlib alot, so I assume somehow the zlib library is used in crypto/comp/c_zlib.c or somewhere. Thanks for any help you can give me. If not explicitely selected, OpenSSL is not compiled with zlib- support. And even if it would be compiled in, it won't be used by default, unless an application enables it. I am not aware of any publicly available application using zlib functionality inside OpenSSL. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] Cottbus.DE http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl- [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] _ Support InterSoft International, Inc. Voice: 888-823-1541, International 281-398-7060 Fax: 888-823-1542, International 281-560-9170 [EMAIL PROTECTED] http://www.securenetterm.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OpenSSL Question
I would like to abstract the SSL communications through 2 pipe[] fd's under win32 where I plan on reading the read side of the pipes and then Handling all network connectivity myself. I tried using SSL_set_rfd()/SSL_set_wfd() but I still couldn't get it to write communications when I issued a SSL_connect(). Is it possible to do this using only SSL_set_?fd() calls or do I need to setup a BIO, and if so.. Which type of BIO? Any/all help would be greatly appreciated. -SB __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
101-OpenSSL question..
Hi expert guys,.. :) I'm starting a class project which requires handling a packet after encryption it, and before transmi it to the IP layer. I want toto add a header and modify the current IP address of the packet. The steps -- in summery -- are as follow: ** 1- Packet encryption. (I have nothing to do with it) -- 2-My work: Geta packet. Add my own header information to it. Modify the IP address. Pass it to the next layer. -- 3-Send it to TCP/IP layer for transmit (I have nothing to do with it too) ** So I need your help to step me in the first step of this project, I need to know from where to start. I download the OpenSSL project, and I found 1500 files ,,!!! So would you mindpointing me out to the files that I should start modifying and playing with. Any information is valuable to me and appreciated :) Thanks alot. Dave.
Re: 101-OpenSSL question..
On Mon, 24 Dec 2001 [EMAIL PROTECTED] wrote: Hi expert guys,.. :) I'm starting a class project which requires handling a packet after encryption it, and before transmi it to the IP layer. I want to to add a header and modify the current IP address of the packet. The steps -- in summery -- are as follow: ** 1- Packet encryption. (I have nothing to do with it) -- 2- My work: Get a packet. Add my own header information to it. Modify the IP address. Pass it to the next layer. -- 3- Send it to TCP/IP layer for transmit (I have nothing to do with it too) Theese 3 steps could be done with IPSec, tunnel (subnet-to-subnet) mode. Please consider to install FreeSWAN to handle IP packets. good luck, Vadim ** So I need your help to step me in the first step of this project, I need to know from where to start. I download the OpenSSL project, and I found 1500 files ,,!!! So would you mind pointing me out to the files that I should start modifying and playing with. Any information is valuable to me and appreciated :) Thanks alot. Dave. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: 101-OpenSSL question..
Simple but stupidWhy dont you just capture packets coming into a boxon the lower levels of the osi, modify the packet and send to the higher levels of the osi.. Why do you need to use OpenSSL Let us know .. give me some more hints.. Regards, Matthew Smith (MCSE,CNE,CCNA,CCIE) TigerNET Pty Ltd : -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, 25 December 2001 6:22 PM To: [EMAIL PROTECTED] Subject: 101-OpenSSL question.. Hi expert guys,.. :) I'm starting a class project which requires handling a packet after encryption it, and before transmi it to the IP layer. I want toto add a header and modify the current IP address of the packet. The steps -- in summery -- are as follow: ** 1- Packet encryption. (I have nothing to do with it) -- 2-My work: Geta packet. Add my own header information to it. Modify the IP address. Pass it to the next layer. -- 3-Send it to TCP/IP layer for transmit (I have nothing to do with it too) ** So I need your help to step me in the first step of this project, I need to know from where to start. I download the OpenSSL project, and I found 1500 files ,,!!! So would you mindpointing me out to the files that I should start modifying and playing with. Any information is valuable to me and appreciated :) Thanks alot. Dave.
