Hi All, in SSL_shutdon finction there is a check on (handshake_func = 0). What is the purpose of this function (handshake_func) and when is it reset to NULL. Thanks & Regards, Lavanya Golla.
________________________________ From: Lavanya Golla (WT01 - TES-Enterprise Networks) Sent: Thu 6/14/2007 1:51 PM To: openssl-users@openssl.org; openssl-users@openssl.org Subject: RE: Urgent Help in regarding openssl library Hi, Thank you for the repsonse. But what can be the reason for bad key. Can it be that client encrypted with a different session key and the server is decrypting with another session's key. Mostly we are seeing this fault when fresh negotiation happens. Thanks & Regards, Lavanya Golla. ________________________________ From: [EMAIL PROTECTED] on behalf of Marek Marcola Sent: Thu 6/14/2007 1:34 PM To: openssl-users@openssl.org Subject: RE: Urgent Help in regarding openssl library Hello, > In continuation with the error we have motioned before we have the > below query:- > > If an SSL record has no padding bytes then how does openSSL handle it? If we are talking about block cipher used to establish SSL connection like DES or AES then padding is always used. When any side (client or server) wants to send some data to peer then first write MAC is calculated and appended to data, next padding is added to ensure that total length of data+mac+pad is multiple of cipher block size. After that, data+mac+pad is encrypted, SSL record header is added and all this is sent to peer. Peer should check that record data is multiple of cipher block size, decrypt record data, get last byte of decrypted data and treat this byte as a pad (which tells how many bytes to ignore from end of decrypted data). > Does openSSL consider it as bad padding? If record data is multiple of cipher block size then after decryption last byte of data is always treated as pad. If this byte is bigger then record data then we have bad padding. If this byte is bigger then cipher block size for SSL3 then we have bad padding. For TLS1 this byte (padding) may be up to 255. One more information: if your data+mac is already multiple of cipher block size then padding process adds next block with all bytes equal to block size. For example if you use DES (block size 8) and after adding mac you get 24 bytes of data then after padding you will have 32 bytes of data: |data+mac|0x08|0x08|0x08|0x08|0x08|0x08|0x08|0x08| But bad padding you may get for example when decryption is performed with bad key/iv. > In case openSSL handles this kindly mention us in which files of the > code we can find it? You may look at ssl/s3_pkt.c, ssl/s3_enc.c Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org <http://www.openssl.org/> User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com
