PSK usage( RFC 4279) - examples and docs

2007-04-12 Thread mahendra 

Hi All.

I am looking for some docs which explain how to use PSK based SSL connection
( RFC 4279).
I tried executing the example apps, but they asked for certificates. My
understanding is that PSK based SSL connection does not require
certificates. Am I correct ? Where can I find exmaple implemtentation ? and
any relevant docs ?

Thanks
Mahendra

Re: [openssl.org #1504] Padding bug in 0.9.8d (Solaris 9, Sparc)

2007-04-12 Thread Stefan Neis via RT 
Nils Larsch via RT schrieb:
> 
> openssl doesn't support the type of padding 
 > (0x80, 0x00, 0x00, ...) you are using
 > (openssl only supports the padding described
 >  in pkcs7).

In that case, any idea why it does happen to
work with version 0.9.8? Assuming that wasn't
intended, it sure seems like a very strange
coincidence...

> Try decrypting it without padding (using the
 > EVP_CIPH_NO_PADDING flag) and remove the
 > padding yourself.

OK, will do. Thanks,

Stefan


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: How to Submit a patch

2007-04-12 Thread Lutz Jaenicke 
Nitin M wrote:
> Hi!
>
> Can anyone please tell me the correct way to submit a patch here, as I
> have never done that before on this list?
>
As stated somewhere on the website: submit it by email to [EMAIL PROTECTED]
Note: wrt SPAM protection this interface is moderated so there may be some
delay(*) before the request becomes public.

(*) delay being between minutes and several hours depending on when
I find the time to look into the queue of incoming requests.

Best regards,
Lutz
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #1504] Padding bug in 0.9.8d (Solaris 9, Sparc)

2007-04-12 Thread Nils Larsch via RT 
Stefan Neis via RT wrote:
> Nils Larsch via RT schrieb:
>> openssl doesn't support the type of padding 
>  > (0x80, 0x00, 0x00, ...) you are using
>  > (openssl only supports the padding described
>  >  in pkcs7).
> 
> In that case, any idea why it does happen to
> work with version 0.9.8? Assuming that wasn't
> intended, it sure seems like a very strange
> coincidence...

actually it was a coincidence :-) If you look at the old code
in crypto/evp/evp_enc.c

...
n=ctx->final[b-1];
if (n > b)
{
EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
return(0);
}
for (i=0; ifinal[--b] != n)
{

EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
return(0);
}
}
n=ctx->cipher->block_size-n;
for (i=0; ifinal[i];
*outl=n;

you can see that this code will always return 8 bytes (the block size)
if n (== ctx->final[b-1]) is 0, regardless of how many padding bytes were
actually added.

> 
>> Try decrypting it without padding (using the
>  > EVP_CIPH_NO_PADDING flag) and remove the
>  > padding yourself.
> 
> OK, will do. Thanks,

ok, I will close this ticket.

Nils


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]