Re: SSL_CTX_new() failing when i try to do connect the server third time.

Hello, # openssl errstr 140A90F1 error:140A90F1:SSL routines:SSL_CTX_new:unable to load ssl2 md5 routines Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 04/22/2013 06:00:37 PM: > Venkataragavan Vijayakumar > Sent by: owner-openssl-us...@openssl.org > >

Re: RFC 2246

l+seed" in main code. Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 04/12/2013 06:36:49 PM: > Sergei Gerasenko > Sent by: owner-openssl-us...@openssl.org > > 04/12/2013 08:14 PM > > Please respond to > openssl-users@openssl.org > > To

Re: RFC 2246

Hello, Output from attached code: admin# ./mcl_tls1_PRF 0x8b 0x13 0xc7 0x58 0xc3 0x4f 0x99 0x3a 0x18 0x7d 0x29 0x45 0xed 0x5b 0x69 0x1d Best Regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 04/11/2013 09:48:51 PM: > Sergei Gerasenko > Sent by: owner-open

Re: Fw: Question on enhancing OpenSSL logs

Hello, This looks like declaration mismatch, you should send more info (used compilers, environment), maybe simple test code. Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 05/21/2012 02:52:15 PM: > grajapra...@inautix.co.in > Sent by: owner-open

Re: Question on enhancing OpenSSL logs

and at library initialization set this callback: /* callback for connection information on SSL/TLS session negotiation */ SSL_CTX_set_info_callback(ctx, ssl_connection_info_cb); Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 05/16/2012 05:15:40 PM: > kthiru...@i

Re: Are those TLS-SRP cipher suites supported?

Hello, $ openssl version OpenSSL 1.0.0 29 Mar 2010 $ openssl ciphers -V Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 05/13/2012 12:57:40 PM: > Krzysztof Jercha > Sent by: owner-openssl-us...@openssl.org > > 05/14/2012 01:46 PM > > Please re

RE: Looking for (easy) help.

Hello, Do not pad with spaces, look at: http://en.wikipedia.org/wiki/Padding_%28cryptography%29 Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 05/11/2012 11:08:52 PM: > > Sent by: owner-openssl-us...@openssl.org > > 05/11/2012 11:11 PM > >

Re: Looking for (easy) help.

> enc.bin # openssl aes-256-cbc -in enc.bin -K 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F -iv 000102030405060708090A0B0C0D0E0F -d marek I other words, when you prepare source buffer for excryption you shoud manualy pad this data. Best regards, -- Marek Marcola own

Re: ECC generate public key with given private key

key dG = d*G using chosen EC curve. Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 04/14/2012 12:32:22 PM: > opensshelpmeplz > Sent by: owner-openssl-us...@openssl.org > > 04/15/2012 02:24 PM > > Please respond to > openssl-users@openssl.org

Re: "no shared cipher"

Hello, Maybe there is library initialization problem, try to add: SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 04/06/2012 07:06:22 PM: > crk > Sent by: owner-openssl-us...@openssl.org > > 04/0

Re: "no shared cipher"

is 2048 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher: RC4-SHA Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 04/06/2012 06:17:38 PM: > crk > Sent by: owner-o

Re: AES-256 Implementation and OpenSSL

plementation is good for learning but not in real life. Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 04/02/2012 05:09:57 PM: > Theodore Tolstoy > Sent by: owner-openssl-us...@openssl.org > > 04/02/2012 05:11 PM > > Please respond to > opens

Re: How to do encryption using AES in Openssl

with value 8). After decryption "remove" last 8 bytes (filed with value 8). For printf() you may fill this last 8 bytes to 0. Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 03/29/2012 04:02:17 PM: > Prashanth kumar N > Sent by: owner-openssl-us...@open

Re: How to do encryption using AES in Openssl

Hello, Maybe attached simple example will help. Use: # gcc -o evp_enc evp_enc.c -lcrypto # cat /etc/group | ./evp_enc Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 03/28/2012 09:02:59 AM: > Prashanth kumar N > Sent by: owner-openssl-us...@openssl.org >

Re: OpenSSL 1.0.1 handshake timeout

Hello, Try some test connections: # openssl s_client -connect hostname:443 -debug -msg # openssl s_client -connect hostname:443 -debug -msg -bugs Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 03/28/2012 06:02:01 PM: > James Earl > Sent by: owner-open

Re: How to do encryption using AES in Openssl

/Block_cipher_modes_of_operation Example of using AES_cbc_encrypt() attached (pay attension of block padding). Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 03/28/2012 09:01:25 AM: > Prashanth kumar N > Sent by: owner-openssl-us...@openssl.org > > 03/28/2

Re: SSL error: SSL error code 336151528 (a seemingly rare error/bug?)

Hello, $ echo "obase=16;336151528" | bc 140943E8 $ openssl errstr 140943E8 error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000) Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 03/27/2012 01:09:56 AM: > Blake Mizerany > Sent by: owner-openssl-u

Re: Query in "EVP_PKEY_cmp" for a particular value of ".crt" and ".key"

Hello, I'm sure you know that but just to remind: After sending to the list the output of command: $ openssl rsa -in server.key -text -noout you can not use this key (and certificate) for production. Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 03/23/2012

Re: Query in "EVP_PKEY_cmp" for a particular value of ".crt" and ".key"

. You may also test this files using simple openssl ssl server: 1) Run server on one terminal $ openssl s_server -accept 1212 -key key.pem -cert crt.pem -debug -msg 2) Connect to server from another terminal $ openssl s_client -connect localhost:1212 -debug -msg Best regards, -- Mar

Re: Query in "EVP_PKEY_cmp" for a particular value of ".crt" and ".key"

DA7E70FC2E2149FC00481816650E799AAEC... and check if output maches. Best regards, -- Marek Marcola __ OpenSSL Project http://www.openssl.org User Support Mailing List

Re:Re: How to retrieve error about private key loading.

Hello, Agree, or even: SSL_load_error_strings(); Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 02/25/2011 03:10:45 PM: > lzyzizi > Sent by: owner-openssl-us...@openssl.org > > 02/25/2011 03:13 PM > > Please respond to > openssl-user

Re: How to retrieve error about private key loading.

Hello, Maybe you may try something like this: int log_err(void) { char buf[256]; u_long err; while ((err = ERR_get_error()) != 0) { ERR_error_string_n(err, buf, sizeof(buf)); printf("*** %s\n", buf); } Best regards, -- Marek Marcola owner-openssl-us...@openssl

RE: RSA_private_decrypt without e and d

routines:RSA_EAY_PRIVATE_DECRYPT:internal error You can experiment. Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 02/24/2011 10:30:17 PM: > "Shaheed Bacchus (sbacchus)" > Sent by: owner-openssl-us...@openssl.org > > 02/24/2011 10:32 PM > > Please respond to > op

RE: RSA_private_decrypt without e and d

Hello, Remember, you do not need to recover this parameters to decrypt message. Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 02/24/2011 05:19:30 PM: > "Shaheed Bacchus (sbacchus)" > Sent by: owner-openssl-us...@openssl.org > > 02/24/201

Re: RSA_private_decrypt without e and d

Hello, Try to disable RSA blinding with: RSA_blinding_off(new_key); before RSA_private_decrypt(). Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 02/24/2011 03:46:53 AM: > "Shaheed Bacchus (sbacchus)" > Sent by: owner-openssl-us...@openssl.org

Re: RSA_private_decrypt without e and d

) dmq1= d mod (q?1) iqmp = q^?1 mod p you have recomputed. You do not need d on the receiving site if you have this parameters. Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 02/24/2011 05:48:19 AM: > Victor Duchovni > Sent by: owner-openssl-us...@openssl.org &

Re: Secure Command Line MAC Computation

is in the proper format already. admin# echo 100 > /tmp/p.txt admin# sleep `cat /tmp/p.txt` & [1] 21988 admin# ps -ef | grep sleep | grep -v grep root 21988 3150 0 22:29 pts/0 00:00:00 sleep 100 Best regards, -- Marek Marcola

Re: hash chaine

Hello, Use RAND_bytes(). This function uses hashes for you. Best regards, -- Marek Marcola owner-openssl-us...@openssl.org wrote on 02/26/2009 07:59:14 PM: > hello > i want to create a some random values (N values )using SHA1, ( like lamport > authentication protocol) > how c

Re: Which version of SSL is supported in OpenSSL 0.9.7e

Hello owner-openssl-us...@openssl.org wrote on 02/19/2009 08:30:04 PM: > We are using OpenSSL 0.9.7e and would like to know if it supports SSL 3.0? Yes. Best regards, -- Marek Marcola __ OpenSSL Proj

Re: build openSSL for an embedded system without an OS

pt() some BN files needed for Montgomery method may are not required (bn_mont.c). The most complicated part is to properly define header files depending on you platform architecture (8bit/16bit/32bit). Best regards, -- Marek Marcola _

Re: how to trace aes quickly?

> And Nk*round# keys are also produced well in it. > But how about Nb, the number of column in state? > (in 128, 192 and 256 bits block plaintext, the Nb, column# of state is 4,6,8.) Yes, but AES implementation used in OpenSSL supports only 128 bit block (16 bytes). So, in this impl

Re: Installation Steps for OpenSSL on AIX Unix

1.tar.Z | tar xvf - # installp -ac -Y -d /var/tmp/sw/openssl all Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openssl.org User Support Mailing List

RE: .der to .crt file conversion

sl x509 -in crt.pem -text -noout $ openssl x509 -in crt.pem -outform der -out crt.der $ openssl x509 -in crt.der -inform der -text -noout Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project

Re: How to use a hardware RNG with openssl?

for /dev/urandom and to call genrsa as > > openssl genrsa -rand /dev/qrandom 2048 ? > > I am not shure about the role of /dev/urandom: does it deliver a > (pseudo) random number or the salt for the PRNG? Salt (32 bytes) for the PRNG Best regards

Re: OpenSSL support for RFC2898 / PBKDF2

written to the buffer specified in out, and will have the length > specified by keylen? Yes, example attached. > What is the meaning of the int that this function returns? This function always returns 1. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> pkcs5.c Description: Binary data

Re: OpenSSL support for RFC2898 / PBKDF2

nd doesn't give a clue as to > which openssl function should be used to derive a key in a compliant way. > > Does openssl support RFC2898, and if so, what function should I be > looking at? PKCS5_PBKDF2_HMAC_SHA1() Bes

Re: Creating RSA key from given prime numbers

utable) this is not possible. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@opens

Re: Decrypting Fragmented packets

its not important if your key is proper or not. But when you call EVP_DecryptFinal_ex() at the end of decryption you get error because this function checks proper last block padding. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __

Re: Decrypting Fragmented packets

data may come to you with 20 TCP packets too. Merging this two packets may work for decryption but will break MAC (message authentication code) because when MAC is calculated implied message number is used. When you merge this packet - one packet will be lost

Re: R: From RSA to string and compare problem

g character if required - only at end of data) As you see, there can not be '-' character inside base64 encoded data. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project

Re: From RSA to string and compare problem

l or not. > >> > > What about just reading your .pem file with simple read() to char table > > and send this to server ? > > > > Best regards, > > -- > > Marek Marcola <[EMAIL PROTECTED]> > > > >

Re: How-To encrypt using rsautl ??

k1.c:151: With 2048 bit key (256 bytes) you may encrypt max 256-11 bytes of data (11 bytes for PKCS1). Because of this RSA encryption is not use for encryption whole files but for encryption symmetric keys (for AES or DES) that encrypt files wit

Re: From RSA to string and compare problem

s a > rsa public key from another pem file and return, comparing keys, is are > egual or not. What about just reading your .pem file with simple read() to char table and send this to server ? Best regards, -- Marek Ma

Re: Difference in packet contents

ion). So, in case of Finised packet, record layer puts handshake header and data, add MAC and PAD, encrypt this, encapsulate encrypted data with 5 byte protocol header and sent to peer: protocol_header, {handshake_header,handshake_data,MAC,PAD} ^^ ENCRYPTED ^^^^^^^

Re: Difference in packet contents

after ChangeCipherSpec should use encryption, this is something like switch witch turn on encryption. So, Finished packet should be decrypted before analysed. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL P

Re: OPENSSL Problem

library:fopen:No such file or directory Best regards, -- Marek Marcola <[EMAIL PROTECTED]>

RE: ldaps client and oracle internet directory

after sending client_hello, server do not accept some data in this packet. With SSLv2/v3 client in reality sends SSL2 client_hello and this may not be acceptable by server. You may add "-ssl3" or "-tls1" flags to use exactly one of this protocol (without SSL2 client_hell

Re: ldaps client and oracle internet directory

0003) > 24664:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake > failure:s23_clnt.c:562: Try to add "-debug -msg -state" flags to this command to get more verbose output. Best regards, -- Marek Marcola <[EMAIL PROTECTED]>

Re: Need help on OpenSSL error

yption side. You may use NO PADDING and look at decrypted data to check that this data looks reasonable or not. You should consider also that data encrypted with private key may by decrypted by anyone with public key (if pu

Re: Help with UNICODE md5...

xt I get: $ openssl md5 < /tmp/zz.txt 611af9d8272a34478514927b922f53b6 after reading this line to ZZ variable: $ ZZ=`cat /tmp/zz.txt` $ echo $ZZ | openssl md5 611af9d8272a34478514927b922f53b6 but when printing ZZ without new line: $ echo -n $ZZ | openssl md5 8

Re: newbie: problem + RSA

not "char *" - use -Wall at compile time and look at any warnings like "passing argument 2 of ‘RSA_sign’ differ in signedness" - do not use strlen() on signatures, signatures are binary data, not strings - you can not create RSA signature from 160 bit hash using 128 bit RSA key. - add SSL_load_error_strings() and SSL_library_init(). Best regards, -- Marek Marcola <[EMAIL PROTECTED]> :��I"Ϯ��r�m (Z+�K�+1���x��h[�z�(Z+���f�y���f���h��)z{,���

Re: No error messages on Linksys Openwrt

object header hp8510# openssl errstr 0D07803A error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project

RE: Building OpenSSL without Crypto Support

orithms may come from other source. You may use some other library (gmp for RSA or IPP for RSA/EC/AES) ... You may use your customer crypto library ... You may use some crypto hardware ... In this case you do not need any software algorithms which comes with OpenSSL. Best regards, -- Marek Marcola

Re: d2i_DSAPrivateKey defination

m --print-file-name *.o | grep d2i_DSAPrivateKey dsa_asn1.o:01c0 T d2i_DSAPrivateKey $ gcc -E dsa_asn1.c | grep d2i_DSAPrivateKey Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __

Re: s_client GET request

\nConnection: Keep-Alive\r\nAccept: */*\r\n" > > > It would have any other apps I can do this test? You may use "wget" (with ssl support compiled in) instead. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __

Re: question about RSA in openSSL

^^ This can not be satisfied and loop can not end. if(!BN_GENCB_call(cb, 2, n++)) goto err; } Best regards, -- Marek Marcola <[EMAIL PROTECTED]> _

Re: DER encoding SubjectPublicKeyInfo

ed in one byte as: ASN_CLASS_UNIVERSAL | ASN_TYPE_CONSTRUCTED | ASN_OBJECT_SEQUENCE where: ASN_CLASS_UNIVERSAL = 0x00 ASN_TYPE_CONSTRUCTED = 0x20 ASN_OBJECT_SEQUENCE = 0x10 which gives you 0x30 Best regards, -- Marek Marcola <[EMAIL PROTECTED]> _

Re: Public key from a x509v3 certificate

t; I get (from a conversion to hexadecimal thanks to : cout << setw(2) << > setfill('0') << right << hex << (int) key->data[c]; ) > 30:82:01:0A:02:82:01:01:___the_public_key___:02:03:01:00:01 > > How can i get only the

Re: Can PEM_read_RSAPublicKey() load public key from private key ?

Hello, > One thing I will conform you is " we can not get public key from a private key ". I do > not remember where i studied , but it is true. > So do not try to get a public key from private key. This is not true. Best regards, -- Marek Marcol

Re: Hash input and output

ytes before end instead of end of md1). Use memcpy, does not relay of strlen() on such data too. > SHA1(&m1, str len(&m1), m2); > > I don't know why the output of the second SHA1 is not the same when I > run the program several times. But I think the problem is in the m1 > storing, but I don't know how to resolve that. Best regards, -- Marek Marcola <[EMAIL PROTECTED]>

Re: Hash input and output

e its output to the C, I > don't get the expected output. > > Did I miss something? Expression above looks good, but there is too little information of real implementation to say something reasonable. Best regards,

Re: SSL_connect failing with error -1

to do the https, but for the time i want > to test my client & server people are working of the certificate, so that will be sorted > out in meantime. Try something like: SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); Be

Re: SSL_connect failing with error -1

return (0); } instead of one call to ERR_error_string(). In OpenSSL you have stack of errors and you should print them all. Next errors may be more informative. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL P

Re: Problem with SSL_CTX_use_certificate_ASN1

3FF1A7F2D5CE798B993E01CCEBB697687FFB40697601A813250170892A6C2932CFF92497DAED843715DB3E5C1 > 543:d=1 hl=2 l= 65 prim: INTEGER > :F63374004B31D79C5B13BBADB1E4F18784ACE883A74DEDE041E0926838A4D7C2A92D96FAD5A4E4024EF47D562A3614F23E46158036302A5FC00631A80EA468F8 Ok. So we have correct RSA

Re: Problem with SSL_CTX_use_certificate_ASN1

;SSL_CTX_use_PrivateKey_ASN1() > OR >SSL_CTX_use_certificate_ASN1() Yes, indeed. According to OP second function works (after conversion). But first function has bad key type specified. I think that output from command: $ openssl asn1parse -in pekey.der -inform der may be very helpful in this case. Best regards, -- Marek Marcola <[EMAIL PROTECTED]>

Re: Problem with SSL_CTX_use_certificate_ASN1

> > It worked. > > > > > > Does anybody have any ideas what is wrong with > > SSL_CTX_use_PrivateKey_ASN1 ? > > Try EVP_PKEY_RSA for RSA key instead of SSL_FILETYPE_ASN1. > > Is the OP's file a private key or an X.509 certificate? Line: fp = f

Re: SSL_connect failing with error -1

; err != SSL_ERROR_WANT_WRITE) > { soap_set_sender_error(soap, soap_ssl_error(soap, r), "SSL connect failed in > tcp_connect()", SOAP_SSL_ERROR); > soap->fclosesocket(soap, fd); > return SOAP_INVALID_SOCKET;****** My program is return

Re: Problem with SSL_CTX_use_certificate_ASN1

e any ideas what is wrong with SSL_CTX_use_PrivateKey_ASN1 ? Try EVP_PKEY_RSA for RSA key instead of SSL_FILETYPE_ASN1. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project h

RE: CRYPTO_add_lock() segmentation fault (core dump included)

gt; > CRYPTO_set_locking_callback(NULL); > CRYPTO_set_id_callback(NULL); > > for (i = 0; i < CRYPTO_num_locks(); i ) { > pthread_mutex_destroy(&mutex_buf[i]); > } Maybe chan

Re: What is wrong with this code?

ENCRYPT); > > std::cout << "aes::encrypt_file: Writing..." << std::endl; > > out.write((char *)fbuf_out, len); > } > } Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ___

Re: openssl performance

; numbers on this too? I plan to use one of - In general: use AES instead of DES3, its faster. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openssl.org User

Re: Salted password generation/digest

lication developer can pass a password and as a result he becomes a password of the specified length". Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openss

Re: 3DES encryption how to

e using 3DES algorithm i m confused > which is the way to go ..using ciphers EVP apis like EVP_des_ede3_cbc() or built in > custom functions like DES_ede3_cbc_encrypt() Use EVP with EVP_des_ede3_cbc() - high level API. DES_ede3_cbc_encrypt() is low level API Best regards, -- Mar

Re: SHA support

ter transformations) is truncated to 224 bytes. SHA384 uses the same algorithm as SHA512 but with different init constants witch initiates 8 64-bit state variables and output (8 64-bit state variables after transformations) is truncated to 384 bytes. Best regards, -- Marek Marcola <[EMAIL PRO

Re: What scenario will cause openssl can't send "client hello" request?

L library messages). Establishing tcp connection is one thing while initializing OpenSSL library, creating client_hello packet is another. Log files may answer your question. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> _

Re: SHA support

SSL3/TLS1 will work fine. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org A

Re: Problems about how to store private key safely

the pass phrase protected private key, is it possible for other > persons to steal and decrypt that key. > > Or do you have more feasible ways to implement it? Smartcards. Best regards, -- Marek Marcola <[EMAIL PROTECTED]>

Re: Salted password generation/digest

t; > And finally is there a public interface where an application developer > can pass a password and as a result he becomes a password of the > specified length? Try: PKCS5_PBKDF2_HMAC_SHA1() Best regards, -- Marek Marcola <[EMAIL PROTECTED]> _

Re: querry about content of the RSA key file

. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org A

Re: Problem in openssl Master key Generation

ons, use SSL3 or TLS1. SSL2 client_hello may be used for negotiations SSL3 or TLS1 (only one handshake packet). Best regards, -- Marek Marcola <[EMAIL PROTECTED]>

Re: Doubt about the PKCS5_PBKDF2_HMAC_SHA1() function

nput, should i receive the same result on both sides? Yes. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openssl.org User Support Mailing List

RE: cipher algorithms

n call. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated

Re: cipher algorithms

s both? Key exchange method is dependent of chosen ciphersuite. Look at: $ openssl ciphers -v Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.o

Re: Help regarding error

> p192.c:(.text+0x3e): undefined reference to `BN_new' > p192.c:(.text+0x5c): undefined reference to `BN_set_word' > p192.c:(.text+0x71): undefined reference to `PEM_write_DHparams' > collect2: ld returned 1 exit status Add -lcrypto to gc

Re: OpenSSL client through proxy

Hello, > I have to connect to my OpenSSL server through proxy server. How can I establish this connection? Establish tcp connection through proxy (connect, socks5, transparent, reverse or any other) and next run SSL on this tcp connection. Best regards, -- Marek Marcola <[EMAIL PRO

Re: No Shared Cipher

ans you may execute: $ openssl ciphers -v ALL or to test what "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH" means: $ openssl ciphers -v 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' and next you may build your own ciphers list. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> _

Re: OpenSSL Error

2001: unresolved external symbol [EMAIL PROTECTED] > digestclient.obj : error LNK2001: unresolved external symbol [EMAIL > PROTECTED] > digestclient.obj : error LNK2001: unresolved external symbol [EMAIL > PROTECTED]

Re: How to use the HMAC() function

example for ascii compare or so. (from performance point of view sprintf() should be replaced with simple function which covert byte to hex form). Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project

Re: OpenSSL trusted root store

y application/system. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> :��I"Ϯ��r�m (Z+�K�+1���x��h[�z�(Z+���f�y���f���h��)z{,���

Re: generating CSR

erprise linux 5/openssl 0.9.8b-8 Add -new option to "openssl req ..." command. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openssl.org User S

Re: footprint of openssl

n this is practically not possible (or very complicated) and result may be not satisfied. All what you may try is to use some defines to disable some crypto algorithms. Look at source code for NO_ preprocessor definitions. Best regards, -- Marek Marcola <[EMA

Re: i2d_ASN1_INTEGER definition in src code

e): $ pwd /tmp/openssl-0.9.8g $ find . -name "*.o" -exec nm -o --defined-only {} \; | grep d2i_ASN1_INTEGER ../crypto/asn1/tasn_typ.o:1060 T d2i_ASN1_INTEGER $ cd ./crypto/asn1/ $ gcc -E tasn_typ.c | grep d2i_ASN1_INTEGER | indent Best regards, -- Marek Marcola <[EMAIL PROTECTE

Re: Problem with encrypting using ofb

es-ofb -in c:\Openssl\Test_ofb_data.txt -in > c:\o > penssl\encrypted_data.enc -k/-iv > 0123456789abcdef0123456789abcdef/1234567890abcd > ef - 8 > unknown option '-k/-iv' Try: ... -k 0123456789abcdef0123456789abcdef -iv 1234567890abcd ... Be

Re: enc-aes-cbc and enc-aes-ecb

et. > Using the salt would be an added benefit. Look at PKCS#5 document (especially PBKDF2 function), this function is implemented in OpenSSL as PKCS5_PBKDF2_HMAC_SHA1() function. Best regards, -- Marek Marcola <[EMAIL PROTECTED]>

Re: key & iv generation?

ation. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Auto

Re: OpenSSL wants to read on connection?

tate_string_long(ssl)); } if (type & SSL_CB_ALERT) { log_tra("tls_alert: %s:%s: %s", type & SSL_CB_READ ? "read" : "write", SSL_alert_type_string_long(val), SSL_alert_desc_string_

Re: openssl server + smart card

nd to you by server with certificate. > > You may use smartcard if TLS server requires client verification, then > > your (client) private key from smartcard is used to prove your identity. > > > > Best reg

Re: openssl server + smart card

smartcard is used to prove your identity. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-

Re: install openssl from source while rpm is their on RHEL 4

VERSION, for example: --prefix=/usr/local/openssl-0.9.8g Then, feature/past versions may be installed in its own directory and you be able to switch between them. Best regards, -- Marek Marcola <[EMAIL PROTECTED]>

Re: install openssl from source while rpm is their on RHEL 4

move any of the libraries which the previous server has installed ? or will > it install all components inside --prefix directory. "make install" will install libraries inside --prefix Best regards, -- Mar

  1   2   3   4   5   6   7   8   >