I use the following OpenSSL functions to verify the MACs of incoming TLS
messages:
HMAC_CTX_init()
HMAC_Init_ex()
HMAC_Update();
HMAC_Final();
HMAC_CTX_cleanup();
This works fine for most messages in an TLS stream, including handshakes,
alerts, and application data. It also
I have inherited some legacy OpenSSL code where the author uses the
following functions for decryption:
EVP_CIPHER_CTX_init()
EVP_CipherInit()
EVP_Cipher()
EVP_CIPHER_CTX_cleanup()
The code works fine but the second function (EVP_CipherInit) is obsolete and
the third function (E
How can I force s_server (and s_client) to use compression (DEFLATE)?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated Lis
When I use OpenSSL, valgrind reports the following:
==25690== 20 bytes in 1 blocks are still reachable in loss record 3 of 3
==25690==at 0x40053C0: malloc (vg_replace_malloc.c:149)
==25690==by 0x343021D: (within /lib/libcrypto.so.0.9.8e)
==25690==by 0x34308CE: CRYPTO_m
"Michael S. Zick" wrote in message
> The padding is added to the **plain text**
> After decryption, the server can determine the padding present.
I'm writing a server and I usually just call RSA_private_decrypt(...,
RSA_PKCS1_PADDING). Everything works fine most of the time but sometimes I
get
"Mounir IDRASSI" wrote in message
> To my knowledge, SSLV2, SSLV3 and TLS1.0 all use PKCS#1 Block Type 2
> padding.
Are you sure about this? I'm writing a server and I occasionally get the
error I reported; however, if what you are saying is true, the error may be
indicative of another probl
"Mounir IDRASSI" wrote in message ...
> You simply can't guess the padding mode if you don't know it in advance.
> Imagine the security consequences if this was possible : it would mean
> that an attacker can have information about the clear text without having
> access to the private key!!
O
I'm getting some memory leaks when I use OpenSSL. I was not able to get rid
of these leaks, even when I use EVP_cleanup() and ERR_free_strings() at the
end of my program.
Memory Leak 1. PEM_read_PrivateKey()
=
EVP_PKEY* key = PEM_read_PrivateKey(fp, N
How can I tell what the padding mode was before I attempt to decrypt data.
For example, when I use
RSA_private_decrypt(encsize,
encdata,
decdata,
privkey,
RSA_PKCS1_PADDING)
The TLS RFC specifies a PRF() function for the generation of the master
secret:
master_secret = PRF(pre_master_secret, "master secret",
ClientHello.random + ServerHello.random);
Does OpenSSL publish an interface to this function (PRF)?
On a similar note, doe
"Dr. Stephen Henson" wrote
in message news:20090822105817.ga...@openssl.org...
> Applications shouldn't access structures directly if that can be avoided.
> If
> functions exist to do what you want you should use those instead.
>
> Sometimes structures need to be changed over time and we would
I was looking at the OpenSSL source code and some open-source applications
using OpenSSL, and I came across functions like X509_get_issuer_name() and
X509_get_pubkey(), and macros like X509_extract_key(). These seem to be
very useful but I could not find them anywhere in the online OpenSSL
doc
I have a PEM-format server certificate that I need to convert to a binary
structure as defined in section 7.4.2. (Server Certificate) of RFC5246
(TLS v1.2).
Server certificate (in PEM format), residing as a
text file in the filesystem
|
13 matches
Mail list logo