I am using the traffic obtained from s_server and s_client sample programs and the keys that have been negotiated by both the programs to decrypt the encrypted traffic between the two. That would mean that I am using TCP. Also, I am running them under the CBC mode.
Vijay K. On Wed, Jun 25, 2008 at 11:35 AM, Julian <[EMAIL PROTECTED]> wrote: > It's hard to approach this without knowing the mode of operation you are > running CBC, OFB, CTR? Also are you using UDP with varying packet sizes? > > Julian > > > On Jun 24, 2008, at 10:25 PM, Vijay Kotari wrote: > > Hi, >> I am using EVP_DecryptUpdate() and EVP_DecryptFinal_ex() to decrypt a >> SSL packet that I have captured. The cipher that I am using AES256 and >> I can read the application data in cleartext as a result. The problem >> comes if the application data size > 8, which I think has something to >> do with me using a block cipher. I can't seem to decrypt the data >> then. Anyways, after inspecting the packet dumps, I realized that >> sometimes I get fragmented packets. >> For Example, >> 17 03 01 00 20 85 99 2a 94 4d 0e 56 2c 81 bc fc >> 4d c9 32 aa 85 46 90 02 6d 4e b6 c6 da 4b d9 82 >> e9 ab cf 77 e7 17 03 01 00 20 76 68 51 17 9e 86 >> d4 20 6e 31 3e 7a 96 17 d5 cd c0 ba 5c cd ba 11 >> 2b 18 b1 8d d8 3c 15 3d e9 c7 >> This is actually two packets that are using the SSL application >> protocol, each of size 0x20 (The second packet starts on line 3, 6th >> byte onwards). While decrypting, should both these packets be merged >> together and hence treated as a single packet of size 0x40 or should >> packet be processed separately. Since, we are using a block cipher of >> size 256 bits(32 bytes), will it even make a difference? >> >> >> Thanks and Regards, >> Vijay Kotari >> > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] >
