Re: Problem after removing memory leak

Wockenfuß wrote: Hi all, I have written a class in C++ to easily access functions from OpenSSL from our products. In the constructor of my class I do the following lines of code: threadSetup(); OpenSSL_add_all_digests(); OpenSSL_add_all_ciphers(); OpenSSL_add_a

Re: openssl performance

raj H wrote: Thanks Marek for your comments! [snip] I am sorry these questions are really vague and not of challenge for the technical personals. But I believe these are the questions any solution developer or openssl user would have. Isn't the OpenSSL publishes any numbers? Have you tr

Re: CRYPTO_add_lock() segmentation fault (core dump included)

Ion Scerbatiuc wrote: Thank you for your reply! I didn't find any refferences to CRYPTO_set_add_lock_callback() in openssl man pages nor the meaning of this functions/callbacks. I didn't understand what does CRYPTO_add_lock () do. CRYPTO_add_lock() does atomic additions (or subtractions). It

Re: CRYPTO_add_lock() segmentation fault (core dump included)

jimmy bahuleyan wrote: Ion Scerbatiuc wrote: Thank you for your reply! I didn't find any refferences to CRYPTO_set_add_lock_callback() in openssl man pages nor the meaning of this functions/callbacks. I didn't understand what does CRYPTO_add_lock () do. CRYPTO_add_lock() d

Re: SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option...

Prabhu S wrote: Hi, The client is configured with SSLv3_client_method. *ctx = SSL_CTX_new(SSLv3_client_method());* Whenever the client tries to connect to server with any CBC ciphers like DES-CBC3-SHA, the SSL handshake is successful but when the client tries to send data to server,say 1

Re: DH Prime Question

Bernhard Froehlich wrote: Julian schrieb: Hi, I am working on an application that is both a client and a server. The DH prime is stored in the binary for the server. Since the Server will exists inside the Client is there a considerable risk of embedding the DH p into the code? The alternativ

Re: DH Prime Question

Julian wrote: My fear is that get a hold of P will allow for someone else to use it to start a protocol disassembly. For instance anyone could create a DHE-RSA-AES256-SHA TLS server and use P to listen for connections, of course if would have to have a cert signed by CA to proceed even if they

Re: Content processing function of d2i_RSAPrivateKey

Shanku Roy wrote: I have tried following: crypto/rsa > nm --print-file-name *.o | grep d2i_RSAPrivateKey 33:rsa_asn1.o:00ec T d2i_RSAPrivateKey crypto/rsa > gcc -E rsa_asn1.c | grep d2i_RSAPrivateKey rsa_asn1.c:60:22: cryptlib.h: No such file or directory 3249:RSA *d2i_RSAPrivateKey(RSA **a

Re: Use ssh-format key

Jameson "Chema" Quinn wrote: I have a public key in the following format: ssh-dss B3NzaC1kc3MAAACBANp8I4YOSRlhoLGkHzRL1n0oOyrZUpJwxAv2nYgfeFtCxGT1V3S5yPchB/eQhOlh2qsRD9C85FFQPhIIoGhcFObQ8JApDhGC7Ry/9rU+kygRMvc5QwKR2nmGHb2S8NV8GwqAZXfYCM9IEwErS8BY+H0PGzJtBXw926fwz7YgJmZLFQCzrVxVqen0ZQ08E

Re: Use ssh-format key

Jameson "Chema" Quinn wrote: Jameson "Chema" Quinn wrote: I have a public key in the following format: ssh-dss B3NzaC1kc3MAAACBANp8I4YOSRlhoLGkHzRL1n0oOyrZUpJwxAv2nYgfeFtCxGT1V3S5yPchB/eQhOlh2qsRD9C85FFQPhIIoGhcFObQ8JApDhGC7Ry/9rU+kygRMvc5QwKR2nmGHb2S8NV8GwqAZXfYCM9IEwErS8BY+H

Re: Parsing counter signatures - HELP - (UPDATED)

Massimiliano Ziccardi wrote: I'm sure OpenSSL is able to parse more than one counter signature per signature. Can pleas some OpenSSL expert tell me how to do it? I think the code I sent in the previous e-mail should be close to the solution. I just need to know how to get the other counter si

Re: Unable to resolve the OpenSSL functions while linking

[EMAIL PROTECTED] wrote: Hi, I am using the OpenSSL 0.9.7g 11 Apr 2005 on solaris machine for one appliacation.We are porting the same application to the Redhat Linux (Linux tam1 2.4.21-27.ELsmp #1 SMP ). We successfully deployed the above openssl version in the linux box.And we successfully

Re: matching keys

Brian Smith wrote: I'm attempting to write a C function to match a private key to either it's corresponding public key or certificate for both RSA and DSA algorithms. At this point, I have the keys loaded into their corresponding RSA and DSA structures. From here, what parameter checks are nec

Re: Unable to resolve the OpenSSL functions while linking

[EMAIL PROTECTED] wrote: Hi Jimmy, Yes,We linked the sharedlibraries libssl and libcrypto while building. This is how my Makefile looks like = LINUX_TARGET =libxauthn.so LINUX_LIBS =-lpthread -lpdxauthn -lpdxauthnutils -lpdauthzn LINUX_CFLAGS =-I.

Re: Difference in packet contents

Vijay Kotari wrote: @DS Nicely put. So, if I was to try to decrypt/encrypt one of these messages, I would need the key and the iv and something else? Because if just the key and iv are sufficient to encrypt/decrypt the data, then how are the different encrypted messages generated for the same

Re: i2d_DSAPublicKey

Hi, Edward Chan wrote: > When I call this function, I can see from the generated binary data that > the format is the public key, followed by the P param, followed by 3 > bytes which I don't know what they are, followed by the Q param, > followed by the G param. > You have got an ASN.1 DER encod

Re: Problems with SSL_read() - SSL_ERROR_SYSCALL

Hi, Arun Singarajipura wrote: > Hi All, > > we are working on client - server architecture. We are using openssl for > communication. > My problem is that - while transferring data, SSL_read() always fails (after > transferring few KB of data). > The follwoing error is returned - > -

Re: Multiples read with ssl

Lidia Fernández wrote: > Hello all! > > I'm working with xsupplicant (Open1x) and i have a problem with SSL. > By default, xsupplicant waits a message with 1.000 bytes, but i have > modificated this because i need a messages with 10.000 bytes or more. > > Before: > rc=SSL_read(mytls_vars->ssl,

Re: Problems with SSL_read() - SSL_ERROR_SYSCALL

Arun Singarajipura wrote: > Hi, > > Thanks for the reply. > > I used WSAGetLastError() just after SSL_read() and the result of this is > "*Read failed with error 10054: An existing connection was forcibly closed > by the remote host."* well if the remote side is also your code, you could try deb

Re: What my SSL_CTX_get_timeout() does not work?

Hi, Ian jonhson wrote: > Hi, > > I wrote a function to fetch the lifetime (expire time) of a > certificate. But it seems not to work right. > I think you've misunderstood what SSL_CTX_get_timeout() does. This timeout is the SSL session timeout which lets you decide how long an SSL session can s

Re: What my SSL_CTX_get_timeout() does not work?

Ian jonhson wrote: > Thank you for your answering. > >> I think you've misunderstood what SSL_CTX_get_timeout() does. This >> timeout is the SSL session timeout which lets you decide how long an SSL >> session can stay in cache before it becomes non-resumable. The openssl >> manual pages have suff

Re: rsa key generation issue/question

Patrick Parsons wrote: > Hello, > I have noticed when generating rsa keys that the first 10 digits or so are > identical or nearly identical. Is this normal or is something wrong? Does > this issue occur for anyone else? could you post the bytes that you're referring to. (my guess is that it's t

Re: How to create an open-ssl executable file?

Ines Alvarez wrote: > Hi all, > > I searched in the site and I couldn´t find an executable of the files, they > are all source code > > Is there any website where I can download this executable file, or a > tutorial telling the instructions to compile the code? download source code & read the fi

Re: Problem handling unexpected SSL shutdown

Shaw Graham George wrote: > Hi, > > We have an application that provides HTTPS, either as client or server, > for our customers. At the moment I am doing some testing between our > client and our server, as a result of a problem with one of our > customers, and there is a particular sequence of e

Re: Problem handling unexpected SSL shutdown

jimmy bahuleyan wrote: > Shaw Graham George wrote: >> Hi, >> >> We have an application that provides HTTPS, either as client or server, >> for our customers. At the moment I am doing some testing between our >> client and our server, as a result of a problem

Re: Regarding OpenSSL communication

Suchindra Chandrahas wrote: > Thanks a lot Marek! > > I was making mistake at: > > 16 - SSL3/TLS1 handshake packet (was not including this) > > Now i understood the whole process completely, thanks to your guidance!. > If there is any document or any such thing that has such details, > it woul

Re: leaking ?

kris vandercapellen wrote: > Hi, > > I have been working on a httpsd for the past week. > > It does the following : > > StartupThreads are getting a incomming connection, create a > SSL_new(ctx), create a BIO_new(BIO_s_socket()), BIO_set_fd, and > SSL_set_bio. Then they SSL_accept(ssl), and SSL_

Re: leaking ?

kris vandercapellen wrote: > Well, not like I'm doing it now anyway : > > Initthread -> array of connections <-> push thread <-> array of > connections <- cleanup thread > > I guess I must be missing something :) > I think the best bet would be to valgrind with some minimal connections and iden

Re: connection termiated (LINUX)

Milan Křápek wrote: > Hi, > I have problem. I am creating client application that send to server some > data via TCP or TLS protocol. For both the TCP and TLS I use the openssl > library. I am using unblocking BIO. And I have this problem with recognizing > if connection is aborted. > >

Re: connection termiated (LINUX)

Milan Křápek wrote: > Well I tryed to do recogniting of abort connection by select. But it does not > help. I try to wait on the third set of select function that may contains the > filedescriptors that determines sockets on which is reported some error. But > it does not work too. It looks like

Re: compiler ssl application

Khanh Nguyen wrote: > I open*.h files in /usr/local/openssl/include, but the error message is > "Couldn't display "/usr/local/openssl/include/openssl/ssl.h" ". Do I install > openssl correctly? > Do these files exist there? Are you sure that they were indeed copied to that path? Check for r

Re: Openssl backward compatibility

Kaushalye Kapuruge wrote: > jimmy bahuleyan wrote: >> Kaushalye Kapuruge wrote: >> >>> Hi Listers, >>> I'm having a problem shipping my (xml security)library, which is based >>> on openssl crypto implementation. >>> I have stati

Re: Openssl backward compatibility

Kaushalye Kapuruge wrote: > Hi Listers, > I'm having a problem shipping my (xml security)library, which is based > on openssl crypto implementation. > I have statically linked it with the ssl and crypto libraries (-lssl > -lcrypto). Are you sure you have statically linked in the Openssl libraries?

Re: SSL handshake problem.

Sukanta Panigrahi wrote: > I have a basic question here: > Is it mandatory to have the server configured with ciphers/certificates > for SSL handshake? > > Thanks / Sukant well, ciphers - yes. If you don't do it, openssl gives you a default cipher list. certificates - not all the time. If you're

Re: Signature verification fails with block type is not 01

Belliappa, Ashith Muddiana (HP Software) wrote: > > Hi, > We have complied the code in an Solaris 5.7 machine. We have the same > set of binaries working fine in all the Solaris 5.8 machines. I am > getting the error ONLY in ONE Solaris 5.8 machine. > i believe your saying that the same applic

Re: Signature verification fails with block type is not 01

Belliappa, Ashith Muddiana (HP Software) wrote: > > Hi, > We have checked for proper library files usage during the signature > verification. Even we have compared the file size of the library used in > working and non- working machine and found both are exactly same. Even > the checksum matches

Re: Memory usage

David Schwartz wrote: >> I have an application using openSSL version 0.9.7d. >> I am able to create 20,000 TLS connections, but my heap size >> is at 1.5GB. It looks like it is the SSL context. Is there anyway >> to reduce the memory fotprint? > > I'm not 100% sure I understand your question. But

Re: Help pls! What going on after 1022 connects from client?

Arsai wrote: > I have strange behaviour of my multithread ssl server. I've tried to localize > my error and understood that client can connect to server only 1022 times, > after that connection can not be established. Now I switched off all my > client-server data > communications. Client only co

Re: compiling openssl only with passwd application

Ranjeet Kumar wrote: > Hi, > > I need openssl only with passwd application. Could you please help me in > compiling for this purpose. > > Because, I don't dependencies. > > > > Thanks, > > Ranjeet Unless you're clearer about what you want to achieve it's unlikely that reposting will get you

Re: last function in ssl connection

Koza wrote: > Hi, > > I would like my web server inform me when the connection with the client is > lost (for example using (f)printf). But unfortunately I cannot find the last > function called in ssl transaction between client-server. I tried > SSL_shutdown and BIO_free but these don't work. >

Re: Regarding construction of MasterSecret in ssl v3 handshake

Suchindra Chandrahas wrote: > Hi All, > I am trying to write an SSL v3 handshake without using > openssl libraries. I have some problem with creation of MasterSecret in > SSL v3. Here is the code snippet of hardcoded client that i am > experimenting with: > > client_random is 28 byte

Re: Regarding construction of MasterSecret in ssl v3 handshake

Suchindra Chandrahas wrote: > Hi Jimmy, > Yes i changed the no. of bytes to 32 (both client > and server random). Also, is it ok to use openssl tls1_prf for ssl v3 > handshake? > if you only want to do the prf calculation tls1_PRF() does just that for you. It does the PRF as s

Re: Regarding construction of MasterSecret in ssl v3 handshake

Suchindra Chandrahas wrote: > Hi Jimmy, > RFC-2246 is for TLS v1. However, i am going for SSL > v3. I don't know whether there is any function for the same. I went > through ssl3_enc.c in openssl code: > ssl3_generate_master_secret() is the equivalent one for ssl3. Although i

Re: Regarding openssl function ssl3_handshake_mac

Suchindra Chandrahas wrote: > Hi All, >Just went through this in openssl source in s3_enc.c: > > static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx, > const char *sender, int len, unsigned char *p) > { [snip].. > > This seems to be the function for gen

Re: Compiling in VisualC++

shrinivas balulad wrote: Hi I have dowloaded Openssl 9.8g. I want compile the code in Microsoft VisualC++ (VC6 or VS2005). I am not able to find the project workspace in the downloaded files. Please help me how to get it and also steps to follow in compiling. Can we get "ssleay32.lib" and "

Re: Problem in porting open ssl library

Ajeet kumar.S wrote: Hi all; I want to port open ssl on VDK(VDSP compiler, BF533 Processor).For that purpose I down load Open ssl from openssl.org (openssl-0.9.8g). Actually above project having so man folder like crypto, apps, cert, engine, demo, etc. Let me know which fol

Re: possible SSL_write bug

Alessandro Pivi - GLOBALcom engineering wrote: You are right, it is just a signal I should ignore. Now it works perfectly. Maybe the fact that the SSL_write might rise a SIGPIPE should be in the documentation, because it happens only in particular situations (2 writes in a row with connection

Re: Emptying the buffer

Joel Christner wrote: Hello, I have a simple client-server program and am using blowfish. I'm using the EVP_* routines to initialize, encrypt, and decrypt. Variable-length data is taken in from the client through stdin and sent to the server socket after encryption. One question I have is

Re: Error while execution of ERR_print_errors_fp()

Parag Jhavery wrote: Hi Group, I am trying to create a SSL server with the following code. I am using the function ERR_print_errors_fp to get the last error in case of any failure. I want to divert the output to standard output stdout. For e.g. if(!SSL_CTX_use_PrivateKey_file(ctx, "privatee.k

Re: SSLv23_server_method and SSL_pending

[EMAIL PROTECTED] wrote: Hi, I am using openssl-0.9.8. I have a non-blocking multi-threaded application running as a proxy and I am using BIO pairs and a filter (SSL)BIO for doing the SSL part ( similar to ssltest.c ). Since I want to be able to allow both sslv3 and tlsv1, I am passing SSLv23

Re: SSL connections in persistent TCP connection.

Prabhu S wrote: On 2/20/08, *David Schwartz* <[EMAIL PROTECTED] > wrote: > But, the application code tries to clear out/shutdown existing > SSL session with orderly bi-directional alerts. Once shutdown it > creates a new SSL object 'ssl' [ssl = SSL_n

Re: SSL connections in persistent TCP connection.

Prabhu S wrote: Hi Jimmy, I think some details of my system would explain better. When the client connects to the server, the server opens another connection to a host server. The data that is sent by client is passed on to the host servers. The host servers responds to client requests via

Re: Ask for help on the TLS connections

Jurko Gospodnetić wrote: Hi all. > I met one quesion on the usage of TLS connection. > After the SSL/TLS connection is establelished, If the GPRS > connection or TCP/IP connection is disconnected and connected again, > is it possble to keep the TLS session as before if the appliation

Re: Interface selection BIO_do_connect

[EMAIL PROTECTED] wrote: With openSSL, what is the "usual way" to select a network interface on a multihomed device? I know that with a regular socket I could use ioctl SIOCSIFNAME. But I don't see a way to do that for a client SSL connection. BIO* conn = BIO_new_connect(addr); BIO_

Re: openssL error:

Arp22 wrote: hi i am getting the following error when i run the command: gcc -o client client.o -lcrypto -lssl In function 'main': undefined reference to 'init_OpenSSL' undefined reference to 'handle_error' --- what shud i do? please help! I hope the fact that these are not Openssl function

Re: crypto library in openssl

Xu, Qiang (FXSGSC) wrote: Hi, all: I come across a problem in using crypto library in OpenSSL. We are using EVP_DecryptInit(), EVP_DecryptUpdate(), and EVP_DecryptFinal() to do the decryption of the user's password after the user logs in. However, I just found when the user's password is "$el

Re: the decrypted data is truncated.

lauding wrote: Hi: My system is centos 5.0, the openssl version is openssl-0.9.8b-8.3.el5_0.2. which is installed by yum mod_ssl. [snip] AES_cbc_encrypt(szSorPlainText, szCipherText, iInputLen, &key, szIniVec, AES_ENCRYPT); iCipherLen = strlen(szCipherText); Your problem lies in tre

Re: core dump occasionally in method openssl_add_all_ciphers

Krishna Puttaswamy wrote: sorry for the typo in my last mail's subject. Also, just wanted to mention that the problem below is on a linux box running CentOS. Thanks On Fri, Mar 21, 2008 at 4:48 PM, Krishna Puttaswamy <[EMAIL PROTECTED] > wrote: Hello all,

Re: Help: problem with handshaking

陳秀虹 wrote: Hi, I have ported openssl 0.9.8g to our platform in linux. When I tried to connect to a server with SSL enabled, it always give me "Handshake Failure". I checked the packet when "Client Hello" was sent. The session ID length is 0. I traced the source code in ssl3_get_client_method

Re: problem by d2i_ECDSA_SIG

Helios Nguyen wrote: Hi everyone, i have problem with ECDSA_do_sign() and ECDSA_do_verify(). After sign with ECDSA_do_sign() i got signatur. I used d2i_ECDSA_SIG() to decode this signature and verify it. is that true? But there is a error: Segmentation fault (core dumped) when i do d2i_ECDS

Re: Generating Keys in Triple-DES encryption

Ambarish Mitra wrote: Hi all, Background: My application reads an encrpyted-base64 password from a config file and decrypts the same inside the application. The password is encryped using Triple-DES algorithm. To encrypt and base64 the actual password, a stand-alone utility is provided. We run

Re: SSL performance hit + buffer sizes

Urjit Gokhale wrote: Hello everyone, I would like to know your view on "Would the performance impact for transmitting 'X' bytes of unencrypted data over SSLized channel be almost same irrespective of the number of SSL_* calls" ? Consider I am using a buffer of size 'buf_size' for SSL_read/w

Re: Generating Keys in Triple-DES encryption

Ambarish Mitra wrote: Hi Jimmy, Thanks for your response. Kindly find my thoughts inlined.. Question: So, the question is: How can we generate a key for Triple DES encryption and write out the same in a file? Simple answer for 'how to generate a key for a symmetric cipher' is 'use a pseudo-

Re: Generating Keys in Triple-DES encryption

Ambarish Mitra wrote: Ambarish Mitra wrote: Hi Jimmy, Thanks for your response. Kindly find my thoughts inlined.. Question: So, the question is: How can we generate a key for Triple DES encryption and write out the same in a file? Simple answer for 'how to generate a key for a symmetric ciph

Re: Help: problem with handshaking

陳秀虹 wrote: Thanks for the explanation. I am having problem with "Encrypted Alert". At first I thought it's because the Session ID length 0 is not correct. If this is not the problem, I really can't tell where it went wrong from packets I captured. I searched the web and I think "Encrypted Aler