Nabble - OpenSSL

tag:www.nabble.com,2006:forum-978 Nabble - OpenSSL 2008-07-06T06:29:51Z The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. OpenSSL home is <a href="http://www.openssl.org/" target="_top" rel="nofollow">here</a>. tag:www.nabble.com,2006:post-18302206 Re: PKI Application 2008-07-06T06:29:51Z 2008-07-06T06:29:51Z Michael S. Zick-4 On Sun July 6 2008 08:13, Mounir IDRASSI wrote: <br>> You must also check for RootKits which are harder to detect and always run <br>> under an account with no privilege. <br>> As far as I am concerned, I will use Wine under Linux to try this executable. <br>> <br><br>Wine inside a Linux-VServer context is even better. <br>Test and then just rm -fr the entire instance. <br><br>Mike <br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18302206&i=0" target="_top" rel="nofollow">openssl-users@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18302206&i=1" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18302002 Re: PKI Application 2008-07-06T06:13:56Z 2008-07-06T06:13:56Z Mounir IDRASSI You must also check for RootKits which are harder to detect and always run <br>under an account with no privilege. <br>As far as I am concerned, I will use Wine under Linux to try this executable. <br><br>-- <br>Mounir IDRASSI <br>IDRIX <br><a href="http://www.idrix.fr" target="_top" rel="nofollow">http://www.idrix.fr</a><br><br>On Sun, July 6, 2008 2:54 pm, Jim Lynch wrote: <div class='shrinkable-quote'><br>> Open an XP Vmware client, use it to test. When you're through run a decent <br>> malware/virus detector to see if anything got infected.  If not, then you <br>> may be OK. <br>> <br>> Jim. <br>> <br>> On Sun, Jul 6, 2008 at 8:32 AM, Vishal Rao <<a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18302002&i=0" target="_top" rel="nofollow">vishalrao@...</a>> wrote: <br>> <br>>> On Sun, Jul 6, 2008 at 4:48 PM, Hacker SF <<a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18302002&i=1" target="_top" rel="nofollow">sfhacker@...</a>> wrote: <br>>> > You can download the soft from here: <br>>> > <a href="http://www.limina.com.ar/Downloads/RosPKI-EN-Demo.exe" target="_top" rel="nofollow">http://www.limina.com.ar/Downloads/RosPKI-EN-Demo.exe</a><br>>> <br>>> LOL, asking users in a *security* list to download and run a random <br>>> executable from the Internet and without source code, I wonder how <br>>> many actually will go ahead with that... <br>>> <br>>> I've downloaded the EXE, is there any way/place I can get this <br>>> analysed for malicious code, other than just scanning it with my <br>>> installed anti-virus/anti-malware? <br>>> <br>>> -- <br>>> "Thou shalt not follow the null pointer for at its end madness and chaos <br>>> lie." <br>>> ______________________________________________________________________ <br>>> OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>>> User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18302002&i=2" target="_top" rel="nofollow">openssl-users@...</a> <br>>> Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18302002&i=3" target="_top" rel="nofollow">majordomo@...</a> <br>>> <br>> </div><br><br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18302002&i=4" target="_top" rel="nofollow">openssl-users@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18302002&i=5" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18301847 Re: PKI Application 2008-07-06T05:54:55Z 2008-07-06T05:54:55Z AverageGuy Open an XP Vmware client, use it to test. When you're through run a decent malware/virus detector to see if anything got infected.  If not, then you may be OK.<br><br>Jim.<br><br><div class="gmail_quote">On Sun, Jul 6, 2008 at 8:32 AM, Vishal Rao <<a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18301847&i=0" target="_top" rel="nofollow">vishalrao@...</a>> wrote:<br> <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">On Sun, Jul 6, 2008 at 4:48 PM, Hacker SF <<a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18301847&i=1" target="_top" rel="nofollow">sfhacker@...</a>> wrote:<br> > You can download the soft from here:<br> > <a href="http://www.limina.com.ar/Downloads/RosPKI-EN-Demo.exe" target="_blank" rel="nofollow">http://www.limina.com.ar/Downloads/RosPKI-EN-Demo.exe</a><br> <br> </div>LOL, asking users in a *security* list to download and run a random<br> executable from the Internet and without source code, I wonder how<br> many actually will go ahead with that...<br> <br> I've downloaded the EXE, is there any way/place I can get this<br> analysed for malicious code, other than just scanning it with my<br> installed anti-virus/anti-malware?<br> <font color="#888888"><br> --<br> "Thou shalt not follow the null pointer for at its end madness and chaos lie."<br> ______________________________________________________________________<br> OpenSSL Project                                 <a href="http://www.openssl.org" target="_blank" rel="nofollow">http://www.openssl.org</a><br> User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18301847&i=2" target="_top" rel="nofollow">openssl-users@...</a><br> Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18301847&i=3" target="_top" rel="nofollow">majordomo@...</a><br> </font></blockquote></div><br> <p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18301680 Re: PKI Application 2008-07-06T05:32:16Z 2008-07-06T05:32:16Z Vishal Rao On Sun, Jul 6, 2008 at 4:48 PM, Hacker SF <<a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18301680&i=0" target="_top" rel="nofollow">sfhacker@...</a>> wrote: <br>> You can download the soft from here: <br>> <a href="http://www.limina.com.ar/Downloads/RosPKI-EN-Demo.exe" target="_top" rel="nofollow">http://www.limina.com.ar/Downloads/RosPKI-EN-Demo.exe</a><br><br>LOL, asking users in a *security* list to download and run a random <br>executable from the Internet and without source code, I wonder how <br>many actually will go ahead with that... <br><br>I've downloaded the EXE, is there any way/place I can get this <br>analysed for malicious code, other than just scanning it with my <br>installed anti-virus/anti-malware? <br><br>-- <br>"Thou shalt not follow the null pointer for at its end madness and chaos lie." <br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18301680&i=1" target="_top" rel="nofollow">openssl-users@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18301680&i=2" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18301129 PKI Application 2008-07-06T04:18:16Z 2008-07-06T04:18:16Z SFHacker <html> <head> </head> <body class='hmmessage'> Hi All,<BR><BR>I'm working on a GUI software application to OpenSSL for the Windows platform I'd like to share with you. It's not yet finished and I'd like your feedback on it regarding interface, functionality, etc. It supports OpenLDAP to store the certificates. I'd like to know if there is any other similar application I can download and test.<BR><BR> You can download the soft from here: <A href="http://www.limina.com.ar/Downloads/RosPKI-EN-Demo.exe" target="_top" rel="nofollow">http://www.limina.com.ar/Downloads/RosPKI-EN-Demo.exe</A><BR> Thanks in advance.<BR><BR><BR>Sergio.<BR><BR><br /><hr />Sell your car for just $40 at CarPoint.com.au <a href='http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide%2Ecom%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F1004813%2Fai%5F859641&_t=762955845&_r=tig_OCT07&_m=EXT' target='_new' rel="nofollow">It's simple! </a></body> </html><p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18298414 simple command line client 2008-07-05T20:04:06Z 2008-07-05T20:04:06Z Lucito07 Hi, <br><br>I would like to know if any one knows of a simple command line client that can connect to a secure server using ssl, send a string of text, wait for a response and returns with that response. I know that with OpenSSL you can connect to the server using 'openssl s_client -connect remote.host:remote.port', but I would need to send the data and return with the response from a single command. Is that possible with OpenSSL directly, or is there a simple client that can do that? <br><br>Kindest regargs, <br><br>JLP<p>From forum: <a href="http://www.nabble.com/OpenSSL---Dev-f980.html" embed="fixTarget[980]" target="_top" >OpenSSL - Dev</a></p> tag:www.nabble.com,2006:post-18297734 OpenSSL FIPS Object Module v1.2 status 2008-07-05T16:45:18Z 2008-07-05T16:45:18Z Steve Marquess I've received several requests for minor editorial changes to the draft <br>security policy for the v1.2 OpenSSL FIPS Object Module validation that <br>has been in process for a number of months now.  Based on past <br>experience those requests mean that the validation is now undergoing <br>active review and that the validation will *probably* be awarded in a <br>couple of weeks or so.  Emphasis on the "probably" -- I have been wrong <br>before. <br><br>-Steve M. <br><br>-- <br>Steve Marquess <br>Open Source Software institute <br><a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18297734&i=0" target="_top" rel="nofollow">marquess@...</a> <br><br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18297734&i=1" target="_top" rel="nofollow">openssl-users@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18297734&i=2" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18291710 EC-Elgamal not work fine 2008-07-05T03:06:56Z 2008-07-05T03:06:56Z Pietro Albano Hi all, <br>I developed EC-Elgamal crypto schema, work fine till I use NIST <br>Prime-Curve, but when I try to work on NIST Binary-Curve crypted point <br>is egual to decrypted poit. <br><br>This is source code, pls help me :( <br><br><br>#include <stdio.h> <br>#include <stdlib.h> <br>#include <string.h> <br><br>#include "../e_os.h" <br><br>#include <openssl/opensslconf.h> /* for OPENSSL_NO_ECDH */ <br>#include <openssl/crypto.h> <br>#include <openssl/bio.h> <br>#include <openssl/bn.h> <br>#include <openssl/objects.h> <br>#include <openssl/rand.h> <br>#include <openssl/sha.h> <br>#include <openssl/err.h> <br><br>#ifdef OPENSSL_NO_ECDH <br><br>int main(int argc, char *argv[]) { <br>    printf("No ECDH support\n"); <br>    return(0); <br>} <br><br>#else <br><br>#include <openssl/ec.h> <br>#include <openssl/ecdh.h> <br><br>static const char rnd_seed[] = "21o4h32rfon4d3ornou53gnwqpegbnng"; <br><br><br>static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO <br>*out) { <br>    <br>    EC_KEY *a=NULL; <br>    EC_KEY *b=NULL; <br>    BIGNUM *x_a=NULL, *y_a=NULL, <br>            *x_b=NULL, *y_b=NULL; <br>    <br>    int ret=0; <br>    <br>    const EC_GROUP *group; <br>    <br>    EC_POINT *M = NULL, *P = NULL, *R = NULL, *Q = NULL, *A = NULL, *B = <br>NULL; <br>    <br>    a = EC_KEY_new_by_curve_name(nid); <br>    b = EC_KEY_new_by_curve_name(nid); <br>    <br>    if (a == NULL || b == NULL) <br>        goto err; <br>    <br>    group = EC_KEY_get0_group(a); <br>    <br>    if ((x_a=BN_new()) == NULL) goto err; <br>    if ((y_a=BN_new()) == NULL) goto err; <br>    if ((x_b=BN_new()) == NULL) goto err; <br>    if ((y_b=BN_new()) == NULL) goto err; <br>    <br>    BIO_puts(out, "Testing key generation with "); <br>    BIO_puts(out, text); <br>    BIO_puts(out, "\n"); <br>    <br>    <br>    if (!EC_KEY_generate_key(a)) goto err; <br>    if (!EC_KEY_generate_key(b)) goto err; <br>    <br>    P = EC_POINT_new(group); <br>    Q = EC_POINT_new(group); <br>    R = EC_POINT_new(group); <br>    A = EC_POINT_new(group); <br>    B = EC_POINT_new(group); <br>    M = EC_POINT_new(group); <br>    <br>    EC_POINT_copy(P, EC_KEY_get0_public_key(a)); <br>    EC_POINT_copy(Q, EC_KEY_get0_public_key(a)); <br>    EC_POINT_copy(R, EC_KEY_get0_public_key(a)); <br>    EC_POINT_copy(A, EC_KEY_get0_public_key(a)); <br>    EC_POINT_copy(B, EC_KEY_get0_public_key(a)); <br>    EC_POINT_copy(M, EC_KEY_get0_public_key(a)); <br>    <br>    <br>    <br>    <br>    /* <br>     * Q = a * P <br>     */ <br>    EC_POINT_mul(group, Q, NULL, P, EC_KEY_get0_private_key(a), ctx); <br>    <br>    <br>    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == <br>NID_X9_62_prime_field) { <br>        <br>        if (!EC_POINT_get_affine_coordinates_GFp(group, P, x_a, y_a, <br>ctx)) goto err; <br>        <br>    }else { <br>        <br>        if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x_a, y_a, <br>ctx)) goto err; <br>        <br>    } <br>    <br>    BIO_printf(out, "Point P (x,y): "); <br>    BN_print(out, x_a); <br>    BIO_printf(out, ","); <br>    BN_print(out, y_a); <br>    <br>    <br>    BIO_printf(out, "\nkey a:\n"); <br>    BIO_printf(out, "private key: "); <br>    <br>    BN_print(out, EC_KEY_get0_private_key(a)); <br>    BIO_printf(out, "\n"); <br>    <br>    BIO_printf(out, "\nkey b:\n"); <br>    BIO_printf(out, "private key: "); <br>    <br>    BN_print(out, EC_KEY_get0_private_key(b)); <br>    BIO_printf(out, "\n"); <br>    <br>    /* <br>     * Encrypting message P because message must be in E <br>     */ <br>    <br>    /* <br>     * R = b * P <br>     */ <br>    EC_POINT_mul(group, R, NULL, P, EC_KEY_get0_private_key(b), ctx); <br>    <br>    /* <br>     * B = [b * a] * P <br>     */ <br>    EC_POINT_mul(group, B, NULL, Q, EC_KEY_get0_private_key(b), ctx); <br>    <br>    /* <br>     * B = P + [b * a] * P <br>     */ <br>    <br>    EC_POINT_add(group, B, P, B, ctx); <br>    <br>    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == <br>NID_X9_62_prime_field) { <br>        if (!EC_POINT_get_affine_coordinates_GFp(group, B, x_a, y_a, <br>ctx)) goto err; <br>    }else { <br>        if (!EC_POINT_get_affine_coordinates_GF2m(group, B, x_a, y_a, <br>ctx)) goto err; <br>    } <br>    <br>    BIO_printf(out, "Encrypted Point P (x,y): "); <br>    BN_print(out, x_a); <br>    BIO_printf(out, ","); <br>    BN_print(out, y_a); <br>    BIO_printf(out, "\n"); <br>    <br>    <br>    <br>    /* <br>     * Decrypting message B = (bP, P + abP) <br>     */ <br>    <br>    EC_POINT_mul(group, R, NULL, R, EC_KEY_get0_private_key(a), ctx); <br>    <br>    EC_POINT_invert(group, R, ctx); <br>    <br>    EC_POINT_add(group, B, B, R, ctx); <br>    <br>    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == <br>NID_X9_62_prime_field) { <br>        if (!EC_POINT_get_affine_coordinates_GFp(group, B, x_b, y_b, <br>ctx)) goto err; <br>    }else { <br>        if (!EC_POINT_get_affine_coordinates_GF2m(group, B, x_b, y_b, <br>ctx)) goto err; <br>    } <br>    <br>    BIO_printf(out, "Decrypted point P (x,y): "); <br>    BN_print(out, x_b); <br>    BIO_printf(out, ","); <br>    BN_print(out, y_b); <br>    <br>    BIO_printf(out, "\n"); <br>    <br>    <br>    ret=1; <br>    err: <br>    ERR_print_errors_fp(stderr); <br>    <br>    if (y_a) BN_free(y_a); <br>    if (x_b) BN_free(x_b); <br>    if (y_b) BN_free(y_b); <br>    if (b) EC_KEY_free(b); <br>    if (a) EC_KEY_free(a); <br>    return(ret); <br>} <br><br>int main(int argc, char *argv[]) { <br>    BN_CTX *ctx=NULL; <br>    int ret=1; <br>    BIO *out; <br>    <br>    RAND_seed(rnd_seed, sizeof rnd_seed); <br>    <br>    out=BIO_new(BIO_s_file()); <br>    FILE* fp; <br>    if((fp=fopen("keys", "w"))==NULL) { <br>        printf("Error in fopen!\n"); <br>        return 0; <br>    } <br>    if (out == NULL) EXIT(1); <br>    BIO_set_fp(out, fp, BIO_NOCLOSE); <br>    <br>    if ((ctx=BN_CTX_new()) == NULL) goto err; <br>    <br>    /* NIST PRIME CURVES TESTS */ <br>    if (!test_ecdh_curve(NID_X9_62_prime192v1, "NIST Prime-Curve P-192", <br>ctx, out)) goto err; <br>    if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, <br>out)) goto err; <br>    if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", <br>ctx, out)) goto err; <br>    if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, <br>out)) goto err; <br>    if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, <br>out)) goto err; <br>    /* NIST BINARY CURVES TESTS */ <br>    if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, <br>out)) goto err; <br>    if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, <br>out)) goto err; <br>    if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233", ctx, <br>out)) goto err; <br>    if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233", ctx, <br>out)) goto err; <br>    if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283", ctx, <br>out)) goto err; <br>    if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283", ctx, <br>out)) goto err; <br>    if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409", ctx, <br>out)) goto err; <br>    if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, <br>out)) goto err; <br>    if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, <br>out)) goto err; <br>    if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, <br>out)) goto err; <br>    <br>    ret = 0; <br>    fclose(fp); <br>    <br>    err: <br>    ERR_print_errors_fp(stderr); <br>    if (ctx) BN_CTX_free(ctx); <br>    BIO_free(out); <br>    CRYPTO_cleanup_all_ex_data(); <br>    ERR_remove_state(0); <br>    CRYPTO_mem_leaks_fp(stderr); <br>    EXIT(ret); <br>    return(ret); <br>} <br><br>#endif <br><br><br>output : <br><br>Testing key generation with NIST Binary-Curve K-163 <br><br>Point P (x,y): <br>2DC0A8BAAE6199F6603FA504361685B4255C6D03F,6BD43B113FCFFD7B18CF9EA4A696AB81E217E955F <br><br>key a: <br><br>private key: B0DB552C7D8B09776B9669F4524BAA10F08A46BA <br><br>key b: <br><br>private key: 3D2AF43E0B858AC1F97D5224FE1C446F610F907DE <br><br>Encrypted Point P (x,y): <br>38DE7188633292F192689530F9890F26629C7217B,7E7270D2AE583D5CEFAA4A1CB09770CF830BE3213 <br><br>Decrypted point P (x,y): <br>38DE7188633292F192689530F9890F26629C7217B,7E7270D2AE583D5CEFAA4A1CB09770CF830BE3213 <br><br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18291710&i=0" target="_top" rel="nofollow">openssl-users@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18291710&i=1" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18289569 How to generate bilinear map 2008-07-04T21:58:14Z 2008-07-04T21:58:14Z Pietro Albano Hi all, <br>Who can help me to generate bilinear map? <br><br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18289569&i=0" target="_top" rel="nofollow">openssl-users@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18289569&i=1" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18286235 Re: [openssl.org #1709] DTLS BUG: retransmition of handshake messages does not work 2008-07-04T13:25:51Z 2008-07-04T13:25:51Z Ariel Salomon via RT <br>The DTLS code makes some assumptions that it is using a UDP socket BIO <br>to detect the timeout condition for resend. <br><br>When using another BIO type (e.g. BIO pair) on read, this does not work <br>properly. <br><br>  - Ariel <br><br>Pavel via RT wrote: <div class='shrinkable-quote'><br>> Hello, <br>> <br>> This problem was described by Martin Vladic, but i cant find it in RT. <br>> <br>> Here is description: <br>> <br>> "Let's suppose that handshake between client and server comes to the <br>> point where client sends this message flight to the server: <br>> <br>> Certificate <br>> ClientKeyExchange <br>> CertificateVerify <br>> ChangeCipherSpec <br>> Finished [this message is protected] <br>> <br>> So, client comes to the stage when all subsequent messages shall be <br>> protected. In above message flight only last message (Finished) is <br>> protected. First four messages are unprotected. That's all OK. <br>> <br>> To continue, client needs following response from the server: <br>> <br>> ChangeCipherSpec <br>> Finished [this message is encrypted] <br>> <br>> What happens if such message doesn't arrive? Retransmission timer <br>> expires and client must send last flight again. <br>> <br>> But, OpenSSL DTLS implementation doesn't handle this situation very <br>> well. It sends the last flight of messages, but all messages are <br>> protected because implementation thinks that CipherSpec and keys are <br>> negotiated. I think that only last message must be protected, and <br>> first four must not (like it was in first transmission of the same <br>> flight)." <br>> <br>> Also, when client retransmits his last flight (5 messages), message <br>> "retransmit:  message 4 non-existant" is printed to stderr. <br>> <br>> Even if client resends correct last flight (encrypting only Finished <br>> message), <br>> server will not retransmit his last flight (2 messages). <br>> <br>> Pavel <br>> <br>> ______________________________________________________________________ <br>> OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>> Development Mailing List                       <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18286235&i=0" target="_top" rel="nofollow">openssl-dev@...</a> <br>> Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18286235&i=1" target="_top" rel="nofollow">majordomo@...</a> <br>> <br>>   </div><br><br>-- <br> - Ariel Salomon / Senior Software Engineer <br>Real-Time Innovations (RTI) / www.rti.com <br>408 990-7439 / <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18286235&i=2" target="_top" rel="nofollow">ariel@...</a> <br><br>RTI - The Real-Time Middleware Experts <br><br><br><br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>Development Mailing List                       <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18286235&i=3" target="_top" rel="nofollow">openssl-dev@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18286235&i=4" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---Dev-f980.html" embed="fixTarget[980]" target="_top" >OpenSSL - Dev</a></p> tag:www.nabble.com,2006:post-18283852 RE: Subtract betwen two EC_POINT 2008-07-04T10:56:57Z 2008-07-04T10:56:57Z Bill Colvin Pietro:  OpenSSL seems to provide add, double, invert and multiply <br>routines for EC points.  There does not seem to be an explicit routine <br>for subtract in the include files. <br><br>The book "Implementing Eliptic Curve Cryptography" by Michael Rosing has <br>routines esub and poly_esub for doing a subtraction of two EC points <br>depending on the type of underlying curve.  Essentially these routines <br>first perform a negation of the subtrahend followed by an addition. <br><br>Bill <br><br>-----Original Message----- <br>From: <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18283852&i=0" target="_top" rel="nofollow">owner-openssl-users@...</a> <br>[mailto:<a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18283852&i=1" target="_top" rel="nofollow">owner-openssl-users@...</a>] On Behalf Of Pietro Albano <br>Sent: July 4, 2008 10:17 AM <br>To: <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18283852&i=2" target="_top" rel="nofollow">openssl-users@...</a> <br>Subject: Subtract betwen two EC_POINT <br><br>Hi all, <br>I'm newby on openssl coding, I developing Elgamal chiper , i need <br>subtract two EC_POINT who can help me? <br><br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18283852&i=3" target="_top" rel="nofollow">openssl-users@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18283852&i=4" target="_top" rel="nofollow">majordomo@...</a> <br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18283852&i=5" target="_top" rel="nofollow">openssl-users@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18283852&i=6" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18284275 RE: Subtract betwen two EC_POINT 2008-07-04T09:31:06Z 2008-07-04T09:31:06Z Pietro Albano Thanks for the interest, i resolved with EC_POINT_invert(). <br><br>EC-Elgamal work fine :) <br><br>Il giorno ven, 04/07/2008 alle 11.56 -0600, Bill Colvin ha scritto: <div class='shrinkable-quote'><br>> Pietro:  OpenSSL seems to provide add, double, invert and multiply <br>> routines for EC points.  There does not seem to be an explicit routine <br>> for subtract in the include files. <br>> <br>> The book "Implementing Eliptic Curve Cryptography" by Michael Rosing has <br>> routines esub and poly_esub for doing a subtraction of two EC points <br>> depending on the type of underlying curve.  Essentially these routines <br>> first perform a negation of the subtrahend followed by an addition. <br>> <br>> Bill <br>> <br>> -----Original Message----- <br>> From: <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18284275&i=0" target="_top" rel="nofollow">owner-openssl-users@...</a> <br>> [mailto:<a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18284275&i=1" target="_top" rel="nofollow">owner-openssl-users@...</a>] On Behalf Of Pietro Albano <br>> Sent: July 4, 2008 10:17 AM <br>> To: <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18284275&i=2" target="_top" rel="nofollow">openssl-users@...</a> <br>> Subject: Subtract betwen two EC_POINT <br>> <br>> Hi all, <br>> I'm newby on openssl coding, I developing Elgamal chiper , i need <br>> subtract two EC_POINT who can help me? <br>> <br>> ______________________________________________________________________ <br>> OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>> User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18284275&i=3" target="_top" rel="nofollow">openssl-users@...</a> <br>> Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18284275&i=4" target="_top" rel="nofollow">majordomo@...</a> <br>> ______________________________________________________________________ <br>> OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>> User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18284275&i=5" target="_top" rel="nofollow">openssl-users@...</a> <br>> Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18284275&i=6" target="_top" rel="nofollow">majordomo@...</a> </div><br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18284275&i=7" target="_top" rel="nofollow">openssl-users@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18284275&i=8" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18282460 Subtract betwen two EC_POINT 2008-07-04T07:16:56Z 2008-07-04T07:16:56Z Pietro Albano Hi all, <br>I'm newby on openssl coding, I developing Elgamal chiper , i need <br>subtract two EC_POINT who can help me? <br><br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18282460&i=0" target="_top" rel="nofollow">openssl-users@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18282460&i=1" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18292988 Modifying the cipher in OpenSSL for TLS 2008-07-04T03:20:32Z 2008-07-04T03:20:32Z Shridhar Hi All, <br><br>I want to use TLS_RSA_WITH_AES_128_CBC_SHA cipher for encrypting the application data in TLS.  But, OpenSSL negotiates this encryption algorithm to be used(selected cipher in ServerHello) based on the first common algorithm presented by the client in ClientHello message.  Since I want to test the TLS_RSA_WITH_AES_128_CBC_SHA algorithm, could anyone please let me know how to make TLS_RSA_WITH_AES_128_CBC_SHA as the default(force to use)? <br><br>Thanks a lot in advance, <br><br>Shridhar. <p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18276721 Modifying the cipher in OpenSSL for TLS 2008-07-04T03:16:10Z 2008-07-04T03:16:10Z Shridhar Hi All, <br><br>I want to use TLS_RSA_WITH_AES_128_CBC_SHA cipher for encrypting the application data in TLS.  But, OpenSSL negotiates this encryption algorithm to be used(selected cipher in ServerHello) based on the first common algorithm presented by the client in ClientHello message.  Since I want to test the TLS_RSA_WITH_AES_128_CBC_SHA algorithm, could anyone please let me know how to make TLS_RSA_WITH_AES_128_CBC_SHA as the default(force to use)? <br><br>Thanks a lot in advance, <br><br>Shridhar.<p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18274601 Re: [FWD] Not able to use openssl 2008-07-04T00:37:54Z 2008-07-04T00:37:54Z Thomas J. Hruska Lutz Jaenicke wrote: <div class='shrinkable-quote'><br>> Forwareded to openssl-users for public discussion <br>> <br>> Best regards, <br>> Lutz <br>> <br>> ----- Forwarded message from Satya Narayan <<a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274601&i=0" target="_top" rel="nofollow">satya.tailor@...</a>> ----- <br>> <br>> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; <br>> d=gmail.com; s=gamma; <br>> h=domainkey-signature:received:received:message-id:date:from:to <br>> :subject:mime-version:content-type; <br>> bh=Yvc6CBMi1XB9hiQM+9Mo/A9oXYcu+HfjaMI3XLLMLt0=; <br>> b=IDKXR2yk6MKxDtLZugwdLbjbPehvOx9UycmLMUvKvJAuW8qCdHmWCW8/D9pm+sKt/P <br>> MsoEE5qLLVL/WTiTnj1GurBR+F2eiri4YyMpWDyCC4xUaVgnRpkSXWHF3JpBSp4CF7Hn <br>> Xp0GPfsW1Ffrmk9ISDK31J9dD89brhWJy/22s= <br>> DomainKey-Signature: a=rsa-sha1; c=nofws; <br>> d=gmail.com; s=gamma; <br>> h=message-id:date:from:to:subject:mime-version:content-type; <br>> b=mqQZ2rjxCTMOHUeMuJgq+31i9cbgx2ZRpuFBi/JDl7BaFBHyxl/HFI8JnWhSi4QTGu <br>> 8QczVwLhs4XNJuX7vFeuiFm/JermjMD76A8wci4Q25zWUtL4Gz1zYFdc3eb7LtNxWw6O <br>> BtUv+aetnf0WOrrUT9bdaLDBasvVoDq5fb8DI= <br>> Date: Tue, 1 Jul 2008 17:12:41 +0200 <br>> From: Satya Narayan <<a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274601&i=1" target="_top" rel="nofollow">satya.tailor@...</a>> <br>> To: <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274601&i=2" target="_top" rel="nofollow">openssl-bugs@...</a> <br>> Subject: Not able to use openssl <br>> <br>> Hi <br>> <br>> i have downloaded OpenSSL'Win32 OpenSSL <br>> v0.9.8h<<a href="http://www.slproweb.com/download/Win32OpenSSL-0_9_8h.exe" target="_top" rel="nofollow">http://www.slproweb.com/download/Win32OpenSSL-0_9_8h.exe</a>>' <br>> for windows(XP) and installed on my local machine, now i am trying to open <br>> 'openSSL.exe'  from command prompt it is giving the error like: the <br>> application has failed to start, the application configuration is incorrect. <br>> <br>> Is there any system requirement VC++ ? <br>> or <br>> any extra thingy i need to perform? Please help me out <br>> <br>> Thanks & Regards <br>> Satya N Tailor </div><br>Install the VC++ 2008 Redistributable.  There happens to be a link right <br>below the link you used to download 0.9.8h. <br><br>-- <br>Thomas Hruska <br>Shining Light Productions <br><br>Home of BMP2AVI, Nuclear Vision, ProtoNova, and Win32 OpenSSL. <br><a href="http://www.slproweb.com/" target="_top" rel="nofollow">http://www.slproweb.com/</a><br><br><br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274601&i=3" target="_top" rel="nofollow">openssl-users@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274601&i=4" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18274580 Re: [FWD] openssl command propt 2008-07-04T00:35:53Z 2008-07-04T00:35:53Z Thomas J. Hruska Lutz Jaenicke wrote: <div class='shrinkable-quote'><br>> Forwarded to openssl-users for public discussion <br>> <br>> Best regards, <br>> Lutz <br>> ----- Forwarded message from richard jonik <<a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274580&i=0" target="_top" rel="nofollow">gybe_again@...</a>> ----- <br>> <br>> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; <br>> s=s1024; d=yahoo.com; <br>> h=Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Conte <br>> nt-Transfer-Encoding:Message-ID; <br>> b=vBBzEPZaiZTIah8JHRbzeAxZJVAr0wUKpTQtpm8NPuq2kS5PXMll/twaYA909NIud5TxJV <br>> mTNcygBfqD9MEbJv6OukLsdWu0RbxiYewUoRFEWWR+ASvYbdvhiu8Hrdsua5VEY7SH9sL3eZ <br>> AcQPtdnpq08UmGxyvkpDyDkSLSzxY=; <br>> Date: Tue, 1 Jul 2008 13:19:07 -0700 (PDT) <br>> From: richard jonik <<a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274580&i=1" target="_top" rel="nofollow">gybe_again@...</a>> <br>> Subject: openssl command propt <br>> To: <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274580&i=2" target="_top" rel="nofollow">openssl-bugs@...</a> <br>> <br>> i am trying to use the a sandbox account with paypal. <br>> <br>> my command propt wont allow me to enter a password at all ! <br>> <br>> for: <br>> <br>> openssl pkcs12 -export -in cert_key_pem.txt -out fileout.p12 <br>> <br>> <br>> <br>> when asked for the password my keyboard is completely frozen. <br>> <br>> this also happens for <br>> <br>> passwd -1 <br>> <br>> <br>> i have tried all versions and cannot get this to work? <br>> <br>> how frustrating. <br>> <br>> any ideas. <br>> <br>> version 0.9.8g 19 oct 2007. </div><br>Your keyboard probably isn't frozen.  There is no visual feedback when <br>entering a password.  Type in a password and press enter. <br><br>-- <br>Thomas Hruska <br>Shining Light Productions <br><br>Home of BMP2AVI, Nuclear Vision, ProtoNova, and Win32 OpenSSL. <br><a href="http://www.slproweb.com/" target="_top" rel="nofollow">http://www.slproweb.com/</a><br><br><br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274580&i=3" target="_top" rel="nofollow">openssl-users@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274580&i=4" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18274367 Re: [FWD] openssl command propt 2008-07-04T00:29:19Z 2008-07-04T00:29:19Z wolfoftheair Need information on the environment (NT, or which version of *nix). <br><br>For *nix, try running 'stty sane', and then also try hitting ctrl+j <br>and ctrl+m as alternatives to your 'enter' key. <br><br>Also, openssl allows you to put the passphrase into an environment <br>variable if necessary. <br><br>The fact that passwd gives the same result makes me think that it is <br>simply terminal misconfiguration. <br><br>-Kyle H <br><br>On Thu, Jul 3, 2008 at 11:15 PM, Lutz Jaenicke <<a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274367&i=0" target="_top" rel="nofollow">jaenicke@...</a>> wrote: <div class='shrinkable-quote'><br>> Forwarded to openssl-users for public discussion <br>> <br>> Best regards, <br>>        Lutz <br>> ----- Forwarded message from richard jonik <<a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274367&i=1" target="_top" rel="nofollow">gybe_again@...</a>> ----- <br>> <br>> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; <br>>        s=s1024; d=yahoo.com; <br>>        h=Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Conte <br>>        nt-Transfer-Encoding:Message-ID; <br>>        b=vBBzEPZaiZTIah8JHRbzeAxZJVAr0wUKpTQtpm8NPuq2kS5PXMll/twaYA909NIud5TxJV <br>>        mTNcygBfqD9MEbJv6OukLsdWu0RbxiYewUoRFEWWR+ASvYbdvhiu8Hrdsua5VEY7SH9sL3eZ <br>>        AcQPtdnpq08UmGxyvkpDyDkSLSzxY=; <br>> Date: Tue, 1 Jul 2008 13:19:07 -0700 (PDT) <br>> From: richard jonik <<a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274367&i=2" target="_top" rel="nofollow">gybe_again@...</a>> <br>> Subject: openssl command propt <br>> To: <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274367&i=3" target="_top" rel="nofollow">openssl-bugs@...</a> <br>> <br>> i am trying to use the a sandbox account with paypal. <br>> <br>> my command propt wont allow me to enter a password at all ! <br>> <br>> for: <br>> <br>> openssl pkcs12 -export -in cert_key_pem.txt -out fileout.p12 <br>> <br>> <br>> <br>> when asked for the password my keyboard is completely frozen. <br>> <br>> this also happens for <br>> <br>> passwd -1 <br>> <br>> <br>> i have tried all versions and cannot get this to work? <br>> <br>> how frustrating. <br>> <br>> any ideas. <br>> <br>> version 0.9.8g 19 oct 2007. <br>> <br>> <br>> <br>>      __________________________________________________________ <br>> Not happy with your email address?. <br>> Get the one you really want - millions of new email addresses available now at Yahoo! <a href="http://uk.docs.yahoo.com/ymail/new.html" target="_top" rel="nofollow">http://uk.docs.yahoo.com/ymail/new.html</a><br>> <br>> ----- End forwarded message ----- <br>> -- <br>> Lutz Jaenicke           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274367&i=4" target="_top" rel="nofollow">jaenicke@...</a> <br>> OpenSSL Project         <a href="http://www.openssl.org/~jaenicke/" target="_top" rel="nofollow">http://www.openssl.org/~jaenicke/</a><br>> ______________________________________________________________________ <br>> OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>> User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274367&i=5" target="_top" rel="nofollow">openssl-users@...</a> <br>> Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274367&i=6" target="_top" rel="nofollow">majordomo@...</a> <br>> </div>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274367&i=7" target="_top" rel="nofollow">openssl-users@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274367&i=8" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18274168 command smime and RFC 3851 2008-07-04T00:03:41Z 2008-07-04T00:03:41Z Gabor Kiss-3 Dear folks, <br><br>I created X.509 signed mail by an application then I tried to verify <br>signature by 'openssl smime -verify ...' command. <br><br>It did not work first time. <br><br>S/MIME standard RFC 3851 and predecessors show a sample <br>multipart/signed message in section 3.4.3.3.: <br><br>       Content-Type: multipart/signed; <br>          protocol="application/pkcs7-signature"; <br>          micalg=sha1; boundary=boundary42 <br><br>       --boundary42 <br>-->    Content-Type: text/plain <br><br>       This is a clear-signed message. <br><br>       --boundary42 <br>       Content-Type: application/pkcs7-signature; name=smime.p7s <br>       Content-Transfer-Encoding: base64 <br>       Content-Disposition: attachment; filename=smime.p7s <br><br>       ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6 <br>       4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj <br>       n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4 <br>       7GhIGfHfYT64VQbnj756 <br><br>       --boundary42-- <br><br>See the marked MIME sub-header in part2. My application that uses <br>MIME::Tools PERL library produces similar format: <br><br>       Content-Type: multipart/signed; <br>        protocol="application/pkcs7-signature"; <br>        micalg=sha1; <br>        boundary="----------=_1215093708-16004-0" <br>       Content-Transfer-Encoding: binary <br>       MIME-Version: 1.0 <br>       X-Mailer: MIME-tools 5.420 (Entity 5.420) <br>       From: <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274168&i=0" target="_top" rel="nofollow">me@...</a> <br>       To: <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274168&i=1" target="_top" rel="nofollow">you@...</a> <br>       Subject: Hello, nurse! <br>        <br>       This is an S/MIME signed message <br>        <br>       ------------=_1215093708-16004-0 <br>-->    Content-Type: text/plain <br>-->    Content-Disposition: inline <br>-->    Content-Transfer-Encoding: binary <br>--> <br>       This is a message <br>        <br>       ------------=_1215093708-16004-0 <br>       Content-Type: application/pkcs7-signature; name="signature-cr.p7s" <br>       Content-Disposition: attachment; filename="signature-cr.p7s" <br>       Content-Transfer-Encoding: base64 <br>        <br>       MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEH <br>       AQAAoIIFbjCCBWowggRSoAMCAQICAgNWMA0GCSqGSIb3DQEBBQUAMFUxCzAJ <br>... <br><br>I found that 'openssl smime' refuses to verify signature until I <br>delete the marked lines. Probably it computes hash not only the <br>cleartext but on header and separator too. <br><br>Is this normal? <br>Why openssl could not figure out where the cleartext begins? <br><br>Gabor <br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274168&i=2" target="_top" rel="nofollow">openssl-users@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274168&i=3" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18274187 [openssl.org #1709] DTLS BUG: retransmition of handshake messages does not work 2008-07-03T23:18:46Z 2008-07-03T23:18:46Z Ariel Salomon via RT Hello, <br><br>This problem was described by Martin Vladic, but i cant find it in RT. <br><br>Here is description: <br><br>"Let's suppose that handshake between client and server comes to the <br>point where client sends this message flight to the server: <br><br>Certificate <br>ClientKeyExchange <br>CertificateVerify <br>ChangeCipherSpec <br>Finished [this message is protected] <br><br>So, client comes to the stage when all subsequent messages shall be <br>protected. In above message flight only last message (Finished) is <br>protected. First four messages are unprotected. That's all OK. <br><br>To continue, client needs following response from the server: <br><br>ChangeCipherSpec <br>Finished [this message is encrypted] <br><br>What happens if such message doesn't arrive? Retransmission timer <br>expires and client must send last flight again. <br><br>But, OpenSSL DTLS implementation doesn't handle this situation very <br>well. It sends the last flight of messages, but all messages are <br>protected because implementation thinks that CipherSpec and keys are <br>negotiated. I think that only last message must be protected, and <br>first four must not (like it was in first transmission of the same <br>flight)." <br><br>Also, when client retransmits his last flight (5 messages), message <br>"retransmit:  message 4 non-existant" is printed to stderr. <br><br>Even if client resends correct last flight (encrypting only Finished <br>message), <br>server will not retransmit his last flight (2 messages). <br><br>Pavel <br><br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>Development Mailing List                       <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274187&i=0" target="_top" rel="nofollow">openssl-dev@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274187&i=1" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---Dev-f980.html" embed="fixTarget[980]" target="_top" >OpenSSL - Dev</a></p> tag:www.nabble.com,2006:post-18274239 [FWD] openssl command propt 2008-07-03T23:15:53Z 2008-07-03T23:15:53Z Lutz Jaenicke-3 Forwarded to openssl-users for public discussion <br><br>Best regards, <br>        Lutz <br>----- Forwarded message from richard jonik <<a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274239&i=0" target="_top" rel="nofollow">gybe_again@...</a>> ----- <br><br>DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; <br>        s=s1024; d=yahoo.com; <br>        h=Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Conte <br>        nt-Transfer-Encoding:Message-ID; <br>        b=vBBzEPZaiZTIah8JHRbzeAxZJVAr0wUKpTQtpm8NPuq2kS5PXMll/twaYA909NIud5TxJV <br>        mTNcygBfqD9MEbJv6OukLsdWu0RbxiYewUoRFEWWR+ASvYbdvhiu8Hrdsua5VEY7SH9sL3eZ <br>        AcQPtdnpq08UmGxyvkpDyDkSLSzxY=; <br>Date: Tue, 1 Jul 2008 13:19:07 -0700 (PDT) <br>From: richard jonik <<a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274239&i=1" target="_top" rel="nofollow">gybe_again@...</a>> <br>Subject: openssl command propt <br>To: <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274239&i=2" target="_top" rel="nofollow">openssl-bugs@...</a> <br><br>i am trying to use the a sandbox account with paypal. <br><br>my command propt wont allow me to enter a password at all ! <br><br>for: <br><br>openssl pkcs12 -export -in cert_key_pem.txt -out fileout.p12 <br><br><br><br>when asked for the password my keyboard is completely frozen. <br><br>this also happens for <br><br>passwd -1 <br><br><br>i have tried all versions and cannot get this to work? <br><br>how frustrating. <br><br>any ideas. <br><br>version 0.9.8g 19 oct 2007. <br><br><br><br>      __________________________________________________________ <br>Not happy with your email address?. <br>Get the one you really want - millions of new email addresses available now at Yahoo! <a href="http://uk.docs.yahoo.com/ymail/new.html" target="_top" rel="nofollow">http://uk.docs.yahoo.com/ymail/new.html</a><br><br>----- End forwarded message ----- <br>-- <br>Lutz Jaenicke           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274239&i=3" target="_top" rel="nofollow">jaenicke@...</a> <br>OpenSSL Project         <a href="http://www.openssl.org/~jaenicke/" target="_top" rel="nofollow">http://www.openssl.org/~jaenicke/</a><br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274239&i=4" target="_top" rel="nofollow">openssl-users@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274239&i=5" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18274221 [FWD] Not able to use openssl 2008-07-03T23:15:01Z 2008-07-03T23:15:01Z Lutz Jaenicke-3 Forwareded to openssl-users for public discussion <br><br>Best regards, <br>        Lutz <br><br>----- Forwarded message from Satya Narayan <<a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274221&i=0" target="_top" rel="nofollow">satya.tailor@...</a>> ----- <br><br>DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; <br>        d=gmail.com; s=gamma; <br>        h=domainkey-signature:received:received:message-id:date:from:to <br>        :subject:mime-version:content-type; <br>        bh=Yvc6CBMi1XB9hiQM+9Mo/A9oXYcu+HfjaMI3XLLMLt0=; <br>        b=IDKXR2yk6MKxDtLZugwdLbjbPehvOx9UycmLMUvKvJAuW8qCdHmWCW8/D9pm+sKt/P <br>        MsoEE5qLLVL/WTiTnj1GurBR+F2eiri4YyMpWDyCC4xUaVgnRpkSXWHF3JpBSp4CF7Hn <br>        Xp0GPfsW1Ffrmk9ISDK31J9dD89brhWJy/22s= <br>DomainKey-Signature: a=rsa-sha1; c=nofws; <br>        d=gmail.com; s=gamma; <br>        h=message-id:date:from:to:subject:mime-version:content-type; <br>        b=mqQZ2rjxCTMOHUeMuJgq+31i9cbgx2ZRpuFBi/JDl7BaFBHyxl/HFI8JnWhSi4QTGu <br>        8QczVwLhs4XNJuX7vFeuiFm/JermjMD76A8wci4Q25zWUtL4Gz1zYFdc3eb7LtNxWw6O <br>        BtUv+aetnf0WOrrUT9bdaLDBasvVoDq5fb8DI= <br>Date: Tue, 1 Jul 2008 17:12:41 +0200 <br>From: Satya Narayan <<a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274221&i=1" target="_top" rel="nofollow">satya.tailor@...</a>> <br>To: <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274221&i=2" target="_top" rel="nofollow">openssl-bugs@...</a> <br>Subject: Not able to use openssl <br><br>Hi <br><br>i have downloaded OpenSSL'Win32 OpenSSL <br>v0.9.8h<<a href="http://www.slproweb.com/download/Win32OpenSSL-0_9_8h.exe" target="_top" rel="nofollow">http://www.slproweb.com/download/Win32OpenSSL-0_9_8h.exe</a>>' <br>for windows(XP) and installed on my local machine, now i am trying to open <br>'openSSL.exe'  from command prompt it is giving the error like: the <br>application has failed to start, the application configuration is incorrect. <br><br>Is there any system requirement VC++ ? <br>or <br>any extra thingy i need to perform? Please help me out <br><br>Thanks & Regards <br>Satya N Tailor <br><br>----- End forwarded message ----- <br>-- <br>Lutz Jaenicke           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274221&i=3" target="_top" rel="nofollow">jaenicke@...</a> <br>OpenSSL Project         <a href="http://www.openssl.org/~jaenicke/" target="_top" rel="nofollow">http://www.openssl.org/~jaenicke/</a><br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274221&i=4" target="_top" rel="nofollow">openssl-users@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274221&i=5" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18292965 ECDH 2008-07-03T23:06:18Z 2008-07-03T23:06:18Z Pietro Albano Hi all, <br>I must develop a simple program to do ECDH. This is an example of what i <br>think: <br><br><br>EC_POINT_mul(group,Q,NULL,EC_KEY_get0_public_key(a),EC_KEY_get0_private_key(a),ctx); <br><br>EC_POINT_mul(group,R,NULL,EC_KEY_get0_public_key(a),EC_KEY_get0_private_key(b),ctx); <br><br>EC_POINT_mul(group,A,NULL,Q,EC_KEY_get0_private_key(b),ctx); <br>    <br>EC_POINT_mul(group,B,NULL,R,EC_KEY_get0_private_key(a),ctx); <br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18292965&i=0" target="_top" rel="nofollow">openssl-users@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18292965&i=1" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18273017 IPv6 Support 2008-07-03T21:59:22Z 2008-07-03T21:59:22Z kamakshi.krish <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=us-ascii"> <META content="MSHTML 6.00.2900.3354" name=GENERATOR></HEAD> <BODY> <DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV> <DIV><SPAN class=296195704-04072008><FONT face=Arial color=#0000ff size=2>Hi,</FONT></SPAN></DIV> <DIV><SPAN class=296195704-04072008><FONT face=Arial color=#0000ff size=2> I am new to openSSL. I would like to know if openSSL supports IPv6 at the socket level. If yes, which version of openSSL supports this feature ?</FONT></SPAN></DIV> <DIV><SPAN class=296195704-04072008><FONT face=Arial color=#0000ff size=2></FONT></SPAN> </DIV> <DIV><SPAN class=296195704-04072008><FONT face=Arial color=#0000ff size=2>thanks and regards,</FONT></SPAN></DIV> <DIV><SPAN class=296195704-04072008><FONT face=Arial color=#0000ff size=2>Kamakshi</FONT></SPAN></DIV><P><strong><span style='font-size:10.0pt;font-family: "Palatino Linotype","serif";color:green'> Please do not print this email unless it is absolutely necessary. </span></strong><span style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p> <p> The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. </p> <p>WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. </p> <p> www.wipro.com </p> </BODY></HTML> <p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18274209 RE: [FWD] request UP UX openssl A.00.09.07l 2008-07-03T17:07:53Z 2008-07-03T17:07:53Z Huey, Mike You could update to the latest OpenSSL from HP-UX: <a href="http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I" target="_top" rel="nofollow">http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I</a><br><br>This contains FIPS 1.1.2 OpenSSL <br><br>FIPS OpenSSL, used in FIPS mode, does restrict the algorithms used to a subset of the normal list of OpenSSL algorithms. <br><br>See: <a href="http://oss-institute.org/fips-faq.html#a6" target="_top" rel="nofollow">http://oss-institute.org/fips-faq.html#a6</a> for a list of algorithms supported in FIPS mode. <br><br>Regards, <br>-Mike <br><br>-----Original Message----- <br>From: <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274209&i=0" target="_top" rel="nofollow">owner-openssl-users@...</a> [mailto:<a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274209&i=1" target="_top" rel="nofollow">owner-openssl-users@...</a>] On Behalf Of Lutz Jaenicke <br>Sent: Monday, June 30, 2008 12:04 AM <br>To: <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274209&i=2" target="_top" rel="nofollow">openssl-users@...</a> <br>Cc: Soverini Luca <br>Subject: [FWD] request UP UX openssl A.00.09.07l <br><br>Forwarded to openssl-users for public discussion. <br><br>Best regards, <br>        Lutz <br><br>----- Forwarded message from Soverini Luca <<a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274209&i=3" target="_top" rel="nofollow">luca.soverini@...</a>> ----- <br><br>Importance: normal <br>Priority: normal <br>From: Soverini Luca <<a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274209&i=4" target="_top" rel="nofollow">luca.soverini@...</a>> <br>To: <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274209&i=5" target="_top" rel="nofollow">rt@...</a> <br>Date: Fri, 27 Jun 2008 15:46:56 +0200 <br>Subject: request UP UX  openssl A.00.09.07l <br>Thread-Topic: request UP UX  openssl A.00.09.07l <br>thread-index: AcjYXEOhcfCnezkxSVmEAjNRSa5lIQ== <br>Accept-Language: it-IT, en-US <br>acceptlanguage: it-IT, en-US <br><br>Can i have a help? How I can disable in openssl, HPUX platform  SSV2 and weak cipher in favour of large encryption keys? <br><br>Cordiali saluti <br><br>    Luca Soverini <br><br>T.IO.DC.NE <br>Delivery & Operations/Server Unix <br><br>____________________________________________________________________________________ <br>Le informazioni contenute o allegate alla mail sono classificate :TELECOM S.p.A. - Uso interno - e sono dirette unicamente al destinatario in indirizzo che si impegna a mantenere riservate le informazioni relative alla presente. Chiunque riceva questa mail per errore è tenuto ad informare immediatamente il mittente ed a distruggere le informazioni in essa contenute. <br>Si ringrazia per la collaborazione. <br><br><br>-------------------------------------------------------------------- <br><br>CONFIDENTIALITY NOTICE <br><br>This message and its attachments are addressed solely to the persons above and may contain confidential information. If you have received the message in error, be informed that any use of the content hereof is prohibited. Please return it immediately to the sender and delete the message. Should you have any questions, please contact us by replying to <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274209&i=6" target="_top" rel="nofollow">webmaster@...</a>. <br><br>        Thank you <br><br>                                        www.telecomitalia.it <br><br>-------------------------------------------------------------------- <br><br><br>----- End forwarded message ----- <br>-- <br>Lutz Jaenicke           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274209&i=7" target="_top" rel="nofollow">jaenicke@...</a> <br>OpenSSL Project         <a href="http://www.openssl.org/~jaenicke/" target="_top" rel="nofollow">http://www.openssl.org/~jaenicke/</a><br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274209&i=8" target="_top" rel="nofollow">openssl-users@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274209&i=9" target="_top" rel="nofollow">majordomo@...</a> <br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274209&i=10" target="_top" rel="nofollow">openssl-users@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18274209&i=11" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18265020 where to get SSL_CTX_set_psk_client_callback?? 2008-07-03T10:54:13Z 2008-07-03T10:54:13Z yozhang Hi, <br><br>Where to get functions related to PSK? Does it need a special patch? I <br>downloaded 0.9.8a/g/h openssl, <br>but I can not find it. But I can see its man page in the openssl docs site. <br><br>Thanks! <br><br>Yong <br><br><br><a href="http://www.openssl.org/docs/ssl/SSL_CTX_set_psk_client_callback.html" target="_top" rel="nofollow">http://www.openssl.org/docs/ssl/SSL_CTX_set_psk_client_callback.html</a><br><br>#include <openssl/ssl.h> <br><br> void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, <br>        unsigned int (*callback)(SSL *ssl, const char *hint, <br>        char *identity, unsigned int max_identity_len, <br>        unsigned char *psk, unsigned int max_psk_len)); <br> void SSL_set_psk_client_callback(SSL *ssl, <br>        unsigned int (*callback)(SSL *ssl, const char *hint, <br>        char *identity, unsigned int max_identity_len, <br>        unsigned char *psk, unsigned int max_psk_len)); <br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>User Support Mailing List                    <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18265020&i=0" target="_top" rel="nofollow">openssl-users@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18265020&i=1" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18262852 Re: query 2008-07-03T09:09:28Z 2008-07-03T09:09:28Z Brad House > 2) If I've to add crypto accelerator support in openssl for linux then which is better approach <br>> a) I directly write an engine <br>> b) I use engine written for OCF and I just write my module for OCF in kernel <br><br> From my limited experience with OCF I remember a _significant_ <br>performance penalty for each call, assumed because of the <br>penalty for transferring data to/from kernel-land.  The only <br>time I saw a benefit was for the larger block sizes... <br><br>Here is a post I made a while back, it has some performance <br>statistics for OCF vs software on a Geode... <br><a href="http://busybox.net/lists/buildroot/2007-August/004810.html" target="_top" rel="nofollow">http://busybox.net/lists/buildroot/2007-August/004810.html</a><br><br>Basically, if you can do it by writing a real OpenSSL engine, my guess <br>is that it will probably be faster and a better course of action.  That <br>said, I haven't run any tests on hardware supported by both OCF and <br>directly as an OpenSSL engine to provide any real knowledge there, <br>perhaps someone else could better answer your question. <br><br>-Brad <br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>Development Mailing List                       <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18262852&i=0" target="_top" rel="nofollow">openssl-dev@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18262852&i=1" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---Dev-f980.html" embed="fixTarget[980]" target="_top" >OpenSSL - Dev</a></p> tag:www.nabble.com,2006:post-18262566 Re: Verification of X509 certificate 2008-07-03T08:23:43Z 2008-07-03T08:23:43Z Patrick Patterson-3 Hi Konrad: <br><br>Konrad Kleine wrote: <br>> I also posted this question on the users mailing list. <br>> <br>> Hello, <br>> <br>> we are writing an client/server-application in C/C++ using OpenSSL. <br>> <br><SNIP> <br><br>> That's fine, but is it possible to verify the server's certificate on <br>> client side by specifying a whole directory or a perhaps the copy of the <br>> server's certificate file directly? <br>> <br>> In our examples, verification fails if we don't specify a file that <br>> contains the CA certificate among others. <br>> <br>This is actually correct behaviour - in order to check a certificates <br>validity, you need to check: <br><br>1: That it was signed by a "trusted" CA <br>2: That it is in it's validity period <br>3: That it isn't revoked. <br>4: That it is being used according to any critical extensions. <br>5: You SHOULD check and make sure that non-critical extensions are <br>obeyed as well. <br>6: That it was issued according to a Certificate Policy that you have <br>chosen. <br><br><br>The OpenSSL verification routines do a fairly good job of handling <br>1,2,3,and 4,  although you have to supply your own code to handle CRL <br>Distribution Points and the actual downloading of the CRL, you have to <br>provide an already built trust path, since AIA chasing isn't possible <br>directly from within the OpenSSL Verification routines (which is <br>probably a good thing :), and there are only a small number of critical <br>fields that OpenSSL can handle by default. To handle the full set of <br>requirements, including 5 and 6, you have to implement custom routines <br>yourself, or use something like Pathfinder <br>(<a href="http://pathfinder-pki.googlecode.com" target="_top" rel="nofollow">http://pathfinder-pki.googlecode.com</a>). <br><br>So, you should be providing the CA that signed the Server cert to the <br>client (or else, how do you know and trust the signature in the server <br>certificate ??). Just checking the server certificate doesn't actually <br>get you anything (if you are just going to do that, don't use <br>certificates, and just use some form of shared secret). <br><br>Have fun. <br><br>Patrick. <br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>Development Mailing List                       <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18262566&i=0" target="_top" rel="nofollow">openssl-dev@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18262566&i=1" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---Dev-f980.html" embed="fixTarget[980]" target="_top" >OpenSSL - Dev</a></p> tag:www.nabble.com,2006:post-18261166 pkcs12 friendly name segfault in 0.9.8h 2008-07-03T07:48:47Z 2008-07-03T07:48:47Z Bruce Stephens-4 In 0.9.8g (the Debian package of it, anyway), this works: <br><br>   openssl  pkcs12 -export -name "name" -inkey 1215091299.pem -in certs.pem -out p12.p12 <br><br>(where those files have appropriate types, and certs.pem contains a <br>user certificate and a CA certificate.) <br><br>In 0.9.8h which I just built, it segfaults.  -caname seems to be fine. <br><br>(The test suite completes apparently without an error, so I guess <br>there's no test for this.) <br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>Development Mailing List                       <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18261166&i=0" target="_top" rel="nofollow">openssl-dev@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18261166&i=1" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---Dev-f980.html" embed="fixTarget[980]" target="_top" >OpenSSL - Dev</a></p> tag:www.nabble.com,2006:post-18262656 query 2008-07-03T04:08:05Z 2008-07-03T04:08:05Z Manish RATHI Hi, <br>Can any one tell me <br>1) when I call SSL_write() in application then which layer/code <br>actually does encryption of data? <br>As per my understanding, SSL_write() calls write callback of SSL object. <br>2) If I've to add crypto accelerator support in openssl for linux then which is better approach <br>        a) I directly write an engine <br>        b) I use engine written for OCF and I just write my module for OCF in kernel <br><br><br><br>Thanks <br>Regards <br>Manish <br>______________________________________________________________________ <br>OpenSSL Project                                 <a href="http://www.openssl.org" target="_top" rel="nofollow">http://www.openssl.org</a><br>Development Mailing List                       <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18262656&i=0" target="_top" rel="nofollow">openssl-dev@...</a> <br>Automated List Manager                           <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18262656&i=1" target="_top" rel="nofollow">majordomo@...</a> <br><p>From forum: <a href="http://www.nabble.com/OpenSSL---Dev-f980.html" embed="fixTarget[980]" target="_top" >OpenSSL - Dev</a></p> tag:www.nabble.com,2006:post-18262630 SSL_connect returns -1 2008-07-03T03:42:59Z 2008-07-03T03:42:59Z Tejesh Vijayakumar <br><font size=2 face="Trebuchet MS">Hi</font> <br> <br><font size=2 face="Trebuchet MS">I have ported Xsupplicant(EAP) code on Vxworks platform for a wireless modem.</font> <br><font size=2 face="Trebuchet MS">I am testing TLS authentication. Currently i am able to receive "server certificate, server key exchange, server hello done" messages from</font> <br><font size=2 face="Trebuchet MS">the server. But I am unable to send "client certificate, client key exchange, client change cipher spec"messages.</font> <br><font size=2 face="Trebuchet MS">SSL_connect returns -1 and ERR_get_error(..) returns 0. and the error is </font> <br><font size=2 face="Trebuchet MS">SYS_ERROR_SYSCALL. errno is also 0. </font> <br><font size=2 face="Trebuchet MS">could someone tell me why is this happening?</font> <br> <br> <br> <br><font size=2 face="Trebuchet MS">Regards,<br> Tejesh Vijayakumar<br> Software Engineer,<br> Product Engineering Services[PES] Group,<br> <br> Contact Details<br> ---------------------------------------------------------------<br> e-mail: <a href="http://www.nabble.com/user/SendEmail.jtp?type=post&post=18262630&i=0" target="_top" rel="nofollow">tejesh.vijayakumar@...</a><br> L&T Infotech,<br> Plot 25-31, EPIP Phase II,<br> KIADB Industrial Area,<br> Whitefield, Bangalore 66. <br> India GMT +5 30 Hours<br> ----------------------------------------------------------------<br> Telephone(office): +91 80 66242424 Extn 2429<br>                            +91 80 66242429 (Direct)<br> <b><br> Larsen & Toubro Infotech Ltd.</b></font><font size=2 color=blue face="Trebuchet MS"><u><br> </u></font><a href=http://www.lntinfotech.com target="_top" rel="nofollow" /><font size=2 color=blue face="Trebuchet MS"><u>www.Lntinfotech.com</u></font></a><font size=2 face="Trebuchet MS"><br> <br> This Document is classified as: <br> <br> L&T Infotech Proprietary   L&T Infotech Confidential   L&T Infotech Internal Use Only   L&T Infotech General Business   <br> <br> This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. </font> <BR> ______________________________________________________________________<BR> <p>From forum: <a href="http://www.nabble.com/OpenSSL---User-f981.html" embed="fixTarget[981]" target="_top" >OpenSSL - User</a></p> tag:www.nabble.com,2006:post-18255334 Re: Verification of X509 certificate 2008-07-03T02:23:30Z 2008-07-03T02:23:30Z wolfoftheair The CA is the point of trust -- the "trust anchor".  Since the server <br>certificate is issued by the anchor, the client needs the anchor's <br>certificate to be able to verify it. <br><br>If you want to bypass this, look at the definition of <br>SSL_set_verify().  If your verification callback returns 0, the <br>certificate is considered unverified.  If it returns 1, the <br>certificate is considered verified.  It is YOUR code that must make <br>this determination; usually this includes checking a local certificate <br>store for a certificate with a CN= the FQDN of the server, and then <br>seeing if the key used for the connection matches the one in that <br>certificate.  OpenSSL won't do this for you automatically if you don't <br>have the se