Tag: openssl

Use openssl APIs to generate initial secrets of QUIC

From QUIC draft 29:

The secrets for the Initial encryption level are computed based on the client’s initial Destination Connection ID, as described in Section 5.2.

There is also an example about the secrets of initial packets, and I used openssl APIs to demonstrate it:

# ./main
initial_secret(32): 1e7e7764529715b1e0ddc8e9753c61576769605187793ed366f8bbf8c9e986eb
client_in_secret(32): 0088119288f1d866733ceeed15ff9d50902cf82952eee27e9d4d4918ea371d87
quic_key(16): 175257a31eb09dea9366d8bb79ad80ba
quic_iv(12): 6b26114b9cba2b63a9e8dd4f
quic_hp(16): 9ddd12c994c0698b89374a9c077a3077

P.S., the code can be downloaded here.

References:
What am I doing wrong?;
HKDF context re-use issue;
HKDF实现.

Install openssl-0.9.8 for SAP HANA

SAP HANA has a special love for openssl-0.9.8, so to install SAP HANA, you must first get openssl-0.9.8 dynamic library ready:

(1) Download openssl-0.9.8 source code from here, and uncompress it.

(2) To build dynamic library, you should add shared option when configuring:

./config shared
make
make install_sw

(3) Because the default installation directory is /usr/local/ssl, to let SAP HANA find the openssl library, you should add/usr/local/ssl/lib into /etc/ld.so.conf file:

# cat /etc/ld.so.conf
/usr/local/ssl/lib
/usr/local/lib64
/usr/local/lib
include /etc/ld.so.conf.d/*.conf
# /lib64, /lib, /usr/lib64 and /usr/lib gets added
# automatically by ldconfig after parsing this file.
# So, they do not need to be listed.

Then execute ldconfig command:

# ldconfig

It is OK for installing SAP HANA now.