DH_check() claims that RFC 3526 groups have DH_NOT_SUITABLE_GENERATOR
Hello, MODP groups specified in RFC 3526 work fine once encoded as PKCS#3 DH parameters, e.g.: openssl genpkey -paramfile dh8192.pem -out private.pem openssl genpkey -paramfile dh8192.pem -out private2.pem openssl pkey -in private.pem -pubout -out public.pem openssl pkey -in private2.pem -pubout -out public2.pem openssl pkeyutl -derive -inkey private.pem -peerkey public2.pem -out secret openssl pkeyutl -derive -inkey private2.pem -peerkey public.pem -out secret2 cmp secret secret2 However, DH_check() claims that these DH parameters have unsuitable generator, apparently due to: /* Check that p is a safe prime and * if g is 2, 3 or 5, check that it is a suitable generator * where * for 2, p mod 24 == 11 * for 3, p mod 12 == 5 * for 5, p mod 10 == 3 or 7 * should hold. */ (in openssl-1.0.0e/crypto/dh/dh_check.c) At least some of the primes in RFC 3526 (I checked 2048, 4096, and 8192) are congruent to 23 modulo 24, not 11. Is this some kind of oversight, or is RFC 3526 not suitable for DH secrets derivation using OpenSSL, or is DH_check() supposed to be only used for checking parameters generated with DH_generate_parameters()? Thanks, Maxim [1] http://tools.ietf.org/html/rfc3526 [2] http://pastebin.com/31MZYw85 - dh8192.pem above __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: CMS: message digest algorithm selection is ignored when signing receipts (+ peer-review request)
On Tue, Dec 7, 2010 at 01:50, Dr. Stephen Henson st...@openssl.org wrote: On Tue, Dec 07, 2010, Maxim Kammerer wrote: The command-line argument -md to openssl cms -sign_receipt is apparently ignored, and the default digest algorithm (SHA-1 in my tests) is used instead. At present this is a limitation of the API: there is no option to specify an alternative digest. I'll have to see if there is an easy way to fix this without a new API. It would be relatively easy to use the same digest as the original content instead of using the default public key algorithm digest. Any news on this issue? openssl cms -sign_receipt still used SHA-1 in my tests for 1.0.0d. Thanks, Maxim (please CC me on replies) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: CMS: message digest algorithm selection is ignored when signing receipts (+ peer-review request)
On Tue, Dec 7, 2010 at 01:50, Dr. Stephen Henson st...@openssl.org wrote: On Tue, Dec 07, 2010, Maxim Kammerer wrote: The command-line argument -md to openssl cms -sign_receipt is apparently ignored, and the default digest algorithm (SHA-1 in my tests) is used instead. At present this is a limitation of the API: there is no option to specify an alternative digest. I'll have to see if there is an easy way to fix this without a new API. It would be relatively easy to use the same digest as the original content instead of using the default public key algorithm digest. Any news on this issue? openssl cms -sign_receipt still uses SHA-1 in my tests for 1.0.0d. Thanks, Maxim __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: CMS: message digest algorithm selection is ignored when signing receipts (+ peer-review request)
The command-line argument -md to openssl cms -sign_receipt is apparently ignored, and the default digest algorithm (SHA-1 in my tests) is used instead. In addition, the -noattr argument has the same effect as -nosmimecap, apparently leaving some unnecessary attributes (like signing time) - contrary to the manual. Maybe it wasn't clear from my post, but this issue is a bug, not a missing feature. The CMS structure for -sign_receipt is very similar to one for -sign, and both have a field for the selected message digest algorithm (visible with openssl cms -cmsout -noout -print -in receipt.sig). Not so sure about -noattr/-nosmimecap, though. Maxim __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
CMS: message digest algorithm selection is ignored when signing receipts (+ peer-review request)
I am implementing a two-party messages exchange system based on CMS for Liberté Linux (http://dee.su/liberte). The command-line argument -md to openssl cms -sign_receipt is apparently ignored, and the default digest algorithm (SHA-1 in my tests) is used instead. In addition, the -noattr argument has the same effect as -nosmimecap, apparently leaving some unnecessary attributes (like signing time) - contrary to the manual. Also, the last option marker - for openssl verify doesn't work, contrary to the man page (perhaps the manual should be fixed). The version is OpenSSL 1.0.0a on Gentoo Linux. The script I use can be seen here: https://liberte.svn.sourceforge.net/svnroot/liberte/trunk/liberte/src/home/anon/bin/cable . Incidentally, I will be glad for some critical peer-review. * ${certdir} contains user's certificates, and ${msgdir} contains untrusted certificates fetched from the other end * The principle is described briefly in the first section at at http://dee.su/liberte-security * The initial communication protocol description is at https://liberte.svn.sourceforge.net/svnroot/liberte/trunk/liberte/doc/cable.txt * Certificates generation is performed in https://liberte.svn.sourceforge.net/svnroot/liberte/trunk/liberte/src/home/anon/bin/gen-anon-username . Thanks, Maxim __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org