I hear you. Let me discuss this with my colleagues, and get back to the list
if they see good reasons to add this check.
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
From: Bill Cox
Sent: Friday, July 31, 2015 20:09
To: openssl-dev@openssl.org
Reply To:
On Fri, Jul 31, 2015 at 4:43 PM, Blumenthal, Uri - 0553 - MITLL
u...@ll.mit.edu wrote:
I think adding the recommended check would be beneficial. Considering the
frequency of key generation, performance impact shouldn't matter all that
much.
Samuel's argument above is one I've heard before
On Fri, Jul 31, 2015 at 11:31:08PM +, p...@securecottage.com wrote:
I have checked through the key generation code of the openssl ssl code.
Not carefully enough...
I
hacked it to report the greatest common divisor of p-1 and q-1. I then ran
100 key generations. It only had greatest
The cryptographic engineering team at Blue Coat systems is conducting a review
of OpenSSL and have found the following minor bug. We would appreciate your
consideration.
Observe the following lines in evp_enc.c:
if (in-cipher_data in-cipher-ctx_size) {
out-cipher_data =
My feeling is that you should not be copying an EVP if data is NULL and that
the earlier null checks are erroneous. But I could be wrong.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Please see https://www.openssl.org/blog/blog/2015/08/01/cla/ for some more
details.
Summary: Moving to Apache 2, CLA's coming, it will take time.
--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz
___
openssl-dev
Hi Matt,
Thanks for the details. I can compile the same without any issues for Linux
platform. But facing issues with Windows currently.
Thanks,
Kannan Narayanasamy.
-Original Message-
From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Matt
Caswell
Sent: Friday,
Hi All,
Any pointers on this much appreciated.
Thanks,
Kannan Narayanasamy.
-Original Message-
From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Kannan
Narayanasamy -X (kannanar - HCL TECHNOLOGIES LIMITED at Cisco)
Sent: Monday, July 27, 2015 9:39 AM
To:
Hi Julius,
I am afraid this is not related to the 'dev' list.
Did you try to modify the order of your header files as mentioned on several
other forums ?
http://comments.gmane.org/gmane.comp.encryption.openssl.devel/14135
(and include WinSock2.h before windows.h)
Regards,
Michel
Hi Julius,
I am afraid this is not related to the 'dev' list.
Did you try to modify the order of your header files as mentioned on several
other forums ?
http://comments.gmane.org/gmane.comp.encryption.openssl.devel/14135
(and include WinSock2.h before windows.h)
Regards,
Michel
On 31/07/15 13:51, Kannan Narayanasamy -X (kannanar - HCL TECHNOLOGIES
LIMITED at Cisco) wrote:
Hi All,
Any pointers on this much appreciated.
I just tried it and those options appear to be broken for 0.9.8. I
suspect they've been that way for a long time. That version is only
receiving
Hi,
On Fri, 31 Jul 2015 14:37:30 +
Salz, Rich rs...@akamai.com wrote:
Please see https://www.openssl.org/blog/blog/2015/08/01/cla/ for some
more details.
Summary: Moving to Apache 2, CLA's coming, it will take time.
This is a huge step if it works (I leave it up to the lawyers to
fixed, thanks!
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
fixed in master and 1.0.2, thanks.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
comment fixed in 1.0.2 and master, thanks.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
merged into master, thanks!
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
PR merged, thanks.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Fri, Jul 31, 2015 at 02:36:03AM +, p...@securecottage.com wrote:
Hi there,
I have looked at the RSA protocol a bit and have concluded that
1) common factors in (p-1) and (q-1) are also in the factorisation of
(p*q-1). 2) by factoring (p*q-1) you can come up with candidates for
When using 'openssl cms -encrypt -aes-256-gcm' the algorithm generated is
encoded as:
SEQUENCE(2 elem)
OBJECT IDENTIFIER2.16.840.1.101.3.4.1.46
OCTET STRING(12 byte)
But RFC 5084 (Using AES-CCM and AES-GCM Authenticated Encryption in the
Cryptographic Message Syntax
On Thu, Jul 30, 2015 at 11:00:45AM +0100, Matt Caswell wrote:
On 28/07/15 15:09, Jouni Malinen wrote:
The remaining issue for EAP-FAST server is in the
SSL_set_session_secret_cb() callback not having access to the correct
server_random through SSL_get_server_random().
Is this still a
On Fri, Jul 31, 2015 at 12:29 PM, Hanno Böck ha...@hboeck.de wrote:
Salz, Rich rs...@akamai.com wrote:
Please see https://www.openssl.org/blog/blog/2015/08/01/cla/ for some
more details.
Summary: Moving to Apache 2, CLA's coming, it will take time.
This is a huge step if it works (I
+1
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
Original Message
From: Hanno Böck
Sent: Friday, July 31, 2015 12:55
To: openssl-dev@openssl.org
Reply To: openssl-dev@openssl.org
Subject: Re: [openssl-dev] We're working on license changes
Hi,
On Fri, 31 Jul
On Thursday 30 July 2015 15:09:18 Viktor Dukhovni wrote:
On Sun, Jun 21, 2015 at 07:00:55PM +, Giuseppe D'Angelo via RT wrote:
diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index c2d40ac..7fbe3a4 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -585,10
On Fri, Jul 31, 2015 at 11:19:39AM -0700, Bill Cox wrote:
Cool observation. From running a bit of Python code, it looks like the
probability that GCD(p-1, p-q) == 4 is a bit higher than 15%, at least for
random numbers between 2048 and 4096 bits long. It looks like putting in a
GCD(p-1,
On Fri, Jul 31, 2015 at 05:35:51PM +, Laetitia Baudoin via RT wrote:
When encrypting using the 'openssl cms -encrypt -aes-256-gcm' command an
all zero IV is used, this breaks any guarantees provided by the GCM
mode (see NIST Special Publication 800-38D).
Cool observation. From running a bit of Python code, it looks like the
probability that GCD(p-1, p-q) == 4 is a bit higher than 15%, at least for
random numbers between 2048 and 4096 bits long. It looks like putting in a
GCD(p-1, q-1) check will slow down finding suitable p and q by around a
-curves, -sigalgs, -client_sigalgs are not documented in s_client and s_server
-help messages
fixes:
https://github.com/openssl/openssl/pull/351 (1.0.2)
https://github.com/openssl/openssl/pull/350 (master)
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
On Fri, Jul 31, 2015 at 11:19:39AM -0700, Bill Cox wrote:
Cool observation. From running a bit of Python code, it looks like
the probability that GCD(p-1, p-q) == 4 is a bit higher than 15%, at
least for random numbers between 2048 and 4096 bits long. It looks
like putting in a GCD(p-1, q-1)
On Fri, Jul 31, 2015 at 12:35 PM, mancha manc...@zoho.com wrote:
If so, here's my quick dirty back-of-envelope calculation (mod bound)
for the probability the gcd of two randomly chosen integers x,y is at
most k:
k p(gcd(x,y)=k)
- --
1 60.79%
2 75.99%
On 31/07/15 18:51, Jouni Malinen wrote:
This is the relevant part of that commit:
@@ -1602,13 +1585,13 @@ int ssl3_send_server_hello(SSL *s)
if (s-state == SSL3_ST_SW_SRVR_HELLO_A) {
buf = (unsigned char *)s-init_buf-data;
-#ifdef OPENSSL_NO_TLSEXT
+
p =
On 31/07/15 20:15, Matt Caswell wrote:
On 31/07/15 18:51, Jouni Malinen wrote:
This is the relevant part of that commit:
@@ -1602,13 +1585,13 @@ int ssl3_send_server_hello(SSL *s)
if (s-state == SSL3_ST_SW_SRVR_HELLO_A) {
buf = (unsigned char *)s-init_buf-data;
When encrypting using the 'openssl cms -encrypt -aes-256-gcm' command an
all zero IV is used, this breaks any guarantees provided by the GCM
mode (see NIST Special Publication 800-38D).
Version tested: openssl 1.0.2d on linux x86_64.
Example:
openssl cms -encrypt -in message.txt -out
On Fri, Jul 31, 2015 at 07:24:15PM +0200, Hubert Kario wrote:
Question, should we really be adding new RC4 or new 3DES ciphersuites?
Both ciphers are rather obsolete now. And we even have an RFC that
bans RC4. While I have been known to resist potentially premature
removal of *existing*
On Fri, 2015-07-31 at 03:09 +, Salz, Rich wrote:
If requested, I can still provide a patch with the alternative variant of
using a
X509_V_FLAG_NO_CHECK_TIME flag if that's considered better than using a
'special' time of (time_t)-1 with X509_VERIFY_PARAM_set_time().
Yes, please.
On Fri, 2015-07-31 at 03:09 +, Salz, Rich wrote:
If requested, I can still provide a patch with the alternative variant of
using a
X509_V_FLAG_NO_CHECK_TIME flag if that's considered better than using a
'special' time of (time_t)-1 with X509_VERIFY_PARAM_set_time().
Yes, please.
On 31-07-2015 22:03, Viktor Dukhovni wrote:
Is finding sufficiently large factors a tractable problem?
p-1 will usually have a large prime factor. But for q-1 to have the same prime
factor is highly unlikely. The
probability that GCD(n1, n2) = d for random n1, n2 is 6/(d^2 pi^2). For
RSA-1024
Hi Mancha,
Since p*q-1==(p-1)*(q-1)+(p-1)+q-1) any prime that divides (p-1) and
(q-1) will divide all 4 of the terms in the definition of p*q-1. Thus
it will be a common factor in the totient.
I have checked through the key generation code of the openssl ssl
code. I hacked it to report
I think adding the recommended check would be beneficial. Considering the
frequency of key generation, performance impact shouldn't matter all that
much.
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
Original Message
From: p...@securecottage.com
Sent:
On Fri, Jul 31, 2015 at 01:42:01PM -0700, Bill Cox wrote:
You are correct, or at least very close. I was testing for GCD(p-1, q-1)
== 4, when I should have been testing for GCD(p-1, q-1) == 2, since p-1 and
q-1 are known to be even. Fixing that, I see that the probability of
having GCD(p-1,
39 matches
Mail list logo
