Re: openssl-1.0.0a and glibc detected sthg ;)
On Sun, Aug 08, 2010 at 02:46:33AM +0200, Mounir IDRASSI wrote: > Hi, > hi, 10x for your reply. i have no complaints about the openssl key generation process for rsa keys of this size. and don't expect vanilla openssl to do correct math with this key. > I checked the parameters of your 4008 bits key and it is indeed > invalid (q is not prime). agreed. (though the *public* key seems fine, even with the weak factor) > How did you generate it? It would be surprising if it was done > through OpenSSL. pen and paper ;-) first trial factoring, then (optionally) a few elliptic curves, then fermat's little theorem. i know a deterministic primality test would be more scientific, but it is a bit slower on paper ;-) > Anyway, you must generate a new RSA key. > yeah, i am generating a new key. sorry for the composite miztake. > -- > Mounir IDRASSI > IDRIX > http://www.idrix.fr > > On 8/7/2010 1:21 PM, Georgi Guninski wrote: > >openssl-1.0.0a on ubuntu, debian and arch. > >attached a private key and a cert. > > > >~/local/bin/openssl s_server -www -accept -cert /tmp/CA.cert -key > >/tmp/CA.key > > > >~/local/bin/openssl s_client -connect localhost: > > > >depth=0 CN = CA > >verify return:1 > >*** glibc detected *** /home/build/local/bin/openssl: double free or > >corruption (fasttop): 0x00979300 *** > > > > ~/local/bin/openssl rsa -check -in /tmp/CA.key |more > >writing RSA key > >RSA key error: q not prime # definitely > > __ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: openssl-1.0.0a and glibc detected sthg ;)
Hi, I checked the parameters of your 4008 bits key and it is indeed invalid (q is not prime). How did you generate it? It would be surprising if it was done through OpenSSL. Anyway, you must generate a new RSA key. -- Mounir IDRASSI IDRIX http://www.idrix.fr On 8/7/2010 1:21 PM, Georgi Guninski wrote: openssl-1.0.0a on ubuntu, debian and arch. attached a private key and a cert. ~/local/bin/openssl s_server -www -accept -cert /tmp/CA.cert -key /tmp/CA.key ~/local/bin/openssl s_client -connect localhost: depth=0 CN = CA verify return:1 *** glibc detected *** /home/build/local/bin/openssl: double free or corruption (fasttop): 0x00979300 *** ~/local/bin/openssl rsa -check -in /tmp/CA.key |more writing RSA key RSA key error: q not prime # definitely __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
How to locate the X.509 specifications
I was asked this morning where to find the X.509 specification, since http://itu.int/ is such a messy website. I'll point you to the general location, because it's a better piece of information to have than the exact location. (There are other recommendations that X.509 refers to, and being able to find *all* of them is key to being able to understand the spec.) The sector that we are interested in is called "ITU-T, Standardization" (as opposed to ITU-R, Radiocommunications). http://www.itu.int/en/ITU-T/publications/Pages/recs.aspx To get to X.509 from there, click the 'X' (above Y and Z), for 'Data networks, open system communications and security". That'll take you to: http://www.itu.int/itu-t/recommendations/index.aspx?ser=X . This is a tree view; you want the node labelled 'X.500-X.599: Directory'. Then, select X.509 (it's the third in the tree). The 11/2008 version (Edition 6) is only available for a fee (85 Swiss Francs), and so the version that I work from is Edition 5 (which is available for no fee). And, according to XE.com, CHF 1,00 represents USD $0.9626 at midmarket rates today (2010/08/07). -Kyle H smime.p7s Description: S/MIME Cryptographic Signature
openssl-1.0.0a and glibc detected sthg ;)
openssl-1.0.0a on ubuntu, debian and arch. attached a private key and a cert. ~/local/bin/openssl s_server -www -accept -cert /tmp/CA.cert -key /tmp/CA.key ~/local/bin/openssl s_client -connect localhost: depth=0 CN = CA verify return:1 *** glibc detected *** /home/build/local/bin/openssl: double free or corruption (fasttop): 0x00979300 *** ~/local/bin/openssl rsa -check -in /tmp/CA.key |more writing RSA key RSA key error: q not prime # definitely CA.key Description: application/pgp-keys -BEGIN CERTIFICATE- MIIE9DCCAuegAwIBAgIJAM0Vp3F9zD86MA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV BAMTAkNBMB4XDTEwMDgwNzA5MTQxMFoXDTExMDgwNzA5MTQxMFowDTELMAkGA1UE AxMCQ0EwggIWMA0GCSqGSIb3DQEBAQUAA4ICAwAwggH+AoIB9TX4Eo4zvnzt6RIG +EleSA89D6zfHzPx2L9jsZPxZcJ01lYDGiOAuFW09lloJ6iLMSS2GlA8pB5/1E8u 75vubs0w4L1QPrMRxQdUjp/j9yWwCxvYraL2tfyJVxTmMn6vUcZ5nuU7O3f6VBP1 hD4LeKII9H0sp5PzWaoXy/gBQKdAn7dV7dlCS/8V4AjF/HCqY/mwjkjdB37WEqQj j/vYICARw7hdOKOW3D86uN4g209Kwc1wf34TUZCYVdP77o0xXHgaz9L10+j5cBSz viC2Z7nOJ0mneAJSlEC892nvMoIvMhYwYr/twZjudNNc4tIXyfeQqM34AlwHYn3y Jo560YpzX2IF1cs6wFdDqJxpyW1VuYlZAFbufn9A86wsFBr0QxppDjcaxZqBVOdz t7bi8nXJE+JWpIDDrAW4T2ihqZENNbM7gkNL8+bjg3LcG2jbUOr3H5zVK+Q0x9+6 tLdIG5iRQCu8OI4Rd8nl8SqBAqjAXgniqRFqEzTKMEXN/9hzwl+jL2PrUfHOUxh3 J3IgAlqmlwVh+1gJl9VJf1DEn3Yn3ffMSLl/2L2dTVDxvoHnsjPEgtIAg6QzZR71 SQWeAHaZE3bJQAz1X9nWIxhw7bnRRj/EhwHJMQEalRRu2jIq+WN3aovrAMKEJeeL U5i9LzVW8lLX7QIDAQABo24wbDAdBgNVHQ4EFgQUOod0n0f3AaUF0Tf9ttbmA3Fc EjowPQYDVR0jBDYwNIAUOod0n0f3AaUF0Tf9ttbmA3FcEjqhEaQPMA0xCzAJBgNV BAMTAkNBggkAzRWncX3MPzowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC AfYAHKLWDAa/aR62Xi2jAOGOBtcoYYdttizIkMtEnxd2QivssVBn156sIbMIsXgi emUWhm35E4LKYfoK9aEorsfno8aMrzeYCuL0Zbbn67C2dUT61B2T5XN8eru8HYAa nVxvHNj92auUjeAy7yWc7Kyx+RWXtkLG9BJ6fJVHzOwifEgfhS1ngjBe3MuviXOy 2h7BfaNQ3IOvAhSnjlWNoPcBFoOoRIVjfRSViD5X8jj47ab2JTKVFAH4bXf2eXUp shcG77QeANoGFvmTpiPuUhmuZSXG4dyKmSqeq9SgouKZkq7aT24fNAqdwJp+ZJWH 2wP8LLvfSoyFZICMZU3AFfa5r3BOom8YCSwmeGhk9QVfLMD3TDvnV0aGEwz5BGjA obLckVV2/VzbwublODRPtdr92ZAygRwDaUlqlDdfTcwajcUhlEpl8GtU+qmTgLe7 mT9Diich73DTsowN83p8v0s2waNVgpW3cxmCEonwD+1f1qiFM2uaTNYNMFVdBLyP Kl9IFqC3v7Wt8VYuMbPnjNezhr7enpfa4eB1CeF+pdCdq3FK03UsFzBMZ63Vt8ia NVlc3+esFSiea9hL+ROA4tfGjhQZcbHn/yZ8gL3dyyzoz2JV5pKWHV4+7nkq2h6A QdRYHN8MDeQlxKw9nGSmpyzoQrqDyepn -END CERTIFICATE-