[openssl.org #3603] EVP_DecryptFinal_ex error in case of padding failure

Hi, I've received the attached patch to make EVP_DecryptFinal_ex call EVPerr() in case of an error. I'm not sure if not calling EVPerr() is intentional or not. Background: http://bugs.debian.org/768681, nodejs's test suite fails because it's not getting the error anymore. Kurt From: William

RE: [openssl.org #3603] EVP_DecryptFinal_ex error in case of padding failure

I've received the attached patch to make EVP_DecryptFinal_ex call EVPerr() in case of an error. I think that unless Emilia (or other constant-time expert) agrees, then the current behavior makes the right trade-off. It sacrifies some level of error detail in favor of protecting against a

[openssl.org #3604] [PATCH] User can specify the public exponent in genrsa

The user can specify as an hexadecimal string the RSA public exponent e in the RSA key generation. e has to be odd and greater than 65537. Example: openssl genrsa -public 123456789 -out key.pem 4096 Modified the name of exponent --- apps/genrsa.c | 46

Could ASN1_TIME_print() become documented?

Hello, until now when i printed certificate chains (in verbose mode) i used a brute simple hand driven function that dealt with ASN1_UTCTIME. Today i connected to a server where one of the certificates in the chain used ASN1_GENERALIZEDTIME, which resulted in the -- faulty -- message: