Hello,
After modification OPENSSL_strlcpy is declared twice.
Regards,
Roumen
>From 5f5b81e162eae025dcc40a7074a973621c7dac33 Mon Sep 17 00:00:00 2001
From: Roumen Petrov
Date: Mon, 21 Dec 2015 18:45:06 +0200
Subject: [PATCH 02/15] redundant redeclaration of 'OPENSSL_strlcpy'
---
include/openss
Hello,
OpenSSL engine command allows user to specify cryptographic module name
at any position.
For instance README.ENGINE recommend following:
openssl engine dynamic \
-pre SO_PATH:/lib/libfoo.so \
The master branch (future 1.1) requires engine names to be specified
after all o
On Tue, Dec 22, 2015 at 06:53:54AM +, Viktor Dukhovni wrote:
> On Tue, Dec 22, 2015 at 04:33:45AM +, Srinivas Koripella via RT wrote:
>
> > There is a minor issue with X509_STORE_CTX_init and its usage. Most of
> > the callers of X509_STORE_CTX_init use a stack variable and pass its
> > a
On Tue, Dec 22, 2015 at 04:33:45AM +, Srinivas Koripella via RT wrote:
> There is a minor issue with X509_STORE_CTX_init and its usage. Most of
> the callers of X509_STORE_CTX_init use a stack variable and pass its
> address as the ctx argument to this function. However, X509_STORE_CTX_init
>
Hello all,
There is a minor issue with X509_STORE_CTX_init and its usage. Most of the
callers of X509_STORE_CTX_init use a stack variable and pass its address as the
ctx argument to this function. However, X509_STORE_CTX_init in case of an
error in the call to CRYPTO_new_ex_data does an OPENSSL
O.K. you are right. please close the ticket...
Regards,
Felix
Am 22.12.2015 00:09, schrieb Richard Levitte via RT:
> You're displaying pre-swap p and post-swap q. If they do get swapped, you must
> understand that pre-swap p and post-swap q will be the same value.
>
> If you really want to demo
You're displaying pre-swap p and post-swap q. If they do get swapped, you must
understand that pre-swap p and post-swap q will be the same value.
If you really want to demonstrate something, please display *both* p and q
before swap, and *both* p and q after swap.
Vid Mon, 21 Dec 2015 kl. 23.00.3
Hello,
I "pickup" rsa-p and rsa-q just one source-code-line after they were
"filled" and output the variables using the BN_print_fp function.
please reopen the ticket.
Regards,
Felix
for (;;) {
if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
goto err;
print
You're not showing us how you output rsa->p and rsa->q. It doesn't make sense
at all that you get "Doppelt!" if they were equal, so there's something wrong
with your output. Also, it's been demonstrated (see mail by Viktor on
openssl-dev) that the resulting key does have different p and q, with p >
On Mon, Dec 21, 2015 at 09:36:11PM +, Felix via RT wrote:
> I found the reason for the problem, it´s definately a program error:
Pilot error.
> The reason for it is in sub-program rsa_gen.c
>
> if (BN_cmp(rsa->p, rsa->q) < 0) {
> tmp = rsa->p;
> rsa->p = rsa->q;
>
>>> $ openssl dgst -engine pkcs11 -keyform engine -verify
>> > "pkcs11:object=SIGN%20pubkey;object-type=public" -sha256 -sigopt
>>
>> The current implementation of engine_pkcs11 seems to work with private
>> keys and certificates only. I've added a fix in engine_pkcs11, but it
>> seems that public
Hello,
I found the reason for the problem, it´s definately a program error:
The reason for it is in sub-program rsa_gen.c
if (BN_cmp(rsa->p, rsa->q) < 0) {
printf("Doppelt!") ;
tmp = rsa->p;
rsa->p = rsa->q;
rsa->q = tmp;
}
Here p and q should be switch
The building scripts are not at all updated, it's beyond repair. I'm (slowly)
working on a new solution that doesn't require the separate update hell...
Cheers
Richard
Zoltan Arpadffy skrev: (21 december 2015 20:36:13 CET)
>Hi,
>
>I am sorry, but because of the relocation of the header files
On Mon, Dec 21, 2015 at 01:51:45PM +, Felix via RT wrote:
> That does not matter from a technical point of view.
>
> The Problem ist the same with 2048-Bit RSA.
If you're worried that p and q might be the same random number, I
think you should have other concerns.
Kurt
___
Hi,
I am sorry, but because of the relocation of the header files the 1.1.0 does
not build on OpenVMS.
Please, allow some time to fix the OpenVMS build scripts.
Thank you.
Regards,
Z
-Original Message-
From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of
OpenSSL
Sent:
A couple places in the OpenSSL documentation claims that SSL_foo()
takes an SSL_CTX* instead of an SSL*. i've corrected those here.
---
doc/ssl/SSL_CTX_set1_verify_cert_store.pod | 8
doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
dif
That does not matter from a technical point of view.
The Problem ist the same with 2048-Bit RSA.
It´s a general problem of the program-mechanism that could be changed
very easily.
Openssl 1.0.X ist still too buggy for me...
BTW: The mechanisms in 1.10 ist still the same
Still no duplicate
As Ann points out, 128 bits is way too small, and this ticket does not justify
a new release for 0.9.8
Please update 0.9.8 is end of life.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.
Hi,
> This patch is a contribution to OpenSSL.
>
> It concerns the P256 ECC implementation.
>
> The patch improves upon our previous submission, by providing a dedicated
> function to perform modular inversion modulo the P256 group order.
>
> Results:
> The performance improvements, for single
Felix,
the real security hole is your key length.
For a key length greater 1024 p and q should never be identical. The
chance of p being not a prime is probably greater.
In case p=q the Euler function will be p(p-1), whereas OpenSSL uses
(p-1)(q-1) , i.e. (p-1)^2. In this case RSA, i.e. c:=m^e, m:=
P.S.
Problem still exists in Version 0.9.8zh.
Regards,
Felix
Am 21.12.2015 12:00, schrieb Felix:
> Hello,
>
> I found out, that in openssl 0.9.8 a check is missing for duplicate
> primes of p and q, see below. This is relevant when generating RSA-Keys:
>
>
> root@debian6:/home/felix/Downloads/
Hello,
I found out, that in openssl 0.9.8 a check is missing for duplicate
primes of p and q, see below. This is relevant when generating RSA-Keys:
root@debian6:/home/felix/Downloads/openssl-0.9.8o/apps# ./openssl genrsa
128
Generating RSA private key, 128 bit long modulus
...+
https://github.com/openssl/openssl/pull/512
This PR removes all of the dangerous Windows entropy gathering routines
in favor of standard CryptGenRandom calls, as was discussed in the
"Improving OpenSSL default RNG" thread on openssl-dev. This fixes
common, repeatable crashes that happen when ru
23 matches
Mail list logo