RE: Problem generating RSA keys using 64-bit compile on IRIX

2000-06-13 Thread Karsten Spang 

Hi Philip

Just searched the archives and found your message. I had the same problem,
and submitted a patch, not long ago. I also have another 64 bit related
patch. Both are included below
--
Karsten Spang
Senior Software Developer, Ph.D.
Belle Systems A/S
Tel.:   +45 59 44 25 00
Fax.:   +45 59 44 25 88
E-mail: [EMAIL PROTECTED]
Web:http://www.bellesystems.com/
Defining the Future of IP Services


*** rsa_gen.c.dist  Sat Feb  5 15:17:30 2000
--- rsa_gen.c   Mon May 29 15:19:31 2000
***
*** 95,101 
 * unsigned long can be larger */
for (i=0; ie,i);
}
  #else
--- 95,101 
 * unsigned long can be larger */
for (i=0; ie,i);
}
  #else



*** s3_clnt.c.dist  Mon Mar 27 23:28:27 2000
--- s3_clnt.c   Thu May 25 13:36:57 2000
***
*** 466,472 
p=s->s3->client_random;
Time=time(NULL);/* Time */
l2n(Time,p);
!   RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
  
/* Do the message type and length last */
d=p= &(buf[4]);
--- 466,472 
p=s->s3->client_random;
Time=time(NULL);/* Time */
l2n(Time,p);
!   RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
  
/* Do the message type and length last */
d=p= &(buf[4]);
*** s3_srvr.c.dist  Mon Mar 27 23:28:28 2000
--- s3_srvr.c   Thu May 25 13:36:04 2000
***
*** 837,843 
p=s->s3->server_random;
Time=time(NULL);/* Time */
l2n(Time,p);
!   RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
/* Do the message type and length last */
d=p= &(buf[4]);
  
--- 837,843 
p=s->s3->server_random;
Time=time(NULL);/* Time */
l2n(Time,p);
!   RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
/* Do the message type and length last */
d=p= &(buf[4]);
  
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Problem generating RSA keys using 64-bit compile on IRIX

2000-05-30 Thread Philip Kizer 

OpenSSL version:0.9.5a
OS Version: IRIX 6.5
Compiler:   Base Compiler Development Environment, 7.3
Configure command:  ./Configure irix64-mips4-cc

Ignoring the lack of random data; take note, in particular, the exponent:

% ./apps/openssl genrsa -out k 1024
warning, not much extra random data, consider using the -rand option
Generating RSA private key, 1024 bit long modulus
...++
..++
e is 281479271743489 (0x1000100010001)
%

This particular exponent is not among the set of expected exponents from
the man-page, and also cannot be read by MSIE5 (if a Cert based on this key
is put on a Win-XX box as a .cer file, the Certificate Manager reports a
0-length RSA key!).  My main problem, right now, is that I noticed this
_after_ getting a Cert from Thawte, and the resultant failure of IE5
clients on Win-XX not being able to connect at all.  Now they're wanting
US$50 to re-cert with a "good" key which is quite annoying me, but I cannot
do anything till I get in and call them and/or our purchasing people
provide CC #s.


Has anyone noticed similar behaviour, or was I stupid for trying the irix64
compile option rather than staying with 32?


Here's most of the 'make test', skipping to the RSA bits:

Script started on Tue May 30 22:17:45 2000

morpheus# mmake test
testing...
./destest
Doing cbcm
Doing ecb
Doing ede ecb
Doing cbc
Doing desx cbc
Doing ede cbc
[ ... ]
rsa
testing rsa conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
./rsa_test
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
PKCS #1 v1.5 encryption/decryption ok
OAEP encryption/decryption ok
testing crl conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
testing session-id conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
Generate and verify a certificate request
generating certificate request
rsa
There should be a 2 sequences of .'s and some +'s.
There should not be more that at most 80 per line
This could take some time.
Using configuration from test.cnf
Generating a 512 bit RSA private key
.
.
writing new private key to 'testkey.pem'
-
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Queensland]:
Locality Name (eg, city) []:Brisbane
Organization Name (eg, company) []:CryptSoft Pty Ltd
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:Eric Young
Email Address []:[EMAIL PROTECTED]
Using configuration from test.cnf
verify OK
testing req conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
testing req conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
testing pkcs7 conversions
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
testing pkcs7 conversions (2)
p -> d
p -> p
d -> d
p -> d
d -> p
p -> p
The following command should have some OK's and some failures
There are definitly a few expired certificates
../apps/openssl verify -CApath ../certs ../certs/*.pem
../certs/ICE-CA.pem: /O=European ICE-TEL project/OU=V3-Certification Authority
error 10 at 1 depth lookup:Certificate has expired
/O=European ICE-TEL project/OU=V3-Certification Authority/L=Darmstadt
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/ICE-root.pem: /O=European ICE-TEL project/OU=V3-Certification Authority
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/ICE-user.pem: /O=European ICE-TEL project/OU=V3-Certification Authority
error 10 at 2 depth lookup:Certificate has expired
/O=European ICE-TEL project/OU=V3-Certification Authority/L=Darmstadt
error 10 at 1 depth lookup:Certificate has expired
/O=European ICE-TEL project/OU=V3-Certification Authority/L=Darmstadt/CN=USER
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/ca-cert.pem: OK
../certs/dsa-ca.pem: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=PCA
error 10 at 1 depth lookup:Certificate has expired
/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=CA
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/dsa-pca.pem: /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=PCA
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/factory.pem: /C=GB/O=UCL/OU=ICE-TEL Project/CN=TrustFactory
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/nortelCA.pem: OK
../certs/pca-cert.pem: OK
../certs/rsa-cca.pem: /C=US/O=RSA Data Security, Inc./OU=Commercial Certification 
Authority
error 10 at 0 depth lookup:Certificate has expired
OK
../certs/rsa-ssca.pem: /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification 
Authority
error 18 at 0 depth lookup:self signed certific