Re: how to generate relatively prime numbers

[Victor Duchovni]

On Sat, May 01, 2010 at 06:11:05AM -0500, Michael S. Zick wrote:

 Those very large numbers are called _pseudo_ primes for a reason.
 
 Because there is no known __practical__ method for proving they
 are prime.  If that could be proven, then pseudo would not be
 a qualifier in their descriptive name.

Factoring appears to be hard. Proving a number suspected to be prime to a
prime is not (that) hard. If one wants a primality proof for a typically
sized bignum, there are practical proof algorithms. If the number is
prime the algorithm will prove it prime, otherwise it will prove the
number composite, without computing the factors.

The pseudo primality tests are a fast way to generate candidate primes,
but proven primes are not out of reach. One can start from:

http://en.wikipedia.org/wiki/Primality_certificate

and find lots of additional references.

 Until you can tell the world of a __practical__ method of proving
 the above; then very high probability is all you get to work with.
 Presumed unsolvable is the case here, at least until you publish.

The OP's question did not ask for primes, so we've drifted off topic.
The OP still has not clarified why N+1 is not the right answer.

-- 
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

S/MIME data content type

[Phillip Hellewell]

Is there any way to tell what type of data is contained inside a PKCS7
signedData smime.p7m file?

I have several emails all with an smime.p7m attachment, but the data
inside the smime.p7m is different:
1. plaintext
2. a MIME email
3. binary data like a word document

When getting the data out of a PKCS7 structure, all I have is an
ASN1_OCTET_STRING; there is no content_type like you find in the
PKCS7_ENC_CONTENT struct.

I can detect #2 easily enough if the data starts with Content-Type:
, but I can't easily and quickly distinguish between #1 and #3.

Do I have to manually identify the data to determine what it is?  The
reason I need to know is for display purposes, so I can determine
whether it is appropriate to show the signed data right inside the
email or only as a separate file.

Thanks,
Phillip
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

openssl nonstandard directory zlib and installation problem

[Janusz M Nosek]

The system I am using is CentOS 5.4, and I am trying to install a
custom openssl with a custom zlib.

The system architecture is x86_64.

I have tried to compile and install openssl versions: 0.9.8m, 0.9.8n and 1.0.0
I have tried zlib versions 1.2.3, 1.2.4, and 1.2.5.

GCC Version: 4.1.2-46
Kernel: 2.6.18-164.2.1
GlibC:2.5 (CentOS 4.1.2-44)

I am trying to basically install a chrooted version of my lamp stack.

The target directory is /opt/lamp/openssl/openssl-VERSION for openssl
and /opt/lamp/zlib/zlib-VERSION for zlib.

./config \
--prefix=/opt/lamp/openssl/openssl-0.9.8m \
--openssldir=/opt/lamp/openssl/openssl-0.9.8m/etc/pki/tls \
-fPIC \
zlib \
--with-zlib-lib=/opt/lamp/zlib/zlib-1.2.4/lib \
--with-zlib-include=/opt/lamp/zlib/zlib-1.2.4/include \
no-idea \
no-mdc2 \
no-rc5 \
no-ec \
no-ecdh \
no-ecdsa \
shared \
--with-krb5-flavor=MIT \
fipscanisterbuild

If using ./Configure instead of ./config, I have to add linux-x86_64,
but otherwise there are no changes.

For zlib:

#!/bin/bash
CFLAGS=-fPIC
./configure \
--shared \
--prefix=/opt/lamp/zlib/zlib-1.2.4
make  make install
cp Makefile Makefile.shared
make clean
CFLAGS=
./configure \
--prefix=/opt/lamp/zlib/zlib-1.2.4
make  make install
cp Makefile Makefile.static

ldd libcrypto.so
libdl.so.2 = /lib64/libdl.so.2 (0x2b7f7096f000)
libz.so.1 = /usr/lib/libz.so.1 (0x2b7f70b73000)
libc.so.6 = /lib64/libc.so.6 (0x2b7f70d8b000)
/lib64/ld-linux-x86-64.so.2 (0x00335c80)

ldd libssl.so
libgssapi_krb5.so.2 = /usr/lib64/libgssapi_krb5.so.2 (0x2b60ece7c000)
libkrb5.so.3 = /usr/lib64/libkrb5.so.3 (0x2b60ed0aa000)
libcom_err.so.2 = /lib64/libcom_err.so.2 (0x2b60ed33f000)
libk5crypto.so.3 = /usr/lib64/libk5crypto.so.3 (0x2b60ed542000)
libresolv.so.2 = /lib64/libresolv.so.2 (0x2b60ed767000)
libcrypto.so.0.9.8 = not found
libdl.so.2 = /lib64/libdl.so.2 (0x2b60ed97d000)
libz.so.1 = /usr/lib/libz.so.1 (0x2b60edb81000)
libc.so.6 = /lib64/libc.so.6 (0x2b60edd99000)
libkrb5support.so.0 = /usr/lib64/libkrb5support.so.0 (0x2b60ee0f1000)
libkeyutils.so.1 = /lib64/libkeyutils.so.1 (0x2b60ee2f9000)
 /lib64/ld-linux-x86-64.so.2 (0x00335c80)
libselinux.so.1 = /lib64/libselinux.so.1 (0x2b60ee4fc000)
libsepol.so.1 = /lib64/libsepol.so.1 (0x2b60ee714000)


So basically, libcrypto is lost along the way.
I have a hack for this which adds a another lib dir
/opt/lamp/openssl/openssl-0.9.8m/lib to the lib patch.

I have tried to use zlib-dynamic, but this is somewhat unacceptable as
it will load the system library.
I need it to load a specific zlib that I specify.

I tried to load kerberos the same way, but that had similar results.

Using ldconfig or setting ldflags did work, but only for the libcrypto
problem, and use of ldflags or ldconfig makes my stack less portable.

I have tried to remove the -lz directive, but came up with a bunch of
function not found errors.

I have tried on another version of CentOS with no success.
I have also tried Fedora 11/12 and Ubuntu 9.04/9.10.

Any solutions ?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org