Re: [openssl-dev] OpenSSL version 1.1.0 pre release 1 published

Hi, I am sorry, but because of the relocation of the header files the 1.1.0 does not build on OpenVMS. Please, allow some time to fix the OpenVMS build scripts. Thank you. Regards, Z -Original Message- From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of OpenSSL

Re: [openssl-dev] OpenSSL version 1.1.0 pre release 1 published

The building scripts are not at all updated, it's beyond repair. I'm (slowly) working on a new solution that doesn't require the separate update hell... Cheers Richard Zoltan Arpadffy skrev: (21 december 2015 20:36:13 CET) >Hi, > >I am sorry, but because of the

Re: [openssl-dev] [openssl.org #4190] Missing Check for duplicate Prime-Value of p and q in openssl 0.9.8o

Hello, I found the reason for the problem, it´s definately a program error: The reason for it is in sub-program rsa_gen.c if (BN_cmp(rsa->p, rsa->q) < 0) { printf("Doppelt!") ; tmp = rsa->p; rsa->p = rsa->q; rsa->q = tmp; } Here p and q should be

Re: [openssl-dev] [openssl.org #4190] Missing Check for duplicate Prime-Value of p and q in openssl 0.9.8o

On Mon, Dec 21, 2015 at 01:51:45PM +, Felix via RT wrote: > That does not matter from a technical point of view. > > The Problem ist the same with 2048-Bit RSA. If you're worried that p and q might be the same random number, I think you should have other concerns. Kurt

Re: [openssl-dev] openssl pkeyutl unable to use keys on a PKCS11 token?

>>> $ openssl dgst -engine pkcs11 -keyform engine -verify >> > "pkcs11:object=SIGN%20pubkey;object-type=public" -sha256 -sigopt >> >> The current implementation of engine_pkcs11 seems to work with private >> keys and certificates only. I've added a fix in engine_pkcs11, but it >> seems that

Re: [openssl-dev] [openssl.org #4190] Missing Check for duplicate Prime-Value of p and q in openssl 0.9.8o

On Mon, Dec 21, 2015 at 09:36:11PM +, Felix via RT wrote: > I found the reason for the problem, it´s definately a program error: Pilot error. > The reason for it is in sub-program rsa_gen.c > > if (BN_cmp(rsa->p, rsa->q) < 0) { > tmp = rsa->p; > rsa->p = rsa->q; >

Re: [openssl-dev] [openssl.org #4190] Missing Check for duplicate Prime-Value of p and q in openssl 0.9.8o

Hello, I "pickup" rsa-p and rsa-q just one source-code-line after they were "filled" and output the variables using the BN_print_fp function. please reopen the ticket. Regards, Felix for (;;) { if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) goto err;

[openssl-dev] [openssl.org #4190] Missing Check for duplicate Prime-Value of p and q in openssl 0.9.8o

You're not showing us how you output rsa->p and rsa->q. It doesn't make sense at all that you get "Doppelt!" if they were equal, so there's something wrong with your output. Also, it's been demonstrated (see mail by Viktor on openssl-dev) that the resulting key does have different p and q, with p

[openssl-dev] [openssl.org #4190] Missing Check for duplicate Prime-Value of p and q in openssl 0.9.8o

You're displaying pre-swap p and post-swap q. If they do get swapped, you must understand that pre-swap p and post-swap q will be the same value. If you really want to demonstrate something, please display *both* p and q before swap, and *both* p and q after swap. Vid Mon, 21 Dec 2015 kl.

Re: [openssl-dev] [openssl.org #4190] Missing Check for duplicate Prime-Value of p and q in openssl 0.9.8o

O.K. you are right. please close the ticket... Regards, Felix Am 22.12.2015 00:09, schrieb Richard Levitte via RT: > You're displaying pre-swap p and post-swap q. If they do get swapped, you must > understand that pre-swap p and post-swap q will be the same value. > > If you really want to

[openssl-dev] [openssl.org #4190] Missing Check for duplicate Prime-Value of p and q in openssl 0.9.8o

As Ann points out, 128 bits is way too small, and this ticket does not justify a new release for 0.9.8 Please update 0.9.8 is end of life. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe:

[openssl-dev] [openssl.org #4192] [PATCH] differentiate SSL_* from from SSL_CTX_* in documentation

A couple places in the OpenSSL documentation claims that SSL_foo() takes an SSL_CTX* instead of an SSL*. i've corrected those here. --- doc/ssl/SSL_CTX_set1_verify_cert_store.pod | 8 doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-)

Re: [openssl-dev] [openssl.org #4190] Missing Check for duplicate Prime-Value of p and q in openssl 0.9.8o

That does not matter from a technical point of view. The Problem ist the same with 2048-Bit RSA. It´s a general problem of the program-mechanism that could be changed very easily. Openssl 1.0.X ist still too buggy for me... BTW: The mechanisms in 1.10 ist still the same Still no

[openssl-dev] [openssl.org #4193] Minor Issue with X509_STORE_CTX_init and it's callers.

Hello all, There is a minor issue with X509_STORE_CTX_init and its usage. Most of the callers of X509_STORE_CTX_init use a stack variable and pass its address as the ctx argument to this function. However, X509_STORE_CTX_init in case of an error in the call to CRYPTO_new_ex_data does an

Re: [openssl-dev] [openssl.org #4193] Minor Issue with X509_STORE_CTX_init and it's callers.

On Tue, Dec 22, 2015 at 04:33:45AM +, Srinivas Koripella via RT wrote: > There is a minor issue with X509_STORE_CTX_init and its usage. Most of > the callers of X509_STORE_CTX_init use a stack variable and pass its > address as the ctx argument to this function. However, X509_STORE_CTX_init

[openssl-dev] [openssl.org #4190] Missing Check for duplicate Prime-Value of p and q in openssl 0.9.8o

Hello, I found out, that in openssl 0.9.8 a check is missing for duplicate primes of p and q, see below. This is relevant when generating RSA-Keys: root@debian6:/home/felix/Downloads/openssl-0.9.8o/apps# ./openssl genrsa 128 Generating RSA private key, 128 bit long modulus

Re: [openssl-dev] [openssl.org #4193] Minor Issue with X509_STORE_CTX_init and it's callers.

On Tue, Dec 22, 2015 at 06:53:54AM +, Viktor Dukhovni wrote: > On Tue, Dec 22, 2015 at 04:33:45AM +, Srinivas Koripella via RT wrote: > > > There is a minor issue with X509_STORE_CTX_init and its usage. Most of > > the callers of X509_STORE_CTX_init use a stack variable and pass its > >

[openssl-dev] [openssl.org #4194] engine command regression in 1.1

Hello, OpenSSL engine command allows user to specify cryptographic module name at any position. For instance README.ENGINE recommend following: openssl engine dynamic \ -pre SO_PATH:/lib/libfoo.so \ The master branch (future 1.1) requires engine names to be specified after all

[openssl-dev] about "Rename some BUF_xxx to OPENSSL_xxx"

Hello, After modification OPENSSL_strlcpy is declared twice. Regards, Roumen >From 5f5b81e162eae025dcc40a7074a973621c7dac33 Mon Sep 17 00:00:00 2001 From: Roumen Petrov Date: Mon, 21 Dec 2015 18:45:06 +0200 Subject: [PATCH 02/15] redundant redeclaration of

Re: [openssl-dev] [openssl.org #3810] [PATCH] Improved P256 ECC performance by means of a dedicated function for modular inversion modulo the P256 group order

Hi, > This patch is a contribution to OpenSSL. > > It concerns the P256 ECC implementation. > > The patch improves upon our previous submission, by providing a dedicated > function to perform modular inversion modulo the P256 group order. > > Results: > The performance improvements, for

[openssl-dev] [openssl.org #4191] Re: Missing Check for duplicate Prime-Value of p and q in openssl 0.9.8o

P.S. Problem still exists in Version 0.9.8zh. Regards, Felix Am 21.12.2015 12:00, schrieb Felix: > Hello, > > I found out, that in openssl 0.9.8 a check is missing for duplicate > primes of p and q, see below. This is relevant when generating RSA-Keys: > > >

Re: [openssl-dev] [openssl.org #4190] Missing Check for duplicate Prime-Value of p and q in openssl 0.9.8o

Felix, the real security hole is your key length. For a key length greater 1024 p and q should never be identical. The chance of p being not a prime is probably greater. In case p=q the Euler function will be p(p-1), whereas OpenSSL uses (p-1)(q-1) , i.e. (p-1)^2. In this case RSA, i.e. c:=m^e,