Indeed it would be a good idea, especially for
RSA_generate_key, since people have to generate their
key thru an interface that is extern to OpenSSL, then
sign their CSR with that key using OpenSSL, when
everything could be implemented within OpenSSL.
The major benefit would come for, a PKI archit
Indeed it would be a good idea, especially for
RSA_generate_key, since people have to generate their
key thru an interface that is extern to OpenSSL, then
sign their CSR with that key using OpenSSL, when
everything could be implemented within OpenSSL.
The major benefit would come for, a PKI archi
OK, I'm going to close this ticket down now as we have at least solved
"the bug", albeit that it was a bit of a short-cut ... we documented the
existing behaviour rather than changing it :-)
If anyone feels strongly that this is not "resolved" until
RSA_check_key() is modified to use a new RSA_M
Just attaching a little more "state" to this ticket ...
[[EMAIL PROTECTED] - Wed Jun 19 09:52:27 2002]:
> The problem is that the use oF engines should be
> totaly transparent to the higher API, but apparently
> it's not.
> I don't call RSA_check_key for a hardware key, I call
> it for my CA pr
For now, I've added a note in the documentation of RSA_check_key()
that explains that it doesn't work properly for hard keys and why.
We will ponder a little more on this issue.
[[EMAIL PROTECTED] - Wed Jun 19 09:52:27 2002]:
> It wouldn't take much to make this function
> compatible, or the
Calling all algebraic coders ...
[snip]
> > I would suggest the following for checking RSA public keys:
> >
> > 1) that the public exponent e satisfies 3 <= e < n and that
> >e is odd (PKCS#1) [this doesn't prevent low exponent
> >attacks however]
> > 2) that the modulus n is not a pro
know.
At 14:37 20/06/02 -0500, you wrote:
>Date sent: Thu, 20 Jun 2002 15:02:36 -0400 (EDT)
>From: Geoff Thorpe <[EMAIL PROTECTED]>
>To:[EMAIL PROTECTED]
>Subject: Re: [openssl.org #86] Bug in RSA_check_key
&g
Hi,
On Thu, 20 Jun 2002, a y wrote:
> >*Maybe* ... but even then it doesn't solve the case of public keys.
> >Moreover, how do you actually test a public key? What does "check"
> >actually mean in this case?
> >
> > .
> >
> >Cheers,
> >Geoff
>
> I would suggest the following for checki
>From: Geoff Thorpe <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: Re: [openssl.org #86] Bug in RSA_check_key Date: Thu, 20 Jun 2002
>15:02:36 -0400 (EDT)
>
> .
>
>*Maybe* ... but even then it doesn't solve t
Date sent: Thu, 20 Jun 2002 15:02:36 -0400 (EDT)
From: Geoff Thorpe <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [openssl.org #86] Bug in RSA_check_key
Send reply to: [EMAIL PROTECTED]
Just my two cents
Hi there,
On Wed, 19 Jun 2002, Giudicelli Frédéric via RT wrote:
> The problem is that the use oF engines should be
> totaly transparent to the higher API, but apparently
> it's not.
The problem is RSA_check_key() is not a general "transparent" RSA
function, it's designed (it would seem) to che
The problem is that the use oF engines should be
totaly transparent to the higher API, but apparently
it's not.
I don't call RSA_check_key for a hardware key, I call
it for my CA private key, and I don't know if it's a
hardware or software key since it's transparent.
I'm supposed to be able to ca
This sounds like the same old problem with passing an RSA public key to this
function and getting a segv, which seems to bite new users quite often. Can
this function be fixed to do a sanity check on the key before proceeding? I
assume it's the same with a hardware key. If a user ends up with a
Hi there,
I've taken ownership of this ticket (#86) for now, but I don't think
it'll last long.
IMHO, this "bug" is not a bug. If you look at the implementation of
RSA_check_key() you'll realise that this function is designed to test an
RSA key structure - not just the essential key elements (n
openssl-0.9.7-beta1
___
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com
__
OpenSSL Project
[[EMAIL PROTECTED] - Fri Jun 7 09:14:53 2002]:
> If the key is loaded via an ENGINE, openssl crashes
> because of a segfault (function BN_num_bits
> crypto/bn/bn_lib.c:252).
>
> Explanation: When loading a key from an engine the p q
> and d members of the RSA struct are never set.
>
> However
If the key is loaded via an ENGINE, openssl crashes
because of a segfault (function BN_num_bits
crypto/bn/bn_lib.c:252).
Explanation: When loading a key from an engine the p q
and d members of the RSA struct are never set.
However RSA_check_key never checked to make sure those
members a present
17 matches
Mail list logo
