On Wed, Sep 9, 2015 at 6:28 AM, Georgi Guninski <guninski at guninski.com> wrote: > In short openssl 1.0.1p accepts composite $q$ > in DSA verify/SSL. > > If $q$ is backdoored in the DSA/DH group parameters, > this breaks all private keys using it (see links at > bottom)... > Just bikeshedding, but before I went any further with it, I would verify DSA_check_key(...) does *not* reject the key. I can't find the name of the routine at the moment, though (I know its called RSA_check_key for RSA). Jeff
