On Wed, Sep 09, 2015 at 07:03:59AM -0400, Jeffrey Walton wrote: > On Wed, Sep 9, 2015 at 6:28 AM, Georgi Guninski <guninski at guninski.com> wrote: > > In short openssl 1.0.1p accepts composite $q$ > > in DSA verify/SSL. > > > > If $q$ is backdoored in the DSA/DH group parameters, > > this breaks all private keys using it (see links at > > bottom)... > > > Just bikeshedding, but before I went any further with it, I would > verify DSA_check_key(...) does *not* reject the key. > Doesn't the sessions with s_client/s_server and dsa verify (in the links) show this works in practice, no matter of your question?
