Please refer to this: https://github.com/openssl/openssl/pull/4043
Hmmm, it’s a bug introduced by the use of RSA_check_key_ex function. Thanks for reporting.
Hello,
I tried to implement better checking in a script that tells me if a key matches a certificate or certificate request.
Verify the key with openssl 1.0.1e-fips or 1.0.2h:
$OPENSSL rsa -in symantec-broken.key -check -noout
RSA key error: n does not equal p q
Verify the key with openssl 1.1.0c or 1.1.0f (gives no output)
$OPENSSL rsa -in symantec-broken.key -check -noout
I would expect 1.1.0 to report the faked key in some way.
Even the returnvalue for openssl returns with a 0 no matter if used a legimate key or a faked key.
Kind Regards,
Georg
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
|
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users