Re: openssl rsa -check

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Please refer to this: https://github.com/openssl/openssl/pull/4043

On 29 Jul 2017, at 00:21, Paul Yang <paulyang.inf@xxxxxxxxx> wrote:

Hmmm, it’s a bug introduced by the use of RSA_check_key_ex function. Thanks for reporting.

On 28 Jul 2017, at 19:16, Georg Höllrigl <georg.hoellrigl@xxxxxx> wrote:

Hello,
 
I think there is something broken with verifying the Private Key with "openssl rsa -check" like it was described in https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html
 
I tried to implement better checking in a script that tells me if a key matches a certificate or certificate request.
 
 
Verify the key with openssl 1.0.1e-fips or 1.0.2h:
$OPENSSL rsa -in symantec-broken.key -check -noout
RSA key error: n does not equal p q
 
Verify the key with openssl 1.1.0c or 1.1.0f (gives no output)
$OPENSSL rsa -in symantec-broken.key -check -noout
 
 
I would expect 1.1.0 to report the faked key in some way.
Even the returnvalue for openssl returns with a 0 no matter if used a legimate key or a faked key.
 
 
 
Kind Regards,
Georg
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux