openssl rsa -check

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

openssl rsa -check

"Georg Höllrigl"
Hello,
 
I think there is something broken with verifying the Private Key with "openssl rsa -check" like it was described in https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html
 
I tried to implement better checking in a script that tells me if a key matches a certificate or certificate request.
 
 
Verify the key with openssl 1.0.1e-fips or 1.0.2h:
$OPENSSL rsa -in symantec-broken.key -check -noout
RSA key error: n does not equal p q
 
Verify the key with openssl 1.1.0c or 1.1.0f (gives no output)
$OPENSSL rsa -in symantec-broken.key -check -noout
 
 
I would expect 1.1.0 to report the faked key in some way.
Even the returnvalue for openssl returns with a 0 no matter if used a legimate key or a faked key.
 
 
 
Kind Regards,
Georg

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: openssl rsa -check

Paul Yang
Hmmm, it’s a bug introduced by the use of RSA_check_key_ex function. Thanks for reporting.

On 28 Jul 2017, at 19:16, Georg Höllrigl <[hidden email]> wrote:

Hello,
 
I think there is something broken with verifying the Private Key with "openssl rsa -check" like it was described in https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html
 
I tried to implement better checking in a script that tells me if a key matches a certificate or certificate request.
 
 
Verify the key with openssl 1.0.1e-fips or 1.0.2h:
$OPENSSL rsa -in symantec-broken.key -check -noout
RSA key error: n does not equal p q
 
Verify the key with openssl 1.1.0c or 1.1.0f (gives no output)
$OPENSSL rsa -in symantec-broken.key -check -noout
 
 
I would expect 1.1.0 to report the faked key in some way.
Even the returnvalue for openssl returns with a 0 no matter if used a legimate key or a faked key.
 
 
 
Kind Regards,
Georg
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: openssl rsa -check

Paul Yang
Please refer to this: https://github.com/openssl/openssl/pull/4043

On 29 Jul 2017, at 00:21, Paul Yang <[hidden email]> wrote:

Hmmm, it’s a bug introduced by the use of RSA_check_key_ex function. Thanks for reporting.

On 28 Jul 2017, at 19:16, Georg Höllrigl <[hidden email]> wrote:

Hello,
 
I think there is something broken with verifying the Private Key with "openssl rsa -check" like it was described in https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html
 
I tried to implement better checking in a script that tells me if a key matches a certificate or certificate request.
 
 
Verify the key with openssl 1.0.1e-fips or 1.0.2h:
$OPENSSL rsa -in symantec-broken.key -check -noout
RSA key error: n does not equal p q
 
Verify the key with openssl 1.1.0c or 1.1.0f (gives no output)
$OPENSSL rsa -in symantec-broken.key -check -noout
 
 
I would expect 1.1.0 to report the faked key in some way.
Even the returnvalue for openssl returns with a 0 no matter if used a legimate key or a faked key.
 
 
 
Kind Regards,
Georg
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: openssl rsa -check

"Georg Höllrigl"

Wow that was fast

Keep up that awsome work!

 

Thank you.

 

Kind Regards,

Georg

 

 

Von: openssl-users [mailto:[hidden email]] Im Auftrag von Paul Yang
Gesendet: Freitag, 28. Juli 2017 18:34
An: Openssl Users <[hidden email]>
Betreff: Re: [openssl-users] openssl rsa -check

 

Please refer to this: https://github.com/openssl/openssl/pull/4043

 

On 29 Jul 2017, at 00:21, Paul Yang <[hidden email]> wrote:

 

Hmmm, it’s a bug introduced by the use of RSA_check_key_ex function. Thanks for reporting.

 

On 28 Jul 2017, at 19:16, Georg Höllrigl <[hidden email]> wrote:

 

Hello,

 

I think there is something broken with verifying the Private Key with "openssl rsa -check" like it was described in https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html

 

I tried to implement better checking in a script that tells me if a key matches a certificate or certificate request.

 

 

Verify the key with openssl 1.0.1e-fips or 1.0.2h:

$OPENSSL rsa -in symantec-broken.key -check -noout
RSA key error: n does not equal p q

 

Verify the key with openssl 1.1.0c or 1.1.0f (gives no output)

$OPENSSL rsa -in symantec-broken.key -check -noout

 

 

I would expect 1.1.0 to report the faked key in some way.

Even the returnvalue for openssl returns with a 0 no matter if used a legimate key or a faked key.

 

 

 

Kind Regards,

Georg

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

 

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...