[openssl-dev] [openssl.org #3837] Bug in SSL_CTX_check_private_key?
Dmitry Belyavsky
beldmit at gmail.com
Wed May 6 17:33:37 UTC 2015
Hello Victor,
On Wed, May 6, 2015 at 7:10 PM, Viktor Dukhovni <openssl-users at dukhovni.org>
wrote:
> On Wed, May 06, 2015 at 05:58:31PM +0200, Dmitry Belyavsky via RT wrote:
>
> > It seems to me there is a bug in the SSL_CTX_check_private_key function.
> >
> > The function ignores RSA_METHOD_FLAG_NO_CHECK flag and always tries to
> > check public/private key match.
>
> I think that's deliberate and correct. When an application calls
> SSL_CTX_check_private_key(), the key should be checked. Nothing
> in libssl calls this function, it is provided to applications that
> want to explicitly check the key.
>
> The fact that this flag is algorithm specific is also odd, if it
> is useful for RSA, it should be useful for ECDSA, etc. It seems
> rather an odd feature.
>
I agree that the flag is useful for ECDSA too. AFAIK, BoringSSL has already
implemented this feature as unversal.
> > The only place in real code where this function is used is in
> > the set_cert_key_stuff function, just after the calls
> > to SSL_CTX_use_certificate and SSL_CTX_use_PrivateKey, which carefully
> > process the flag.
>
> That's application code (for openssl(1)).
>
Yes.
>
> > I would like to suggest a small patch providing the necessary check for
> > RSA_METHOD_FLAG_NO_CHECK here.
>
> I am not convinced this change is correct. The function would then
> not do what it is supposed to do. The flag suppresses implicit
> checks only, but suppressing explicit checks seems unexpected.
>
Well, but what is the correct way to provide, for example, HSM key if we
have to check match without access to a private key?
Thank you!
--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150506/23afeb7b/attachment.html>
More information about the openssl-dev
mailing list