[openssl-users] Why openssl 1.0.1p accepts composite $q$ in DSA?

Jeffrey Walton noloader at gmail.com
Wed Sep 9 11:03:59 UTC 2015

On Wed, Sep 9, 2015 at 6:28 AM, Georgi Guninski <guninski at guninski.com> wrote:
> In short openssl 1.0.1p accepts composite $q$
> in DSA verify/SSL.
> If $q$ is backdoored in the DSA/DH group parameters,
> this breaks all private keys using it (see links at
> bottom)...
Just bikeshedding, but before I went any further with it, I would
verify DSA_check_key(...) does *not* reject the key.

I can't find the name of the routine at the moment, though (I know its
called RSA_check_key for RSA).


More information about the openssl-users mailing list