[openssl-users] openssl rsa -check

Georg Höllrigl georg.hoellrigl at gmx.at
Sun Jul 30 08:12:36 UTC 2017

Wow that was fast

Keep up that awsome work!


Thank you.


Kind Regards,




Von: openssl-users [mailto:openssl-users-bounces at openssl.org] Im Auftrag von Paul Yang
Gesendet: Freitag, 28. Juli 2017 18:34
An: Openssl Users <openssl-users at openssl.org>
Betreff: Re: [openssl-users] openssl rsa -check


Please refer to this: https://github.com/openssl/openssl/pull/4043


On 29 Jul 2017, at 00:21, Paul Yang <paulyang.inf at gmail.com <mailto:paulyang.inf at gmail.com> > wrote:


Hmmm, it’s a bug introduced by the use of RSA_check_key_ex function. Thanks for reporting.


On 28 Jul 2017, at 19:16, Georg Höllrigl <georg.hoellrigl at gmx.at <mailto:georg.hoellrigl at gmx.at> > wrote:




I think there is something broken with verifying the Private Key with "openssl rsa -check" like it was described in https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html


I tried to implement better checking in a script that tells me if a key matches a certificate or certificate request.


To reproduce, get the fake private key from https://github.com/hannob/tlshelpers/blob/master/examples/symantec.key


Verify the key with openssl 1.0.1e-fips or 1.0.2h:

$OPENSSL rsa -in symantec-broken.key -check -noout
RSA key error: n does not equal p q


Verify the key with openssl 1.1.0c or 1.1.0f (gives no output)

$OPENSSL rsa -in symantec-broken.key -check -noout



I would expect 1.1.0 to report the faked key in some way.

Even the returnvalue for openssl returns with a 0 no matter if used a legimate key or a faked key.




Kind Regards,


openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170730/0dd1663d/attachment.html>

More information about the openssl-users mailing list