Re: OTC VOTE: RSA public exponent validation in 3.0
0 On Tue, 10 Aug 2021 12:54:19 +0200, Matt Caswell wrote: > > topic: RSA public exponent validation in 3.0 for the default provider > should be > consistent with 1.1.1 > Comment: See issue #16255 for background > Proposed by Matt Caswell > Public: yes > opened: 2021-08-10 > closed: 2021-mm-dd > accepted: yes/no (for: X, against: Y, abstained: Z, not voted: T) > > Dmitry [ 0] > Matt [+1] > Pauli [ ] > Tim[+1] > Richard[ ] > Shane [+1] > Tomas [+1] > Kurt [ ] > Matthias [ ] > Nicola [-0] > -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/
Re: OTC VOTE: Revert the commits merged from PR #16027 in 1.1.1
-1 On Tue, 10 Aug 2021 12:53:23 +0200, Matt Caswell wrote: > > topic: Revert the commits merged from PR #16027 in 1.1.1 > Comment: Refer to issue #16266 for background > Proposed by Tomas Mraz > Public: yes > opened: 2021-08-10 > closed: 2021-mm-dd > accepted: yes/no (for: X, against: Y, abstained: Z, not voted: T) > > Dmitry [+1] > Matt [+1] > Pauli [ ] > Tim[-1] > Richard[ ] > Shane [-1] > Tomas [+1] > Kurt [ ] > Matthias [ ] > Nicola [-1] > -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/
Re: OTC VOTE: Revert the commits merged from PR #16027 in 1.1.1
On Wed, 11 Aug 2021 21:20:42 +0200, Kurt Roeckx wrote: > > There are a lot of things we accept in a certificate we shouldn't. PR #16027 isn't about what our code accepts, but about what it *produces*. At the very least, I see an interop problem, because when certain necessary structure values are missing, the DER (and PEM) encoding will be invalid for the declared content type. Just take the program from issue openssl/openssl#16026, but change the i2d_RSAPrivateKey() call to a PEM_write_RSAPrivateKey() call. This is a run again OpenSSL 1.1.1k (which is the version before this patch): : ; ./foo -BEGIN RSA PRIVATE KEY- MA0CAQACAwHiQAIDAQAB -END RSA PRIVATE KEY- Failed 'PEM_write_RSAPrivateKey(stdout, rsa, NULL, NULL, 0, NULL, NULL) <= 0' : levitte@lapdog:~/gitwrk/openssl.net/official/1.1.1 : ; ./foo | openssl asn1parse -i Failed 'PEM_write_RSAPrivateKey(stdout, rsa, NULL, NULL, 0, NULL, NULL) <= 0' 0:d=0 hl=2 l= 13 cons: SEQUENCE 2:d=1 hl=2 l= 1 prim: INTEGER :00 5:d=1 hl=2 l= 3 prim: INTEGER :01E240 10:d=1 hl=2 l= 3 prim: INTEGER :010001 That's a badly formatted RSAPrivateKey (it looks like a RSAPublicKey). Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/