On Thu, Jan 26, 2006, Joe Gluck wrote:

> That attack is interesting, how can that be done, (sorry for bothering you :-) )

If you don't check the parameters its is possible with some algorithms to
generate a key pair with a given public key component using a carefully
derived set of parameters. Basically it leaves security wide open.

> But cutting down the X509_cmp will not work because the memcmp
> compares the hash which if I will cut out the X509_check_purpose lines
> will not make any sense.

Obviously you'd call X509_check_purpose() once when the certificate is loaded.

> But I think the best idea is to compare the entire text of the entire
> certificate (The text as I get in a PEM format before loading it into
> the X509 object. it is faster than hashing the same size and comparing
> the hash.

But slower than comparing a cached cache.

The actual overhead of hashing the certificate once when it is initially
loaded is pretty tiny compared to some of the other things that already

Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org