On Thu, Jan 26, 2006, Joe Gluck wrote:

> That attack is interesting, how can that be done, (sorry for bothering you :-) )
>


If you don't check the parameters its is possible with some algorithms to
generate a key pair with a given public key component using a carefully
derived set of parameters. Basically it leaves security wide open.

> But cutting down the X509_cmp will not work because the memcmp
> compares the hash which if I will cut out the X509_check_purpose lines
> will not make any sense.
>


Obviously you'd call X509_check_purpose() once when the certificate is loaded.

> But I think the best idea is to compare the entire text of the entire
> certificate (The text as I get in a PEM format before loading it into
> the X509 object. it is faster than hashing the same size and comparing
> the hash.
>


But slower than comparing a cached cache.

The actual overhead of hashing the certificate once when it is initially
loaded is pretty tiny compared to some of the other things that already
happen.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org