-
Notifications
You must be signed in to change notification settings - Fork 577
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RSA key with negative DER encoding modulus rejected #4328
Comments
It's unrelated to MD5, the public key is encoded with a negative modulus
OpenSSL accepts it, and then uses the 2-s complement encoding 🤯 |
I guess the likely issue is is that the modulus is "accidentally" negative; the creating software was buggy and failed to account for the fact that the high bit being set in DER implies the integer is negative (thus to properly encode a positive integer that is a multiple of 8 bits, you must prepend a zero byte), OpenSSL then accounts for this bug in the creating software by using the 2-s complement encoding, which is actually the absolute value since the software didn't intentionally encode a negative value. |
Thanks for the quick analysis! What would be the way forward here? |
There is no version that would accept this cert. You would have to edit the key embedded within the cert to include the correct padding byte used to indicate a positive number. This would invalidate the self-signature, but fortunately (?) 512 bits can be factored in a day or two with CADO-NFS. A patch to handle this is pretty simple, but I'm highly doubtful we'd want to do so. Can you give some context on what this cert is / why being able to use it matters? This seems like someone created an invalid test cert 20+ years ago, I'm not sure I'd want to permanently include a workaround that involves accepting manifestly invalid inputs to accommodate it. |
This is a certificate from Windows: Windows tells us: The only reference I found for this certificate (other than my own machines) was this: |
BTW for the record we can/do parse the certificate. The only thing that won't work is that you can't extract the public key as a |
I encountered this exception while using botan as static library in a tool I am writing. |
RSA/EMSA3(MD5)
Botan cannot parse this certificate (openssl dump):
here is the blob:
This throws:
The text was updated successfully, but these errors were encountered: