CVE-2022-0778
CVE-2022-0778 copied to clipboard
Published
20 hours ago •
drago-96
drago-96
ec.key doesn't correspond to cert.der{,.old}
I was hoping to probe a vulnerable system with a command like this:
$ < /dev/null openssl s_client -cert cert.der.old -certform DER -key ec.key -keyform PEM
error setting private key
140222542737472:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:../crypto/x509/x509_cmp.c:297:
$
... but the error message there made me try this (h/t https://security.stackexchange.com/a/73131/276099):
$ openssl pkey -in ec.key -pubout > key.pub
$ openssl x509 -in cert.der.old -inform DER -pubkey -noout > cert.der.old.pub
$ diff *.pub
7,8c7,8
< //////////+85vqtpxeehPO5ysL8YyVRAgEBAyIAA+/L/l5HQLeGeajfxw/bAjdo
< GFf9xBgV3j34fVhn2EFD
---
> //////////+85vqtpxeehPO5ysL8YyVRAgEBAyIAAjfHIC2Zuu/BE0zc8q9Cw6Ny
> 0rUxh6Ka+ViN7zpL7/89
$
Did something go wrong when @catbro666 uploaded the original files in https://github.com/drago-96/CVE-2022-0778/commit/345bf80ce65f4b1097b7fef18957f601c44f0138?
I was hoping to probe a vulnerable system with a command like this:
$ < /dev/null openssl s_client -cert cert.der.old -certform DER -key ec.key -keyform PEM error setting private key 140222542737472:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:../crypto/x509/x509_cmp.c:297: $... but the error message there made me try this (h/t https://security.stackexchange.com/a/73131/276099):
$ openssl pkey -in ec.key -pubout > key.pub $ openssl x509 -in cert.der.old -inform DER -pubkey -noout > cert.der.old.pub $ diff *.pub 7,8c7,8 < //////////+85vqtpxeehPO5ysL8YyVRAgEBAyIAA+/L/l5HQLeGeajfxw/bAjdo < GFf9xBgV3j34fVhn2EFD --- > //////////+85vqtpxeehPO5ysL8YyVRAgEBAyIAAjfHIC2Zuu/BE0zc8q9Cw6Ny > 0rUxh6Ka+ViN7zpL7/89 $Did something go wrong when @catbro666 uploaded the original files in 345bf80?
Oops, It seems like I made a mistake. Maybe the key file was overwritten by accident.
