Re: X509 subject public key id-RSASSA-PSS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am 26.06.2017 um 22:30 schrieb Benjamin Kaduk:
On 06/25/2017 03:06 PM, weber@xxxxxxxxxxx wrote:
Dear OpenSSSL users,

we recently came across a certificate with OID: id-RSASSA-PSS aka rsassaPss in x509 subjects public key AlgorithmIdentifier.

According to rfc4056 it is legitimate to use rsaEncryption or id-RSASSA-PSS as OID for the subject public key.

But when listing the certs's contents or during verification, openssl v1.0.2h bails out:
12392:error:0609E09C:digital envelope routines:PKEY_SET_TYPE:unsupported algorithm:.\crypto\evp\p_lib.c:231:
12392:error:0B07706F:x509 certificate routines:X509_PUBKEY_get:unsupported algorithm:.\crypto\asn1\x_pubkey.c:148:
which is caused by failing to assign the proper ameth structure to the key.

Later in x_pubkey.c, only the method pub_decode is needed, which seems to work for rsassa pubkeys.
So may we assign the same methods associated to rsaEncryption in this case or are we breaking other functionality by doing so?

It might be more interesting to just try using the current OpenSSL master branch (or a snapshot), which has more proper RSA-PSS support.

-Ben

It's absolutely the same with Version 1.0.2l.
Due to time limitation we avoid updating to 1.1.0 as we assume that there will be several adaptations neccessary ...

-- Christian Weber
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux