Re: openssl 1.1 certificate verification fails with non-standard public key algorithm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 7/25/2018 4:27 PM, Viktor Dukhovni wrote:


Yes, that's what I'm saying, but also asking the broader list for feedback
on such a change.  Should security level zero succeed even with unsupported
EE keys (which somehow get used with some other software???).
For background, this is the TPM 1.2 endorsement key certificate. I.e., this is a real application with millions of certificates issued. The key is an RSA-2048 key. 

The TCG (for a while) specified

      Public Key Algorithm: rsaesOaep

rather than the commonly used

      Public Key Algorithm: rsaEncryption

because the key is an encryption key rather than a signing key.
The X509 certificate parser fails to get the public key.

~~~~~~~~~~~~~~~~~~~~~~~~

An alternative fix (I got a patch for 098 from an openssl maintainer)
that accepts rsaOaep would also fix the issue.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux