Re: rsaOAEP OID in X509 certificate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> -----Original Message-----
> From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf
> Of Ken Goldman
> Sent: donderdag 9 augustus 2018 18:52
> To: openssl-users@xxxxxxxxxxx
> Subject: Re:  rsaOAEP OID in X509 certificate
> 
> On 8/9/2018 10:51 AM, Stephane van Hardeveld wrote:
> >
> > I will discuss this, but as far as I understand, these OID are allowed
by
> > the X 509 standard:
> > 4.1.2.7.  Subject Public Key Info
> >
> >  [snip]
> >
> > And in rfc4055, 4.1
> >
> >   Openssl is capable of parsing it, only retrieving it gives an error on
> > unknown algorithm (which is correct, since only rsaEncryption OID is
> > recognized). Java I did not try yet, but the online ASN.1 parsers were
also
> > capable of decoding it, see enclosed png.
> 
> I understand that the X509 standard permits it.
> 
> However, I'm looking at the practical side - crypto libraries.
> 
> If openssl, Java, etc. can't use the results, and a typical CA can't
> create the certificate, then you require custom code.
> 
> The drawback is that custom code, especially DER parsing code, is a
> security risk.  It's hard to get correct when facing an attacker sending
> malformed certificates.
> 
> You have to decide whether the benefit to this "meets the X509 standard
> but isn't supported" OID is worth the potential for an exploitable bug.
> 
Ah, yes. The practical world. Always a bummer.
But good point anyways.

Thanks for shedding some light on this issue

Regards,
Stephane

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux