> -----Original Message----- > From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf > Of Ken Goldman > Sent: donderdag 9 augustus 2018 18:52 > To: openssl-users@xxxxxxxxxxx > Subject: Re: rsaOAEP OID in X509 certificate > > On 8/9/2018 10:51 AM, Stephane van Hardeveld wrote: > > > > I will discuss this, but as far as I understand, these OID are allowed by > > the X 509 standard: > > 4.1.2.7. Subject Public Key Info > > > > [snip] > > > > And in rfc4055, 4.1 > > > > Openssl is capable of parsing it, only retrieving it gives an error on > > unknown algorithm (which is correct, since only rsaEncryption OID is > > recognized). Java I did not try yet, but the online ASN.1 parsers were also > > capable of decoding it, see enclosed png. > > I understand that the X509 standard permits it. > > However, I'm looking at the practical side - crypto libraries. > > If openssl, Java, etc. can't use the results, and a typical CA can't > create the certificate, then you require custom code. > > The drawback is that custom code, especially DER parsing code, is a > security risk. It's hard to get correct when facing an attacker sending > malformed certificates. > > You have to decide whether the benefit to this "meets the X509 standard > but isn't supported" OID is worth the potential for an exploitable bug. > Ah, yes. The practical world. Always a bummer. But good point anyways. Thanks for shedding some light on this issue Regards, Stephane -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users