X509 subject public key id-RSASSA-PSS

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

X509 subject public key id-RSASSA-PSS

weber
Dear OpenSSSL users,

we recently came across a certificate with OID: id-RSASSA-PSS aka
rsassaPss in x509 subjects public key AlgorithmIdentifier.

According to rfc4056 it is legitimate to use rsaEncryption or
id-RSASSA-PSS as OID for the subject public key.

But when listing the certs's contents or during verification, openssl
v1.0.2h bails out:
> 12392:error:0609E09C:digital envelope
> routines:PKEY_SET_TYPE:unsupported algorithm:.\crypto\evp\p_lib.c:231:
> 12392:error:0B07706F:x509 certificate
> routines:X509_PUBKEY_get:unsupported
> algorithm:.\crypto\asn1\x_pubkey.c:148:
which is caused by failing to assign the proper ameth structure to the key.

Later in x_pubkey.c, only the method pub_decode is needed, which seems
to work for rsassa pubkeys.
So may we assign the same methods associated to rsaEncryption in this
case or are we breaking other functionality by doing so?

Thanks
--
Christian Weber

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: X509 subject public key id-RSASSA-PSS

OpenSSL - User mailing list
On 06/25/2017 03:06 PM, [hidden email] wrote:
Dear OpenSSSL users,

we recently came across a certificate with OID: id-RSASSA-PSS aka rsassaPss in x509 subjects public key AlgorithmIdentifier.

According to rfc4056 it is legitimate to use rsaEncryption or id-RSASSA-PSS as OID for the subject public key.

But when listing the certs's contents or during verification, openssl v1.0.2h bails out:
12392:error:0609E09C:digital envelope routines:PKEY_SET_TYPE:unsupported algorithm:.\crypto\evp\p_lib.c:231:
12392:error:0B07706F:x509 certificate routines:X509_PUBKEY_get:unsupported algorithm:.\crypto\asn1\x_pubkey.c:148:
which is caused by failing to assign the proper ameth structure to the key.

Later in x_pubkey.c, only the method pub_decode is needed, which seems to work for rsassa pubkeys.
So may we assign the same methods associated to rsaEncryption in this case or are we breaking other functionality by doing so?

It might be more interesting to just try using the current OpenSSL master branch (or a snapshot), which has more proper RSA-PSS support.

-Ben

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: X509 subject public key id-RSASSA-PSS

weber
Am 26.06.2017 um 22:30 schrieb Benjamin Kaduk:
On 06/25/2017 03:06 PM, [hidden email] wrote:
Dear OpenSSSL users,

we recently came across a certificate with OID: id-RSASSA-PSS aka rsassaPss in x509 subjects public key AlgorithmIdentifier.

According to rfc4056 it is legitimate to use rsaEncryption or id-RSASSA-PSS as OID for the subject public key.

But when listing the certs's contents or during verification, openssl v1.0.2h bails out:
12392:error:0609E09C:digital envelope routines:PKEY_SET_TYPE:unsupported algorithm:.\crypto\evp\p_lib.c:231:
12392:error:0B07706F:x509 certificate routines:X509_PUBKEY_get:unsupported algorithm:.\crypto\asn1\x_pubkey.c:148:
which is caused by failing to assign the proper ameth structure to the key.

Later in x_pubkey.c, only the method pub_decode is needed, which seems to work for rsassa pubkeys.
So may we assign the same methods associated to rsaEncryption in this case or are we breaking other functionality by doing so?

It might be more interesting to just try using the current OpenSSL master branch (or a snapshot), which has more proper RSA-PSS support.

-Ben

It's absolutely the same with Version 1.0.2l.
Due to time limitation we avoid updating to 1.1.0 as we assume that there will be several adaptations neccessary ...

-- Christian Weber

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: X509 subject public key id-RSASSA-PSS

OpenSSL - User mailing list

1.0.2 does not have full RSA-PSS support; you can’t use it.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: X509 subject public key id-RSASSA-PSS

weber
Am 27.06.2017 um 14:18 schrieb Salz, Rich via openssl-users:

1.0.2 does not have full RSA-PSS support; you can’t use it.


Thanks Rich, in my case it works, because we partially do the verification (and algo selection) work externally.
We just need to access the public key which is rsa in both cases.

Does your response mean, that RSA-PSS meanhile _is_ fully supported in 1.1.0?
Any estimations about how much work has to be done for adopting the newer version?

Thanks
-- Christian

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: X509 subject public key id-RSASSA-PSS

OpenSSL - User mailing list
> Does your response mean, that RSA-PSS meanhile _is_ fully supported in 1.1.0?

I hesitate to  say fully, because there are no doubt parts that don't work.  But RSAPSS signatures are supported.
But more importantly, 1.1.1 not 1.1.0

> Any estimations about how much work has to be done for adopting the newer version?

It depends.  Almost all structures are opaque now, so you can't look inside at the fields direcdtly.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...