[openssl-users] X509 certificate algorithm
Ken Goldman
kgoldman at us.ibm.com
Wed Apr 25 16:58:49 UTC 2018
On 08/16/12 09:33, Dr. Stephen Henson wrote:
> On Thu, Aug 16, 2012, Kenneth Goldman wrote:
>
>> I call these:
>>
>> d2i_X509()
>> X509_print_fp()
>>
>> which calls
>> pkey_set_type()
>> EVP_PKEY_asn1_find()
>> and that call fails.
>>
>> I've traced the following error down to the rsaOAEP algorithm, which has a
>> nid of 919. I've included both the openssl and dumpasn1 dump of the
>> X509 certificate. Am I doing something wrong in openssl, or is there
>> a problem with the certificate? I tried certificates from two
>> vendors, and they both fail at the same point.
>>
>>
>
> Well the problem is that OpenSSL doesn't currently support OAEP certificates.
> I've never come across one so if you could send an example that would be
> useful.
I'm back working with these certificates and find that it still fails
with the latest openssl.
Another user has apparently hit the same issue.
https://github.com/openssl/openssl/pull/1441
Is there any chance of rsaOAEP being supported?
These are TPM 1.2 endorsement key certificates and there are
(unfortunately) 100M's of them shipped.
More information about the openssl-users
mailing list