[openssl-users] openssl 1.1 certificate verification fails with non-standard public key algorithm

Ken Goldman kgoldman at us.ibm.com
Wed Jul 25 20:50:43 UTC 2018

On 7/25/2018 4:27 PM, Viktor Dukhovni wrote:
> Yes, that's what I'm saying, but also asking the broader list for feedback
> on such a change.  Should security level zero succeed even with unsupported
> EE keys (which somehow get used with some other software???).

For background, this is the TPM 1.2 endorsement key certificate.  I.e., 
this is a real application with millions of certificates issued.  The 
key is an RSA-2048 key.

The TCG (for a while) specified

       Public Key Algorithm: rsaesOaep

rather than the commonly used

       Public Key Algorithm: rsaEncryption

because the key is an encryption key rather than a signing key.
The X509 certificate parser fails to get the public key.


An alternative fix (I got a patch for 098 from an openssl maintainer)
that accepts rsaOaep would also fix the issue.

More information about the openssl-users mailing list