[openssl-users] openssl 1.1 certificate verification fails with non-standard public key algorithm

Viktor Dukhovni openssl-users at dukhovni.org
Wed Jul 25 22:29:27 UTC 2018

> On Jul 25, 2018, at 4:50 PM, Ken Goldman <kgoldman at us.ibm.com> wrote:
> For background, this is the TPM 1.2 endorsement key certificate.  I.e., this is a real application with millions of certificates issued.  The key is an RSA-2048 key.
> The TCG (for a while) specified
>      Public Key Algorithm: rsaesOaep
> rather than the commonly used
>      Public Key Algorithm: rsaEncryption
> because the key is an encryption key rather than a signing key.
> The X509 certificate parser fails to get the public key.
> ~~~~~~~~~~~~~~~~~~~~~~~~
> An alternative fix (I got a patch for 098 from an openssl maintainer)
> that accepts rsaOaep would also fix the issue.

Or perhaps both.  It is not clear that my choice of rejecting
unsupported key algorithms at security level 0 is the right one,
but it would of course be best if the key algorithm were supported
if it has non-negligible "legitimate" use.

Perhaps open an issue (or PR) on github proposing (or implementing)
a change to the check_key_level() logic and see whether there is
support for it?


More information about the openssl-users mailing list