Re: [openssl-users] Trouble porting code to OpenSSL 1.1
On 18/06/2016 18:02, Marc Heuse wrote:
Hi,
I have a problem with porting OpenSSL code from 1.0 to 1.1.
Please do not complain that it does not look like it make sense what
this code does here - complain to Microsoft who implements certs with
RDP non-standard ...
The goal of the following code is to change the ASN.1 value of the
signature algorithm in a certificate.
// OpenSSL 1.0 code, well, really written already when 0.9 was there
nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
if ((nid == NID_md5WithRSAEncryption) || (nid ==
NID_shaWithRSAEncryption)) {
ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);
cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
}
// OpenSSL 1.1 code
nid = X509_get_signature_nid(cert);
if ((nid == NID_md5WithRSAEncryption) || (nid ==
NID_shaWithRSAEncryption)) {
... how to set the algorithm in the cert to NID_rsaEncryption in
OpenSSL v1.1.x?
Any help how to implement this with the new 1.1 functions is highly
appreciated :)
Strangely, when I look at certificates generated by the "openssl ca"
utility, they already say "Public Key Algorithm: rsaEncryption",
where did you get certificates that specified "md5WithRSAEncryption"
or "shaWithRsaEncryption" as the subject public key algorithm?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Trouble porting code to OpenSSL 1.1
On Sat, Jun 18, 2016, Marc Heuse wrote:
> Hi,
>
> I have a problem with porting OpenSSL code from 1.0 to 1.1.
> Please do not complain that it does not look like it make sense what
> this code does here - complain to Microsoft who implements certs with
> RDP non-standard ...
>
I am curious though as to why you need to do this...
>
> // OpenSSL 1.0 code, well, really written already when 0.9 was there
>
> nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
> if ((nid == NID_md5WithRSAEncryption) || (nid ==
> NID_shaWithRSAEncryption)) {
> ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);
> cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
> }
>
>
> // OpenSSL 1.1 code
>
> nid = X509_get_signature_nid(cert);
> if ((nid == NID_md5WithRSAEncryption) || (nid ==
> NID_shaWithRSAEncryption)) {
> ... how to set the algorithm in the cert to NID_rsaEncryption in
> OpenSSL v1.1.x?
>
>
Well the start of that isn't equivalent.
Anyway here goes.
First you need to get the X509_PUBKEY structure from the certificate
(cert->cert_info->key). You can do this with X509_get_X509_PUBKEY().
Once you have that you can get the algorithm OID and algorithm identifier (you
only need the latter) using X509_PUBKEY_get0_param().
Then you can use X509_ALGOR_get0() to retrieve the ASN1_OBJECT and
X509_ALGOR_set0 to set it if you need to.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Trouble porting code to OpenSSL 1.1
Hi,
I have a problem with porting OpenSSL code from 1.0 to 1.1.
Please do not complain that it does not look like it make sense what
this code does here - complain to Microsoft who implements certs with
RDP non-standard ...
The goal of the following code is to change the ASN.1 value of the
signature algorithm in a certificate.
// OpenSSL 1.0 code, well, really written already when 0.9 was there
nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
if ((nid == NID_md5WithRSAEncryption) || (nid ==
NID_shaWithRSAEncryption)) {
ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);
cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
}
// OpenSSL 1.1 code
nid = X509_get_signature_nid(cert);
if ((nid == NID_md5WithRSAEncryption) || (nid ==
NID_shaWithRSAEncryption)) {
... how to set the algorithm in the cert to NID_rsaEncryption in
OpenSSL v1.1.x?
Any help how to implement this with the new 1.1 functions is highly
appreciated :)
Greets,
Marc
--
Marc Heuse
www.mh-sec.de
PGP: AF3D 1D4C D810 F0BB 977D 3807 C7EE D0A0 6BE9 F573
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
