Re: [openssl-users] Trouble porting code to OpenSSL 1.1
On 18/06/2016 18:02, Marc Heuse wrote: Hi, I have a problem with porting OpenSSL code from 1.0 to 1.1. Please do not complain that it does not look like it make sense what this code does here - complain to Microsoft who implements certs with RDP non-standard ... The goal of the following code is to change the ASN.1 value of the signature algorithm in a certificate. // OpenSSL 1.0 code, well, really written already when 0.9 was there nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm); if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption)) { ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm); cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); } // OpenSSL 1.1 code nid = X509_get_signature_nid(cert); if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption)) { ... how to set the algorithm in the cert to NID_rsaEncryption in OpenSSL v1.1.x? Any help how to implement this with the new 1.1 functions is highly appreciated :) Strangely, when I look at certificates generated by the "openssl ca" utility, they already say "Public Key Algorithm: rsaEncryption", where did you get certificates that specified "md5WithRSAEncryption" or "shaWithRsaEncryption" as the subject public key algorithm? Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Trouble porting code to OpenSSL 1.1
On Sat, Jun 18, 2016, Marc Heuse wrote: > Hi, > > I have a problem with porting OpenSSL code from 1.0 to 1.1. > Please do not complain that it does not look like it make sense what > this code does here - complain to Microsoft who implements certs with > RDP non-standard ... > I am curious though as to why you need to do this... > > // OpenSSL 1.0 code, well, really written already when 0.9 was there > > nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm); > if ((nid == NID_md5WithRSAEncryption) || (nid == > NID_shaWithRSAEncryption)) { > ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm); > cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); > } > > > // OpenSSL 1.1 code > > nid = X509_get_signature_nid(cert); > if ((nid == NID_md5WithRSAEncryption) || (nid == > NID_shaWithRSAEncryption)) { > ... how to set the algorithm in the cert to NID_rsaEncryption in > OpenSSL v1.1.x? > > Well the start of that isn't equivalent. Anyway here goes. First you need to get the X509_PUBKEY structure from the certificate (cert->cert_info->key). You can do this with X509_get_X509_PUBKEY(). Once you have that you can get the algorithm OID and algorithm identifier (you only need the latter) using X509_PUBKEY_get0_param(). Then you can use X509_ALGOR_get0() to retrieve the ASN1_OBJECT and X509_ALGOR_set0 to set it if you need to. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Trouble porting code to OpenSSL 1.1
Hi, I have a problem with porting OpenSSL code from 1.0 to 1.1. Please do not complain that it does not look like it make sense what this code does here - complain to Microsoft who implements certs with RDP non-standard ... The goal of the following code is to change the ASN.1 value of the signature algorithm in a certificate. // OpenSSL 1.0 code, well, really written already when 0.9 was there nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm); if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption)) { ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm); cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); } // OpenSSL 1.1 code nid = X509_get_signature_nid(cert); if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption)) { ... how to set the algorithm in the cert to NID_rsaEncryption in OpenSSL v1.1.x? Any help how to implement this with the new 1.1 functions is highly appreciated :) Greets, Marc -- Marc Heuse www.mh-sec.de PGP: AF3D 1D4C D810 F0BB 977D 3807 C7EE D0A0 6BE9 F573 -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users