This was a good find, thank you all.
It's clearly a bug. Fix on GitHub, in PR #14030
(https://github.com/openssl/openssl/pull/14030)
Cheers,
Richard
On Thu, 28 Jan 2021 21:04:17 +0100,
Russ Housley wrote:
>
> [1 ]
> [2 ]
> RFC 4055 says:
>
>The object identifier used to identify the PKC
ncoding of AlgorithmIdentifier with NULL parameters
Also note that the official ASN.1 declaration for
AlgorithmIdentifier (from X.509 (2012), section 7.2) marks
the parameters field as OPTIONAL, so parsers really should
accept its absence.
However if broken parsers are common (this thread
only found one such parser)
: *openssl-users-bounce on
behalf of openssl-users
*Organization: *WiseMo A/S
*Reply-To: *Jakob Bohm
*Date: *Thursday, January 28, 2021 at 21:10
*To: *openssl-users
*Subject: *Re: Encoding of AlgorithmIdentifier with NULL parameters
Also note that the official ASN.1 declaration for
: Thursday, January 28, 2021 at 21:10
To: openssl-users
Subject: Re: Encoding of AlgorithmIdentifier with NULL parameters
Also note that the official ASN.1 declaration for
AlgorithmIdentifier (from X.509 (2012), section 7.2) marks
the parameters field as OPTIONAL, so parsers really should
Also note that the official ASN.1 declaration for
AlgorithmIdentifier (from X.509 (2012), section 7.2) marks
the parameters field as OPTIONAL, so parsers really should
accept its absence.
However if broken parsers are common (this thread
only found one such parser), maybe it would be
good practic
On Fri, Jan 29, 2021 at 12:37:18AM +0530, Thulasi Goriparthi wrote:
> I am trying to provide a test certificate generated by
> openssl-3.0.0-alpha10 to a third party certificate parser/manager.
> This software expects AlgorithmIdentifier to either have parameters or
> to have null encoded (05 00)
RFC 4055 says:
The object identifier used to identify the PKCS #1 version 1.5
signature algorithm with SHA-224 is:
sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 14 }
The object identifier used to identify the PKCS #1 version 1.5
signature algorithm with SHA-256 is:
I am trying to provide a test certificate generated by
openssl-3.0.0-alpha10 to a third party certificate parser/manager. This
software expects AlgorithmIdentifier to either have parameters or to have
null encoded (05 00) parameters which seems to be missing in the
certificate.
Certificate generat
