> I think your tests are just finding the changes from
> https://github.com/openssl/openssl/pull/2614 but other applications using
> libssl still need to use the SSL_set_tlsext_host_name() API in order to
> send the SNI extension.
OK got it.
I have trouble with certificate verification on
Google has started using RSA-PSS private keys for Json Web Keys.
I create an RSA JWK using EVP_PKEY_get1_RSA and RSA_get0_key, but this
does not work for RSA-PSS. EVP_PKEY_print_private does work OK, but
parsing data from the output is messy.
EVP_PKEY_set_alias_type seemed worth a try, but
On 03/12/2019 16:59, Angus Robertson - Magenta Systems Ltd wrote:
>>> I create an RSA JWK using EVP_PKEY_get1_RSA and RSA_get0_key,
>>> but this does not work for RSA-PSS.
>>
>> In what way does this not work?
>
> error:0607907F:digital envelope routines: EVP_PKEY_get0_RSA:expecting
> an rsa
> What does EVP_PKEY_base_id() return for your pkey? How did you
> create it?
base_id is 912, EVP_PKEY_RSA_PSS=NID_rsassaPss.
But my code is Pascal so not using your header files directly, seems
okay though.
It was created with OpenSSL APIs and EVP_PKEY_print_private reports:
RSA-PSS
On 03/12/2019 16:29, Angus Robertson - Magenta Systems Ltd wrote:
> Google has started using RSA-PSS private keys for Json Web Keys.
>
> I create an RSA JWK using EVP_PKEY_get1_RSA and RSA_get0_key, but this
> does not work for RSA-PSS.
In what way does this not work?
Perhaps you are
On 03/12/2019 17:23, Angus Robertson - Magenta Systems Ltd wrote:
>> What does EVP_PKEY_base_id() return for your pkey? How did you
>> create it?
>
> base_id is 912, EVP_PKEY_RSA_PSS=NID_rsassaPss.
Sorry. My mistake. I actually meant what does EVP_PKEY_id() return.
That just does this:
> > I create an RSA JWK using EVP_PKEY_get1_RSA and RSA_get0_key,
> > but this does not work for RSA-PSS.
>
> In what way does this not work?
error:0607907F:digital envelope routines: EVP_PKEY_get0_RSA:expecting
an rsa key
> I notice that 3.0 recently had the accessor RSA_get0_pss_params()
>
On 03/12/2019 18:02, Angus Robertson - Magenta Systems Ltd wrote:
>>> Sorry. My mistake. I actually meant what does EVP_PKEY_id()
>> return.
>
> Also returns 912, the same as base_id. RSA keys both return 6.
>
>> So if you get EVP_PKEY_RSA_PSS returned from that I don't
>> currently
>> Sorry. My mistake. I actually meant what does EVP_PKEY_id()
> return.
Also returns 912, the same as base_id. RSA keys both return 6.
> So if you get EVP_PKEY_RSA_PSS returned from that I don't
> currently understand how this:
>
> RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey)
> {
> if
> > Agreed, code looks clear enough, but was this was for 1.1.1 or
> > master?
>
> This code looks the same in 1.1.1 and master.
It seems the EVP_PKEY_RSA_PSS addition was only committed 28th October
2019, so need to wait for 1.1.1e, hopefully real soon...
RSA_get0_pss_params as well would be
10 matches
Mail list logo