crypto/rsa: RSA-PSS PKCS1v15 should support SHA3 hashes (and others) #43923
Comments
toothrot
changed the title
toothrot
changed the title
|
/cc @FiloSottile |
toothrot
added
the
NeedsInvestigation
|
It's a bit unclear to me why anyone would want to use legacy PKCS#1 v1.5 with SHA-3, but if there is a need I'd accept a PR to add the relevant ASN.1 prefixes. |
|
I too wish the originator of the signatures I'm dealing with had used PSS. I'll try to find some time to submit a PR so I can ditch the current workaround I put in place. |
|
Trying to reimplement a program, for some reason they use an SHA-3 hash in this way and it's broken for me. @shaunco What's your workaround? |
|
Change https://go.dev/cl/464695 mentions this issue: |
Unfortunately, it's still used even in new hardware like ZynqMP FPGA -- RSA4096-SHA3-384 with pkcs#1v1.5 is the only scheme it supports; I suspect there's other hardware out there with similar settings. In those cases no pkcs#1v.15 with SHA3 support also means it's hard (not impossible) to use Vault transit keys for signing. |
|
Change https://go.dev/cl/630095 mentions this issue: |
dmitshur
added
NeedsFix
Does this issue reproduce with the latest release?
Yes
What did you do?
What did you expect to see?
A properly verified hash.
pkcs1v15HashInfo()needs to calculate the ASN1 DER prefix for algorithms that aren't in the lookup table.What did you see instead?
crypto/rsa: unsupported hash functionAdditional notes
The current code has a table of precomputed ASN1 DER prefixes for 8 algorithms. All other algorithms get
crypto/rsa: unsupported hash function, even though they are valid.The text was updated successfully, but these errors were encountered: