Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-23860

libgcrypt RSA PKCS#1v1.5 signatures with SHA3 use invalid encoding

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • rhel-9.4
    • libgcrypt
    • None
    • Moderate
    • FutureFeature, Patch, Upstream
    • rhel-sst-security-crypto
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • All
    • None

      What were you trying to do that didn't work?

      libgcrypt does not correctly pad RSASSA-PKCS1-v1_5 signatures that use SHA3.

      Please provide the package NVR for which bug is seen:

      master@3abac420b30ad4aeef803b23995303ac6bb563fa

      How reproducible:

      Run the attached reproducer with sha3-224, sha3-256, sha3-384, or sha3-512 as argument (the same problem occurs with shake128 or shake256, but the reproducer cannot show that.

      Steps to reproduce

      1. gcc -std=c99 -Wall -Werror -pedantic -o test test.c -lgcrypt
      2. ./test sha3-256 | sed 1d | sed -E 's/01(ff)*00//' | xxd -ps -r | openssl asn1parse -inform DER
      • sed 1d removes the first line of output, which is the signature in hex
      • sed -E 's/01(ff)*00//' removes the PKCS#1 padding
      • xxd -ps -r converts the hex output to binary
      • openssl asn1parse -inform DER attempts to parse the resulting ASN.1
      • As an alternative to openssl asn1parse, other asn1parsers such as der2ascii can also be used

      Expected results

      The output is valid and the expected SHA3 OIDs are used

      Actual results

      The output is invalid because it is not valid ASN.1. The SHA3 OIDs are not used.

        1. 0001-sha3-Fill-OIDs-and-partial-ASN.1-structs.patch
          4 kB
          Clemens Lang
        2. test.c
          4 kB
          Clemens Lang

              jjelen@redhat.com Jakub Jelen
              cllang@redhat.com Clemens Lang
              Jakub Jelen Jakub Jelen
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: