search

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
https://www.trustedfirmware.org/projects/mbed-tls/
Other
5.25k stars 2.56k forks source link

RSA with RIPEMD160 PKCSv1.5 signature fails #2620

Open jack-fortanix opened 5 years ago

jack-fortanix commented 5 years ago

Enhancement\Feature Request

Currently it is not possible to sign or verify a RSA signature using PKCSv1.5 padding with RIPEMD-160. The issue seems to be that the OID for RIPEMD-160 is missing from the oid_md_alg in oid.c.

PSS+RIPEMD160 works fine, as there is no hash identifier used in PSS scheme.

Justification - why does the library need this feature? It seems strange that the library supports RSA, RIPEMD160, and PKCSv1.5, yet does not support the standardized combination of these schemes.

Suggested enhancement Add the OID.

We could submit a patch if this enhancement is ok with upstream.

RonEld commented 5 years ago

@jack-fortanix Thank you for reporting this issue! It would be appreciated if you make the feature and create a PR for it.