Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: unable to parse PKCS1 RSA private key from Microsoft Terminal Services Signing Key #38181

Closed
bamiaux opened this issue Mar 31, 2020 · 2 comments

Comments

@bamiaux
Copy link

@bamiaux bamiaux commented Mar 31, 2020

What version of Go are you using (go version)?

$ go version
go version go1.14 windows/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
set GOARCH=amd64
set GOOS=windows

What did you do?

I converted an RSA private key to PEM and tried to load it with crypto/x509.
I manually verified the PEM is valid with Python.

https://play.golang.org/p/8lePKysTb-1

What did you expect to see?

To be able to parse the PEM & get the RSA private key contained inside

What did you see instead?

An error: "asn1: structure error: integer too large"

Probably related to #3161

@bamiaux
Copy link
Author

@bamiaux bamiaux commented Mar 31, 2020

Relevant check is here

// checkPub sanity checks the public key before we use it.
// We require pub.E to fit into a 32-bit integer so that we
// do not have different behavior depending on whether
// int is 32 or 64 bits. See also
// https://www.imperialviolet.org/2012/03/16/rsae.html.
func checkPub(pub *PublicKey) error {
	if pub.N == nil {
		return errPublicModulus
	}
	if pub.E < 2 {
		return errPublicExponentSmall
	}
	if pub.E > 1<<31-1 {
		return errPublicExponentLarge
	}
	return nil
}

Here, the fixed public exponent still fit 32-bits (uint32 instead of int32), so changing

pub.E > 1<<31 - 1
to
pub.E > 1<<32 - 1

may be enough to make it work, but I have no idea of the implications of doing this, especially considering https://www.imperialviolet.org/2012/03/16/rsae.html

@FiloSottile
Copy link
Member

@FiloSottile FiloSottile commented Mar 31, 2020

rsa.PublicKey.E unfortunately is an int, not uint, so on 32-bit machines it will only hold values lower than 1<<31, and we want to be consistent across architectures. Such exponents are rare and unnecessary.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.