Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: ECDHE-RSA-AES256-GCM-SHA384 fails with "input must be hashed message" #9808

Closed
johto opened this issue Feb 8, 2015 · 1 comment
Closed
Assignees
Milestone

Comments

@johto
Copy link
Contributor

@johto johto commented Feb 8, 2015

Hi,

Given this client:

package main

import (
    "crypto/tls"
)

func main() {
    cert, err := tls.LoadX509KeyPair("client.crt", "client.key")
    if err != nil {
        panic(err)
    }
    tlsConf := &tls.Config{
        Certificates: []tls.Certificate{cert},
        InsecureSkipVerify: true,
    }
    c, err := tls.Dial("tcp", "localhost:4433", tlsConf)
    if err != nil {
        panic(err)
    }
    _, err = c.Write([]byte("foo"))
    if err != nil {
        panic(err)
    }
    c.Close()
}

and this command line to run a server:

openssl s_server -serverpref -cipher 'ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256' -Verify 1

the test program fails with:

% go run ~/test.go
panic: tls: failed to sign handshake with client certificate: crypto/rsa: input must be hashed message

This only happens if -serverpref is used. This problem appears to have been introduced by commit f1d669a, and comes from src/crypto/rsa/pkcs1v15.go, line 275 (in HEAD):

    if inLen != hashLen {
        return 0, nil, errors.New("crypto/rsa: input must be hashed message")
    }

openssl s_client appears to have no issues connecting so I'm guessing this is a problem on Go's end.

@jstemmer

This comment has been minimized.

Copy link
Contributor

@jstemmer jstemmer commented Mar 6, 2015

The commit you referenced added support for arbitrary hash functions. I've tracked this issue down to hashForClientCertificate in prf.go that would always return sha256 as its hash function, even if it used a different one to calculate its digest.

I've uploaded a proposed fix: https://go-review.googlesource.com/7040

@bradfitz bradfitz added this to the Go1.5 milestone Mar 6, 2015
@agl agl closed this in ebe3d69 Mar 16, 2015
@golang golang locked and limited conversation to collaborators Jun 25, 2016
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
…es in handshake

Commit f1d669a added support for
AES_256_GCM_SHA384 cipher suites as specified in RFC5289. However, it
did not take the arbitrary hash function into account in the TLS client
handshake when using client certificates.

The hashForClientCertificate method always returned SHA256 as its
hashing function, even if it actually used a different one to calculate
its digest. Setting up the connection would eventually fail with the
error "tls: failed to sign handshake with client certificate:
crypto/rsa: input must be hashed message".

Included is an additional test for this specific situation that uses the
SHA384 hash.

Fixes golang#9808

Change-Id: Iccbf4ab225633471ef897907c208ad31f92855a3
Reviewed-on: https://go-review.googlesource.com/7040
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
…es in handshake

Commit f1d669a added support for
AES_256_GCM_SHA384 cipher suites as specified in RFC5289. However, it
did not take the arbitrary hash function into account in the TLS client
handshake when using client certificates.

The hashForClientCertificate method always returned SHA256 as its
hashing function, even if it actually used a different one to calculate
its digest. Setting up the connection would eventually fail with the
error "tls: failed to sign handshake with client certificate:
crypto/rsa: input must be hashed message".

Included is an additional test for this specific situation that uses the
SHA384 hash.

Fixes golang#9808

Change-Id: Iccbf4ab225633471ef897907c208ad31f92855a3
Reviewed-on: https://go-review.googlesource.com/7040
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.