On Mon, 2024-03-25 at 11:12 +0100, Niels Möller wrote:
Hans Leidekker hans@meelstraat.net writes:
I noticed the arrival of an RSA OAEP implementation in GnuTLS and wanted to use that to support the algorithm in Wine. Windows supports it using the old MD5 and SHA1 hash functions, so my question is: would you accept a patch like below that adds these hashes?
Hi,
I'm fine accepting patches for interop with various legacy systems, if there's a reasonable usecase, but I don't want to add anything with md5 in it merely for completeness. Can you give a bit more details on your usecase? Which windows functions do you want to support or interop with? What will break if you support only the sha2-variants of RSA-OAEP?
This is for BCryptEncrypt/BCryptDecrypt when a BCRYPT_OAEP_PADDING_INFO structure is passed specifying hash and label. It doesn't look like Windows supports sha2 variants here; I get a STATUS_INVALID_PARAMETER error.
This was prompted by the DayZ game. I don't know if it uses md5 or sha1, I should ask, but I think it's reasonable to wait and see if md5 is still used.
Despite md5 and sha1 being generally deprecated, I'm not sure about whether they're considered insecure when used for RSA-OAEP (via wikipedia, I found this old paper that seems to imply that the underlying hash function doesn't need to be that strong: https://eprint.iacr.org/2006/223).
That's my understanding as well.