You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When PSSOptions's saltLength is PSSSaltLengthAuto, we just try to maximize the length of salt. But there are some problems with it where the bit length of N of private key is congruent to 1 module 8. (i.e. bitlen(N) == 8k + 1) . Under these situations, when checking emLen in crypto/rsa/pss.go : 50 which is equal to hLen+sLen+1, we will alway get an error "key size too small for PSS signature". And I didn't see there are such problems with openssl. So, maybe we need a change?
The text was updated successfully, but these errors were encountered:
zhangzhanli
changed the title
rsa pss may has wrong salt length
rsa pss may have wrong salt length
Nov 20, 2020
martisch
changed the title
rsa pss may have wrong salt length
crypto/rsa: pss may have wrong salt length
Nov 20, 2020
@zhangzhanli, the Go1.17 tree is now open, and if you are interested in becoming a Go contributor, please go ahead and send a CL or PR, as you please— it would be awesome to have you as a contributor to the Go project!
odeke-em
added
NeedsFix
The path to resolution is known, but the work has not been done.
and removed
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
labels
Mar 7, 2021
Change https://golang.org/cl/302230 mentions this issue: crypto/rsa: fixes the salt length calculation when PSSSaltLengthAuto option is set in rsa sign request.
crypto/rsa/pss.go : 272 in latest version of go
When PSSOptions's saltLength is PSSSaltLengthAuto, we just try to maximize the length of salt. But there are some problems with it where the bit length of N of private key is congruent to 1 module 8. (i.e. bitlen(N) == 8k + 1) . Under these situations, when checking emLen in crypto/rsa/pss.go : 50 which is equal to hLen+sLen+1, we will alway get an error "key size too small for PSS signature". And I didn't see there are such problems with openssl. So, maybe we need a change?
The text was updated successfully, but these errors were encountered: