crypto/rsa: panic in SignPSS #58171
Labels
FrozenDueToAge
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Go 1.19.3, reproduces in latest release.
go env
OutputWhat did you do?
Parsed a set of private keys from a public dump, and used them to sign some random data as a check for validity. Demonstration program:
https://go.dev/play/p/ytNztif5D8y
What did you expect to see?
Signing success, or an error return value.
What did you see instead?
This seems to come from this line of code. When N is very small, the package tries to create a slice with negative length.
https://cs.opensource.google/go/go/+/refs/tags/go1.19.5:src/crypto/rsa/pss.go;l=305;drc=007d8f4db1f890f0d34018bb418bdc90ad4a8c35
The text was updated successfully, but these errors were encountered: