1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
From 8f676144ad7b7c91adb0c6e1ec89aaa6283c6807 Mon Sep 17 00:00:00 2001
From: Himanshu Kishna Srivastava <28himanshu@gmail.com>
Date: Tue, 16 Mar 2021 22:37:46 +0530
Subject: [PATCH] crypto/rsa: fix salt length calculation with
PSSSaltLengthAuto
When PSSSaltLength is set, the maximum salt length must equal:
(modulus_key_size - 1 + 7)/8 - hash_length - 2
and for example, with a 4096 bit modulus key, and a SHA-1 hash,
it should be:
(4096 -1 + 7)/8 - 20 - 2 = 490
Previously we'd encounter this error:
crypto/rsa: key size too small for PSS signature
Fixes #42741
Change-Id: I18bb82c41c511d564b3f4c443f4b3a38ab010ac5
Reviewed-on: https://go-review.googlesource.com/c/go/+/302230
Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Trust: Emmanuel Odeke <emmanuel@orijtech.com>
Run-TryBot: Emmanuel Odeke <emmanuel@orijtech.com>
TryBot-Result: Go Bot <gobot@golang.org>
Upstream-Status: Backport [https://github.com/golang/go/commit/8f676144ad7b7c91adb0c6e1ec89aaa6283c6807]
CVE: CVE-2023-45287 #Dependency Patch3
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
src/crypto/rsa/pss.go | 2 +-
src/crypto/rsa/pss_test.go | 20 +++++++++++++++++++-
2 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go
index b2adbedb28fa8..814522de8181f 100644
--- a/src/crypto/rsa/pss.go
+++ b/src/crypto/rsa/pss.go
@@ -269,7 +269,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte,
saltLength := opts.saltLength()
switch saltLength {
case PSSSaltLengthAuto:
- saltLength = priv.Size() - 2 - hash.Size()
+ saltLength = (priv.N.BitLen()-1+7)/8 - 2 - hash.Size()
case PSSSaltLengthEqualsHash:
saltLength = hash.Size()
}
diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go
index dfa8d8bb5ad02..c3a6d468497cd 100644
--- a/src/crypto/rsa/pss_test.go
+++ b/src/crypto/rsa/pss_test.go
@@ -12,7 +12,7 @@ import (
_ "crypto/md5"
"crypto/rand"
"crypto/sha1"
- _ "crypto/sha256"
+ "crypto/sha256"
"encoding/hex"
"math/big"
"os"
@@ -233,6 +233,24 @@ func TestPSSSigning(t *testing.T) {
}
}
+func TestSignWithPSSSaltLengthAuto(t *testing.T) {
+ key, err := GenerateKey(rand.Reader, 513)
+ if err != nil {
+ t.Fatal(err)
+ }
+ digest := sha256.Sum256([]byte("message"))
+ signature, err := key.Sign(rand.Reader, digest[:], &PSSOptions{
+ SaltLength: PSSSaltLengthAuto,
+ Hash: crypto.SHA256,
+ })
+ if err != nil {
+ t.Fatal(err)
+ }
+ if len(signature) == 0 {
+ t.Fatal("empty signature returned")
+ }
+}
+
func bigFromHex(hex string) *big.Int {
n, ok := new(big.Int).SetString(hex, 16)
if !ok {
|