crypto/rsa,crypto/internal/boring: fix PSS salt handling - go - Fork of Go programming language with my patches.

diff options

author	Roland Shoemaker <roland@golang.org>	2022-08-31 17:15:08 -0700
committer	Roland Shoemaker <roland@golang.org>	2022-09-27 23:19:20 +0000
commit	61ed6d5c3341f73af9529b4808dd0997c6c86ed4 (patch)
tree	33887d782bd83639c631197d670179411c27a1aa /src/database/sql/convert.go
parent	b2137e7dad4fce1f366ad432faed4f78f29ac3fa (diff)
download	go-61ed6d5c3341f73af9529b4808dd0997c6c86ed4.tar.xz

crypto/rsa,crypto/internal/boring: fix PSS salt handling

Fix the coversion between our sentinel salt length variables and the BoringSSL versions in SignRSAPSS. We previously set -1 (hash length equals salt length) when 0 was passed when we should've been setting -2. This now matches the conversion that happens in VerifyRSAPSS. Also adds a note documenting why we do this. Additionally in non-Boring mode, properly handle passing of salt lengths with a negative value which aren't one of the magic constants, returning an error instead of panicking. See https://commondatastorage.googleapis.com/chromium-boringssl-docs/rsa.h.html#RSA_sign_pss_mgf1 for the BoringSSL docs. Fixes #54803 Change-Id: Id1bd14dcf0ef4733867367257830ed43e25ef882 Reviewed-on: https://go-review.googlesource.com/c/go/+/426659 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Run-TryBot: Roland Shoemaker <roland@golang.org>

Diffstat (limited to 'src/database/sql/convert.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: